[Openid-specs-fapi] Issue #92: Put cipher suite recommendations in the security considerations (openid/fapi)
issues-reply at bitbucket.org
Sat May 6 18:59:03 UTC 2017
New issue 92: Put cipher suite recommendations in the security considerations
For TLS versions and cipher suites to be used, BCP195 should be consulted. We IETFers tend to assume it, but it is a good idea to explicitly write it in the security consideration.
Also, pointing to the additional TLS requirements that are in 16.17. TLS Requirements of OIDC would be good.
For JWS, for now, PS256 or ES256 should be sufficient. It should avoid
RS256 as it is a backward compatible mode and alg=none is banned.
Perhaps we should add this to the security considerations as well.
More information about the Openid-specs-fapi