[Openid-specs-fapi] Issue #99: Part 2: TLS considerations section may be ambiguous (openid/fapi)
Joseph Heenan
issues-reply at bitbucket.org
Wed May 24 13:27:31 UTC 2017
New issue 99: Part 2: TLS considerations section may be ambiguous
https://bitbucket.org/openid/fapi/issues/99/part-2-tls-considerations-section-may-be
Joseph Heenan:
I'm having trouble figuring out exactly what section 8.5 means. In particular this piece of text:
```
#!markup
The cipher suites listed below and also in section 4.2 of [RFC7525] that support authenticated encryption
(AEAD) algorithms shall be used to ensure TLS message confidentiality and integrity:
* `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`
* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
```
I believe the intention here was to state that only these 4 ciphers shall be used, that the recommendations come from RFC7525, and that the FAPI spec will be updated from time to time as new recommendations emerge.
The alternative reading is that cipher suites allowed in 4.2 of RFC7525 are also okay. This would technically mean that TLS_RSA_WITH_AES_128_CBC_SHA (as per 4.2.1 paragraph 3) would be allowed, and also reduces the 'shall' we have in our phrase down to a 'recommended'.
Perhaps this should be reworded as:
```
#!markup
The recommendations for Secure Use of Transport Layer Security in RFC7525 shall be followed, with the following exception:
Only the following 4 cipher suites shall be permitted:
* `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
* `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`
* `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
```
More information about the Openid-specs-fapi
mailing list