[Openid-specs-fapi] Issue #208: Part 2 should limit allowed JWE algorithms (openid/fapi)
Joseph Heenan
issues-reply at bitbucket.org
Wed Jan 9 10:42:37 UTC 2019
New issue 208: Part 2 should limit allowed JWE algorithms
https://bitbucket.org/openid/fapi/issues/208/part-2-should-limit-allowed-jwe-algorithms
Joseph Heenan:
The current spec says:
> JWS algorithm considerations
>
> Both clients and authorisation servers:
>
> shall use PS256 or ES256 algorithms;
> should not use algorithms that use RSASSA-PKCS1-v1_5 (e.g. RS256);
> shall not use none;
I think it's an oversight that this says "JWS" at the start. I think It was intended to cover JWE too. Simplest fix is to tweak the section title to say "JWS/JWE considerations".
More information about the Openid-specs-fapi
mailing list