[Openid-specs-fapi] Issue #209: Ciphers (openid/fapi)

Dave Tonge issues-reply at bitbucket.org
Thu Jan 10 11:56:19 UTC 2019


New issue 209: Ciphers
https://bitbucket.org/openid/fapi/issues/209/ciphers

Dave Tonge:

There is a relevant discussion here: https://github.com/ConsumerDataStandardsAustralia/infosec/issues/1

I suggest that we make the guidance clearer in FAPI around length of keys, eg. from BCP195:

> With a key exchange based on modular exponential (MODP) Diffie-
Hellman groups ("DHE" cipher suites), DH key lengths of at least 2048
bits are RECOMMENDED.

This has been misunderstood by a few people




More information about the Openid-specs-fapi mailing list