[Openid-specs-fapi] Issue #323: Editorial: unclear language in TLS Considerations 8.5 (openid/fapi)
Ralph Bragg
issues-reply at bitbucket.org
Wed Sep 30 16:44:42 UTC 2020
New issue 323: Editorial: unclear language in TLS Considerations 8.5
https://bitbucket.org/openid/fapi/issues/323/editorial-unclear-language-in-tls
Ralph Bragg:
Because the term BCP195 is only introduced here it isn’t clear that the four permitted cipher suites listed in the previous clause are the only cipher suites allowed under BCP195. Instead this can be be read that you can use additional ciphers included in BCP195 when what it means if you can use ciphers OTHER than those included in BCP195.
Original
1. For the `authorization_endpoint`, the authorization server MAY allow additional cipher suites that are permitted by the latest version of \[BCP195\], if necessary to allow sufficient interoperability with users' web browsers.
Suggest
1. For the `authorization_endpoint`, the authorization server MAY allow additional cipher suites other than those permitted by the latest version of \[BCP195\], if necessary to allow sufficient interoperability with users' web browsers.
This makes it clear that BCP195 is the source of the cipher suite and not that it contains extras apart from the four above.
More information about the Openid-specs-fapi
mailing list