[Openid-specs-fapi] Issue #391: text about encryption algorithms in part2 may need clarification (openid/fapi)

Nat Sakimura nat at digitalideas.tokyo
Tue Mar 9 17:44:47 UTC 2021


Too late. Need to be done with errata.

Nat Sakimura
Executive Fellow, Tokyo Digital IDeas
2021年3月10日 2:37 +0900、josephheenan via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>のメール:
> New issue 391: text about encryption algorithms in part2 may need clarification
> https://bitbucket.org/openid/fapi/issues/391/text-about-encryption-algorithms-in-part2
>
> Joseph Heenan:
>
> Part 2 currently states:
>
> ---
>
> For JWE, both clients and authorization servers
>
> 1. shall not use the `RSA1_5` algorithm.
>
> ---
>
> [https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms](https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms) lists various encryption algorithms. I presume it’s probably implicit that you shouldn’t use an algorithm listed as prohibited there \(e.g. `A128CBC`\) but perhaps we should be more explicit? \(Originally brought to my attention by Ray Voss in the FDX Security WG.\)
>
> I’m also not entirely clear that it’s in keeping to allow the use of symmetric keys \(`dir`\).
>
>>
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20210310/36173afb/attachment.html>


More information about the Openid-specs-fapi mailing list