[Openid-specs-fapi] Issue #706: Unclear section 5.4 of FAPI2 security profile (openid/fapi)

Judith Kahrer judith.kahrer at curity.io
Fri Aug 16 11:43:45 UTC 2024 

Hi Dag,

the AS may use PS256 (RSASSA-PSS using SHA-256 and MGF1 with SHA-256) that is an RSA signature scheme: https://datatracker.ietf.org/doc/html/rfc7518#section-3.5
And, if doing so shall use a key with a minimum length of 2048 bits.

The AS may also use ES256 using a key with a minimum length of 160 bits.
Or, the AS may use EdDSA with Ed25519 (implies a key length of 256 bits).

There is no need for a new bullet point. Ed25519 is specific for EdDSA (a subtype of the same) and not applicable for PS256 nor for ES256.

> On 16 Aug 2024, at 13:06, dag.sneeggen via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
> 
> New issue 706: Unclear section 5.4 of FAPI2 security profile
> https://bitbucket.org/openid/fapi/issues/706/unclear-section-54-of-fapi2-security
> 
> Dag Sneeggen:
> 
> I was reading [https://openid.net/specs/fapi-2\_0-security-profile-ID2.html#name-cryptography-and-secrets](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#name-cryptography-and-secrets) today and this section is unclear to me.
> 
> The way it’s structure leads me to think that all AS have to use only elliptic keys for JWTs, but then later in the section it also mentions RSA keys.
> 
> The reason I’m confused is because there are 4 main subsections: \(omitted parts for clarity\)
> 
> 1. **Authorization Servers**, Clients, and Resource Servers when **creating or processing JWTs shall**
> 
>    1. adhere to \[[RFC8725](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#RFC8725)\]
>    2. **use** `PS256`**,** `ES256`**, or** `EdDSA` **\(using the** `Ed25519` **subtype\) algorithms**
>    3. not use or accept the `none` algorithm
> 
> 2. **RSA keys shall have a minimum length of 2048 bits**.
> 3. Elliptic curve keys shall have a minimum length of 160 bits.
> 4. 128bit entropy section.
> 
> Does this mean that AS must only use EC keys for JWTs? or is section 1b here only applicable `Ed25519` keys?
> 
> If AS must only use EC keys for JWTs then why does section 2 mention RSA keys?
> 
> Should there be a new “top-level” section between 3 and 4 that says something like “Elliptic curve subtype `Ed25519` shall use `PS256`, `ES256`, or `EdDSA` algorithms" - is this the intent?
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20240816/8367263b/attachment.html>

More information about the Openid-specs-fapi mailing list