[Openid-specs-fapi] Support for Post-Quantum Cryptography (PQC)
Anders Rundgren
anders.rundgren.net at gmail.com
Wed Jan 17 06:29:44 UTC 2024
With the anticipated arrival of Post-Quantum Cryptography (PQC) requiring massive amounts of binary data, CBOR seems like a better choice than JSON. I will base my Open Source Open Banking PoC on CBOR: https://cyberphone.github.io/doc/research/revised-open-banking-architecture.pdf
The only exception will be an OIDC interface from the Bank which is needed for enrolling payment credentials.
By building on the CBOR Deterministic Encoding (CDE) standard in the workings (https://datatracker.ietf.org/doc/draft-ietf-cbor-cde/), you can sign serialized CBOR "as is" like in: https://test.webpki.org/csf-lab
With the CBOR text-mode (Diagnostic Notation), a moderately updated version of "Postman" can be used to test APIs in the same way as with JSON.
Anders
More information about the Openid-specs-fapi
mailing list