<div dir="ltr">Hi Sascha,<div><br></div><div>I guess this is due to potential problems with <span style="color:rgb(0,0,0);font-size:13.3333px">RSASSA-PKCS1-v1_5, see </span></div><div><a href="https://tools.ietf.org/html/rfc7518#section-8.3">https://tools.ietf.org/html/rfc7518#section-8.3</a><br></div><div><br></div><div>Thanks,</div><div><br></div><div>Philippe</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 20, 2017 at 8:20 AM, Preibisch, Sascha H via Openid-specs-fapi <span dir="ltr"><<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all!<br>
<br>
I just read through the spec. and in section 8.6<br>
(<a href="http://openid.net/specs/openid-financial-api-part-2.html#jws-algorithm-con" rel="noreferrer" target="_blank">http://openid.net/specs/<wbr>openid-financial-api-part-2.<wbr>html#jws-algorithm-con</a><br>
siderations) we recommend to use PS256 or ES256 as signing algorithms.<br>
<br>
Here<br>
"<a href="https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section
-3.1" rel="noreferrer" target="_blank">https://tools.ietf.org/html/<wbr>draft-ietf-jose-json-web-<wbr>algorithms-14#section<br>
-3.1</a>" PS256 is marked as OPTIONAL.<br>
<br>
I would like to understand why we recommend PS256 rather than RS256, which<br>
is RECOMMENDED and widely used.<br>
<br>
I saw that issue #92 spoke about this topic but I did not really<br>
understood it I believe.<br>
<br>
<br>
Thanks,<br>
Sascha<br>
<br>
<br>
______________________________<wbr>_________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net">Openid-specs-fapi@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>fapi</a><br>
</blockquote></div><br></div>