-
assigned issue to
Messages 2.1.1 - Need to support crypto agility for hash computations
The at_hash and c_hash computations curently specify use of the SHA-2 algorithms. This should be generalized to support crypto agility - especially since SHA-3 is coming.
Comments (6)
-
-
reporter -
assigned issue to
Doing this would require additional syntax. If we do this, it should be an optional parameter. We would need a concrete syntax proposal.
-
assigned issue to
-
reporter Possibly look at the x5c extensibility suggestion in JWS 4.1.5 with the x5t#S256 example. This may or not be the right approach.
-
Hmm. I do not agree with the reason. SHA-3 is likely to be a special purpose algs and we do not foresee replacement to SHA-2 family of hash algorithms. For the bit length, it is already covered by the present text. It can do SHA-256, 384, 512, etc....
-
reporter - marked as minor
-
assigned issue to
Providing this agility may create more complexity than it's worth. John will have a look at the wording. The intent is to reuse the hash associated with the signing algorithm, but this might be hard spec language to write and make understandable, and would likely create interop problems.
-
- changed status to resolved
Implicit & Messages Fixed
#637removed requirement for hash of at_token and code to be SHA2 in Sec 2.1.2.1 and Sec 5.2Implicit Added Sec 2.5 access token validation </t>
→ <<cset 09d7e4c8cb04>>
- Log in to comment