Clarify "left truncated SHA-2 hash" in section on symmetric encryption
Perhaps this is something that bothers non-native speakers only (which still makes it relevant I guess) but it seems that the native speakers I have consulted are not 100% sure either about the following:
I am not sure how to interpret the wording around how to derive the symmetric key from a client_secret in the Symmetric Encryption section of: http://openid.net/specs/openid-connect-core-1_0.html#Encryption
The encryption section talks about using a "left truncated SHA-2 hash" but to me it is not clear if that means taking the left-most bits or the right-most bits as I don't know if "left" refers to the truncation itself (truncation happens on the left side of the part that remains) or the partial hash that remains (keep the left part after truncating on the right side).
This is especially confusing for developers that have also implemented other parts like "at_hash" (or "c_hash") validation as a similar procedure is described there as "take the left-most bits" which is unambiguous to me. "left-most bits" is used in various places where at_hash and c_hash are described e.g. http://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken
I would like: a) the same language to be used across the Core spec to avoid confusion or interpretation differences. b) opt for "left-most bits" as the unambiguous language
Comments (3)
-
-
-
assigned issue to
Roland said that this came up during RP testing as well. Mike will make a proposed language change.
-
assigned issue to
-
- changed status to resolved
Fixed
#1005- Clarify "left truncated SHA-2 hash" in section on symmetric encryption→ <<cset 15668505dbe6>>
- Log in to comment
As one of the aforementioned native speakers, I concur with @zandbelt .