openid / fapi / issues / #350 - Crypto recommendations — Bitbucket

Issue #350 wontfix

Daniel Fett created an issue 2020-12-06

Some crypto recommendations (e.g., regarding the use of PKCS#1 v1.5) from FAPI 1 do not appear in FAPI 2 Baseline. I need to add them.

Comments (9)

Daniel Fett
See also https://tools.ietf.org/html/rfc8725
- 2020-12-07T09:51:19+00:00
Daniel Fett reporter
- changed status to resolved
Fix Issue ~~#350~~

→ <<cset 27d377a8ce6c>>
- 2020-12-16T12:46:38+00:00
Daniel Fett
- changed status to open
I'm wondering if this is something we should change in FAPI 1 as well: We are currently giving a very brief extract from RFC8725 as security recommendations when handling JWTs. However, RFC8725 contains loads of useful advice and it would be useful to refer to it.
- 2020-12-16T12:49:50+00:00
Daniel Fett
- changed component to Part 2: RW Security
- 2020-12-16T12:50:13+00:00
Dave Tonge
We agreed not to bring this into FAPI1
- 2021-01-20T14:48:16+00:00
Nat Sakimura
- changed status to wontfix
- 2021-03-08T14:57:17+00:00
Nat Sakimura
- changed component to Part 2: Advanced
- 2022-12-14T15:36:10+00:00
Nat Sakimura
- changed component to FAPI 1 – Part 2: Advanced
- 2022-12-14T15:36:44+00:00
Nat Sakimura
- changed component to FAPI 1: Advanced
- 2022-12-14T15:38:53+00:00
Log in to comment

Assignee: Daniel Fett

Type: bug

Priority: major

Status: wontfix

Component: FAPI 1: Advanced

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!