- changed milestone to Errata
text about encryption algorithms in part2 may need clarification
Issue #391
on hold
Part 2 currently states:
For JWE, both clients and authorization servers
- shall not use the
RSA1_5algorithm.
https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms lists various encryption algorithms. I presume it’s probably implicit that you shouldn’t use an algorithm listed as prohibited there (e.g. A128CBC) but perhaps we should be more explicit? (Originally brought to my attention by Ray Voss in the FDX Security WG.)
I’m also not entirely clear that it’s in keeping to allow the use of symmetric keys (dir).
Comments (7)
-
-
- changed status to on hold
On hold after shipping 1.0
-
I’m also not entirely clear that it’s in keeping to allow the use of symmetric keys (
dir).@Joseph Heenan can you expand on this?
diris not the only symmetric algorithm. There are alsoA128GCMKW,A192GCMKW,A256GCMKW,A128KW,A192KW,A256KW,PBES2-HS256+A128KW,PBES2-HS384+A192KW,PBES2-HS512+A256KWwhich all use theclient_secretwhen used in OIDC context. -
reporter
Thanks @Filip Skokan - my knowledge of JWE algs is limited, so not mentioning the
A128GCMKWetc too was an accidental omission.I’d view all of those as not matching the ethos of FAPI-RW which is careful to use asymmetric cryptography everywhere (meaning if another party is able to decrypt a message or otherwise impersonate a relying party it is essentially certain that the cause of poor private key handling by the relying party). Unfortunately I can’t find any phrases in FAPI-RW that outright say “don’t ever use symmetric keys”.
-
- changed component to Part 2: Advanced
-
- changed component to FAPI 1 – Part 2: Advanced
-
- changed component to FAPI 1: Advanced
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- on hold
- Component
- FAPI 1: Advanced
- Milestone
- Errata
- Votes
- 0
- Watchers
- 1
Sorry to say this but it is too late now. We need to get the spec out of the door. It should be put into errata.