Put cipher suite recommendations in the security considerations

Issue #92 closed
Nat Sakimura created an issue

For TLS versions and cipher suites to be used, BCP195 should be consulted. We IETFers tend to assume it, but it is a good idea to explicitly write it in the security consideration.

Also, pointing to the additional TLS requirements that are in 16.17. TLS Requirements of OIDC would be good.

For JWS, for now, PS256 or ES256 should be sufficient. It should avoid RS256 as it is a backward compatible mode and alg=none is banned. Perhaps we should add this to the security considerations as well.

Comments (7)

  1. Dave Tonge

    I think there was discussion on the call about putting the actual recommended ciphers in the FAPI spec, e.g. from 4.2 of BCP195

    4.2.  Recommended Cipher Suites
    
       Given the foregoing considerations, implementation and deployment of
       the following cipher suites is RECOMMENDED:
    
       o  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    
       o  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    
       o  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    
       o  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    
  2. Log in to comment