suggest adding a cryptographic alg section

bifurcation / userinfo-vc

A core interop profile for Verifiable Credentials in OpenID

0 stars 1 forks source link

suggest adding a cryptographic alg section #14

Closed Sakurann closed 1 year ago

Sakurann commented 1 year ago

There seem to be certain requirements around crypto algorithms which should be separated into its own section

The alg value MUST represent a digital signature algorithm supported by the Verifier. The alg value MUST NOT represent a MAC based algorithm such as HS256, HS384, or HS512.

PieterKas commented 1 year ago

Is the prohibition on MAC algorithms specifically, or on any symmetric key schemes? Can this be stated in the positive "The alg value MUST be for an accepted asymmetric algorithm, such as ...."

bifurcation commented 1 year ago

I actually think this provision is obsolete given cryptographic_suites_supported. But OpenID4VCI should probably specify that symmetric-key schemes are not OK (or the no-key scheme none).

Sakurann commented 1 year ago

good point - could you file an issue in OpenID Bitbucker, Richard?

bifurcation commented 1 year ago

Will do.