JWS supported algorithms.

[mehmooda]

The spec states:

• The JWS MUST NOT have the value “none” in its “alg” field

Whereas boulder checks for RS256 specifically ... This should be clarified somewhere

[jmhodges]

RS256 is the only one boulder supports right now. It's unlikely that boulder will support every algorithm that the JWS spec allows.

If there's a specific algorithm you're looking to have supported, please make a ticket for it.

[jmhodges]

Anyway! That said, I'm not sure where we'd document what algorithms boulder or, perhaps more accurately, Let's Encrypt will support, off-hand. Open to suggestions.

[mehmooda]

I think the best way would be to let the error message at say what algorithm is expected eg

"algorithm '%s' in JWS header not acceptable, expected %s", jwsAlgorithm, algorithm))

https://github.com/letsencrypt/boulder/blob/master/wfe/jose.go#L40

[benileo]

I believe Boulder now checks for RS256, ES256, ES384 and ES512. I think the current error message will suffice unless anyone has any suggestions? @jsha @rolandshoemaker @ccppuu

[rolandshoemaker]

@benileo I think the best approach would be to switch the error to Signature type %s not supported, expected one of: ...