Closed bc-pi closed 7 months ago
How to actually write this in an appropriate way for a draft RFC feels kinda tricky though. JWE has some text about using Using Matching Algorithm Strengths that I was hopping to borrow from but the context is (unsurprisingly) different enough that using text straight from it doesn't quite work. Maybe adding a very general statement in Choice of a Hash Algorithm would be sufficient.
At IETF 118 Tuesday meeting, Orie proposed locking the hash to the one committed to by the Issuer.
Saying something about matching the strength of hash function and signature algorithm would probably be worthwhile.
resulting from this thread https://mailarchive.ietf.org/arch/msg/oauth/liu4pJP0_p0O3xJCXkcadl8uNAk/ / https://mailarchive.ietf.org/arch/msg/oauth/UJQVtWdV4Woz0oDDEM9z82zgByE/ etc
"... indicates that the security strength of the signature scheme is bounded by the collision resistance of the hash function - e.g. there’s little point using ES512 with SHA-256, for example. Probably the security considerations should suggest matching hash functions to signature algorithms."