bc-pi
commented
8 months ago How to actually write this in an appropriate way for a draft RFC feels kinda tricky though. JWE has some text about using Using Matching Algorithm Strengths that I was hopping to borrow from but the context is (unsurprisingly) different enough that using text straight from it doesn't quite work. Maybe adding a very general statement in Choice of a Hash Algorithm would be sufficient.
rohan-wire
Saying something about matching the strength of hash function and signature algorithm would probably be worthwhile.
resulting from this thread https://mailarchive.ietf.org/arch/msg/oauth/liu4pJP0_p0O3xJCXkcadl8uNAk/ / https://mailarchive.ietf.org/arch/msg/oauth/UJQVtWdV4Woz0oDDEM9z82zgByE/ etc
"... indicates that the security strength of the signature scheme is bounded by the collision resistance of the hash function - e.g. there’s little point using ES512 with SHA-256, for example. Probably the security considerations should suggest matching hash functions to signature algorithms."