Hi!
As a document I inherited in the "IESG:: Waiting for Writeup Internet-Drafts" ,
I conducted a second AD review. I have the following feedback:
(1) Add additional references to the text
(a) Section 2.1, bullet #2
- An "RS256" (RSA, 2048 bit) parameter value can be changed into
"HS256" (HMAC, SHA-256), and some libraries would try to validate
the signature using HMAC-SHA256 and using the RSA public key as
the HMAC shared secret.
Since this text seems to refer to a vulnerability in a real library. Can a
citation (CVE?) be provided?
(b) Section 2.3
This is not
the case anymore, with the latest standard only allowing UTF-8.
Add a reference to this "latest JSON format" -- [RFC8259]
(c) Section 3.2
- Avoid all RSA-PKCS1 v1.5 encryption algorithms, preferring RSA-
OAEP .
Provide reference for "RSA-PKCS1 v1.5" (RFC 2313) and for "RSA OAEP" (Section
7.1 of RFC8017)
(d) Section 3.2
ECDSA signatures require a unique random value for every message
that is signed.
Provide a reference for ECDSA -- [X9.62] American National Standards Institute,
"Public Key Cryptography for the Financial Services Industry: The Elliptic
Curve Digital Signature Algorithm (ECDSA)", ANSI X9.62-2005, November 2005.
(2) The symmetric between the threat being described in Section 2 and the
corresponding mitigation in Section 3 is helpful. However, Sections 3.6 and
3.10 are listed as mitigations but have no corresponding motivating threats for
their usage in Section 2. The text in Section 3.6 explains part of the threat
with references but for symmetry this should have been in Section 2.
Regards,
Roman
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
