Skip to content

JARM for signed authZ responses seems to allow MACs #593

Description

@bitbucket-import-issues

Originally submitted by SECtim (Tim Würtele) on 2023-06-13

FAPI 2.0 MS points to JARM to sign authorization responses. Maybe I’ve overlooked something, but it seems that neither FAPI 2.0 MS, nor JARM explicitly prohibit the use of symmetric signatures, i.e., MACs. That would of course defeat the whole idea of non-repudiation.


Bitbucket status: invalid

Bitbucket origin: issue 605

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions