I agree that the best thing is one alg per kid. However getting people especially those using x509 Certs to alg is a challenge.
People still want to do pkcs1.5 pss sha256 sha512 off of one key. With composite keys you need the alg to know the hash using x509 Certs. I think more advice for applications using JOSE libs to help them understand key management and comparing the alg in the JWT with the specific alg in a JWK or with a known subset of algs based on the key type is the best path. John B. Sent from my iPhone > On Apr 2, 2015, at 6:23 PM, Tim McLean <[email protected]> wrote: > >> On Thu, Apr 2, 2015 at 4:39 PM, John Bradley <[email protected]> wrote: >> A given issuer may be allowed to sign using both ECDSA and RSA PKCS 1.5 and >> that would not be a problem until one of them is deprecated. >> Having libraries assume that there can only be one alg per issuer would not >> lead to useful crypto agility in my experience. > > Note that I'm proposing one alg per key ID, not one alg per issuer (sorry in > advance if I misunderstood what you meant here). > > Tim
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
