Hi Everyone I'm contributing to a project where `RSA-OAEP` [1] is currently a default key encryption algorithm for encrypting JWT claims and we've had a request to replace it with `RSA-OAEP-256` because `SHA-1` is used in `RSA-OAEP`.
I'd like to ask the experts, why does `RSA-OAEP` have a `Recommended+` status, while `RSA-OAEP-256` - optional, at [1] ? Also, while it is not a JOSE specific question, I'd appreciate some comments on whether having an 'SHA-1' element in the `RSA-OAEP` encryption process makes `RSA-OAEP` less secure or not. My basic understanding, based on some Web search results, is that `RSA-OAEP` remains a secure algorithm. Thanks, Sergey [1] https://tools.ietf.org/html/rfc7518#section-4.3%5BRSA-OAEP%5D
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
