I have pushed a new version of this draft, primarily to avoid it expiring. Changes in -01:
- Added a list of CVEs for alg=none vulnerabilities, as a more stable reference. - Added some updated guidance for expert reviewers on future algorithm approvals. Best wishes, Neil > Begin forwarded message: > > From: [email protected] > Subject: New Version Notification for > draft-madden-jose-deprecate-none-rsa15-01.txt > Date: 12 September 2024 at 16:06:56 BST > To: "Neil Madden" <[email protected]> > > A new version of Internet-Draft draft-madden-jose-deprecate-none-rsa15-01.txt > has been successfully submitted by Neil Madden and posted to the > IETF repository. > > Name: draft-madden-jose-deprecate-none-rsa15 > Revision: 01 > Title: JOSE: Deprecate 'none' and 'RSA1_5' > Date: 2024-09-12 > Group: Individual Submission > Pages: 7 > URL: > https://www.ietf.org/archive/id/draft-madden-jose-deprecate-none-rsa15-01.txt > Status: > https://datatracker.ietf.org/doc/draft-madden-jose-deprecate-none-rsa15/ > HTML: > https://www.ietf.org/archive/id/draft-madden-jose-deprecate-none-rsa15-01.html > HTMLized: > https://datatracker.ietf.org/doc/html/draft-madden-jose-deprecate-none-rsa15 > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-madden-jose-deprecate-none-rsa15-01 > > Abstract: > > This draft updates [RFC7518] to deprecate the JWS algorithm "none" > and the JWE algorithm "RSA1_5". These algorithms have known security > weaknesses. > > > > The IETF Secretariat > >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
