Browse Source

Add a note about crypto-agility with JWT

This is explicity calling out how Fernet should be used to
exercise crypto-agility in the event a security flaw is uncovered
in the JWT/JWS/JWE specifications or implementations. At least until
more algorithms are supported.

Change-Id: I5338c64f3a592768f70e3a4254b7bfeeb101102b
Lance Bragstad 4 months ago
parent
commit
fd0b5e6a5a
1 changed files with 3 additions and 0 deletions
  1. 3
    0
      specs/keystone/stein/json-web-tokens.rst

+ 3
- 0
specs/keystone/stein/json-web-tokens.rst View File

@@ -212,6 +212,9 @@ validating multiple blessed algorithms, allowing multiple tokens signed with
212 212
 different algorithms to be validated without require configuration changes
213 213
 except on the signing node.
214 214
 
215
+For the time being, if a deployment is using JWTs and needs to exercise
216
+crypto-agility, it is recommended they convert to Fernet tokens.
217
+
215 218
 Alternatives
216 219
 ------------
217 220
 

Loading…
Cancel
Save