JWS supported algorithms. #1191
Comments
|
RS256 is the only one boulder supports right now. It's unlikely that boulder will support every algorithm that the JWS spec allows. If there's a specific algorithm you're looking to have supported, please make a ticket for it. |
|
Anyway! That said, I'm not sure where we'd document what algorithms boulder or, perhaps more accurately, Let's Encrypt will support, off-hand. Open to suggestions. |
|
I think the best way would be to let the error message at say what algorithm is expected eg "algorithm '%s' in JWS header not acceptable, expected %s", jwsAlgorithm, algorithm)) https://github.com/letsencrypt/boulder/blob/master/wfe/jose.go#L40 |
|
I believe Boulder now checks for RS256, ES256, ES384 and ES512. I think the current error message will suffice unless anyone has any suggestions? @jsha @rolandshoemaker @ccppuu |
|
@benileo I think the best approach would be to switch the error to |
rolandshoemaker
added
help wanted
area/wfe
kind/enhancement
and removed
documentation
labels
The spec states:
Whereas boulder checks for RS256 specifically ... This should be clarified somewhere
The text was updated successfully, but these errors were encountered: