Nonce length issue in SL1 OIDC profile

[dhs-BI]

While reviewing the IETF keyword changes, I noted an issue with the nonce length requirements. See openid/ipsie-openid-sl1#1 (comment) and openid/ipsie-openid-sl1#1 (comment).

As written today, the OpenID Providers section states:

shall support nonce parameter values up to 64 characters in length, may reject nonce values longer than 64 characters.

While the RP section states:

should not use nonce parameter values longer than 64 characters;

These two statements need to be aligned. I suggest the minimum length of 64 characters is acceptable and recommend adding a max length (e.g. 128 chars).

[aaronpk]

This text was copied from FAPI: https://openid.net/specs/fapi-security-profile-2_0-final.html#section-5.3.2.2

We should ask @panva if he knows how those requirements ended up that way in FAPI.

[panva]

@dhs-BI what's not aligned about those two statements?

[aaronpk]

I guess they are aligned, but it does leave open the possibility of a client sending a nonce that will be rejected.

[panva]

This is the most we were comfortable with prescribing. This was really only added because some ASs rejected far bigger nonce values and the certification insisted that we add some interop text in on the basis of which they could add interop and conformance tests.

[dhs-BI]

@panva @aaronpk I didn't catch that this was directly from FAPI. It seems to be that the statement should be worded as "exactly 64 characters" given the two directives in the spec. That's the only value that meets the requirements.

Since this is in FAPI, I suggest we add a non-normative note that indicates why IPSIE SL1 is constructed this way instead of just stating a fixed length at 64 characters.

[panva]

But we're not forcing 64 character-long nonces, we're merely prescribing that the AS must support nonces up to this length and that client's shouldn't use longer ones.

[dhs-BI]

But we're not forcing 64 character-long nonces, we're merely prescribing that the AS must support nonces up to this length and that client's shouldn't use longer ones.

Re-reading the text, you're right. I'll leave this open for a few days for others to comment. If there's no further comments, I'll close this issue and we can leave the text as is.

[deansaxe]

Closing due to lack of comments.