Originally submitted by Nat (Nat Sakimura) on 2026-03-30
Japanese government crypto suite council, CRYPTOREC, which I declined to be a member of, issued a new guidance retiring 128-bit security algorithms and moving to 192-bit security.
Also, it has started including ML-KEM and hybrid mode.
That will be coming. ID Token will not be affected much, unless you need it as evidence on a later day. i.e., should be appropriately timestamped.
For other signature algorithms, mTLS means swapping the client certificate to be hybrid or at least make the validity short, server certificate the same, more towards the hybrid.
Need to dig a bit deeper on DPOP.
The encryption part is more of an issue, because collect now, decrypt later can be launched.
This was Japan, but it will come to IETF pretty soon, so we beter start getting ready to it.
Bitbucket status: new
Bitbucket origin: issue 858
Japanese government crypto suite council, CRYPTOREC, which I declined to be a member of, issued a new guidance retiring 128-bit security algorithms and moving to 192-bit security.
Also, it has started including ML-KEM and hybrid mode.
That will be coming. ID Token will not be affected much, unless you need it as evidence on a later day. i.e., should be appropriately timestamped.
For other signature algorithms, mTLS means swapping the client certificate to be hybrid or at least make the validity short, server certificate the same, more towards the hybrid.
Need to dig a bit deeper on DPOP.
The encryption part is more of an issue, because collect now, decrypt later can be launched.
This was Japan, but it will come to IETF pretty soon, so we beter start getting ready to it.
Bitbucket status: new
Bitbucket origin: issue 858