Re: [jose] #27: member names MUST be unique needs additional text
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Wed, 26 June 2013 00:41 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65B8521F9AD1 for <jose@ietfa.amsl.com>; Tue, 25 Jun 2013 17:41:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDR7AtxvclLn for <jose@ietfa.amsl.com>; Tue, 25 Jun 2013 17:41:21 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id C878921F9A69 for <jose@ietf.org>; Tue, 25 Jun 2013 17:41:20 -0700 (PDT)
Received: from localhost ([127.0.0.1]:34889 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UrdnM-0006qz-RV; Wed, 26 Jun 2013 02:41:12 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-signature@tools.ietf.org, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Wed, 26 Jun 2013 00:41:12 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/27#comment:1
Message-ID: <076.a597050ecb4fb25084cec65f7174dc7e@trac.tools.ietf.org>
References: <061.bb7bbe0b618ec6b74904f48bdb9bb312@trac.tools.ietf.org>
X-Trac-Ticket-ID: 27
In-Reply-To: <061.bb7bbe0b618ec6b74904f48bdb9bb312@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-signature@tools.ietf.org, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com
Resent-Message-Id: <20130626004120.C878921F9A69@ietfa.amsl.com>
Resent-Date: Tue, 25 Jun 2013 17:41:20 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #27: member names MUST be unique needs additional text
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2013 00:41:21 -0000
#27: member names MUST be unique needs additional text Comment (by michael.jones@microsoft.com): The JWS draft currently says: The Header Parameter Names within the JWS Header MUST be unique; JWSs with duplicate Header Parameter Names MUST be rejected. How about changing this to: The Header Parameter Names within the JWS Header MUST be unique; JWSs with duplicate Header Parameter Names MUST be rejected. This is necessary to prevent attacks in which the same JWS might be interpreted in different ways by different implementations and to prevent attackers from hiding extra content in duplicate member values. If the platform’s JSON parser does not reject input with duplicate member names, the input will first need to be separately parsed to reject these invalid inputs before using the platform’s parser. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- ietf@augustcellars.com | signature@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: signature | Resolution: Severity: - | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/27#comment:1> jose <http://tools.ietf.org/jose/>
- [jose] #27: member names MUST be unique needs add… jose issue tracker
- Re: [jose] #27: member names MUST be unique needs… jose issue tracker
- Re: [jose] #27: member names MUST be unique needs… Jim Schaad
- Re: [jose] #27: member names MUST be unique needs… Mike Jones
- Re: [jose] #27: member names MUST be unique needs… Jim Schaad
- Re: [jose] #27: member names MUST be unique needs… Mike Jones
- Re: [jose] #27: member names MUST be unique needs… Tim Bray
- Re: [jose] #27: member names MUST be unique needs… Manger, James H
- Re: [jose] #27: member names MUST be unique needs… Manger, James H
- Re: [jose] #27: member names MUST be unique needs… Tim Bray
- Re: [jose] #27: member names MUST be unique needs… Manger, James H
- Re: [jose] #27: member names MUST be unique needs… Carsten Bormann
- Re: [jose] #27: member names MUST be unique needs… Manger, James H
- Re: [jose] #27: member names MUST be unique needs… Tim Bray
- Re: [jose] #27: member names MUST be unique needs… John Bradley
- Re: [jose] #27: member names MUST be unique needs… Mike Jones
- Re: [jose] #27: member names MUST be unique needs… Jim Schaad
- Re: [jose] #27: member names MUST be unique needs… Jim Schaad
- Re: [jose] #27: member names MUST be unique needs… Jim Schaad
- Re: [jose] #27: member names MUST be unique needs… Richard Barnes
- Re: [jose] #27: member names MUST be unique needs… Richard Barnes
- Re: [jose] #27: member names MUST be unique needs… Mike Jones
- Re: [jose] #27: member names MUST be unique needs… Mike Jones
- Re: [jose] #27: member names MUST be unique needs… Richard Barnes
- Re: [jose] #27: member names MUST be unique needs… Mike Jones
- Re: [jose] #27: member names MUST be unique needs… jose issue tracker