[jose] JWK glitches in deployment
"Manger, James" <James.H.Manger@team.telstra.com> Tue, 26 August 2014 06:49 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D0C41A04B9 for <jose@ietfa.amsl.com>; Mon, 25 Aug 2014 23:49:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.499
X-Spam-Level: **
X-Spam-Status: No, score=2.499 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RELAY_IS_203=0.994] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xGVXfeExR2Lj for <jose@ietfa.amsl.com>; Mon, 25 Aug 2014 23:49:34 -0700 (PDT)
Received: from ipxcno.tcif.telstra.com.au (ipxcno.tcif.telstra.com.au [203.35.82.208]) by ietfa.amsl.com (Postfix) with ESMTP id B36D91A0266 for <jose@ietf.org>; Mon, 25 Aug 2014 23:49:33 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.04,402,1406556000"; d="scan'208,217";a="207628539"
Received: from unknown (HELO ipcani.tcif.telstra.com.au) ([10.97.216.200]) by ipocni.tcif.telstra.com.au with ESMTP; 26 Aug 2014 16:39:18 +1000
X-IronPort-AV: E=McAfee;i="5600,1067,7541"; a="195500855"
Received: from wsmsg3755.srv.dir.telstra.com ([172.49.40.196]) by ipcani.tcif.telstra.com.au with ESMTP; 26 Aug 2014 16:49:32 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3755.srv.dir.telstra.com ([172.49.40.196]) with mapi; Tue, 26 Aug 2014 16:49:31 +1000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: "jose@ietf.org" <jose@ietf.org>, "cmortimore@salesforce.com" <cmortimore@salesforce.com>
Date: Tue, 26 Aug 2014 16:49:30 +1000
Thread-Topic: JWK glitches in deployment
Thread-Index: Ac/A+eKYNRa6AT3ORduHKtSlXvbGfA==
Message-ID: <255B9BB34FB7D647A506DC292726F6E127C6DE46FD@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E127C6DE46FDWSMSG3153Vsrv_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/AotAc2XL-AsxLF7C33or8up4GRs
Subject: [jose] JWK glitches in deployment
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 06:49:35 -0000
In March, Google's JWK file https://www.googleapis.com/oauth2/v2/certs (used for OpenID Connect) had 3 bugs: base64 instead of base64url; 1024-bit instead of >=2048-bit; leading zero byte on moduli. Today Google's JWK file has 1 different bug: the base64url encoding has a trailing "=". Salesforce's JWK file https://login.salesforce.com/id/keys has 1 bug: a leading zero byte on the RSA moduli. Are these just teething problems, or do we need a stronger warning in the spec. These bugs also change the JWK's thumbprint (another reminder not to base security on thumbprints being unique for a given key). -- James Manger
- [jose] JWK glitches in deployment Manger, James
- Re: [jose] JWK glitches in deployment Chuck Mortimore
- Re: [jose] JWK glitches in deployment Mike Jones
- Re: [jose] JWK glitches in deployment Mike Jones