[jose] Rationale for keeping the JWS "none" algorithm
Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 03 May 2018 06:16 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349F012D810 for <jose@ietfa.amsl.com>; Wed, 2 May 2018 23:16:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXWwYCeB-HpW for <jose@ietfa.amsl.com>; Wed, 2 May 2018 23:16:35 -0700 (PDT)
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57ED6126B6E for <jose@ietf.org>; Wed, 2 May 2018 23:16:35 -0700 (PDT)
Received: by mail-wm0-x22c.google.com with SMTP id o78so28189123wmg.0 for <jose@ietf.org>; Wed, 02 May 2018 23:16:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=bf2/I98JW4VCxoZYf58MODDbYJm1+GahduxQqSvD/Jk=; b=XwztGxXUQR5yEjI2u2by69oGZuYAls86DkVmKANIuTUKqmyP0TbceY0bGx48cfffri w6I14ItovBko/30NjHNiFrQ2UeIspMgRyTphgrFEInbqnGNxRE5r1RghaHDihmA0SPzj /+U6+9JTBaahTDwoIcZqOTQ/LX9ELZUWVMYs908xkr4Fwe63VFeE1dy9MxAL6ecOUGpC kd3lZ8jifDeiE2KbMtSNdHWlomZ7S1ahmFtsYc0LQRke9KK3odAIoh6JzW7Xm1mYEXQx O8kL78xnmcNCgukTN5bYLQzs8DB+0vVFhloVtP5sh9zIB1nVJz0k3lCuIgcWIWao6lr5 1eEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=bf2/I98JW4VCxoZYf58MODDbYJm1+GahduxQqSvD/Jk=; b=dM/NCmtiUPoRBOB5g4r9MpBUdaLra943Ce/axxfm/+KpduW5/pG0DBG5knRmwg+srx QC2eVoEFJ4zFIRyaYE3w4QgspKLQZiVDmi7x7lYRtwE6dXQ2MIjCoqT1Hk16CFBOjwHW I9PCckzXvdOErt1Zin+c67fgu+rC9R1mrelTrJQ3XoMCSOdcxwtphedckLpnbIJlWmX3 XPVfAgafWNIQ9mbJadIYgrVgHJ+TwNFJ2PIpJbXz18KOTM35SLflvAUxHQW5b1jmrcVb bu/1XGLW+Qvxjr0vw1razMaLR22/JxIZikcKFJx0F6ZbRtjZ4MjKnhrvZG458wPjCMBL UntQ==
X-Gm-Message-State: ALQs6tCemrP8kzzvqXlksOoS8tP+pkNqohTIRjeh3fbM3j8WWw7tyBRf ggrU8TG4XFWuY/QvZzTWc4ezOQ==
X-Google-Smtp-Source: AB8JxZprNtI10hzLYa/iYTWAF3drsJdPOcX5vUaySiQO4k1QeQ/2z53ZOe5UmdAvKXTbrIUlJrpOmg==
X-Received: by 2002:aa7:d34e:: with SMTP id m14-v6mr29396204edr.108.1525328193542; Wed, 02 May 2018 23:16:33 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id y53-v6sm8003084edb.17.2018.05.02.23.16.32 for <jose@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 May 2018 23:16:32 -0700 (PDT)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: "jose@ietf.org" <jose@ietf.org>
Message-ID: <0efecff3-e4ac-4f7c-17d5-30a74830263c@gmail.com>
Date: Thu, 03 May 2018 08:16:29 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/GylucwbwaJi9Ml2iZtfg5gw9vJc>
Subject: [jose] Rationale for keeping the JWS "none" algorithm
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 06:16:37 -0000
A reason for keeping the "none" algorithms is because JWS is an intrusive scheme where the signature container effectively becomes the primary "message". If you want messages to only OPTIONALLY be signed you get a rather quirky system unless you have a "none" algorithm. Cleartext JWS (https://tools.ietf.org/id/draft-erdtman-jose-cleartext-jws-00.html) OTOH, doesn't need a "none" algorithm since an unsigned message simply wouldn't contain a signature property. Unsigned Message: { "mydata":... } Message Signed with Cleartext JWS: { "mydata":..., "signature": { .... } } BTW, if the verifier doesn't enforce a policy including accepted Algorithms, Keys to trust, Key identification mechanisms, Anticipated extensions etc. all bets are off for any signature solution even if the signature software is "perfect" :-) Anders
- [jose] Rationale for keeping the JWS "none" algor… Anders Rundgren
- Re: [jose] Rationale for keeping the JWS "none" a… Mike Jones