IETF Logo Mail Archive

Re: [jose] JWS Signing of HTTP attachments

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 12 May 2017 16:29 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D66612EBDB for <jose@ietfa.amsl.com>; Fri, 12 May 2017 09:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rhd9BXsON2s8 for <jose@ietfa.amsl.com>; Fri, 12 May 2017 09:29:12 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 4F05A12EC39 for <jose@ietf.org>; Fri, 12 May 2017 09:24:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id CFA3E5FEF9; Fri, 12 May 2017 19:24:01 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id 1EDgLaV0mEU8; Fri, 12 May 2017 19:24:01 +0300 (EEST)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 9D443C4; Fri, 12 May 2017 19:24:01 +0300 (EEST)
Date: Fri, 12 May 2017 19:24:00 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
Cc: "jose@ietf.org" <jose@ietf.org>
Message-ID: <20170512162400.GB30318@LK-Perkele-V2.elisa-laajakaista.fi>
References: <33ea6034-2e07-59dc-0561-58b45dfeefe7@gmail.com> <20170512155248.GA30318@LK-Perkele-V2.elisa-laajakaista.fi> <ee972cc0-3ada-1304-d62e-2e92f84629e4@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <ee972cc0-3ada-1304-d62e-2e92f84629e4@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/I1edfsVvRoMNFaEhpZxsjSkDOZ0>
Subject: Re: [jose] JWS Signing of HTTP attachments
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2017 16:29:24 -0000

On Fri, May 12, 2017 at 05:03:51PM +0100, Sergey Beryozkin wrote:
> Thanks for the initial feedback. I'm not following at the moment how any of
> these attacks can affect it. Perhaps I'll need to work on making it more
> obvious how it is all implemented.

Well, from the description I gathered that (partial) output is passed
to application before the signature is verified. This is bad. But
perhaps the description is just a bit misleading, and all input is
buffered until signature is verified, and only then is the signed
content sent to the application.

JWS has an issue where signatures and MACs can be confused, leading to
signature forgery if JWS implementation is not careful.

JWE when used with ECDH-ES with NIST curves has an issue that
compromises the private decryption key if JWE implementation is not
careful.


-Ilari

v2.23.0 | Report a Bug | By Email