Re: [jose] Signature algorithm "none"
John Bradley <ve7jtb@ve7jtb.com> Wed, 31 July 2013 15:24 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6569C21F9E27 for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 08:24:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ny27E1PG8bw for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 08:24:23 -0700 (PDT)
Received: from mail-pb0-f42.google.com (mail-pb0-f42.google.com [209.85.160.42]) by ietfa.amsl.com (Postfix) with ESMTP id 975B021F9E8B for <jose@ietf.org>; Wed, 31 Jul 2013 08:24:18 -0700 (PDT)
Received: by mail-pb0-f42.google.com with SMTP id un15so361621pbc.1 for <jose@ietf.org>; Wed, 31 Jul 2013 08:24:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=znfxEYb52Ysk4apcui49ZkuVx7RsfZmGb5AbRF+EOi8=; b=V7UybrLoP4lk85akltBJEX7GVgpOCdRPBMH2/5pC2pN+Foq6JomlFMQMl/ow+bZ8VE IFtGDo38B9nHMUOO2W9zY7zbUSFb7HJ5X2Pv+W/5i7WB88lOi25iBGa74h76rP5H703V nwac1OD0A6G7ZjX0EloNfuuk+E5CqBtpvQ//neY8s7W0ibJ2RH8/beimUz8FdfyZjJ15 S7dOogRwbVnEr/BzTDBH4/eaes2rghnT9ex9L2J9r3ZENx5ZfqhmCTbsldgcPca6gTwj 4ot9OKVLi5bDz6LmkzG2YKM9d8Vh6BXD9Bjpx3I+pOtSzorZ+jGaTzi0QpENwTBeX4Bo 5PSA==
X-Received: by 10.69.4.5 with SMTP id ca5mr81175355pbd.109.1375284257947; Wed, 31 Jul 2013 08:24:17 -0700 (PDT)
Received: from dhcp-543c.meeting.ietf.org (dhcp-543c.meeting.ietf.org. [130.129.84.60]) by mx.google.com with ESMTPSA id a5sm467805pbw.4.2013.07.31.08.24.14 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 31 Jul 2013 08:24:16 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_774C57ED-37F6-4324-A57B-60E9F607F82D"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CAL02cgQhmU2O7=nVJS41iQWHp+EOaY-q8w5TFLtT4=fUrS3jYw@mail.gmail.com>
Date: Wed, 31 Jul 2013 17:24:12 +0200
Message-Id: <2EFF8E93-C682-460D-95A5-4724CD5AA74D@ve7jtb.com>
References: <CAL02cgQUmNqq62S553muLz3L8Xk9tT1W_jR7j3fHXEhH4wvoVA@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436B734340@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgQhmU2O7=nVJS41iQWHp+EOaY-q8w5TFLtT4=fUrS3jYw@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.1508)
X-Gm-Message-State: ALoCoQk2X6AcCwiG+JmJ9HrTj8AzHg08IGQMqQmsyQGWNcUam11CP/VH+wkHDs9CFq87CIO6rkEe
Cc: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Signature algorithm "none"
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2013 15:24:30 -0000
Applications need to define what signature algorithms they accept. In some cases over some communication channels the signature may not be required. Applications processing JWT like Connect want to process tokens consistently. Receiving a JWT with a alg of none is fine under some circumstances. In general you would restrict the library from accepting it. John B. On 2013-07-31, at 3:44 PM, Richard Barnes <rlb@ipv.sx> wrote: > Ok. That seems like a bug in OpenID Connect. They should be switching the content type (JWS vs. bare request) or using detached signatures. > > What's the result of JWS verification when "alg" == "none"? It seems like it has to be either "True" or "False". If you pick "true", there's an easy attack where you just change the algorithm to "none" and delete the signature. If you pick "false"... well it seems silly to have a signature algorithm that never verifies. > > > > > > On Wed, Jul 31, 2013 at 2:48 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > It’s optional to sign lots of content. For instance, OpenID Connect requests can be signed or unsigned, depending upon the security properties desired. “alg”:”none” is used for such unsigned requests. > > > > -- Mike > > > > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes > Sent: Wednesday, July 31, 2013 5:46 AM > To: jose@ietf.org > Subject: [jose] Signature algorithm "none" > > > > What's the use case for this? Can we delete it? > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" Mike Jones
- Re: [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" John Bradley
- Re: [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" nov matake
- Re: [jose] Signature algorithm "none" Brian Campbell