Re: [jose] Signature algorithm "none"
Richard Barnes <rlb@ipv.sx> Wed, 31 July 2013 16:40 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0727921F9D53 for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 09:40:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdJxzbfLDbzJ for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 09:40:03 -0700 (PDT)
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181]) by ietfa.amsl.com (Postfix) with ESMTP id C98A121F9EF0 for <jose@ietf.org>; Wed, 31 Jul 2013 09:40:02 -0700 (PDT)
Received: by mail-ob0-f181.google.com with SMTP id dn14so1823170obc.12 for <jose@ietf.org>; Wed, 31 Jul 2013 09:40:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=OTTocvH6cVGQG7nws3mDQMCu9b6dy1vQfp3bT6PgNMY=; b=YJtYoTmRvPi7sew8J/2uHfoQ384ZnzvxJS0pfIZ3CvM2F0TT23bFVcurGj6g+FI0Ba lc9tBL35Gh66mzCNwN8i4NIhvF3oHZrd8juoFc5TW/G2985fDgdb+u+Ef6LWcDDGac9S kVHx4m3CVUCWg9RCUdzAo37u646/xeXOICNO6VaY98zrdJ5lJGR5RFxaLctaqyVeq4iM AByKEbL1rUsnI6ftu2K4qCEvDBQQI95pbNyAVkGlb4GRAHs9fgMGHkaNSBX7+yoN+04g gK19MWOCBZSZ9/7wLpKNi0S3o/Cb3gZ96s70ta4Y53Y9G5mVdmiJy7VSgblHZBusToEv Nexw==
MIME-Version: 1.0
X-Received: by 10.60.124.228 with SMTP id ml4mr7228679oeb.47.1375288802194; Wed, 31 Jul 2013 09:40:02 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Wed, 31 Jul 2013 09:40:02 -0700 (PDT)
X-Originating-IP: [128.89.254.245]
In-Reply-To: <2EFF8E93-C682-460D-95A5-4724CD5AA74D@ve7jtb.com>
References: <CAL02cgQUmNqq62S553muLz3L8Xk9tT1W_jR7j3fHXEhH4wvoVA@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436B734340@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgQhmU2O7=nVJS41iQWHp+EOaY-q8w5TFLtT4=fUrS3jYw@mail.gmail.com> <2EFF8E93-C682-460D-95A5-4724CD5AA74D@ve7jtb.com>
Date: Wed, 31 Jul 2013 18:40:02 +0200
Message-ID: <CAL02cgQ+YZghfjkWCWLamQ7qJi271LBNUiuGRWTfmNEd0jRyYg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="047d7b3a928684c68904e2d160cb"
X-Gm-Message-State: ALoCoQlZ5+5CwexeNLdfQtiuXMc1YZ4gPoY5BFi6nwOsUGnxk43MKlSBq6LNgvDBMPYRFY2HZ/4F
Cc: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Signature algorithm "none"
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2013 16:40:19 -0000
You didn't answer my question: When I put a JWS with "alg":"none" into bool JOSE::verify(), what do I get? The consistency you assert is illusory. On Wed, Jul 31, 2013 at 5:24 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: > Applications need to define what signature algorithms they accept. In > some cases over some communication channels the signature may not be > required. > > Applications processing JWT like Connect want to process tokens > consistently. Receiving a JWT with a alg of none is fine under some > circumstances. > In general you would restrict the library from accepting it. > > John B. > > On 2013-07-31, at 3:44 PM, Richard Barnes <rlb@ipv.sx> wrote: > > Ok. That seems like a bug in OpenID Connect. They should be switching the > content type (JWS vs. bare request) or using detached signatures. > > What's the result of JWS verification when "alg" == "none"? It seems like > it has to be either "True" or "False". If you pick "true", there's an easy > attack where you just change the algorithm to "none" and delete the > signature. If you pick "false"... well it seems silly to have a signature > algorithm that never verifies. > > > > > > On Wed, Jul 31, 2013 at 2:48 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: > >> It’s optional to sign lots of content. For instance, OpenID Connect >> requests can be signed or unsigned, depending upon the security properties >> desired. “alg”:”none” is used for such unsigned requests.**** >> >> ** ** >> >> -- Mike**** >> >> ** ** >> >> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf >> Of *Richard Barnes >> *Sent:* Wednesday, July 31, 2013 5:46 AM >> *To:* jose@ietf.org >> *Subject:* [jose] Signature algorithm "none"**** >> >> ** ** >> >> What's the use case for this? Can we delete it?**** >> > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > >
- [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" Mike Jones
- Re: [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" John Bradley
- Re: [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" nov matake
- Re: [jose] Signature algorithm "none" Brian Campbell