Re: [jose] JWK glitches in deployment

Mike Jones <> Tue, 23 September 2014 23:47 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E09EF1A88AB for <>; Tue, 23 Sep 2014 16:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id j8gpUkAPp0WK for <>; Tue, 23 Sep 2014 16:47:16 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fc10::743]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 857661A6F40 for <>; Tue, 23 Sep 2014 16:47:15 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1034.13; Tue, 23 Sep 2014 23:46:52 +0000
Received: from (2a01:111:f400:7c10::1:190) by (2a01:111:e400:1414::20) with Microsoft SMTP Server (TLS) id 15.0.1034.13 via Frontend Transport; Tue, 23 Sep 2014 23:46:52 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Tue, 23 Sep 2014 23:46:50 +0000
Received: from ([]) by ([]) with mapi id 14.03.0195.002; Tue, 23 Sep 2014 23:46:14 +0000
From: Mike Jones <>
To: Chuck Mortimore <>, "Manger, James" <>
Thread-Topic: [jose] JWK glitches in deployment
Thread-Index: Ac/A+eKYNRa6AT3ORduHKtSlXvbGfAAVNPiAA2XPkdACKKIH8A==
Date: Tue, 23 Sep 2014 23:46:14 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BA6F745TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(189002)(377454003)(43544003)(24454002)(57704003)(199003)(15975445006)(76482002)(77096002)(95666004)(84676001)(19300405004)(4396001)(20776003)(71186001)(66066001)(106466001)(83322001)(19625215002)(21056001)(104016003)(31966008)(69596002)(92566001)(19580405001)(77982003)(44976005)(99396002)(68736004)(79102003)(80022003)(86612001)(84326002)(85806002)(19580395003)(83072002)(6806004)(107046002)(55846006)(2656002)(74662003)(81542003)(81342003)(74502003)(86362001)(50986999)(90102001)(92726001)(85306004)(15202345003)(64706001)(54356999)(46102003)(85852003)(81156004)(76176999)(87936001)(97736003)(19617315012)(120916001)(512874002)(16236675004)(33656002)(10300001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1208;; FPR:; MLV:sfv; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1208;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0343AC1D30
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
Cc: "" <>
Subject: Re: [jose] JWK glitches in deployment
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 23 Sep 2014 23:47:19 -0000

This note to implementers has been added to the -32 draft.

                                                                -- Mike

From: jose [] On Behalf Of Mike Jones
Sent: Friday, September 12, 2014 5:05 PM
To: Chuck Mortimore; Manger, James
Subject: Re: [jose] JWK glitches in deployment

I propose that we add this note to the text describing the RSA modulus representation to help implementers, as Chuck suggested below:

                      Note that implementers have found that some cryptographic libraries
                      prefix an extra zero-valued octet to the modulus representations they return,
                      for instance, returning 257 octets for a 2048 bit key, rather than 256.
                      Implementations using such libraries will need to take care to omit
                      the extra octet from the base64url encoded representation.

                                                                -- Mike

From: jose [] On Behalf Of Chuck Mortimore
Sent: Tuesday, August 26, 2014 9:57 AM
To: Manger, James
Subject: Re: [jose] JWK glitches in deployment

We probably could have benefited from language in the spec calling out the leading zero byte as an area of concern.    That said our ecosystem detected it pretty quickly and after some collaborate with Microsoft, we have a fix due out this week, so the growing pains are sorting themselves out rather quickly.


On Mon, Aug 25, 2014 at 11:49 PM, Manger, James <<>> wrote:
In March, Google’s JWK file (used for OpenID Connect) had 3 bugs: base64 instead of base64url; 1024-bit instead of >=2048-bit; leading zero byte on moduli.
Today Google’s JWK file has 1 different bug: the base64url encoding has a trailing “=”.
Salesforce’s JWK file has 1 bug: a leading zero byte on the RSA moduli.

Are these just teething problems, or do we need a stronger warning in the spec. These bugs also change the JWK’s thumbprint (another reminder not to base security on thumbprints being unique for a given key).

James Manger