Re: [jose] JWS Signing of HTTP attachments
Jim Schaad <ietf@augustcellars.com> Fri, 12 May 2017 16:51 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 992E1129AEA for <jose@ietfa.amsl.com>; Fri, 12 May 2017 09:51:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q6YKGu9xMIiu for <jose@ietfa.amsl.com>; Fri, 12 May 2017 09:51:18 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 753CF12E9A1 for <jose@ietf.org>; Fri, 12 May 2017 09:45:51 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1494607550; h=from:subject:to:date:message-id; bh=28P2Xum1CKVkAhqQIp+gHzDzCTHRbeh/NaZt0djYamM=; b=GsXTfBVyURXtN1zToVJuhsYsqBMjF3/CyYPZFPMAliEdlrWjRUKCHapPeZTE9FR3pT6swtoLzgQ XygS2CFf9HGlvVl7Y50YB3ibJ26b75Mtmq192xfZH/QN4eB/yTQiWPIKlgGIXbkOE5oic8Ci+B87G SmLT3TYFWlvLAD846P7gFz7fLwgEkljqBY8mfsr8pB3YaLj3niNcy0kAIJbGNM/jckBS6uMf1Terg 6Z1iOnq54z33kHERRt69lGbBnwlh5042X/38/hrtLWV5Q5lhdZyfwMehNoEdM5C6indCN3TNDMFqd 6d9Tmh1Krh5A/L+ij6sXrJ9WJqKylLNbSG9Q==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 12 May 2017 09:45:49 -0700
Received: from Hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 12 May 2017 09:45:35 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Sergey Beryozkin' <sberyozkin@gmail.com>, 'Ilari Liusvaara' <ilariliusvaara@welho.com>
CC: jose@ietf.org
References: <33ea6034-2e07-59dc-0561-58b45dfeefe7@gmail.com> <20170512155248.GA30318@LK-Perkele-V2.elisa-laajakaista.fi> <ee972cc0-3ada-1304-d62e-2e92f84629e4@gmail.com>
In-Reply-To: <ee972cc0-3ada-1304-d62e-2e92f84629e4@gmail.com>
Date: Fri, 12 May 2017 09:45:55 -0700
Message-ID: <014001d2cb3f$3bbbfe80$b333fb80$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJlIXdK1+k62RQYyIkjJlO4NgJcDAFwkxL8Aob77TSgrH5PgA==
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/beIXZSsFzZSwWTbuem-gdZhGdn0>
Subject: Re: [jose] JWS Signing of HTTP attachments
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2017 16:51:21 -0000
-----Original Message----- From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Sergey Beryozkin Sent: Friday, May 12, 2017 9:04 AM To: Ilari Liusvaara <ilariliusvaara@welho.com> Cc: jose@ietf.org Subject: Re: [jose] JWS Signing of HTTP attachments Thanks for the initial feedback. I'm not following at the moment how any of these attacks can affect it. Perhaps I'll need to work on making it more obvious how it is all implemented. It is simply a concrete implementation of JWS with Detached Content. The content is written out and by the time it's finished the JWS payload will be finished and will accompany this content. On the receiving end the verification provider will be instantiated (with the proper care, example, the server will not support the dynamic verification provider selection process - i.e - will be expected to process only RSA or HMAC etc signatures). Once this provider is available it will then get all the data which is being read passing through the verification process and finally compare the signatures [JLS] To be clear here, the question that is being asked is - are we going to show content to the user, and perhaps start executing script, before we have finished verifying the signature. This is normal for browsers as they do incremental display as things are processed. And then, what happens to the display if the signature fails to verify. Cheers, Sergey On 12/05/17 16:52, Ilari Liusvaara wrote: > On Fri, May 12, 2017 at 01:59:21PM +0100, Sergey Beryozkin wrote: >> Hi All, >> >> I've experimented in our project with having HTTP attachment parts >> protected using JWS with Detached Content and Unencoded Payload options [1]. >> >> This approach appears to be quite effective to me. It also appears to >> me that the data as shown in the example at [1], can, in principle, >> be produced and processed by any HTTP stack that can work with >> multiparts, assuming a JOSE library supporting the detached and >> unencoded content is also available. >> >> I'd appreciate if the experts could comment on 1) do you see some >> weaknesses in the proposed approach and 2) can someone see a point in >> drafting some text around it (I can contribute if it is of interest) ? > > It look from the text that the implementation can produce output > before the entiere signature (or tag in case of encryption) has been verified. > This is very dangerous if so. > > > Then there are the standard attacks against JOSE (the JOSE library > must not be vulernable to these): > > - The JWS HMAC versus signature confusion > - The JWE ECDH-ES invalid curve attack. > > > -Ilari > _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose
- [jose] JWS Signing of HTTP attachments Sergey Beryozkin
- Re: [jose] JWS Signing of HTTP attachments Ilari Liusvaara
- Re: [jose] JWS Signing of HTTP attachments Sergey Beryozkin
- Re: [jose] JWS Signing of HTTP attachments Ilari Liusvaara
- Re: [jose] JWS Signing of HTTP attachments Sergey Beryozkin
- Re: [jose] JWS Signing of HTTP attachments Jim Schaad
- Re: [jose] JWS Signing of HTTP attachments Sergey Beryozkin
- Re: [jose] JWS Signing of HTTP attachments Sergey Beryozkin