Re: [jose] Deprecation of legacy algorithms
Michael Jones <michael_b_jones@hotmail.com> Tue, 05 March 2024 23:24 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCA02C14F695 for <jose@ietfa.amsl.com>; Tue, 5 Mar 2024 15:24:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7Zsnr6i4S8M for <jose@ietfa.amsl.com>; Tue, 5 Mar 2024 15:24:20 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12olkn2095.outbound.protection.outlook.com [40.92.22.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6618C14F618 for <jose@ietf.org>; Tue, 5 Mar 2024 15:24:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Je4XSqQLD33Ocwftx85cuE6eJkWxJTcSmIXA5zQnVHieSbyS3gt6lqvKM4otMpp0hxGJoLZKztxyz75YyTOK2r0lphI5kdyzdYt8jUz0xalyL3IYZ37LjX853IvtZfrmxjLR3nOE6YQXVVy+YJRyq3uWJf2UgN5w1YTw0+TE47KMvY8ZK/LuOj+QXeZRPj9O0aj0EQ7k/h6VI4eIMfJ5jrcgfaQmpSdVdD55jtWdl1jFwy+YejD2uNHG6puaWDNH/d0NpKn62PKRcahN43mxvJrVENdLndK4J2F8uMtLctrqeuI5NDuFPI/cCU6mPtTKps9H9LHJcfc5LzCJDynz8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mRcX0gEbmvzCrfx5mrUAkcT+MD7SXeucHZ8WyBldvaA=; b=VcIYAYNCKUZkVAi/Te+VH30ljiQ5tJu9KsMVwGqwngzsrTzz8gJelo81OC4m1DmPLqUZwnEheJO6TTofZXD8zQufQPNONne9ckD9IqS1USUK4JPkTGtGACHBZFwW2cyh9Srz5Njv5PKoGk0HgIL5GyEgL7QRcrcHh79Ggm24iRSQMvr6F6WCsB8FXzUhh1gd/o0p+i1OoiNRPUGp21kBkl/5AmhQk7MDXQYU65v+r5XFx/iEzsGuH6O1Hx0gQMIBSI/g7SlHprefh3Cp4WQ8I+KM82N41NEDc+UorJnZZ9FZ1XCKtWr16kdoq8ttgj1dKyjR4jzfxuZofZcbJgWrgg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mRcX0gEbmvzCrfx5mrUAkcT+MD7SXeucHZ8WyBldvaA=; b=l8qRkbWIBaPeRNh7ACCaEF5kqkRLyTK35Ycj/sgQ0m5fU/yqJnr5VWj29uu7ZMUuiasJ8AW4QGDTh3OicWT8rnBA/fql7af3iodktdlnLfxhRGsKKcB9pn5tCqcMCxJvsgfvc2zoBiPfzeEtRVmzUqE4tTQPuUVVmURibUQquZPl8DGCmByJUNGca73fvxj+OtHndzntkCkOMihxS41dNMqXBYt6dVbtYPFP3jMJVzXNK+rv75TRwiel1GjhCGE+BwPmvZoin7SbHM30KoroxdRa/Y3f+moAGHGMKGLVP29bVuNH2n/pdVGMILo+B5u72HTEu+8mH8y/9sVdvS7QQQ==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by IA0PR02MB9584.namprd02.prod.outlook.com (2603:10b6:208:406::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.39; Tue, 5 Mar 2024 23:24:18 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66%4]) with mapi id 15.20.7339.035; Tue, 5 Mar 2024 23:24:18 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>, Neil Madden <neil.e.madden@gmail.com>
CC: JOSE WG <jose@ietf.org>
Thread-Topic: [jose] Deprecation of legacy algorithms
Thread-Index: AQHabxW9yS83nLHqlkSBvji2Xc03JrEpru0AgAAWH/A=
Date: Tue, 05 Mar 2024 23:24:18 +0000
Message-ID: <SJ0PR02MB7439A5E8950C64607EA16629B7222@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <30D0C208-4543-48C0-952D-59B57633C1EA@gmail.com> <CAMBN2CS9GThaAkesKrX+yT3_Mc5h6xHqmfdAwV+UEE_6PQaJMQ@mail.gmail.com>
In-Reply-To: <CAMBN2CS9GThaAkesKrX+yT3_Mc5h6xHqmfdAwV+UEE_6PQaJMQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [3eTRtsV7VFLotUcqZnOG4K0a3T+mHz2TaymRjcONXv2AnjMGAA0Ob5s5JrJNt85gBSwn7muoCFk=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|IA0PR02MB9584:EE_
x-ms-office365-filtering-correlation-id: 5dc77c56-5f81-4bc3-f155-08dc3d6b6164
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TW1T4X7oUYxfrBBBCa48Bt09u18eesydH65sFo/fVN2p3Jg8dMkIKLPGK6b6L37kimwmwwAo0ESGncCOqHsYpexcWsvsFjgmXHr+gObH6ZBx9nbM/ZzccYG7I5biJ/7qS+G0XP4jPfVLIvoDob4ZbpmeJibHRVgVGzzEKRcNqGybURbeCmF/XbUpmzSaBS4fNQZ3qIG2kGu+q8huVj0xom31HdHzI8zWBrY0U42NajKsMmuEYhVvSwdy9hD0YQqWeyNDTrjoABLsFm+VBoC4f1EjuuCTCcuJVkmyY0Dc40Nto0zDQVlqA78YqwOtenqJWkDgreeMW/Q+HoiTyWi7J2MAPirR0nUfmUgWmFyRcaBorsn4G6Ml0UiTJXE8s02U1ai/ITSA+X+JfpGEUtxehEdbIAItHyfs11l6fvy3436wcD1Kg0CNNOCx9fED3XYF3FypSKHwS3nD/323Zbf7hGstOXRwH48aIh5PBtxlSnSq+aXuCKJpyeXaPNjmOd8sRsvsU+WtUYpkC1sKARU+yR23seltGyobpGJnJK6F5K1FT7XFX8u3b8JPgVCewXnB+Ms/TwtRnvNt51OqCcxFgUTiIy89+6t1PgCnaBVSWegiUuYZOQWNDWQsLBYgW+O9nfw3sZ00ET55v+sr+ui+G4tL0+L23S6j5Yz5At5Uzgo=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EYsWByoXLBI0GsyZTy0UrufLrxLJfVSwG7TDuIq8s3q6Fd7065q+M8GmYboWYVToTasTxy4U8Nw1Enw3YbYJhl6Z5vZ3svFaCllnILBjjUHXaph+2Xg4cKvgSS8DfNdFgJGDU3tmPF2ikFywTh2MUtcD3VFbWUQG5CnEQv8fUQ/gcbGaCVg7gAODmQWtKQZj/HTb4PTnJjd/YSGVzARzKM6+69dM5pyHgTr2kcBFBxTUYaHZ6Kuq/QJlMoJXOA4UiXUgkUpZRlLhC+uZj65gmHkOVFcqocR611iuE4lolEbv9bJ/rnBvh29rE9ZQMj0VAkEio9yLdBCicrY8yDtMZhlzktwvKp+C1IafU1NdIkyYQwGE+uisdAVoTQf2LyETWKdFnV1QJU6ouKUyZL1GZ442JAkImY6OoesbHS7lHkb0YfXBpkWR5hpKQb9FMJYRLn+TMBLC70vNVQFjWCQnP86MJ4USoOPrQBrVzJUPeZn3bTj93kaXgsij2o/+N+u3Uxuq4+o9hym/oae4DAv/HDInDvozoLDT0c9fN696oSfjUdH6G10rBV/xBVRXkJFfV6EpIynMRAdwDbsRZStgX3Q1uL45Kfn+ctF4xyB6tSy9CSxUc0qcXf53tepRzlQ3hspX7M0hlm0pg6+E1q3ZpGSVQJI+FMZU8Mu0mXE/4EjylKz/lBPEptV63p6E0kn+9o+3OYW7M4sb9PxxHwYZYCQqmYEa2BEkLV1svXXvjLhaD9OtupXI1oU6op04cbxRwIBeC9awV1/5dvD4pJVE3ntV52rYq9vIvD9lVg5MS2Vd2rInzqmCOTUhzbrdbGmRbBW28UO+6ZkNmERcF94eOgqjqXVbo2BbKEVOefaJQ0WHSXgLS9DTfjkwhHARZ4a20fU8lbr1J1q5O0RlGZ8DyDntLqVMmWtjXf67Zy/ZDBYSi+sDPnNVJXMIk+tKC0gW+p5iLaE7XwKokvQWQN/RdW6TDUx5rAalYRXppLFi9Yo1aZkyCJZPS9sP4WO7zz8NSKHzEDX5P/PSGFZmyxrPXUZQ935eOiyB68QBHgxD7H63CQG5yvNMIVjux1GrypFml81lbX9zvRzAa3/+fypUGBHrqnV+9ISz/CaHQ0rA0hRNSzVgcapkcXgAQQI8HcIM1BR6FkgOxut16vy5naiGsjTHCibZRZ3j7gjZtlv2l2tkZCJKJeBGdVgog2t7aMXSAblkauVvgspEVvVY/6K4VVgZ4J3Cw1TCSFRhzCfOEk8OmapyYJwEFk1FRA4beYyaVMWNgfBqLOKWLaa2MtQ5ReGtq+u638IEb5MwZeswISy7aDS0sIZPWL2Woi5mHgyH
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 5dc77c56-5f81-4bc3-f155-08dc3d6b6164
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2024 23:24:18.4059 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR02MB9584
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/fp-Ia3ClqwEHC0GPqjHWTmYGoE4>
Subject: Re: [jose] Deprecation of legacy algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 23:24:25 -0000
While this is been said many times before, it seems that it's time to say it again. The last point in the Message Signature or MAC Validation section at https://www.rfc-editor.org/rfc/rfc7515.html#section-5.2 is: "Finally, note that it is an application decision which algorithms may be used in a given context. Even if a JWS can be successfully validated, unless the algorithm(s) used in the JWS are acceptable to the application, it SHOULD consider the JWS to be invalid." "alg":"none" can only cause a problem if the application fails to validate whether the algorithms used are appropriate for use by the application in that context. The need to validate whether "alg":"none" is appropriate is no different than the need to validate whether use of RSA1_5 is appropriate. An ID Token using "alg":"none" sent over a TLS connect is fine, because TLS makes it tamper-proof. As it says at https://openid.net/specs/openid-connect-core-1_0.html#IDToken: "ID Tokens MUST NOT use "none" as the "alg" value unless the Response Type used returns no ID Token from the Authorization Endpoint (such as when using the Authorization Code Flow) and the Client explicitly requested the use of "none" at Registration time." The context where the algorithm is used matters. In the above usage, "alg":"none" is safe and appropriate. The issues that have happened only happened in applications that didn't implement the algorithm appropriateness check in Section 5.2. If they're not doing it for "none", they probably aren't doing it for any algorithms, and so the application would still be vulnerable to using obsolete algorithms even if we deprecated "none". Fix the broken applications. Don't remove essential functionality that's been a standard for nearly a decade and has been in production use longer than that. -- Mike -----Original Message----- From: jose <jose-bounces@ietf.org> On Behalf Of Manu Sporny Sent: Tuesday, March 5, 2024 1:46 PM To: Neil Madden <neil.e.madden@gmail.com> Cc: JOSE WG <jose@ietf.org> Subject: Re: [jose] Deprecation of legacy algorithms On Tue, Mar 5, 2024 at 10:56 AM Neil Madden <neil.e.madden@gmail.com> wrote: > RSA1_5 - currently marked as Recommended- in the IANA registry. +1 to deprecate (or go further, MUST fail to verify for software released after 2023). > none - I'm not sure there has actually been a year where this algorithm *hasn't* caused a vulnerability. +1 to deprecate (or go further, MUST fail to verify for software released after 2023). > I would also like to write a draft (either combined with the above or separate) that establishes some baseline security properties for future algorithm registrations: +1 -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/ _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose
- [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Ilari Liusvaara
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Brian Campbell
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Manu Sporny
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Vladimir Dzhuvinov
- Re: [jose] Deprecation of legacy algorithms Les Hazlewood
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Marc Blanchet
- Re: [jose] Deprecation of legacy algorithms Orie Steele