IETF Logo Mail Archive

Re: [jose] JWS Signing of HTTP attachments

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 12 May 2017 15:58 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A18FE12EC6D for <jose@ietfa.amsl.com>; Fri, 12 May 2017 08:58:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdOu_lQkGwuZ for <jose@ietfa.amsl.com>; Fri, 12 May 2017 08:58:03 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id F274F12EC74 for <jose@ietf.org>; Fri, 12 May 2017 08:52:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id B24AD5FEF9; Fri, 12 May 2017 18:52:49 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id fx1-wXWjhZdc; Fri, 12 May 2017 18:52:49 +0300 (EEST)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 67FD527F; Fri, 12 May 2017 18:52:49 +0300 (EEST)
Date: Fri, 12 May 2017 18:52:48 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
Cc: "jose@ietf.org" <jose@ietf.org>
Message-ID: <20170512155248.GA30318@LK-Perkele-V2.elisa-laajakaista.fi>
References: <33ea6034-2e07-59dc-0561-58b45dfeefe7@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <33ea6034-2e07-59dc-0561-58b45dfeefe7@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/iQ-x-IRba6l1OwsKB8Ump8bAqk8>
Subject: Re: [jose] JWS Signing of HTTP attachments
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2017 15:58:06 -0000

On Fri, May 12, 2017 at 01:59:21PM +0100, Sergey Beryozkin wrote:
> Hi All,
> 
> I've experimented in our project with having HTTP attachment parts protected
> using JWS with Detached Content and Unencoded Payload options [1].
> 
> This approach appears to be quite effective to me. It also appears to me
> that the data as shown in the example at [1], can, in principle, be produced
> and processed by any HTTP stack that can work with multiparts, assuming a
> JOSE library supporting the detached and unencoded content is also
> available.
> 
> I'd appreciate if the experts could comment on 1) do you see some weaknesses
> in the proposed approach and 2) can someone see a point in drafting some
> text around it (I can contribute if it is of interest) ?

It look from the text that the implementation can produce output before
the entiere signature (or tag in case of encryption) has been verified.
This is very dangerous if so.


Then there are the standard attacks against JOSE (the JOSE library must
not be vulernable to these):

- The JWS HMAC versus signature confusion
- The JWE ECDH-ES invalid curve attack.


-Ilari

v2.23.0 | Report a Bug | By Email