Re: [jose] Signature algorithm "none"
Brian Campbell <bcampbell@pingidentity.com> Thu, 01 August 2013 05:57 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1451F21F994B for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 22:57:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.565
X-Spam-Level:
X-Spam-Status: No, score=-5.565 tagged_above=-999 required=5 tests=[AWL=-0.189, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMl2mFfbiHTT for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 22:57:29 -0700 (PDT)
Received: from na3sys009aog135.obsmtp.com (na3sys009aog135.obsmtp.com [74.125.149.84]) by ietfa.amsl.com (Postfix) with ESMTP id 67DEF21F8616 for <jose@ietf.org>; Wed, 31 Jul 2013 22:57:29 -0700 (PDT)
Received: from mail-oa0-f48.google.com ([209.85.219.48]) (using TLSv1) by na3sys009aob135.postini.com ([74.125.148.12]) with SMTP ID DSNKUfn4x6flDJv19V1uCM5qY0e/lHo3TUhm@postini.com; Wed, 31 Jul 2013 22:57:29 PDT
Received: by mail-oa0-f48.google.com with SMTP id f4so3484818oah.35 for <jose@ietf.org>; Wed, 31 Jul 2013 22:57:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=JutCZJzFrTcMnGdxAogkDCqCZZDh2tW+WrT56FPqOMs=; b=ODsKF6DZZB5LHKsA87kvZEDgAXL/i5nf6hlV978SW9jN+LdxfT0EwWjdEsR2znsfSH 7npQo38eNnxakn6Qwal+3SvD26Jp+xdwjH061QTUC02x6+jlnSZ1Z+q+ympiiVlJip7p ClhMSeyynuGKlMEKhyx2MxEAZPyHi7oGkJ1yor2O/0JSGtIOAbNhbg7PPXl1yeNJFDIY XTLAKuIJhCb1DTIRw4JmEAbwr5Bex9LrksYuDzKS22auyIbkIe40a0fARHeSPx5zBnbx sDmRyamMB7l+UrMbuKc9ma8OzZoKlBNx2YrVplPUOPdMq4QuvFO7ZMvzTomBd9/rRnKJ w0zA==
X-Received: by 10.42.123.139 with SMTP id s11mr22648003icr.82.1375336647424; Wed, 31 Jul 2013 22:57:27 -0700 (PDT)
X-Received: by 10.42.123.139 with SMTP id s11mr22648000icr.82.1375336647303; Wed, 31 Jul 2013 22:57:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.41.34 with HTTP; Wed, 31 Jul 2013 22:56:57 -0700 (PDT)
In-Reply-To: <FDF3A532-FF44-4A67-BB4A-8709213D8FED@gmail.com>
References: <CAL02cgQUmNqq62S553muLz3L8Xk9tT1W_jR7j3fHXEhH4wvoVA@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436B734340@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgQhmU2O7=nVJS41iQWHp+EOaY-q8w5TFLtT4=fUrS3jYw@mail.gmail.com> <2EFF8E93-C682-460D-95A5-4724CD5AA74D@ve7jtb.com> <CAL02cgQ+YZghfjkWCWLamQ7qJi271LBNUiuGRWTfmNEd0jRyYg@mail.gmail.com> <FDF3A532-FF44-4A67-BB4A-8709213D8FED@gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 01 Aug 2013 07:56:57 +0200
Message-ID: <CA+k3eCS81msYqBKuJPHghoi42tXD7p2-hjrB9c5hSnkLH=eGhA@mail.gmail.com>
To: nov matake <matake@gmail.com>
Content-Type: multipart/alternative; boundary="20cf3010e7194f86b404e2dc84f5"
X-Gm-Message-State: ALoCoQkmvbDNVfR7ZQ0Na/m6B0k2OESep08Os4dyPK1zLXeDHTX6k+KZwCAeMUaPszERJEJABIv4T2k8jKCOr4WDYZBWv3kvQ86MmrLTCRtdzC4heu4MiilUs4xC8/QrRjqkDAnFkgGd
Cc: Richard Barnes <rlb@ipv.sx>, John Bradley <ve7jtb@ve7jtb.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Signature algorithm "none"
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 05:57:34 -0000
Similarly my implementation (https://bitbucket.org/b_c/jose4j/) raises an exception when a key is provided and the none algorithm is being used. Otherwise verificaion evaluates to true, if the Encoded JWS Signature is the empty string. http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.6 On Thu, Aug 1, 2013 at 2:33 AM, nov matake <matake@gmail.com> wrote: > If the function received shared/public key, then it should raise an error > for alg=none case. > If no keys are given, it should raise an error for alg=anything-not-none > case. > > That's my json-jwt rubygem behaviour. > > nov > > On Aug 1, 2013, at 1:40 AM, Richard Barnes <rlb@ipv.sx> wrote: > > You didn't answer my question: When I put a JWS with "alg":"none" into > bool JOSE::verify(), what do I get? > > The consistency you assert is illusory. > > > On Wed, Jul 31, 2013 at 5:24 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: > >> Applications need to define what signature algorithms they accept. In >> some cases over some communication channels the signature may not be >> required. >> >> Applications processing JWT like Connect want to process tokens >> consistently. Receiving a JWT with a alg of none is fine under some >> circumstances. >> In general you would restrict the library from accepting it. >> >> John B. >> >> On 2013-07-31, at 3:44 PM, Richard Barnes <rlb@ipv.sx> wrote: >> >> Ok. That seems like a bug in OpenID Connect. They should be switching >> the content type (JWS vs. bare request) or using detached signatures. >> >> What's the result of JWS verification when "alg" == "none"? It seems >> like it has to be either "True" or "False". If you pick "true", there's an >> easy attack where you just change the algorithm to "none" and delete the >> signature. If you pick "false"... well it seems silly to have a signature >> algorithm that never verifies. >> >> >> >> >> >> On Wed, Jul 31, 2013 at 2:48 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: >> >>> It’s optional to sign lots of content. For instance, OpenID Connect >>> requests can be signed or unsigned, depending upon the security properties >>> desired. “alg”:”none” is used for such unsigned requests.**** >>> >>> ** ** >>> >>> -- Mike**** >>> >>> ** ** >>> >>> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf >>> Of *Richard Barnes >>> *Sent:* Wednesday, July 31, 2013 5:46 AM >>> *To:* jose@ietf.org >>> *Subject:* [jose] Signature algorithm "none"**** >>> >>> ** ** >>> >>> What's the use case for this? Can we delete it?**** >>> >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> >> >> > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" Mike Jones
- Re: [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" John Bradley
- Re: [jose] Signature algorithm "none" Richard Barnes
- Re: [jose] Signature algorithm "none" nov matake
- Re: [jose] Signature algorithm "none" Brian Campbell