IETF Logo Mail Archive

Re: [jose] Signature algorithm "none"

Brian Campbell <bcampbell@pingidentity.com> Thu, 01 August 2013 05:57 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1451F21F994B for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 22:57:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.565
X-Spam-Level:
X-Spam-Status: No, score=-5.565 tagged_above=-999 required=5 tests=[AWL=-0.189, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMl2mFfbiHTT for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 22:57:29 -0700 (PDT)
Received: from na3sys009aog135.obsmtp.com (na3sys009aog135.obsmtp.com [74.125.149.84]) by ietfa.amsl.com (Postfix) with ESMTP id 67DEF21F8616 for <jose@ietf.org>; Wed, 31 Jul 2013 22:57:29 -0700 (PDT)
Received: from mail-oa0-f48.google.com ([209.85.219.48]) (using TLSv1) by na3sys009aob135.postini.com ([74.125.148.12]) with SMTP ID DSNKUfn4x6flDJv19V1uCM5qY0e/lHo3TUhm@postini.com; Wed, 31 Jul 2013 22:57:29 PDT
Received: by mail-oa0-f48.google.com with SMTP id f4so3484818oah.35 for <jose@ietf.org>; Wed, 31 Jul 2013 22:57:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=JutCZJzFrTcMnGdxAogkDCqCZZDh2tW+WrT56FPqOMs=; b=ODsKF6DZZB5LHKsA87kvZEDgAXL/i5nf6hlV978SW9jN+LdxfT0EwWjdEsR2znsfSH 7npQo38eNnxakn6Qwal+3SvD26Jp+xdwjH061QTUC02x6+jlnSZ1Z+q+ympiiVlJip7p ClhMSeyynuGKlMEKhyx2MxEAZPyHi7oGkJ1yor2O/0JSGtIOAbNhbg7PPXl1yeNJFDIY XTLAKuIJhCb1DTIRw4JmEAbwr5Bex9LrksYuDzKS22auyIbkIe40a0fARHeSPx5zBnbx sDmRyamMB7l+UrMbuKc9ma8OzZoKlBNx2YrVplPUOPdMq4QuvFO7ZMvzTomBd9/rRnKJ w0zA==
X-Received: by 10.42.123.139 with SMTP id s11mr22648003icr.82.1375336647424; Wed, 31 Jul 2013 22:57:27 -0700 (PDT)
X-Received: by 10.42.123.139 with SMTP id s11mr22648000icr.82.1375336647303; Wed, 31 Jul 2013 22:57:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.41.34 with HTTP; Wed, 31 Jul 2013 22:56:57 -0700 (PDT)
In-Reply-To: <FDF3A532-FF44-4A67-BB4A-8709213D8FED@gmail.com>
References: <CAL02cgQUmNqq62S553muLz3L8Xk9tT1W_jR7j3fHXEhH4wvoVA@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436B734340@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgQhmU2O7=nVJS41iQWHp+EOaY-q8w5TFLtT4=fUrS3jYw@mail.gmail.com> <2EFF8E93-C682-460D-95A5-4724CD5AA74D@ve7jtb.com> <CAL02cgQ+YZghfjkWCWLamQ7qJi271LBNUiuGRWTfmNEd0jRyYg@mail.gmail.com> <FDF3A532-FF44-4A67-BB4A-8709213D8FED@gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 01 Aug 2013 07:56:57 +0200
Message-ID: <CA+k3eCS81msYqBKuJPHghoi42tXD7p2-hjrB9c5hSnkLH=eGhA@mail.gmail.com>
To: nov matake <matake@gmail.com>
Content-Type: multipart/alternative; boundary="20cf3010e7194f86b404e2dc84f5"
X-Gm-Message-State: ALoCoQkmvbDNVfR7ZQ0Na/m6B0k2OESep08Os4dyPK1zLXeDHTX6k+KZwCAeMUaPszERJEJABIv4T2k8jKCOr4WDYZBWv3kvQ86MmrLTCRtdzC4heu4MiilUs4xC8/QrRjqkDAnFkgGd
Cc: Richard Barnes <rlb@ipv.sx>, John Bradley <ve7jtb@ve7jtb.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Signature algorithm "none"
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 05:57:34 -0000

Similarly my implementation (https://bitbucket.org/b_c/jose4j/) raises an
exception when a key is provided and the none algorithm is being used.
Otherwise verificaion evaluates to true, if the Encoded JWS Signature is
the empty string.
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.6


On Thu, Aug 1, 2013 at 2:33 AM, nov matake <matake@gmail.com> wrote:

> If the function received shared/public key, then it should raise an error
> for alg=none case.
> If no keys are given, it should raise an error for alg=anything-not-none
> case.
>
> That's my json-jwt rubygem behaviour.
>
> nov
>
> On Aug 1, 2013, at 1:40 AM, Richard Barnes <rlb@ipv.sx> wrote:
>
> You didn't answer my question: When I put a JWS with "alg":"none" into
> bool JOSE::verify(), what do I get?
>
> The consistency you assert is illusory.
>
>
> On Wed, Jul 31, 2013 at 5:24 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:
>
>> Applications need to define what signature algorithms they accept.   In
>> some cases over some communication channels the signature may not be
>> required.
>>
>> Applications processing JWT like Connect want to process tokens
>> consistently.  Receiving a JWT with a alg of none is fine under some
>> circumstances.
>> In general you would restrict the library from accepting it.
>>
>> John B.
>>
>> On 2013-07-31, at 3:44 PM, Richard Barnes <rlb@ipv.sx> wrote:
>>
>> Ok. That seems like a bug in OpenID Connect.  They should be switching
>> the content type (JWS vs. bare request) or using detached signatures.
>>
>> What's the result of JWS verification when "alg" == "none"?  It seems
>> like it has to be either "True" or "False".  If you pick "true", there's an
>> easy attack where you just change the algorithm to "none" and delete the
>> signature.  If you pick "false"... well it seems silly to have a signature
>> algorithm that never verifies.
>>
>>
>>
>>
>>
>> On Wed, Jul 31, 2013 at 2:48 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:
>>
>>>  It’s optional to sign lots of content.  For instance, OpenID Connect
>>> requests can be signed or unsigned, depending upon the security properties
>>> desired.  “alg”:”none” is used for such unsigned requests.****
>>>
>>> ** **
>>>
>>>                                                             -- Mike****
>>>
>>> ** **
>>>
>>> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
>>> Of *Richard Barnes
>>> *Sent:* Wednesday, July 31, 2013 5:46 AM
>>> *To:* jose@ietf.org
>>> *Subject:* [jose] Signature algorithm "none"****
>>>
>>> ** **
>>>
>>> What's the use case for this?  Can we delete it?****
>>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>>
>>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>

v2.23.0 | Report a Bug | By Email