Re: [jose] Signature algorithm "none"

Richard Barnes <rlb@ipv.sx> Wed, 31 July 2013 13:45 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B368411E8184 for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 06:45:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01cFXY43GhaZ for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 06:44:59 -0700 (PDT)
Received: from mail-oa0-f47.google.com (mail-oa0-f47.google.com [209.85.219.47]) by ietfa.amsl.com (Postfix) with ESMTP id 280A411E8178 for <jose@ietf.org>; Wed, 31 Jul 2013 06:44:55 -0700 (PDT)
Received: by mail-oa0-f47.google.com with SMTP id g12so1036910oah.34 for <jose@ietf.org>; Wed, 31 Jul 2013 06:44:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=+nLJeyN7/M/L2Z2AUwCptepFyyWBDkczVfSZbSBYUE0=; b=mgFavTE7qtZcZBy3XW08XRQbFH/IGCtk2EZlWp2wit0Ct5ybEb7VZTiIZxFyxikC0R l562WpMuHEDSnBFTHFOUq5j5wH4jv4yhy4onwlTFbS7ka+MprgvPX5kDFFfwlb15IRnK UfaleU+9M40O7rBGcUPfO/gYkMMHm/GQIdqrQOvtqTV2Q0loTJToiXCnjeK1Vmr39xsd GqUwv6UoZPWskmM7D1pYIbTtNDDUI17tUpSGFo7h/tuPSG6eZIim3SIIMAapqSmQYWS3 j8i8+fnonuhS2S2hryZeHLioX4TOpEiGsyR8I8Bl0yzDeg3cvZetzVjyEUoTI7V6vKWv /fuw==
MIME-Version: 1.0
X-Received: by 10.60.79.3 with SMTP id f3mr67166155oex.50.1375278292307; Wed, 31 Jul 2013 06:44:52 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Wed, 31 Jul 2013 06:44:52 -0700 (PDT)
X-Originating-IP: [128.89.254.234]
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436B734340@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAL02cgQUmNqq62S553muLz3L8Xk9tT1W_jR7j3fHXEhH4wvoVA@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436B734340@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Wed, 31 Jul 2013 15:44:52 +0200
Message-ID: <CAL02cgQhmU2O7=nVJS41iQWHp+EOaY-q8w5TFLtT4=fUrS3jYw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="089e0117795b14a4b004e2ceee30"
X-Gm-Message-State: ALoCoQlGSXRjSN+GT4vF08Ea3E5Tt7xGy8vcTlx2oVC3z4NI+zpOBeb8X+BLoPsY6ZeNPBEzKwKr
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Signature algorithm "none"
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2013 13:45:05 -0000

Ok. That seems like a bug in OpenID Connect.  They should be switching the
content type (JWS vs. bare request) or using detached signatures.

What's the result of JWS verification when "alg" == "none"?  It seems like
it has to be either "True" or "False".  If you pick "true", there's an easy
attack where you just change the algorithm to "none" and delete the
signature.  If you pick "false"... well it seems silly to have a signature
algorithm that never verifies.





On Wed, Jul 31, 2013 at 2:48 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  It’s optional to sign lots of content.  For instance, OpenID Connect
> requests can be signed or unsigned, depending upon the security properties
> desired.  “alg”:”none” is used for such unsigned requests.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Richard Barnes
> *Sent:* Wednesday, July 31, 2013 5:46 AM
> *To:* jose@ietf.org
> *Subject:* [jose] Signature algorithm "none"****
>
> ** **
>
> What's the use case for this?  Can we delete it?****
>