IETF Logo Mail Archive

Re: [jose] Gen-ART review of draft-ietf-jose-json-web-signature-33

Dave Cridland <dave@cridland.net> Tue, 30 September 2014 19:53 UTC

Return-Path: <dave@cridland.net>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2A681A8894 for <jose@ietfa.amsl.com>; Tue, 30 Sep 2014 12:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CutQQ7cAh_jo for <jose@ietfa.amsl.com>; Tue, 30 Sep 2014 12:53:44 -0700 (PDT)
Received: from mail-qa0-x22b.google.com (mail-qa0-x22b.google.com [IPv6:2607:f8b0:400d:c00::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7F221A8895 for <jose@ietf.org>; Tue, 30 Sep 2014 12:53:39 -0700 (PDT)
Received: by mail-qa0-f43.google.com with SMTP id cm18so915321qab.30 for <jose@ietf.org>; Tue, 30 Sep 2014 12:53:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vkB7nZ2sHc22jzBa+h//sxURyy6R1jwpwqZQhH7xmmU=; b=gTvCcHMFgxh76YMSg3+PQ2Joj3wK2S3y4MQ8MvVA7oEGjmfABSShSHLkDZsu0tAy66 FTg/WsQZ4NL5clU2u4UHAyj7g2evnineWPVRmC/KkNarILHfGdXckQQlsUjIZRnJa4ZV D8iBYVGGWyfvC6D1cy+cKXa2p5VnMqXY24hD8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=vkB7nZ2sHc22jzBa+h//sxURyy6R1jwpwqZQhH7xmmU=; b=bt0WPPx0HyNj9WP9pT45nRkUllMaLXS9CHS5BGkwoWOdq5NdICuQ1tPYb0+prVXB6e njmSvBRN4MZdIHQFixwnNX7B98sW5wL44RjBThvmdkwAAsDxX9wyGz7wgcPm8MeRsqf4 d8kcxMMrM4TrrdtKfHvj44LzdMtP9CcXSazYY5DXXsY7W51l5J1w/zMRqpU1tOjmecQa QILAs7/3JEp2EBuwqQW03gjJ8Rd2AeeCeupHItsI/t4TtSqDUUeJnKRkQ4pVIpwVU4Hz VvMiwyqLga8PNqCuXnSrmFkS/1bOVlOsZrcTvQFgxO9n2Hw8pTVQv7e/icj++Ao9cvqA X/xw==
X-Gm-Message-State: ALoCoQmXV7Cm0/Asuo6LxI9Aet6OzRpMkKcnl5P8AW0DPHEoXpdD8tufKJA1chyUd5FrI9K7QPom
MIME-Version: 1.0
X-Received: by 10.224.79.67 with SMTP id o3mr15822194qak.103.1412106816975; Tue, 30 Sep 2014 12:53:36 -0700 (PDT)
Received: by 10.140.161.214 with HTTP; Tue, 30 Sep 2014 12:53:36 -0700 (PDT)
In-Reply-To: <D3F91FC4-9180-49B3-A5CD-68D3CD1ACF9F@ve7jtb.com>
References: <23AB1ACB-02B2-4E82-A832-E89E61795C85@vigilsec.com> <4E1F6AAD24975D4BA5B16804296739439BAA578E@TK5EX14MBXC288.redmond.corp.microsoft.com> <CAKHUCzzPhBxrW4d1FMQXS=tbwT-8Tf+uC62r8CVNV_T5YXXL5Q@mail.gmail.com> <D3F91FC4-9180-49B3-A5CD-68D3CD1ACF9F@ve7jtb.com>
Date: Tue, 30 Sep 2014 20:53:36 +0100
Message-ID: <CAKHUCzwdXGbawcGbpgehpQ8+KUkcaZx+MbU0=LaZKjqPxZZXhw@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="047d7bdc9f78362e4605044dbdad"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/um9mS0NmTnjsjfG1AZA8-qCMCn4
X-Mailman-Approved-At: Tue, 30 Sep 2014 13:15:59 -0700
Cc: IETF <ietf@ietf.org>, IETF Gen-ART <gen-art@ietf.org>, Russ Housley <housley@vigilsec.com>, Michael Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>, "draft-ietf-jose-json-web-signature.all@tools.ietf.org" <draft-ietf-jose-json-web-signature.all@tools.ietf.org>
Subject: Re: [jose] Gen-ART review of draft-ietf-jose-json-web-signature-33
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2014 19:53:46 -0000

On 30 September 2014 20:37, John Bradley <ve7jtb@ve7jtb.com> wrote:

> I agree, the likelihood of the application correctly walking the path and
> validating the chain is very small.
>
>
I think the likelihood of the application being *able* to is small given
the scope - however if it can, we should assume that it will.


> I strongly prefer leaving it a MUST use TLS and validate the server per
> RFC 6125.
>
> The other thing to note is that the CN of the cert is not in the header.
> If TLS is not used an attacker could simply modify the DNS to retrieve any
> valid certificate and use that to sign.
>
>
Whilst I agree there's a range of attacks possible against non-validating
clients - although "the CN of the cert" sets my teeth on edge - an attacker
cannot do these if the application performs path validation and checks the
key matches.

"SHOULD" and "MUST" are not a stick to beat the unthinking implementer, and
if there exist perfectly reasonable cases where this particular MUST can be
ignored, then by insisting on a MUST here we are simply weakening the
emphasis that all other RFC 2119 language has in this document.

"MUST unless you do X" is a compromise I'd be happy with, although that is
basically what "SHOULD" means.

Certainly this does require the rationale be documented in any case.

Dave.

v2.23.0 | Report a Bug | By Email