Re: [OAUTH-WG] Plaintext JWT bug
Mike Jones <Michael.Jones@microsoft.com> Thu, 01 August 2013 12:26 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69DD121F9DA3 for <oauth@ietfa.amsl.com>; Thu, 1 Aug 2013 05:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.286
X-Spam-Level:
X-Spam-Status: No, score=-2.286 tagged_above=-999 required=5 tests=[AWL=-1.691, BAYES_00=-2.599, HTML_MESSAGE=0.001, TRACKER_ID=2.003]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Hby6xR5Pfnt for <oauth@ietfa.amsl.com>; Thu, 1 Aug 2013 05:26:46 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0253.outbound.messaging.microsoft.com [213.199.154.253]) by ietfa.amsl.com (Postfix) with ESMTP id 231F821E83A0 for <oauth@ietf.org>; Thu, 1 Aug 2013 05:22:48 -0700 (PDT)
Received: from mail92-db9-R.bigfish.com (10.174.16.239) by DB9EHSOBE041.bigfish.com (10.174.14.104) with Microsoft SMTP Server id 14.1.225.22; Thu, 1 Aug 2013 12:22:43 +0000
Received: from mail92-db9 (localhost [127.0.0.1]) by mail92-db9-R.bigfish.com (Postfix) with ESMTP id 57666480192; Thu, 1 Aug 2013 12:22:43 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: -22
X-BigFish: VS-22(zz9371Ic85fh4015Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1d7338h1de098h1033IL177df4h17326ah18c673h1de096h8275bh8275dh1de097hz2fh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1b0ah1bceh1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail92-db9: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail92-db9 (localhost.localdomain [127.0.0.1]) by mail92-db9 (MessageSwitch) id 1375359704560261_30333; Thu, 1 Aug 2013 12:21:44 +0000 (UTC)
Received: from DB9EHSMHS014.bigfish.com (unknown [10.174.16.241]) by mail92-db9.bigfish.com (Postfix) with ESMTP id A847E34007A; Thu, 1 Aug 2013 12:21:39 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by DB9EHSMHS014.bigfish.com (10.174.14.24) with Microsoft SMTP Server (TLS) id 14.16.227.3; Thu, 1 Aug 2013 12:21:39 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.38]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.03.0136.001; Thu, 1 Aug 2013 12:20:16 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Plaintext JWT bug
Thread-Index: AQHOjrFBukeaH+7+vU+VIhCHaU+nW5mART4g
Date: Thu, 01 Aug 2013 12:20:15 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B739BAB@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAL02cgRusCLRxfUOYTcJyWYz9vQZa95DVkiy6ZvfMUW67NM-eg@mail.gmail.com>
In-Reply-To: <CAL02cgRusCLRxfUOYTcJyWYz9vQZa95DVkiy6ZvfMUW67NM-eg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436B739BABTK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: Re: [OAUTH-WG] Plaintext JWT bug
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 12:26:56 -0000
This is useful because it means that you can pass both unsigned and signed content using the same syntax, with no special parsing required. This is used in practice, for instance, to enable both unsigned and signed request objects, signed and unsigned ID Tokens, etc. This is already in widespread use. I'm kind of surprised that this is coming up now. This has been in JWT since March 2011 and in the JOSE specs since the working group versions, so it's not exactly a surprise. (The biggest change was that we moved it from JWT to JWS in March 2012, at Jim Schaad's suggestion, because it is generally useful outside of just JWTs.) Yes, an alternative syntax could have been used, but using the "alg":"none" value to express this works fine in practice. I don't perceive a compelling reason to change it at this point. -- Mike From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Richard Barnes Sent: Thursday, August 01, 2013 5:08 AM To: oauth@ietf.org WG Subject: [OAUTH-WG] Plaintext JWT bug It has come to my attention that JWT is using "alg":"none" to create "Plaintext JWTs". Some of us in JOSE believe that this "alg" value should be removed, because of a risk of downgrade attacks. In order to do that, a suggested revision to JWT is below. To summarize: -- Plaintext JWTs are not JWSs. -- They just have a header and payload (separated by a '.') -- The header MUST NOT contain "alg", since there's no crypto going on Thanks, --Richard -----BEGIN----- 6. Plaintext JWTs To support use cases where the JWT content is secured by a means other than a signature and/or encryption contained within the JWT (such as a signature on a data structure containing the JWT), JWTs MAY also be created without a signature or encryption. A plaintext JWT is the concatenation of a base64url-encoded JWT Header, a period ('.') character, and the base64url-encoded JWT Claims Set. The header of a plaintext JWT contains parameters drawn from the set as the JWS header. However, a JWT header MUST NOT contain an "alg" header parameter, since no cryptographic processing is being performed. 6.1. Example Plaintext JWT The following example JWT Header declares that the encoded object is a Plaintext JWT: {"typ":"JWT"} Base64url encoding the octets of the UTF-8 representation of the JWT Header yields this Encoded JWT Header: eyJ0eXAiOiJKV1QifQ The following is an example of a JWT Claims Set: {"iss":"joe", "exp":1300819380, "http://example.com/is_root":true} Base64url encoding the octets of the UTF-8 representation of the JWT Claims Set yields this Encoded JWS Payload (with line breaks for display purposes only): eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt cGxlLmNvbS9pc19yb290Ijp0cnVlfQ Concatenating these parts in this order with aperiod ('.') character between the parts yields this complete JWT (with line breaks for display purposes only): eyJ0eXAiOiJKV1QifQ . eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt cGxlLmNvbS9pc19yb290Ijp0cnVlfQ -----END-----
- [OAUTH-WG] Plaintext JWT bug Richard Barnes
- Re: [OAUTH-WG] Plaintext JWT bug Mike Jones
- Re: [OAUTH-WG] Plaintext JWT bug Richard Barnes
- Re: [OAUTH-WG] Plaintext JWT bug Mike Jones
- Re: [OAUTH-WG] Plaintext JWT bug Richard Barnes