IETF Logo Mail Archive

Re: [OAUTH-WG] Plaintext JWT bug

Mike Jones <Michael.Jones@microsoft.com> Thu, 01 August 2013 12:26 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69DD121F9DA3 for <oauth@ietfa.amsl.com>; Thu, 1 Aug 2013 05:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.286
X-Spam-Level:
X-Spam-Status: No, score=-2.286 tagged_above=-999 required=5 tests=[AWL=-1.691, BAYES_00=-2.599, HTML_MESSAGE=0.001, TRACKER_ID=2.003]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Hby6xR5Pfnt for <oauth@ietfa.amsl.com>; Thu, 1 Aug 2013 05:26:46 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0253.outbound.messaging.microsoft.com [213.199.154.253]) by ietfa.amsl.com (Postfix) with ESMTP id 231F821E83A0 for <oauth@ietf.org>; Thu, 1 Aug 2013 05:22:48 -0700 (PDT)
Received: from mail92-db9-R.bigfish.com (10.174.16.239) by DB9EHSOBE041.bigfish.com (10.174.14.104) with Microsoft SMTP Server id 14.1.225.22; Thu, 1 Aug 2013 12:22:43 +0000
Received: from mail92-db9 (localhost [127.0.0.1]) by mail92-db9-R.bigfish.com (Postfix) with ESMTP id 57666480192; Thu, 1 Aug 2013 12:22:43 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: -22
X-BigFish: VS-22(zz9371Ic85fh4015Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1d7338h1de098h1033IL177df4h17326ah18c673h1de096h8275bh8275dh1de097hz2fh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1b0ah1bceh1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail92-db9: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail92-db9 (localhost.localdomain [127.0.0.1]) by mail92-db9 (MessageSwitch) id 1375359704560261_30333; Thu, 1 Aug 2013 12:21:44 +0000 (UTC)
Received: from DB9EHSMHS014.bigfish.com (unknown [10.174.16.241]) by mail92-db9.bigfish.com (Postfix) with ESMTP id A847E34007A; Thu, 1 Aug 2013 12:21:39 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by DB9EHSMHS014.bigfish.com (10.174.14.24) with Microsoft SMTP Server (TLS) id 14.16.227.3; Thu, 1 Aug 2013 12:21:39 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.38]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.03.0136.001; Thu, 1 Aug 2013 12:20:16 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Plaintext JWT bug
Thread-Index: AQHOjrFBukeaH+7+vU+VIhCHaU+nW5mART4g
Date: Thu, 01 Aug 2013 12:20:15 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B739BAB@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAL02cgRusCLRxfUOYTcJyWYz9vQZa95DVkiy6ZvfMUW67NM-eg@mail.gmail.com>
In-Reply-To: <CAL02cgRusCLRxfUOYTcJyWYz9vQZa95DVkiy6ZvfMUW67NM-eg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436B739BABTK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: Re: [OAUTH-WG] Plaintext JWT bug
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 12:26:56 -0000

This is useful because it means that you can pass both unsigned and signed content using the same syntax, with no special parsing required.  This is used in practice, for instance, to enable both unsigned and signed request objects, signed and unsigned ID Tokens, etc.



This is already in widespread use.



I'm kind of surprised that this is coming up now.  This has been in JWT since March 2011 and in the JOSE specs since the working group versions, so it's not exactly a surprise.  (The biggest change was that we moved it from JWT to JWS in March 2012, at Jim Schaad's suggestion, because it is generally useful outside of just JWTs.)  Yes, an alternative syntax could have been used, but using the "alg":"none" value to express this works fine in practice.  I don't perceive a compelling reason to change it at this point.



                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Thursday, August 01, 2013 5:08 AM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Plaintext JWT bug

It has come to my attention that JWT is using "alg":"none" to create "Plaintext JWTs".  Some of us in JOSE believe that this "alg" value should be removed, because of a risk of downgrade attacks.  In order to do that, a suggested revision to JWT is below.  To summarize:
-- Plaintext JWTs are not JWSs.
-- They just have a header and payload (separated by a '.')
-- The header MUST NOT contain "alg", since there's no crypto going on

Thanks,
--Richard


-----BEGIN-----
6.  Plaintext JWTs

   To support use cases where the JWT content is secured by a means
   other than a signature and/or encryption contained within the JWT
   (such as a signature on a data structure containing the JWT), JWTs
   MAY also be created without a signature or encryption.  A plaintext
   JWT is the concatenation of a base64url-encoded JWT Header, a
   period ('.') character, and the base64url-encoded JWT Claims Set.

   The header of a plaintext JWT contains parameters drawn from the
   set as the JWS header.  However, a JWT header MUST NOT contain an
   "alg" header parameter, since no cryptographic processing is being
   performed.

6.1.  Example Plaintext JWT

   The following example JWT Header declares that the encoded object is
   a Plaintext JWT:

     {"typ":"JWT"}

   Base64url encoding the octets of the UTF-8 representation of the JWT
   Header yields this Encoded JWT Header:

     eyJ0eXAiOiJKV1QifQ

   The following is an example of a JWT Claims Set:

     {"iss":"joe",
      "exp":1300819380,
      "http://example.com/is_root":true}

   Base64url encoding the octets of the UTF-8 representation of the JWT
   Claims Set yields this Encoded JWS Payload (with line breaks for
   display purposes only):

     eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
     cGxlLmNvbS9pc19yb290Ijp0cnVlfQ

   Concatenating these parts in this order with aperiod ('.') character
   between the parts yields this complete JWT (with line breaks for
   display purposes only):

     eyJ0eXAiOiJKV1QifQ
     .
     eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
     cGxlLmNvbS9pc19yb290Ijp0cnVlfQ


-----END-----

v2.23.0 | Report a Bug | By Email