Re: [OAUTH-WG] Plaintext JWT bug
Richard Barnes <rlb@ipv.sx> Thu, 01 August 2013 12:28 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E391311E81BA for <oauth@ietfa.amsl.com>; Thu, 1 Aug 2013 05:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.812
X-Spam-Level:
X-Spam-Status: No, score=-1.812 tagged_above=-999 required=5 tests=[AWL=-0.839, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, TRACKER_ID=2.003]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g76sMU+7ENVA for <oauth@ietfa.amsl.com>; Thu, 1 Aug 2013 05:28:37 -0700 (PDT)
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181]) by ietfa.amsl.com (Postfix) with ESMTP id B20FF21E82E7 for <oauth@ietf.org>; Thu, 1 Aug 2013 05:23:57 -0700 (PDT)
Received: by mail-ob0-f181.google.com with SMTP id dn14so3649681obc.40 for <oauth@ietf.org>; Thu, 01 Aug 2013 05:23:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=m2fdG6ELdohVyX2YOR3fnjqPGgZwZ6UNz9IjnhE3q9c=; b=G+tljpyYIFKsdfnkAU900MQ76oF66aMMh0ge2Wtp7LiAFtFEpRx2tJbCsoyGKCd9mA 5zHCYlTMm0P+Ti5PlyjEvCylW5sA/GRo6b6QucKawvdj9h8vP5BhBzgeUchBFb+7tinb Vc/c0651vHi8iDuaA2hE/kugn0kFqxlzF5j+g4yFkWl9UWKlP2gyGXsmTp9r5LX1rciM TtcuqId4VyfFW/WAaE82T1UL2JisMbuVzX3tNQgJ1gjt+m0qx4+q6hWIZ0hqDg/s5nQw 8RPwpVbl1po9/la5CLdDiuTiFBKNm76+ff7x9EMdu/pN11LjtAY76TvN4q7JjA1MlHXm HoVw==
MIME-Version: 1.0
X-Received: by 10.60.97.74 with SMTP id dy10mr987239oeb.27.1375359835780; Thu, 01 Aug 2013 05:23:55 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Thu, 1 Aug 2013 05:23:55 -0700 (PDT)
X-Originating-IP: [2001:df8:0:16:f466:6c65:b20d:90f6]
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436B739BAB@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAL02cgRusCLRxfUOYTcJyWYz9vQZa95DVkiy6ZvfMUW67NM-eg@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436B739BAB@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Thu, 01 Aug 2013 14:23:55 +0200
Message-ID: <CAL02cgT5sbiFCdm7iGvhGcPg_+ro4E-tVdtGnfOLcF-S+z40dg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="089e0115e9fa7349f004e2e1ead8"
X-Gm-Message-State: ALoCoQkKyjFI4rf6C5qJvLF0T16scpXRG2Hr6Qk2VxCZyDnZguFlnZF7lHDzMgAJkO+xw25LEC/o
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Plaintext JWT bug
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 12:28:46 -0000
You don't view downgrade attacks as a compelling reason? I look forward to your attempt to get this through SECDIR review. On Thu, Aug 1, 2013 at 2:20 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: > This is useful because it means that you can pass both unsigned and > signed content using the same syntax, with no special parsing required. > This is used in practice, for instance, to enable both unsigned and signed > request objects, signed and unsigned ID Tokens, etc.**** > > ** ** > > This is already in widespread use.**** > > ** ** > > I'm kind of surprised that this is coming up now. This has been in JWT > since March 2011 and in the JOSE specs since the working group versions, so > it's not exactly a surprise. (The biggest change was that we moved it from > JWT to JWS in March 2012, at Jim Schaad's suggestion, because it is > generally useful outside of just JWTs.) Yes, an alternative syntax could > have been used, but using the "alg":"none" value to express this works fine > in practice. I don't perceive a compelling reason to change it at this > point.**** > > ** ** > > -- Mike**** > > ** ** > > *From:* oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On Behalf > Of *Richard Barnes > *Sent:* Thursday, August 01, 2013 5:08 AM > *To:* oauth@ietf.org WG > *Subject:* [OAUTH-WG] Plaintext JWT bug**** > > ** ** > > It has come to my attention that JWT is using "alg":"none" to create > "Plaintext JWTs". Some of us in JOSE believe that this "alg" value should > be removed, because of a risk of downgrade attacks. In order to do that, a > suggested revision to JWT is below. To summarize:**** > > -- Plaintext JWTs are not JWSs. **** > > -- They just have a header and payload (separated by a '.')**** > > -- The header MUST NOT contain "alg", since there's no crypto going on**** > > ** ** > > Thanks,**** > > --Richard**** > > ** ** > > ** ** > > -----BEGIN-----**** > > 6. Plaintext JWTs**** > > ** ** > > To support use cases where the JWT content is secured by a means**** > > other than a signature and/or encryption contained within the JWT**** > > (such as a signature on a data structure containing the JWT), JWTs**** > > MAY also be created without a signature or encryption. A plaintext**** > > JWT is the concatenation of a base64url-encoded JWT Header, a **** > > period ('.') character, and the base64url-encoded JWT Claims Set.**** > > ** ** > > The header of a plaintext JWT contains parameters drawn from the **** > > set as the JWS header. However, a JWT header MUST NOT contain an**** > > "alg" header parameter, since no cryptographic processing is being**** > > performed.**** > > ** ** > > 6.1. Example Plaintext JWT**** > > ** ** > > The following example JWT Header declares that the encoded object is*** > * > > a Plaintext JWT:**** > > ** ** > > {"typ":"JWT"}**** > > ** ** > > Base64url encoding the octets of the UTF-8 representation of the JWT*** > * > > Header yields this Encoded JWT Header:**** > > ** ** > > eyJ0eXAiOiJKV1QifQ**** > > ** ** > > The following is an example of a JWT Claims Set:**** > > ** ** > > {"iss":"joe",**** > > "exp":1300819380,**** > > "http://example.com/is_root":true}**** > > ** ** > > Base64url encoding the octets of the UTF-8 representation of the JWT*** > * > > Claims Set yields this Encoded JWS Payload (with line breaks for**** > > display purposes only):**** > > ** ** > > eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt**** > > cGxlLmNvbS9pc19yb290Ijp0cnVlfQ**** > > ** ** > > Concatenating these parts in this order with aperiod ('.') character*** > * > > between the parts yields this complete JWT (with line breaks for**** > > display purposes only):**** > > ** ** > > eyJ0eXAiOiJKV1QifQ**** > > .**** > > eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt**** > > cGxlLmNvbS9pc19yb290Ijp0cnVlfQ**** > > **** > > ** ** > > -----END-----**** > > ** ** >
- [OAUTH-WG] Plaintext JWT bug Richard Barnes
- Re: [OAUTH-WG] Plaintext JWT bug Mike Jones
- Re: [OAUTH-WG] Plaintext JWT bug Richard Barnes
- Re: [OAUTH-WG] Plaintext JWT bug Mike Jones
- Re: [OAUTH-WG] Plaintext JWT bug Richard Barnes