Re: [OAUTH-WG] [jose] Security research on JWT implementations
Tim McLean <tim@timmclean.net> Thu, 02 April 2015 20:57 UTC
Return-Path: <tim@timmclean.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7935B1A1B27 for <oauth@ietfa.amsl.com>; Thu, 2 Apr 2015 13:57:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.312
X-Spam-Level:
X-Spam-Status: No, score=-1.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umSlkw8UouTh for <oauth@ietfa.amsl.com>; Thu, 2 Apr 2015 13:56:59 -0700 (PDT)
Received: from mail-ob0-f179.google.com (mail-ob0-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E22D1A1B0E for <oauth@ietf.org>; Thu, 2 Apr 2015 13:56:59 -0700 (PDT)
Received: by obbec2 with SMTP id ec2so146531193obb.3 for <oauth@ietf.org>; Thu, 02 Apr 2015 13:56:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=kRzp7Gl65/Zf1U1sgCP+HPqsdRzqmPUNBC+J4aCUqXo=; b=DjnKqzKQUqDRiSeUtu0FDJ2349tOrwEhh973z8xh3pmslAXAIQWSUHL6kQJKGFARjY 1TltS+pxKTvL4VeMPlRSrPXHlRIgd6zAiDaZEsx6xyULKMP4wmAh88TmWwmoq3UDGRCV 0irkLq9kAxx+3rnDRcmyCnt1IxQlPW79fPftaOXOkiM0EeiB9cle/YKS4BV8NKv87xCc 31B7mtzQmhxxSiPe+nqS4n7HhvRBNyXZOwhbC1LG6gPKXxtINi6BZ9y2rpfvvDtgdp3S nOjUsrXPVav4tuNka2KpWUpF6pjjxxI5U8i40O1el1fI4jEGjZHBRzoW1TCLDDrsn5pl o3OA==
X-Gm-Message-State: ALoCoQn45d61oPs0Gr8kmKSZn45iw7oEp89QOFxzY7jrwZEQpOdZ4sUpc6uRYFNuW4nmZV1j1Bot
X-Received: by 10.60.51.6 with SMTP id g6mr15831763oeo.45.1428008218601; Thu, 02 Apr 2015 13:56:58 -0700 (PDT)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com. [209.85.214.169]) by mx.google.com with ESMTPSA id rd5sm5294538obc.20.2015.04.02.13.56.58 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2015 13:56:58 -0700 (PDT)
Received: by obbec2 with SMTP id ec2so146530715obb.3; Thu, 02 Apr 2015 13:56:57 -0700 (PDT)
X-Received: by 10.182.94.212 with SMTP id de20mr49588687obb.84.1428008217931; Thu, 02 Apr 2015 13:56:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.203.83 with HTTP; Thu, 2 Apr 2015 13:56:37 -0700 (PDT)
In-Reply-To: <BY2PR03MB442D97471309DA16C70C80CF5F20@BY2PR03MB442.namprd03.prod.outlook.com>
References: <CABZPcapJQu2dES0qjE73uzJoSs1RYDFOMyTXgkB5CtZ=a8JZ0w@mail.gmail.com> <551D6734.4010907@gmail.com> <CABZPcar2ryAFRFGRtT-GjTXj6mROBYxmjxmXZVMs93XzYnj0HQ@mail.gmail.com> <551D8A3C.1060300@gmx.net> <BY2PR03MB442D97471309DA16C70C80CF5F20@BY2PR03MB442.namprd03.prod.outlook.com>
From: Tim McLean <tim@timmclean.net>
Date: Thu, 02 Apr 2015 16:56:37 -0400
Message-ID: <CABZPcapuonb+m+hc8Ny9ftjQFhJ6TrSGLKVWtto2mWfes8nt5A@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="e89a8fb2020e90f72a0512c4123f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/tiBMbs-jq7djTUAwXuoDwzYmRFg>
Cc: "oauth@ietf.org" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] [jose] Security research on JWT implementations
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 20:57:00 -0000
On Thu, Apr 2, 2015 at 2:42 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > This warning is already in place in > https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-7.2. > It says: > > Finally, note that it is an application decision which algorithms may > be used in a given context. Even if a JWT can be successfully > validated, unless the algorithm(s) used in the JWT are acceptable to > the application, it SHOULD reject the JWT. > > Thanks for highlighting this, Mike. I think it's interesting to note that this doesn't entirely prevent the HMAC/RSA (or HMAC/ECDSA) vulnerability, at least in the way this advice is usually implemented. Let's say an application legitimately wants to use both HMAC and RSA but with different keys (obviously). They would whitelist both algorithms, and would likely give each key a different key ID. This could still be exploitable in implementations that use the alg field, since alg would still determine how the key is used. Tim
- Re: [OAUTH-WG] [jose] Security research on JWT im… Hannes Tschofenig
- Re: [OAUTH-WG] [jose] Security research on JWT im… Mike Jones
- Re: [OAUTH-WG] [jose] Security research on JWT im… Aaron Parecki
- Re: [OAUTH-WG] [jose] Security research on JWT im… John Bradley
- Re: [OAUTH-WG] [jose] Security research on JWT im… Tim McLean
- Re: [OAUTH-WG] [jose] Security research on JWT im… Tim McLean
- Re: [OAUTH-WG] [jose] Security research on JWT im… John Bradley