[Teep] OTrP Signature Security issue
Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 20 November 2018 20:57 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43A6412785F for <teep@ietfa.amsl.com>; Tue, 20 Nov 2018 12:57:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id By97jB7jBJHk for <teep@ietfa.amsl.com>; Tue, 20 Nov 2018 12:57:16 -0800 (PST)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCFA3130DC6 for <teep@ietf.org>; Tue, 20 Nov 2018 12:57:15 -0800 (PST)
Received: by mail-wr1-x434.google.com with SMTP id l9so3402877wrt.13 for <teep@ietf.org>; Tue, 20 Nov 2018 12:57:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=al/BCjCm8ZDLwrYUowYmPn7jTs/fHo377j20iqZbCKM=; b=HQLZB0q3VYNYBeQdo1/OClu3xFrVWyRoMsOOPghDmhRv1pz8hbt7MrSReYwz6QwyM4 2tKrWKaQTITxDOhSq5PpCBUSx7YqgE1JWZeFy4dN65G4AjSVaDO4oiKottM9altq8hUs 5F0InkzWTy3wXfTM5tpjEEOENGV3oD2p7jnGhEMXJNN+kk95OVZLCabN7ZLfw0o7qj71 Z/Ukh9hELo1WqkXUhf2svhr5ldilRC8rnBevC9wcaWtZn4dAO2UaO7mYaFH6aDAiXNdL NcUaW7aPyp7fGoJ6NNR3LY/SV545sGXjQeWllto2ZNhfuwps4TTkLVvJ9shl+gS0u2Po +HDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=al/BCjCm8ZDLwrYUowYmPn7jTs/fHo377j20iqZbCKM=; b=nwP3SediD2rOr8kYJYeHp8myuj7Ic5Ni/REW5O+wZ+0EILZkBs8YuFiTgsYLIrpU5J cSyEz1I1ekDODnPjRIMfuyrgy/7EWhnALSWogq4NuXseTNybY3nFwAC93pfhbCb4eqSw TqF2d/4q057HrHN/TKtr2bMtO4Jjo91/a4rXBHHJOcpdh4mssOiA8F0+/AxzXofHLfED 4XhCnhSb54sVD7o0kvym3vZec10mCz8DCknn3V/SIWVYyUuZQ9QAVpw/C4iKUH63n15/ R47esWRqPfYgZvccO5y7GsvGy8K2HYEayXgG5vWjg6DHgfJiBnNkuCfxxMBQqEFtrZ+U haOw==
X-Gm-Message-State: AA+aEWYZYfxw+GFgR2dv8aooHOazGWKPJv0P+dawyuPrvrJXbeUlLil3 tfx8NAq4toIaE9VvOy35kUEwz+7N
X-Google-Smtp-Source: AFSGD/VuIOLvAG9Bhov1ldwXODSLea0AmpP9rKiEapdFv03unien4MRx0I7CumqxcCpm/Ub379HNgw==
X-Received: by 2002:a5d:4e4e:: with SMTP id r14-v6mr3543737wrt.326.1542747433634; Tue, 20 Nov 2018 12:57:13 -0800 (PST)
Received: from [192.168.43.218] (200.204.136.77.rev.sfr.net. [77.136.204.200]) by smtp.googlemail.com with ESMTPSA id s81sm25185142wmf.14.2018.11.20.12.57.11 for <teep@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Nov 2018 12:57:12 -0800 (PST)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: "teep@ietf.org" <teep@ietf.org>
Message-ID: <c47a641d-3931-dc0e-100a-f6fa1a8e0593@gmail.com>
Date: Tue, 20 Nov 2018 21:57:08 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/0y_vjaSHqB1EUHGyIEyBoOqVlUk>
Subject: [Teep] OTrP Signature Security issue
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 20:57:18 -0000
The following is a for brevity simplified version of the OTrP signature scheme. That OTrP rather uses the JSON serialized version of JWS has no security advantages (or disadvantages) over the JWS compact notation shown here:
{
"carObject": "eyetc.eyetc.xyxetc"
}
Since "carObject" isn't signed, you can replace it with anything else and the signature will still validate.
Using detached JWS combined with JCS [1,2] you sign the entire JSON object as well as getting the "payload" in clear:
{
"carObject": {
"brand": "Ferrari",
"horsePower": "450",
"weight": "2357kg"
},
"signature": "eyetc..xyect"
}
thanx,
Anders
1] https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01
2] https://mobilepki.org/jws-jcs
- [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Carsten Bormann
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren