Re: [Teep] OTrP Signature Security issue
Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 21 November 2018 10:06 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 771651298C5 for <teep@ietfa.amsl.com>; Wed, 21 Nov 2018 02:06:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17aU-AbFmmxY for <teep@ietfa.amsl.com>; Wed, 21 Nov 2018 02:06:07 -0800 (PST)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79988128CB7 for <teep@ietf.org>; Wed, 21 Nov 2018 02:06:07 -0800 (PST)
Received: by mail-wr1-x42b.google.com with SMTP id l9so4982386wrt.13 for <teep@ietf.org>; Wed, 21 Nov 2018 02:06:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=uot9e4E/sKO3bszXVoiDu/UgquUIvtR236KsTS0US5c=; b=PKNq0zAkmmqNUPzMM7a+ogyboTMX4Fdf3N5/EuDcmKf+hAnlTdwq/nADog5SmZEZ55 AgqfI+V8C9E5wjrRW1rntfXbngAdzimfDJ3owKw7Srtp0MN9x72FEBQUL9jjFXnhzMuk M7p4JRyLbNV9C8nIWGRzjx5lS1Gf3wcT547oSKDF1fQvpoLHBACt1oRgj8XuTakeBTEM FCB4/IE+VQ9UXF6Q0JSI7893Isd0L1VS5Z3JG/9/KKa5k1IDduzFipl9acSCEKxFFUS4 AYBSS/w7jcwkvYTzdQPGq8m8JMh+Qv0HR+F0QlFzHvG6j0OcPjt4c+7f01IwJe9HApx/ fZzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=uot9e4E/sKO3bszXVoiDu/UgquUIvtR236KsTS0US5c=; b=h0JBnc73YPT9mGfUQTh82eyn07m5n7EmjQcuevIgLD/AgJL/5K7UDNZghYgiIWgDOM 5BVOq8V6f2qVH8OSEiv1B9Sv9z03rROPaLzphXJEXPIrCZu1V4Aqb9IKRcyXbglP9XrI 704qvMkiylZjQ0e4iwmYGxC9mA84dJuXbXGIa4H4ZLmavUmkpgESUBEwoqldpL65ls0k wY/e+pVQzA5tzLQXgu2n+SQkMn8RlzHXrR/1LbF4C0UZ0ik8HPL7tnWExOJPzY9WYXBp 7Pe065Dln3utOUqjs1/EjiL8A5AKEaftUvU5ggOUFRfl5ks1GtIpcCDozzlo/rvgx6KA m5Zg==
X-Gm-Message-State: AA+aEWZ36dk9R+HqhXRsVqq1xU4LaMMEl5tqKZVVgi5a2XkQOJxdB1uy 9b5O6F0WMjOp1PvwwxQLbkz/tdX0
X-Google-Smtp-Source: AFSGD/VI4HJufD3SPQpnU781J2yQkD1TDTxIWqiEobbVZRHp6sZLT/uZ4IECVS4rsnDQbdHQJZ8dkA==
X-Received: by 2002:adf:e08c:: with SMTP id c12mr4864398wri.199.1542794765498; Wed, 21 Nov 2018 02:06:05 -0800 (PST)
Received: from [192.168.43.218] (64.204.136.77.rev.sfr.net. [77.136.204.64]) by smtp.googlemail.com with ESMTPSA id a12sm30294996wro.18.2018.11.21.02.06.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Nov 2018 02:06:04 -0800 (PST)
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "teep@ietf.org" <teep@ietf.org>
References: <c47a641d-3931-dc0e-100a-f6fa1a8e0593@gmail.com> <VI1PR0801MB2112317A9CE00FF39BE5C973FADA0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <10aaaf0f-fc70-5e62-a53b-d322ee471eb7@gmail.com>
Date: Wed, 21 Nov 2018 11:06:02 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <VI1PR0801MB2112317A9CE00FF39BE5C973FADA0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/Nsv7pWnxW_DUaUW2ocxU_P_rmiI>
Subject: Re: [Teep] OTrP Signature Security issue
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 10:06:09 -0000
On 2018-11-21 10:08, Hannes Tschofenig wrote: > Hi Anders, > > Thanks for raising this point. For completeness I should probably mention that there is no major problem i OTrP since the object "sub-identifier" is signed. It does however require an additional validation step since a "TAInformation" object MUST be followed by its signed "TAInformationTBS" counterpart. In both JWS and COSE the original message is "destroyed" (converted into an alien format) and must be recreated before it can be acted upon. Anders > > I have been wondering whether a JSON encoding is the best choice for TEEP since web developers shouldn't actually be exposed to any of it. > > Hence, my question to you is whether you have looked into COSE as well and whether your assessment would be different. > > Ciao > Hannes > > -----Original Message----- > From: TEEP <teep-bounces@ietf.org> On Behalf Of Anders Rundgren > Sent: Tuesday, November 20, 2018 9:57 PM > To: teep@ietf.org > Subject: [Teep] OTrP Signature Security issue > > The following is a for brevity simplified version of the OTrP signature scheme. That OTrP rather uses the JSON serialized version of JWS has no security advantages (or disadvantages) over the JWS compact notation shown here: > { > "carObject": "eyetc.eyetc.xyxetc" > } > > Since "carObject" isn't signed, you can replace it with anything else and the signature will still validate. > > > Using detached JWS combined with JCS [1,2] you sign the entire JSON object as well as getting the "payload" in clear: > { > "carObject": { > "brand": "Ferrari", > "horsePower": "450", > "weight": "2357kg" > }, > "signature": "eyetc..xyect" > } > > thanx, > Anders > > 1] https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01 > 2] https://mobilepki.org/jws-jcs > > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. >
- [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Carsten Bormann
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren