Re: [Teep] OTrP Signature Security issue
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 21 November 2018 09:08 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2216130E8E for <teep@ietfa.amsl.com>; Wed, 21 Nov 2018 01:08:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCLd1wUAv5tG for <teep@ietfa.amsl.com>; Wed, 21 Nov 2018 01:08:23 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10074.outbound.protection.outlook.com [40.107.1.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F04F128D68 for <teep@ietf.org>; Wed, 21 Nov 2018 01:08:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t7stVIbi0Fv3ulWN0Kpck+I9do+bXrBa575g4SJNVVk=; b=CIrt9aKKNU14p5gloS5IrUrf6I2i0fSxN7ARnZNLHddtefWDqn/fMWNcih/Xsf2eTdxDtWlmo2nETyVn0wD5hJDrCwT0guj0LWVTo7mzlIMR9eQtC26rpbwc7sjU/0vyrPHnvTnMBr4a0N7HHhQBb52U91a9/61uRQ8k+r/xZV8=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB2078.eurprd08.prod.outlook.com (10.173.74.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1339.23; Wed, 21 Nov 2018 09:08:18 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::2056:1db1:e01:4670]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::2056:1db1:e01:4670%2]) with mapi id 15.20.1339.027; Wed, 21 Nov 2018 09:08:18 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] OTrP Signature Security issue
Thread-Index: AQHUgROkWspCtJQM4EyZ3FFdYyqsK6VZ8NUw
Date: Wed, 21 Nov 2018 09:08:18 +0000
Message-ID: <VI1PR0801MB2112317A9CE00FF39BE5C973FADA0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <c47a641d-3931-dc0e-100a-f6fa1a8e0593@gmail.com>
In-Reply-To: <c47a641d-3931-dc0e-100a-f6fa1a8e0593@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.122.87]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2078; 6:BqgxHKCHM7RmM59jUNGwQ4w8+HxKyoz7Itfyvcb1OBX80/UxeN+9OGykBjXXbF+LzqGy+a2JxKwkJ/l/3d/Hqu3axjX2lijPavOMTO8AQr+Z6NVU1CmqkQxAEFWPoMae90P3XTbEOl+kkViRK/RhaWXWM3rch4fH6dfNpbbQFhkI4FTOdfAnonDeIOv519XAvVnczCP4Zplztx8lHfZD4iheBfaZ73vireupD/RvKzoRUEMYPIJhaf2NCTqr14zxphm9HL4GcpwT1Xm1RHS4uADXgszW5njS7JgFWrSqRNoX6/bqZcHaL2fpM76BCCrLSigNwfN46SOh4X1zoxeGZ4bjwtD8nX+mPvetR244WjOzOLUJcSmV1LTiJiE8QFqOq8v1qJsV2BUZckj/ju7PJA8w3/jsw8xgD7lq/SPuiFxMT0JAC/ioTIcbPZ5UG7MVARctWweCGN9fntbRP7NUEQ==; 5:tkF1UbvO3HGsCvhsi3Xrd37iuAYpgOfRL+ugVvvmYqSLRS/OlyHD1eFd9SJI0Vl1C8I+JEKTIYgsCXKESRbg6ftghaUfnJw0lwd0sG0Bia0RoCBGA33nYTJx36g0GHRt8ks1CWHJw+CYzUVf+c2j15ffHn4eXuwdDHUCvMJK6lU=; 7:0gmh/YFm45SbDCaKx7XzKUkNaH0UW+Zlqv+yOMupmifAtIDqzJ0XMFPhDgxKrCmS5EfpE4AKeohYRncnTmCSKrO7dr/l58UhnbqV9iugwpSXPJnxNoLUgYtHh7TieJefN21v2AtrDQ6rFPmVIaUASA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c0cb0a16-6665-423d-3805-08d64f90e0d7
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB2078;
x-ms-traffictypediagnostic: VI1PR0801MB2078:
x-microsoft-antispam-prvs: <VI1PR0801MB20786F7A68BC5A2F1B8CB5A2FADA0@VI1PR0801MB2078.eurprd08.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231442)(944501410)(52105112)(6055026)(148016)(149066)(150057)(6041310)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:VI1PR0801MB2078; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB2078;
x-forefront-prvs: 08635C03D4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(366004)(346002)(376002)(136003)(396003)(40434004)(13464003)(189003)(199004)(97736004)(33656002)(2906002)(316002)(446003)(55016002)(81166006)(25786009)(14454004)(478600001)(6306002)(81156014)(8676002)(68736007)(106356001)(5660300001)(11346002)(71190400001)(99286004)(14444005)(9686003)(5024004)(71200400001)(8936002)(53936002)(476003)(966005)(72206003)(256004)(486006)(102836004)(86362001)(66066001)(105586002)(76176011)(2900100001)(6506007)(7696005)(110136005)(15650500001)(6246003)(7736002)(305945005)(53546011)(74316002)(6436002)(186003)(229853002)(39060400002)(2501003)(26005)(3846002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2078; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: bTHzJWXKFjnxAnDE7tS0zdGrSfX9RxktFzQ/Hov6M65UsFhCmFddSQqsBdGDY2Snf6IADYeLw7aRW479EGuFduOG4nG++T8xxoqfPU2BikpbT9oSgItHmP8QIQaJYqnmnHkuFfhUVon/K3lUf225pUyrWApqX2BsqEjx+bQaY320VmJT1BWS76WtZT4FrXcCMStCj1P4f55/u58lhfm9n9M/JBsCTqxOz84V6x7WRVzq/EEO+ASbH1On+dylhCof4Na6HR/+/JqGr1F2m/9sTfgKoySCmjKioVt5SlH1bYbaB60+JxGM6GMt1GmqwYsFwG5libDkhRFrZc5vwqMdwzoHzoALtu1M5mLvRTKmRls=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c0cb0a16-6665-423d-3805-08d64f90e0d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2018 09:08:18.4652 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2078
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/loxT3OBsamwxkdCfknPpMMgsgSs>
Subject: Re: [Teep] OTrP Signature Security issue
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 09:08:27 -0000
Hi Anders, Thanks for raising this point. I have been wondering whether a JSON encoding is the best choice for TEEP since web developers shouldn't actually be exposed to any of it. Hence, my question to you is whether you have looked into COSE as well and whether your assessment would be different. Ciao Hannes -----Original Message----- From: TEEP <teep-bounces@ietf.org> On Behalf Of Anders Rundgren Sent: Tuesday, November 20, 2018 9:57 PM To: teep@ietf.org Subject: [Teep] OTrP Signature Security issue The following is a for brevity simplified version of the OTrP signature scheme. That OTrP rather uses the JSON serialized version of JWS has no security advantages (or disadvantages) over the JWS compact notation shown here: { "carObject": "eyetc.eyetc.xyxetc" } Since "carObject" isn't signed, you can replace it with anything else and the signature will still validate. Using detached JWS combined with JCS [1,2] you sign the entire JSON object as well as getting the "payload" in clear: { "carObject": { "brand": "Ferrari", "horsePower": "450", "weight": "2357kg" }, "signature": "eyetc..xyect" } thanx, Anders 1] https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01 2] https://mobilepki.org/jws-jcs _______________________________________________ TEEP mailing list TEEP@ietf.org https://www.ietf.org/mailman/listinfo/teep IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Carsten Bormann
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren
- Re: [Teep] OTrP Signature Security issue Hannes Tschofenig
- Re: [Teep] OTrP Signature Security issue Anders Rundgren