B64 needs to be a signed header or there are ambiguous signatures.
Consider the following:
{ "header": {"alg":"HS256", "b64":"false"}, protected:"ABCDEFG" }
And
{"header":{"alg":"HS256", "b64":"true"}, protected:"ABCDEFG"}
I have signed two different contents using the same key and the same
algorithm. These therefore have the same signature value. Since the b64
header is not protected, an attacker can change between the two contents as
they wish.
We have therefore created a collision condition.
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
