Thanks for the analysis, Jim. This has been done in -02.
-- Mike
-----Original Message-----
From: Jim Schaad [mailto:[email protected]]
Sent: Monday, August 10, 2015 12:34 PM
To: Mike Jones; [email protected]
Subject: b64 must be signed
B64 needs to be a signed header or there are ambiguous signatures.
Consider the following:
{ "header": {"alg":"HS256", "b64":"false"}, protected:"ABCDEFG" }
And
{"header":{"alg":"HS256", "b64":"true"}, protected:"ABCDEFG"}
I have signed two different contents using the same key and the same algorithm.
These therefore have the same signature value. Since the b64 header is not
protected, an attacker can change between the two contents as they wish.
We have therefore created a collision condition.
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
