> On 12 Apr 2024, at 03:16, Ethan Heilman <eth...@gmail.com> wrote: > > > Hi Neil, > > I agree that PIKA would not protect against an attacker compromising a JWKS > URI via a mis-issued TLS cert. > > I was thinking of a simpler attack where the attacker compromises the server > where a JWKS URI is hosted or the JWKS is stored. For instance consider an > JWKS which is read from a database. An attacker could use a SQL injection to > add their own key to the JWKS. Because such an attacker does not compromise > any TLS certificates PIKA would defeat this attack (assuming the verifier > required PIKA for that JWT issuer).
It depends how the PIKA is created. If you mean that the database stores the signed PIKA, then yes that would prevent the attack. But if the database just stores the keys and another process periodically extracts them and signs them to create the PIKA (which seems more likely to me), then the attack still succeeds. > > Today, write access to a JWKS is sufficient to comprise the signing authority > of a JWT issuer. With PIKA write access to a JWKS may not be sufficient to > compromise the signing authority of a JWT issuer. I’m not sure this is true in many cases. Doesn’t PIKA essentially assume that the TLS cert signing key is accessible to whatever process creates the JWK Set? So if you have write access to the JWK Set, you often will also have access to that private key - either directly, or via some API/HSM call. Not always, but I think in many scenarios. — Neil _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
