httpsig icon indicating copy to clipboard operation
httpsig copied to clipboard

Published 20 hours ago verified publisher icon spacemonkeygo

Support for hs2019 algorithm

Open azdagron opened this issue 5 years ago • 4 comments

All of the algorithms are deprecated with exception of hs2019 due to an attack vector specifying the algorithm.

azdagron avatar Oct 24 '19 21:10 azdagron

Can someone link to a larger explanation of why or how specification of the algorithm leads to a vulnerability? If this is the case, is it not also the case for JWT/JWS/JWE, which all MUST specify the algorithm in the header?

DinoChiesa avatar Mar 27 '20 16:03 DinoChiesa

From draft 12 of the specification:

Implementers should note that previous versions of the algorithm parameter did not use the key information to derive the digital signature type and thus could be utilized by attackers to expose security vulnerabilities.

azdagron avatar Mar 27 '20 17:03 azdagron

Thank you. Yes, I've seen that paragraph in the spec. What I was looking for was the reasoning behind that statement, specifically "could be utilized by attackers to expose security vulnerabilities". Is there any more detail behind that reasoning? I'm looking for an explanation of why or how the disclosure of the algorithm leads to a vulnerability. If I understand it correctly, the spec wasn't wrong or insecure; instead there were implementations that were insecure. And so the spec (draft 11 or 12) has now discouraged explicitly noting the algorithm, as a way to encourage better behavior in implementations. That seems pretty heavy handed, and also different from the choices JWT / JWS / JWE made. I'm looking for comment and explanation on that topic. Am I missing something?

DinoChiesa avatar Mar 31 '20 23:03 DinoChiesa

Specifying the algorithm is insecure because a malicious actor could specify a weaker algorithm than the real signer would

vpzomtrrfrt avatar Aug 08 '20 16:08 vpzomtrrfrt