#4: Remove wrapped keys from integrity check (allow separation of keys from data)
Comment (by [email protected]): This write-up is missing the fact that even if the wrapped keys were removed from the integrity calculation, there's still per-recipient content in the headers, such as information about the key used for that recipient. So I believe what you're really asking for, Richard, is to remove both the wrapped key and the header from the integrity calculation, so there is no per-recipient information protected. (Please correct me if I'm wrong.) For starters, not protecting the headers could open us up to algorithm substitution attacks, because the "alg" and/or "enc" values could be modified by the attacker. Furthermore, protecting the headers cryptographically binds the information in them to the Ciphertext, which is a very good thing. Especially given that we've now allowed additional information to be passed in the headers (by saying that header parameter values that are not understood must be ignored), I fully expect that some of that information will only be of any value when cryptographically bound to the Ciphertext, so attackers cannot modify it. Protecting the headers values is a "secure by default" architecture. It removes the need to ask questions about what attacks are enabled if header parameter A or header parameter B can be modified by the attacker, because we've taken that possibility away from the attacker. Especially given that we know that we don't know what all the header parameters will be, from a security viewpoint, continuing to protect them seems like the only sensible choice. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: encryption | Resolution: Severity: Active WG | Document | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/4#comment:3> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
