On Wednesday, September 17, 2014, Tero Kivinen <[email protected]> wrote:
> Richard Barnes writes: > > Perhaps, but is there benefits for leaving the alg without > protection? > > > > Simplicity (if you omit protected headers altogether), and > > compatibility with other signed things. In the sense that you could > > transform one of them into a JWS without re-signing. This would > > apply, for example, to an X.509 certificate -- just parse the outer > > SEQUENCE, and re-assemble into a JWS with the tbsCertificate as > > payload. Same security properties that X.509 already has. > > Ok, having this kind of information somewhere in the draft would help > to understand the reason. Also having text explaining that is > possible, and that the security properties of this option (i.e. no > problem with PKCS#1, etc... the text you had in the other email). > > > It's also completely unnecessary for PKCS#1 signatures, which are > > the dominant use case today. > > I agree. > > > In general, I'm opposed to protocols baking in more > > application-specific logic than they need to. The point of JOSE is > > to describe the cryptographic operation that was performed, and > > carry the relevant bits around. Its job is not to fix all the > > weaknesses that every algorithm has. > > Yes, but this property might have security issues, so they should be > covered by the security considerations section. I'm perfectly happy to have it documented in the Security Considerations. Mike: Should I generate some text, or do you want to take a stab? > -- > [email protected] <javascript:;> >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
