>> On 7 Feb 2018, at 07:18, Anders Rundgren <[email protected]> 
>> wrote:
>> 
>> On 2018-02-07 07:22, Mike Jones wrote:
>> Anders, you misunderstand the feature and its purpose.  The ability to 
>> reference a set of keys is essential to performing key roll-over - a 
>> critical security function.  The "kid" (key ID) value is typically used to 
>> indicate which member of the key set was employed.  There is no "key 
>> guessing".
>> For an example of how JWK sets are used for key roll-over in a production 
>> system, see http://openid.net/specs/openid-connect-core-1_0.html#Signing.
> 
>   "If there are multiple keys in the referenced JWK Set document,
>    a kid value MUST be provided in the JOSE Header"
> 
> This is what I was referring to. JKU as a standalone property is useless 
> unless the set of keys is restricted to 1.

Can you clarify why? You can just try each applicable key. 

> 
> This is not mentioned in the JOSE specifications but fundamental for 
> interoperabiity and testing.
> The OpenID scheme does not only presume that there's an additional "kid" in 
> the header, but that the referred key set also contains matching "kid"s.
> 
> Maybe the "right" solution is providing an interoperability section with a 
> reference to JKU as well?
> 
> My (strong) wish is getting away from any kind of key guessing as a part of a 
> test suite and reference implementation.  Yes, the are indeed JOSE 
> implementations that support key guessing.

Remember that the “kid” parameter is only integrity protected by the same 
signature that you are verifying so it should only be a hint. If an attacker 
can forge a signature for any key in the set then they can almost certainly 
also forge a kid value to go with it.

A bigger problem with “jku” would be the potential for SSRF 
(https://cwe.mitre.org/data/definitions/918.html) and similar attacks based on 
getting the server to access arbitrary URLs before it has validated the 
signature. 

— Neil
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to