> > Yep, I agree with you but see my comments on "alg none" below. >
Unprotected JWTs (alg == "none") aren't the issue here. I'm explicitly asking about whether the payload may be parsed before signature verification when any algorithm other than "none" is in the header. I think this answers your second question: > > https://datatracker.ietf.org/doc/html/rfc7519#section-7.2 > That section defers to my original link https://datatracker.ietf.org/doc/html/rfc7515#section-5.2 in the JWS RFC. Both RFC 7519 and RFC 7515 state in the numerically ordered sequence: "The order of the steps is not significant in cases where there are no dependencies between the inputs and outputs of the steps." There is no dependency on the payload for signature verification, so any parsing of it to a JSON object before signature verification is omitted in both RFCs. That just means it's not _required_. Neither RFC states whether it's actually allowed. (Interestingly, Base64URL-decoding is not required for signature verification either, but that *is* explicitly listed in the ordered steps). Could anyone from the RFC committee please clarify the RFC intent for this scenario given the security implications? Kind regards, Les
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
