On Mon, Jul 08, 2024 at 05:07:37AM -0700, [email protected] wrote: > Internet-Draft draft-tschofenig-jose-cose-guidance-01.txt is now available. It > is a work item of the Javascript Object Signing and Encryption (JOSE) WG of > the IETF. > > Title: Guidance for COSE and JOSE Protocol Designers and Implementers > Authors: Hannes Tschofenig > Les Hazlewood > Yaron Sheffer > Name: draft-tschofenig-jose-cose-guidance-01.txt > Pages: 6 > Dates: 2024-07-08
The discussion in section 3 looks to be optimistic, as even with simple signed JWT one has to parse into unverified data: The best method I can come up with to validate a simple signed JWT is to parse into the (unverified!) JWT to extract the "iss" claim, then use that value to look up the key set to use, and then use that key set to verify the signature. - Checking the key afterwards risks a critical vulnerability from forgetting to actually check for correct key. - Since claims are not unioned, using the "iss" header risks critical vulnerability from not checking it matches the "iss" value in JWT. Memory safety does not help with missing critical security checks, only with parsing garbage. And even otherwise, missing critical security checks tend to be low-hanging fruit to exploit. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
