JWT-specific minutae: the dreaded `alg:none` option

ucan-wg / spec

User Controlled Authorization Network (UCAN) Specification

https://ucan.xyz

Other

197 stars 18 forks source link

JWT-specific minutae: the dreaded `alg:none` option #145

Closed bumblefudge closed 1 year ago

bumblefudge commented 1 year ago

I see that alg is a required header field, but no constraint on the value of that prop. Are un-encrypted JWTs allowed? I often hear of alg:none referred to as a category of security exploits, so if you're ASSUMING encrypted JWTs probably best to explicitly ban unencrypted ones before all kinds of attack vectors creep in that open door :D

matheus23 commented 1 year ago

It's kind of implicit, but no, alg:none is not allowed. We could/should clarify this I think.

The first sentence in the JWT structure section mentions the format of "header, payload and signature". We could consider adding a subsection "3.3 Signature".

We could also consider adding a subsection to "6. Validation", talking about the requirement for signature verification.

FWIW, as far as I know all UCAN implementations today require a signature to be present and allow only a small subset of alg.

gobengo commented 1 year ago

Are un-encrypted JWTs allowed?

I think you mean unsigned?

But yes +1 to adding normative language explicitly saying at least

alg MUST not be none

expede commented 1 year ago

Added to 0.10!

expede commented 1 year ago

Closed by #132