[Openid-specs-ab] at_hash and c_hash

Brian Campbell bcampbell at pingidentity.com
Thu Jun 14 23:05:33 UTC 2012

I believe it was two revisions ago that the at_hash and c_hash claims
on the id token were introduced in Messages so I'm a little behind and
I apologize for the untimeliness of this. But I was hoping that
someone could explain the threat(s) that are mitigated by them. I
don't see it and I couldn't find anything in the list archives that
talks about it (pls correct me, if I'm wrong).

Separately, it seems like it might not be the best thing in the long
run to tie Connect so directly to the SHA-2 set of hash algorithms as
the text around the at_hash and c_hash does now with, "The value is
produced by base64url encoding the left-most half of the hash created
by hashing the code with the SHA-2 family hash algorithm of the same
length as the hash used in the alg parameter of the JWS header."

It works because all the current JWS algorithms use a SHA2 hash of
some sort - and it's a simple way to do it. But what happens when SHA3
comes along? Or a signature/MAC algorithm that doesn't explicitly use
a hash?


More information about the Openid-specs-ab mailing list