<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"><base href="x-msg://1433/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Registration id_token_signed_response_alg already precludes the use of none as a option and sets the default to RS256. <div><br></div><div>To allow none we would need to change that otherwise the AS doesn't know if the client is expecting RS256 for some non repudiation reason. </div><div><br></div><div>The reason a client might want none is mostly size. A RS256 signature likely more than doubles the size of a normal id_token. </div><div>Also if you wanted a very simple lightweight IdP that only supported the code flow it might make sense.</div><div><br></div><div>As it stands now Mike is correct that none should not be considered valid. If we want to change that it requires changing registration at least.</div><div><br></div><div>John B.</div><div><br></div><div><br><div><div>On 2013-06-26, at 7:10 PM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div class="WordSection1" style="page: WordSection1; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">What do others think? I understand what Brian is saying but I’m not sure that we want to give OPs permission to ever not sign ID Tokens.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">The choices before us seem to be:<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">1. Clarify that “none” is never an acceptable “alg” value.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">2. Change the specs to say that “none” may be supported by some OPs and limiting the circumstances under which they may do so.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">3. Change the specs to say that OPs are required to support “none” under specific circumstances.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">I think I could personally live with either 1 or 2 and prefer 1. I don’t think I can agree for us to do 3.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">I think that 1 is the most straightforward thing to do and doesn’t impose any significant implementation burden. Remember that as a design philosophy, we’re consciously moving complexity away from clients and pushing it to servers, when such tradeoffs arise. This seems like such a case. By requiring that OPs always sign the ID tokens they issue, Clients can always decide to check the signature. They don’t have to deal with the case where they might not be able to check a signature because none is present. And it’s really not hard for the server to just sign it. So I don’t see any practical value in not signing the token.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">But again, it would be good to hear from a lot of other people on this issue.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> -- Mike<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span>Brian Campbell [mailto:bcampbell@<a href="http://pingidentity.com">pingidentity.com</a>]<span class="Apple-converted-space"> </span><br><b>Sent:</b><span class="Apple-converted-space"> </span>Wednesday, June 26, 2013 2:47 PM<br><b>To:</b><span class="Apple-converted-space"> </span>Mike Jones<br><b>Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [Bitbucket] Issue #851: Messages 2.1.2.1 - Clarify that "none" is not an acceptable signature algorithm (openid/connect)<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></p><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">On Tue, Jun 25, 2013 at 10:07 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank" style="color: purple; text-decoration: underline; ">Michael.Jones@microsoft.com</a>> wrote:<o:p></o:p></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">It’s a breaking change because clients currently conforming to Messages that always verify the ID Token signature would break if no signature is contained in the ID Token.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">And any such client would already be registered or configured for one of the other algorithms and wouldn't receive a token with the "none" algorithm. That breaking change situation wouldn't occur.<o:p></o:p></div></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><br> <o:p></o:p></div></div><blockquote style="border-style: none none none solid; border-left-width: 1pt; border-left-color: rgb(204, 204, 204); padding: 0in 0in 0in 6pt; margin-left: 4.8pt; margin-right: 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">“none” is not a signature algorithm. JWS and JWA are clear that this results in an unsigned, “plaintext JWS”, and JWT is clear that this results in a “plaintext JWT” – not a signed JWT. Messages requires that ID Tokens be signed. Sending an unsigned ID Token doesn’t fulfill this requirement.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></blockquote><blockquote style="border-style: none none none solid; border-left-width: 1pt; border-left-color: rgb(204, 204, 204); padding: 0in 0in 0in 6pt; margin-left: 4.8pt; margin-right: 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">This bug is about making the current meaning of the text – that ID Tokens must be signed – even more clear, so that developers who aren’t reading JWS closely won’t make the mistake of thinking that just because “none” can be used to create a JWS, that the resulting JWS is signed. (Apparently you were one such developer – making the need for this clarification all the more evident.<span class="Apple-converted-space"> </span></span><span style="font-size: 11pt; font-family: Wingdings; color: rgb(31, 73, 125); ">J</span><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">)</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></blockquote><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">I guess we agree that it's not at all clear as it currently written. Yes "none" is different than the other algorithms but I'd say that line of reasoning is a slippery slope. Messages 2.1.2.1., for example, says that the ID Token must be signed thereby providing non-repudiation, "ID Tokens MUST be signed using JWS [JWS] and OPTIONALLY both signed and then encrypted using JWS [JWS] and JWE [JWE] respectively, thereby providing authentication, integrity, non-repudiation, and optionally, confidentiality, per Section 9.13." But the HMAC algorithms aren't signature algorithms either and certainly don't provide non-repudiation. So they shouldn't be acceptable algorithms either, right?<span class="Apple-converted-space"> </span><br><br>I realize it's probably futile to argue but what I'm saying is that it is a reasonable thing to use "none" when the token is sent only via the TLS protected back-channel. And given that I'm "one such developer," I've now got publicly released software that does allow "none" in that situation where it does make sense.<o:p></o:p></p></div><div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></p></div><blockquote style="border-style: none none none solid; border-left-width: 1pt; border-left-color: rgb(204, 204, 204); padding: 0in 0in 0in 6pt; margin-left: 4.8pt; margin-right: 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div><div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: windowtext; padding: 3pt 0in 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span>Brian Campbell [mailto:<a href="mailto:issues-reply@bitbucket.org" target="_blank" style="color: purple; text-decoration: underline; ">issues-reply@bitbucket.org</a>]<span class="Apple-converted-space"> </span><br><b>Sent:</b><span class="Apple-converted-space"> </span>Tuesday, June 25, 2013 7:58 AM<br><b>To:</b><span class="Apple-converted-space"> </span>Mike Jones<br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [Bitbucket] Issue #851: Messages 2.1.2.1 - Clarify that "none" is not an acceptable signature algorithm (openid/connect)</span><o:p></o:p></div></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 725px; border-collapse: collapse; "><tbody><tr><td style="background-attachment: scroll; background-color: rgb(245, 245, 245); padding: 7.5pt 7.5pt 0in; background-position: 0% 0%; background-repeat: initial initial; "><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 705px; border-collapse: collapse; "><tbody><tr><td style="padding: 0in; "><div style="border: 1pt solid rgb(204, 204, 204); padding: 15pt; border-top-left-radius: 5px; border-top-right-radius: 5px; border-bottom-right-radius: 5px; border-bottom-left-radius: 5px; "><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 663px; border-collapse: collapse; "><tbody><tr><td style="padding: 0in; "><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 663px; border-collapse: collapse; "><tbody><tr><td width="32" valign="top" style="width: 24pt; padding: 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 10.5pt; font-family: Arial, sans-serif; "><img border="0" width="32" height="32" id="_x0000_i1025" src="https://secure.gravatar.com/avatar/367fabfeed0cee640ce963c0f84f2da5?d=https%3A%2F%2Fd3oaxc4q5k2d6q.cloudfront.net%2Fm%2Fa649696e8dec%2Fimg%2Fdefault_avatar%2F32%2Fuser_blue.png&s=32" alt="b_d_c"></span><o:p></o:p></div></td><td style="padding: 0in 0in 0in 7.5pt; "><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 621px; border-collapse: collapse; "><tbody><tr><td colspan="2" style="padding: 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10.5pt; font-family: Arial, sans-serif; ">Brian Campbell</span></b><span style="font-size: 10.5pt; font-family: Arial, sans-serif; "><span class="Apple-converted-space"> </span>commented on issue #851:</span><o:p></o:p></div></td></tr><tr><td colspan="2" style="padding: 3.75pt 0in 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10.5pt; font-family: Arial, sans-serif; "><a href="https://bitbucket.org/openid/connect/issue/851/messages-2121-clarify-that-none-is-not-an" target="_blank" style="color: purple; text-decoration: underline; "><span style="color: rgb(59, 115, 175); text-decoration: none; ">Messages 2.1.2.1 - Clarify that "none" is not an acceptable signature algorithm</span></a></span></b><o:p></o:p></div></td></tr><tr><td colspan="2" style="padding: 7.5pt 0in 11.25pt; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 10.5pt; font-family: Arial, sans-serif; ">I disagree.</span><o:p></o:p></div><p style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 0.0001pt; "><span style="font-size: 10.5pt; font-family: Arial, sans-serif; ">How would that be a breaking change? If a client is currently configured/registered for RS/EC/HS signature, how would allowing none as a different option be a breaking change?</span><o:p></o:p></p><p style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 0.0001pt; "><span style="font-size: 10.5pt; font-family: Arial, sans-serif; ">Our implementation currently does allow none as an option (it will only send such an ID Token via the back-channel). Which is, I'll argue, a perfectly reasonable interpretation of what's been written. So explicitly disallowing it is a breaking for us.</span><o:p></o:p></p></td></tr><tr><td style="padding: 7.5pt 0in 0in; "></td><td style="padding: 7.5pt 0in 0in; "></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr><td style="border-style: solid none none; border-top-width: 1pt; border-top-color: windowtext; padding: 7.5pt 0in 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 10.5pt; font-family: Arial, sans-serif; "><a href="https://bitbucket.org/openid/connect/issue/851/messages-2121-clarify-that-none-is-not-an" target="_blank" style="color: purple; text-decoration: underline; "><span style="color: rgb(59, 115, 175); text-decoration: none; ">View this issue</span></a><span class="Apple-converted-space"> </span>or add a comment by replying to this email.</span><o:p></o:p></div></td></tr></tbody></table></div></td></tr><tr><td style="padding: 15pt 0in; "><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 705px; border-collapse: collapse; "><tbody><tr><td style="padding: 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><a href="https://bitbucket.org/openid/connect/issue/851/unwatch/mbj/f843d56eb7066d599d3972aaab0b00d200d1d4b4/" target="_blank" style="color: purple; text-decoration: underline; "><span style="color: rgb(59, 115, 175); text-decoration: none; ">Unwatch this issue</span></a><span class="Apple-converted-space"> </span>to stop receiving email updates.<o:p></o:p></div></td><td style="padding: 0in; "></td><td width="100" style="width: 75pt; padding: 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; text-align: right; "><a href="https://bitbucket.org" target="_blank" style="color: purple; text-decoration: underline; "><span style="color: rgb(59, 115, 175); text-decoration: none; "><img border="0" width="100" height="18" id="_x0000_i1026" src="https://d3oaxc4q5k2d6q.cloudfront.net/m/a649696e8dec/img/email/logo.gif" alt="Bitbucket"></span></a><o:p></o:p></div></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></blockquote></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div></div></div>_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-specs-ab</div></blockquote></div><br></div></body></html>