Re: Signing Set-Cookie

On Tue, Jun 07, 2022 at 08:28:08AM +1000, Martin Thomson wrote:
> Hey Justin,
> I don't agree that this is an acceptable way of dealing with this problem.
> It makes the content under signature malleable.  Even if that is extremely
> narrowly applicable, I don't see how we could publish a specification where
> the only defense against an attack like this is text to the effect of "this
> might happen".

Agreed. Signed contents may never be trusted more than the algorithm
used to sign them. If you start by not trusting the algorithm, it's not
by suggesting to be extra careful with the contents that we can deal
with this. And the use of the signature is here precisely to help an
implementation know if it may or may not trust the contents, so that
would completely defeat the purpose.


Received on Tuesday, 7 June 2022 06:27:36 UTC