- From: Mike Lodder <mike@sovrin.org>
- Date: Fri, 2 Nov 2018 11:32:11 -0600
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAPhnkk6kpmfW+f0tr-Od8S_8NKS=2Gh7s_iddFxEegthJjiGng@mail.gmail.com>
Sure Manu, The point is if you can alter the text after the signature then you can't trust it. You say meaningless whitespace can be inserted. If this is purely for display purposes I'll buy that BUT who decides whitespace. An attacker could change the definition of whitespace when the library is compiled and you'd never know. Let's say an attacker altered it to include commas or periods. You are correct in that an attacker can change the signature, but unless you already trusted the key you could detect that scenario. If the attacker changed the signature to a known public key then you wouldn't know it. Apple <https://blog.cryptographyengineering.com/2016/03/21/attack-of-week-apple-imessage/> learned this the hard way. Hopefully you also are MACing the entire message. In any case it is not good practice to alter text in ANY way after a signing. It invites potential man-in-the-middle. On Fri, Nov 2, 2018 at 10:49 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > On 11/2/18 12:15 PM, Anders Rundgren wrote: > > I believe we who work with canonicalization schemes do not follow > > here. > > To be clear, it sounds like the point that you and Chris are making is > an argument against COSE, which is the direction the industry is going in. > > I'm pretty sure I know what you are saying, but rather than try to > restate it, I'd like you and Chris to be more specific about the exact > attack you're concerned with (rather than general security principles, > of which many of us are aware of). > > That is, it sounds like Chris is stating that we are deviating from > security best practices, which none of us want to do, so, we'd like to > know exactly what practice we're deviating from and exactly what the > attack is... specifically. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: Veres One Decentralized Identifier Blockchain Launches > https://tinyurl.com/veres-one-launches > > -- Mike Lodder Security Maven
Received on Friday, 2 November 2018 17:32:45 UTC