- From: Kim Hamilton Duffy <kim@learningmachine.com>
- Date: Fri, 2 Nov 2018 10:51:26 -0700
- To: Mike Lodder <mike@sovrin.org>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAB=TY85hD7Yq+WvV=SAZzxQ+DtGqbUpoaNdQU=KxLbweqhO1pw@mail.gmail.com>
Hi Mike, I'm not sure about this: > An attacker could change the definition of whitespace when the library is compiled and you'd never know. Let's say an attacker altered it to include commas or periods. There are many ways to ensure you *are* using the libraries you expect. Maybe there is difference in assumptions about how/where the code is being run? On Fri, Nov 2, 2018 at 10:34 AM Mike Lodder <mike@sovrin.org> wrote: > Sure Manu, > > The point is if you can alter the text after the signature then you can't > trust it. > > You say meaningless whitespace can be inserted. If this is purely for > display purposes I'll buy that BUT > who decides whitespace. An attacker could change the definition of > whitespace when the library is compiled > and you'd never know. Let's say an attacker altered it to include commas > or periods. > > You are correct in that an attacker can change the signature, but unless > you already trusted the key you could detect that scenario. > If the attacker changed the signature to a known public key then you > wouldn't know it. Apple > <https://blog.cryptographyengineering.com/2016/03/21/attack-of-week-apple-imessage/> > learned this the hard way. Hopefully > you also are MACing the entire message. > > In any case it is not good practice to alter text in ANY way after a > signing. > > It invites potential man-in-the-middle. > > On Fri, Nov 2, 2018 at 10:49 AM Manu Sporny <msporny@digitalbazaar.com> > wrote: > >> On 11/2/18 12:15 PM, Anders Rundgren wrote: >> > I believe we who work with canonicalization schemes do not follow >> > here. >> >> To be clear, it sounds like the point that you and Chris are making is >> an argument against COSE, which is the direction the industry is going in. >> >> I'm pretty sure I know what you are saying, but rather than try to >> restate it, I'd like you and Chris to be more specific about the exact >> attack you're concerned with (rather than general security principles, >> of which many of us are aware of). >> >> That is, it sounds like Chris is stating that we are deviating from >> security best practices, which none of us want to do, so, we'd like to >> know exactly what practice we're deviating from and exactly what the >> attack is... specifically. >> >> -- manu >> >> -- >> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) >> Founder/CEO - Digital Bazaar, Inc. >> blog: Veres One Decentralized Identifier Blockchain Launches >> https://tinyurl.com/veres-one-launches >> >> > > -- > Mike Lodder > Security Maven > > -- Kim Hamilton Duffy CTO & Principal Architect Learning Machine Co-chair W3C Credentials Community Group kim@learningmachine.com
Received on Friday, 2 November 2018 17:52:01 UTC