draft-ietf-oauth-jwt-bcp-00.txt   draft-ietf-oauth-jwt-bcp-01.txt 
OAuth Working Group Y. Sheffer OAuth Working Group Y. Sheffer
Internet-Draft Intuit Internet-Draft Intuit
Intended status: Best Current Practice D. Hardt Intended status: Best Current Practice D. Hardt
Expires: January 20, 2018 Amazon Expires: September 24, 2018 Amazon
M. Jones M. Jones
Microsoft Microsoft
July 19, 2017 March 23, 2018
JSON Web Token Best Current Practices JSON Web Token Best Current Practices
draft-ietf-oauth-jwt-bcp-00 draft-ietf-oauth-jwt-bcp-01
Abstract Abstract
JSON Web Tokens, also known as JWTs [RFC7519], are URL-safe JSON- JSON Web Tokens, also known as JWTs [RFC7519], are URL-safe JSON-
based security tokens that contain a set of claims that can be signed based security tokens that contain a set of claims that can be signed
and/or encrypted. JWTs are being widely used and deployed as a and/or encrypted. JWTs are being widely used and deployed as a
simple security token format in numerous protocols and applications, simple security token format in numerous protocols and applications,
both in the area of digital identity, and in other application areas. both in the area of digital identity, and in other application areas.
The goal of this Best Current Practices document is to provide The goal of this Best Current Practices document is to provide
actionable guidance leading to secure implementation and deployment actionable guidance leading to secure implementation and deployment
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 20, 2018. This Internet-Draft will expire on September 24, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Target Audience . . . . . . . . . . . . . . . . . . . . . 3 1.1. Target Audience . . . . . . . . . . . . . . . . . . . . . 3
1.2. Conventions used in this document . . . . . . . . . . . . 4 1.2. Conventions used in this document . . . . . . . . . . . . 4
2. Threats and Vulnerabilities . . . . . . . . . . . . . . . . . 4 2. Threats and Vulnerabilities . . . . . . . . . . . . . . . . . 4
2.1. Weak Signatures and Insufficient Signature Validation . . 4 2.1. Weak Signatures and Insufficient Signature Validation . . 4
2.2. Weak symmetric keys . . . . . . . . . . . . . . . . . . . 4 2.2. Weak symmetric keys . . . . . . . . . . . . . . . . . . . 4
2.3. Multiplicity of JSON encodings . . . . . . . . . . . . . 4 2.3. Multiplicity of JSON encodings . . . . . . . . . . . . . 5
2.4. Incorrect Composition of Encryption and Signature . . . . 5 2.4. Incorrect Composition of Encryption and Signature . . . . 5
2.5. Insecure Use of Elliptic Curve Encryption . . . . . . . . 5 2.5. Insecure Use of Elliptic Curve Encryption . . . . . . . . 5
2.6. Substitution Attacks . . . . . . . . . . . . . . . . . . 5 2.6. Substitution Attacks . . . . . . . . . . . . . . . . . . 5
2.7. Cross-JWT Confusion . . . . . . . . . . . . . . . . . . . 5 2.7. Cross-JWT Confusion . . . . . . . . . . . . . . . . . . . 5
3. Best Practices . . . . . . . . . . . . . . . . . . . . . . . 5 3. Best Practices . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Perform Algorithm Verification . . . . . . . . . . . . . 6 3.1. Perform Algorithm Verification . . . . . . . . . . . . . 6
3.2. Use Appropriate Algorithms . . . . . . . . . . . . . . . 6 3.2. Use Appropriate Algorithms . . . . . . . . . . . . . . . 6
3.3. Validate All Cryptographic Operations . . . . . . . . . . 6 3.3. Validate All Cryptographic Operations . . . . . . . . . . 6
3.4. Validate Cryptographic Inputs . . . . . . . . . . . . . . 6 3.4. Validate Cryptographic Inputs . . . . . . . . . . . . . . 7
3.5. Ensure Cryptographic Keys have Sufficient Entropy . . . . 7 3.5. Ensure Cryptographic Keys have Sufficient Entropy . . . . 7
3.6. Use UTF-8 . . . . . . . . . . . . . . . . . . . . . . . . 7 3.6. Use UTF-8 . . . . . . . . . . . . . . . . . . . . . . . . 7
3.7. Validate Issuer and Subject . . . . . . . . . . . . . . . 7 3.7. Validate Issuer and Subject . . . . . . . . . . . . . . . 7
3.8. Use and Validate Audience . . . . . . . . . . . . . . . . 7 3.8. Use and Validate Audience . . . . . . . . . . . . . . . . 8
3.9. Use Explicit Typing . . . . . . . . . . . . . . . . . . . 8 3.9. Use Explicit Typing . . . . . . . . . . . . . . . . . . . 8
3.10. Use Mutually Exclusive Validation Rules for Different 3.10. Use Mutually Exclusive Validation Rules for Different
Kinds of JWTs . . . . . . . . . . . . . . . . . . . . . . 8 Kinds of JWTs . . . . . . . . . . . . . . . . . . . . . . 8
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1. Normative References . . . . . . . . . . . . . . . . . . 9 6.1. Normative References . . . . . . . . . . . . . . . . . . 10
6.2. Informative References . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. Document History . . . . . . . . . . . . . . . . . . 11 Appendix A. Document History . . . . . . . . . . . . . . . . . . 12
A.1. draft-ietf-oauth-jwt-bcp-00 . . . . . . . . . . . . . . . 11 A.1. draft-ietf-oauth-jwt-bcp-01 . . . . . . . . . . . . . . . 12
A.2. draft-sheffer-oauth-jwt-bcp-01 . . . . . . . . . . . . . 11 A.2. draft-ietf-oauth-jwt-bcp-00 . . . . . . . . . . . . . . . 12
A.3. draft-sheffer-oauth-jwt-bcp-00 . . . . . . . . . . . . . 11 A.3. draft-sheffer-oauth-jwt-bcp-01 . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 A.4. draft-sheffer-oauth-jwt-bcp-00 . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
JSON Web Tokens, also known as JWTs [RFC7519], are URL-safe JSON- JSON Web Tokens, also known as JWTs [RFC7519], are URL-safe JSON-
based security tokens that contain a set of claims that can be signed based security tokens that contain a set of claims that can be signed
and/or encrypted. The JWT specification has seen rapid adoption and/or encrypted. The JWT specification has seen rapid adoption
because it encapsulates security-relevant information in one, easy to because it encapsulates security-relevant information in one, easy to
protect location, and because it is easy to implement using widely- protect location, and because it is easy to implement using widely-
available tools. One application area in which JWTs are commonly available tools. One application area in which JWTs are commonly
used is representing digital identity information, such as OpenID used is representing digital identity information, such as OpenID
skipping to change at page 8, line 26 skipping to change at page 8, line 34
Tokens (SETs). Tokens (SETs).
Per the definition of "typ" in Section 4.1.9 of [RFC7515], it is Per the definition of "typ" in Section 4.1.9 of [RFC7515], it is
RECOMMENDED that the "application/" prefix be omitted from the "typ" RECOMMENDED that the "application/" prefix be omitted from the "typ"
value. Therefore, for example, the "typ" value used to explicitly value. Therefore, for example, the "typ" value used to explicitly
include a type for a SET SHOULD be "secevent+jwt". When explicit include a type for a SET SHOULD be "secevent+jwt". When explicit
typing is employed for a JWT, it is RECOMMENDED that a media type typing is employed for a JWT, it is RECOMMENDED that a media type
name of the format "application/example+jwt" be used, where "example" name of the format "application/example+jwt" be used, where "example"
is replaced by the identifier for the specific kind of JWT. is replaced by the identifier for the specific kind of JWT.
When applying explicit typing to a Nested JWT, the "typ" header
parameter containing the explicit type value MUST be present in the
inner JWT of the Nested JWT (the JWT whose payload is the JWT Claims
Set). The same "typ" header parameter value MAY be present in the
outer JWT as well, to explicitly type the entire Nested JWT.
Note that the use of explicit typing may not achieve disambiguation Note that the use of explicit typing may not achieve disambiguation
from existing kinds of JWTs, as the validation rules for existing from existing kinds of JWTs, as the validation rules for existing
kinds JWTs often do not use the "typ" header parameter value. kinds JWTs often do not use the "typ" header parameter value.
Explicit typing is RECOMMENDED for new uses of JWTs. Explicit typing is RECOMMENDED for new uses of JWTs.
3.10. Use Mutually Exclusive Validation Rules for Different Kinds of 3.10. Use Mutually Exclusive Validation Rules for Different Kinds of
JWTs JWTs
Each application of JWTs defines a profile specifying the required Each application of JWTs defines a profile specifying the required
and optional JWT claims and the validation rules associated with and optional JWT claims and the validation rules associated with
skipping to change at page 9, line 35 skipping to change at page 10, line 4
This document requires no IANA actions. This document requires no IANA actions.
5. Acknowledgements 5. Acknowledgements
Thanks to Antonio Sanso for bringing the "ECDH-ES" invalid point Thanks to Antonio Sanso for bringing the "ECDH-ES" invalid point
attack to the attention of JWE and JWT implementers. Thanks to Nat attack to the attention of JWE and JWT implementers. Thanks to Nat
Sakimura for advocating the use of explicit typing. Sakimura for advocating the use of explicit typing.
6. References 6. References
6.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
2014, <http://www.rfc-editor.org/info/rfc7159>. 2014, <https://www.rfc-editor.org/info/rfc7159>.
[RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May
2015, <http://www.rfc-editor.org/info/rfc7515>. 2015, <https://www.rfc-editor.org/info/rfc7515>.
[RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
RFC 7516, DOI 10.17487/RFC7516, May 2015, RFC 7516, DOI 10.17487/RFC7516, May 2015,
<http://www.rfc-editor.org/info/rfc7516>. <https://www.rfc-editor.org/info/rfc7516>.
[RFC7518] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, [RFC7518] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518,
DOI 10.17487/RFC7518, May 2015, DOI 10.17487/RFC7518, May 2015, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc7518>. editor.org/info/rfc7518>.
[RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
<http://www.rfc-editor.org/info/rfc7519>. <https://www.rfc-editor.org/info/rfc7519>.
6.2. Informative References 6.2. Informative References
[I-D.ietf-oauth-discovery] [I-D.ietf-oauth-discovery]
Jones, M., Sakimura, N., and J. Bradley, "OAuth 2.0 Jones, M., Sakimura, N., and J. Bradley, "OAuth 2.0
Authorization Server Metadata", draft-ietf-oauth- Authorization Server Metadata", draft-ietf-oauth-
discovery-06 (work in progress), March 2017. discovery-10 (work in progress), March 2018.
[I-D.ietf-secevent-token] [I-D.ietf-secevent-token]
Hunt, P., Denniss, W., Ansari, M., and M. Jones, "Security Hunt, P., Jones, M., Denniss, W., and M. Ansari, "Security
Event Token (SET)", draft-ietf-secevent-token-02 (work in Event Token (SET)", draft-ietf-secevent-token-07 (work in
progress), June 2017. progress), March 2018.
[Langkemper] [Langkemper]
Langkemper, S., "Attacking JWT Authentication", September Langkemper, S., "Attacking JWT Authentication", September
2016, <https://www.sjoerdlangkemper.nl/2016/09/28/ 2016, <https://www.sjoerdlangkemper.nl/2016/09/28/
attacking-jwt-authentication/>. attacking-jwt-authentication/>.
[OpenID.Core] [OpenID.Core]
Sakimura, N., Bradley, J., Jones, M., Medeiros, B., and C. Sakimura, N., Bradley, J., Jones, M., Medeiros, B., and C.
Mortimore, "OpenID Connect Core 1.0", November 2014, Mortimore, "OpenID Connect Core 1.0", November 2014,
<http://openid.net/specs/openid-connect-core-1_0.html>. <http://openid.net/specs/openid-connect-core-1_0.html>.
[RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", [RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework",
RFC 6749, DOI 10.17487/RFC6749, October 2012, RFC 6749, DOI 10.17487/RFC6749, October 2012,
<http://www.rfc-editor.org/info/rfc6749>. <https://www.rfc-editor.org/info/rfc6749>.
[RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, [RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517,
DOI 10.17487/RFC7517, May 2015, DOI 10.17487/RFC7517, May 2015, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc7517>. editor.org/info/rfc7517>.
[Sanso] Sanso, A., "Critical Vulnerability Uncovered in JSON [Sanso] Sanso, A., "Critical Vulnerability Uncovered in JSON
Encryption", March 2017, Encryption", March 2017,
<https://blogs.adobe.com/security/2017/03/critical- <https://blogs.adobe.com/security/2017/03/critical-
vulnerability-uncovered-in-json-encryption.html>. vulnerability-uncovered-in-json-encryption.html>.
Appendix A. Document History Appendix A. Document History
[[ to be removed by the RFC editor before publication as an RFC ]] [[ to be removed by the RFC editor before publication as an RFC ]]
A.1. draft-ietf-oauth-jwt-bcp-00 A.1. draft-ietf-oauth-jwt-bcp-01
- Feedback from Brian Campbell.
A.2. draft-ietf-oauth-jwt-bcp-00
- Initial WG draft. No change from the latest individual version. - Initial WG draft. No change from the latest individual version.
A.2. draft-sheffer-oauth-jwt-bcp-01 A.3. draft-sheffer-oauth-jwt-bcp-01
- Added explicit typing. - Added explicit typing.
A.3. draft-sheffer-oauth-jwt-bcp-00 A.4. draft-sheffer-oauth-jwt-bcp-00
- Initial version. - Initial version.
Authors' Addresses Authors' Addresses
Yaron Sheffer Yaron Sheffer
Intuit Intuit
EMail: yaronf.ietf@gmail.com EMail: yaronf.ietf@gmail.com
 End of changes. 27 change blocks. 
35 lines changed or deleted 45 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/