Skip to content

Add length check for JWK key import #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
devgianlu wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add length check for JWK key import #38

devgianlu wants to merge 1 commit into from

Conversation

@devgianlu
Copy link

@devgianlu devgianlu commented Aug 5, 2025
edited by pr-preview bot
Loading

The PR adds length validation of JWK fields provided during key import.

See #33 (comment)

Preview | Diff

@devgianlu devgianlu mentioned this pull request Aug 5, 2025
Closed
Frosne
Frosne reviewed Aug 6, 2025
View reviewed changes
index.html
</li>
<li>
<p>
Let |jwkPublic| be the {{JsonWebKey/x}} field of |jwk| interpreted
Copy link
Collaborator

@Frosne Frosne Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think - would it improve reading if we move the public key part of the patch to right before "If the d field is present" ?

Copy link
Author

@devgianlu devgianlu Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes sense to factor the public key part out of the switch instead of duplicating it. However, I think we should factor out the If |jwk| does not meet the requirements of part too.

Does it make sense to you?

Copy link
Collaborator

@Frosne Frosne Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@panva any opinion?

Copy link
Contributor

@panva panva Aug 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tend to agree with the comment in #33 (comment) in that this is already covered by having a "valid" JWK for a given sub type. Given that implementations already reject with exactly what is described here I find the entire addition superfluous.

Copy link
Author

@devgianlu devgianlu Aug 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that implementations already reject with exactly what is described here I find the entire addition superfluous.

Isn't this the exact reason why it should be added to the spec? Implementors (and WPT) are already obeying this un-written rule, so why not make it more explicit.

Copy link
Contributor

@panva panva Aug 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's superfluous and unnecessary. And in order to do it right we'd have to bring in base64url decoding machinery to the spec because the |length in bits| on a base64url encoded field isn't going to be 256.

Please don't take this as blocking. I was asked for my opinion :)

Copy link
Author

@devgianlu devgianlu Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And in order to do it right we'd have to bring in base64url decoding machinery to the spec because the |length in bits| on a base64url encoded field isn't going to be 256.

That's why I tried to convey the base64 decoding with interpreted according to Section 2 of [[RFC8037]].

Copy link
Collaborator

@Frosne Frosne Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you're talking about this, right?

The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding.

from

interpreted according to Section 2 of [[RFC8037]]

I would expect that the Section 2 contains the rules of decoding..

Copy link
Collaborator

@Frosne Frosne Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe "decoded using the base64url [RFC4648] decoding"?

But, obviously, it brings even more complexity :(

Copy link
Author

@devgianlu devgianlu Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe "decoded using the base64url [RFC4648] decoding"?

I agree with @panva that brining in the definition of what's base64url is to avoid. But since Section 2 of RFC8037 already tells you that it must be base64url encoded, interpreted according to felt like a good trade off.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@panva panva panva left review comments

@Frosne Frosne Frosne left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devgianlu @panva @Frosne