7.5.5. Canonicalization Attacks

7.5.5. Canonicalization Attacks

Any ambiguity in the generation of the signature base could provide an attacker with leverage to substitute or break a signature on a message. Some message component values, particularly HTTP field values, are potentially susceptible to broken implementations that could lead to unexpected and insecure behavior. Naive implementations of this specification might implement HTTP field processing by taking the single value of a field and using it as the direct component value without processing it appropriately.

For example, if the handling of obs-fold field values does not remove the internal line folding and whitespace, additional newlines could be introduced into the signature base by the signer, providing a potential place for an attacker to mount a signature collision (Section 7.3.1) attack. Alternatively, if header fields that appear multiple times are not joined into a single string value, as required by this specification, similar attacks can be mounted, as a signed component value would show up in the signature base more than once and could be substituted or otherwise attacked in this way.

To counter this, the entire field value processing algorithm needs to be implemented by all implementations of signers and verifiers.