JwsParser decodes the protected header but never inspects typ, so a received signed envelope with absent, empty, or arbitrary typ verifies identically to one carrying the canonical media type.
Severity: Info
Category: spec-noncompliance
Affected code
/Users/moises/Projects/didcomm-dotnet/src/DidComm.Core/Jose/Signing/JwsProtectedHeader.cs:25/Users/moises/Projects/didcomm-dotnet/src/DidComm.Core/Jose/Signing/JwsParser.cs:71
Details
JwsProtectedHeader declares a Typ property (JwsProtectedHeader.cs:25), and JwsBuilder sets it to application/didcomm-signed+json on emit (JwsBuilder.cs:86). But JwsParser.Parse decodes the protected header (JwsParser.cs:71) and validates crit, b64, alg, and the kid cross-check — yet never reads header.Typ (a grep for .Typ across the Jose tree finds only the builder's write). No other layer checks it: EnvelopeDetector.Detect classifies envelope kind purely structurally (ciphertext / signatures / signature+payload), media-type independent. Therefore a received signed envelope with absent/empty/arbitrary typ verifies identically and cannot cause envelope-kind confusion.
Non-compliance
No concrete attack exists: the envelope kind is determined structurally, not by typ, and RFC 7515 §4.1.9 treats typ as advisory only. FR-SIG-04 makes setting the signed typ a SHOULD on emit (and permits JWM in the construction header), with no MUST to validate typ on receive — so not enforcing it is within spec. Reported only as a hardening/observability note: the library does not assert that the envelope it verified actually claimed to be a DIDComm signed message.
Recommended fix
Optionally record header.Typ in the parse result for diagnostics, and (defense-in-depth) reject only clearly-wrong typ values while continuing to tolerate absent typ and JWM per FR-SIG-04. No functional change is required for spec compliance.
References
RFC 7515 §4.1.9 (typ advisory); DIDComm v2.1 §Message Signing; PRD FR-SIG-04 / FR-ENV-01
Filed from an automated multi-agent security & compliance review.
JwsParserdecodes the protected header but never inspectstyp, so a received signed envelope with absent, empty, or arbitrarytypverifies identically to one carrying the canonical media type.Severity: Info
Category: spec-noncompliance
Affected code
/Users/moises/Projects/didcomm-dotnet/src/DidComm.Core/Jose/Signing/JwsProtectedHeader.cs:25/Users/moises/Projects/didcomm-dotnet/src/DidComm.Core/Jose/Signing/JwsParser.cs:71Details
JwsProtectedHeaderdeclares aTypproperty (JwsProtectedHeader.cs:25), andJwsBuildersets it toapplication/didcomm-signed+jsonon emit (JwsBuilder.cs:86). ButJwsParser.Parsedecodes the protected header (JwsParser.cs:71) and validatescrit,b64,alg, and the kid cross-check — yet never readsheader.Typ(a grep for.Typacross the Jose tree finds only the builder's write). No other layer checks it:EnvelopeDetector.Detectclassifies envelope kind purely structurally (ciphertext / signatures / signature+payload), media-type independent. Therefore a received signed envelope with absent/empty/arbitrarytypverifies identically and cannot cause envelope-kind confusion.Non-compliance
No concrete attack exists: the envelope kind is determined structurally, not by
typ, and RFC 7515 §4.1.9 treatstypas advisory only. FR-SIG-04 makes setting the signedtypa SHOULD on emit (and permitsJWMin the construction header), with no MUST to validatetypon receive — so not enforcing it is within spec. Reported only as a hardening/observability note: the library does not assert that the envelope it verified actually claimed to be a DIDComm signed message.Recommended fix
Optionally record
header.Typin the parse result for diagnostics, and (defense-in-depth) reject only clearly-wrongtypvalues while continuing to tolerate absenttypandJWMper FR-SIG-04. No functional change is required for spec compliance.References
RFC 7515 §4.1.9 (typ advisory); DIDComm v2.1 §Message Signing; PRD FR-SIG-04 / FR-ENV-01
Filed from an automated multi-agent security & compliance review.