Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

Mike Jones <> Fri, 22 June 2018 20:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8B866130EEB; Fri, 22 Jun 2018 13:44:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qzdX6j0KiQel; Fri, 22 Jun 2018 13:44:42 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9420E130EEE; Fri, 22 Jun 2018 13:44:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CYoRdxEUug6kDSZi+8m9vfiQqzUBHpELuD15PlCd4Nc=; b=okJeNQBvKzeGB0az52Mp1dhsX3/qdhU05qvhPoTSEg994BlctuXyaqw7Ckgk8i8VZfIjEF8N/bpd2aHmz2zXfbN+S5quqpk1qAwZYNG4dhkWcDPuBsVAiNmtfPl8PK+wNkxaedAQgA8vs5bEO5CDi3l7D+frz0yyjtiI1bjZZQg=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.931.0; Fri, 22 Jun 2018 20:44:21 +0000
Received: from ([fe80::d927:b78e:8e51:1747]) by ([fe80::d927:b78e:8e51:1747%2]) with mapi id 15.20.0930.000; Fri, 22 Jun 2018 20:44:20 +0000
From: Mike Jones <>
To: Jim Schaad <>, Hannes Tschofenig <>, "" <>
CC: "" <>
Thread-Topic: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-possession-02
Thread-Index: AdQKFSUx11D9ChnERGKUCytum2t16AAJFr0AAAwJBlA=
Date: Fri, 22 Jun 2018 20:44:20 +0000
Message-ID: <>
References: <> <01c501d40a39$82742390$875c6ab0$>
In-Reply-To: <01c501d40a39$82742390$875c6ab0$>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0346; 7:I5SY6dGywTRAav0BamCn92CScrlDalHE7Bkw37KWNYW2sYs9TK66S4KH79SuuI2iNpO1EWc+HBX7Ag+c0tUONBZgMU0mKr8WXTwDzmT3YblE5mpl3ut6yemSbUUAMV4jPe2mp98ZTg9NAoQ450fIarPqICNn5/2S0KXcsvRZOY9OCw9NUWnZ1m6gVqV4Y19hWaLO+0Kon3wnRuAzuBqNuuMBeZb6w+QgWHFZO1FS3HqmN67YljKTQsIRUD3VlV2n
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 28818eeb-5aff-4798-4f66-08d5d880ee63
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600026)(711020)(48565401081)(2017052603328)(7193020); SRVR:MW2PR00MB0346;
x-ms-traffictypediagnostic: MW2PR00MB0346:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(89211679590171)(192374486261705)(223705240517415);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(93006095)(93001095)(3002001)(3231254)(2018427008)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011)(7699016); SRVR:MW2PR00MB0346; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0346;
x-forefront-prvs: 071156160B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39380400002)(376002)(366004)(39860400002)(396003)(13464003)(189003)(199004)(53936002)(81166006)(2501003)(6246003)(110136005)(81156014)(316002)(14454004)(66066001)(22452003)(10290500003)(8676002)(3660700001)(478600001)(305945005)(2900100001)(68736007)(8936002)(106356001)(6116002)(8990500004)(10090500001)(4326008)(25786009)(105586002)(33656002)(86362001)(74316002)(3846002)(5890100001)(5660300001)(7736002)(5250100002)(72206003)(6436002)(99286004)(53546011)(9686003)(476003)(6506007)(26005)(229853002)(6346003)(486006)(2906002)(76176011)(86612001)(446003)(55016002)(7696005)(102836004)(59450400001)(186003)(11346002)(3280700002)(561944003)(97736004); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0346;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is );
x-microsoft-antispam-message-info: aw/svAAj/L9scOju49P+3xUAECBGwVqfU8YUNmmh1z0CiWFbf3SPozN+GiJYwNbItTsE1q9935Q1IDM4hXc+1G4u0AtdHwmdvfDkbY0QBcyd2Aqnd7vlpvT8BLxHXfwiuwxJpCITcn16Zq+3+OdZt4ZnekZNn7wUVSIB3sB9VXqs60ESiQN3eIDh+4jVLhvKrmGJKOGe7JEkh6dn+sjRzDq0qsRn1LmMDbEuj4iXQXOSM3fofS2ByjDS3u7ZxRKeUtkiMrlobDJWhN3SQ/++TCXjwkqvoQG4u3iVj34IetuBYlas3DC+qkbbagDL/iv8kDtptzG57rwdc/sA0r8m4A==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 28818eeb-5aff-4798-4f66-08d5d880ee63
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2018 20:44:20.7731 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0346
Archived-At: <>
Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 22 Jun 2018 20:44:46 -0000

I think you're looking for language something along these lines, right Jim?

"Likewise, if PoP keys are used for multiple different kinds of CWTs in an application and the PoP keys are identified by Key IDs, care must be taken to keep the keys for the different kinds of CWTs segregated so that an attacker cannot cause the wrong PoP key to be used by using a valid Key ID for the wrong kind of CWT."

				-- Mike

-----Original Message-----
From: Jim Schaad <> 
Sent: Friday, June 22, 2018 7:59 AM
To: Hannes Tschofenig <>om>; Mike Jones <>om>;
Subject: RE: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-possession-02

That language works if you assume that there is only one CWT that an RS will look to.  If there are multiple CWTs then one needs coordination language between them.

> -----Original Message-----
> From: Hannes Tschofenig <>
> Sent: Friday, June 22, 2018 6:36 AM
> To: Jim Schaad <>om>; 'Mike Jones'
> <>om>; draft-ietf-ace-cwt-proof-of- 
> Cc:
> Subject: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
> Hi Jim,
> I would like to comment on this issue.
> -----
> > > 14.  I have real problems w/ the use of a KID for POP 
> > > identification.  It
> may
> > identify the wrong key or, if used for granting access, may have 
> > problems
> w/
> > identity collisions.  These need to be spelt out someplace to help 
> > people tracking down questions of why can't I verify w/ this CWT, I 
> > know it's
> right.
> >
> > The Key ID is a hint to help identify which PoP key to use.  Yes, if 
> > a Key
> ID is
> > sent that doesn't correspond to the right PoP key, failures may occur.
> > I
> view
> > that as usage bug - not a protocol problem.  If keys aren't 
> > consistently
> known
> > and identified by both parties, there are lots of things that can go
> wrong, and
> > this is only one such instance.  That said, I can try to say 
> > something
> about the
> > need for keys to be consistently and known by both parties, if you 
> > think
> that
> > would help.
> > My problem is that if there are two different people with the same 
> > Key ID,
> either intentionally or unintentionally, then using the key ID to 
> identify
> key may allow the other person to masquerade as the first person.  I 
> am unworried about the instance of a failure to get a key based on a key id.
> That is not the problem you are proposing to address.
> -----
> I think we should document this issue. Here is some text proposal that
> go into a separate operational consideration section (or into the 
> security consideration section instead).
> "
> - Operational Considerations
> The use of CWTs with proof-of-possession keys requires additional 
> information to be shared between the involved parties in order to 
> ensure correct processing. The recipient needs to be able to use 
> credentials to
> the authenticity, integrity and potentially the confidentiality of the 
> its content. This requires the recipient to know information about the
> Like-wise there needs to be an upfront agreement between the issuer 
> and the recipient about the claims that need to be present and what 
> degree of trust can be put into those.
> When an issuer creates a CWT containing a key id claim, it needs to 
> make sure that it does not issue another CWT containing the same key 
> id with a different content, or for a different subject, within the 
> lifetime of the
> unless intentionally desired. Failure to do so may allow one party to 
> impersonate another party with the potential to gain additional
> "
> Ciao
> Hannes
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended
> please notify the sender immediately and do not disclose the contents 
> to
> other person, use it for any purpose, or store or copy the information 
> in
> medium. Thank you.