Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

Ludwig Seitz <ludwig.seitz@ri.se> Fri, 27 September 2019 07:03 UTC

Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09DF91200B9; Fri, 27 Sep 2019 00:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kAJhASloMUHc; Fri, 27 Sep 2019 00:03:41 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60043.outbound.protection.outlook.com [40.107.6.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD50C1200B7; Fri, 27 Sep 2019 00:03:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=li0+Qc7fnMpCiUm9RvZnrKbUkgHWJWFdY63CoH3GKXR/XElZ6Fx2YrkaSN2fAntiaSC/p6dLN2qXfXw7a4CXFkiw+6WGRbpTnIY2xe+1b2wYS7GMwcKHGSwJ0AMCiG/JwH8TORINggYjpZp6FyyJ1l4YTe+T3zXj8R/aKED7kDWjvzDyrRt+wLz6xCwH5szAemU95RoPybwnip56saWdm8g8FRFzsCCoiJ16FVgOakOplMobOgQpmI0pDk15El3LXnLcaEGubSENUbutfCosi0dyAyA9XX9Lv5XaiV5RtLZEysdBEnRnCywvRdT9ATpq/5qg1DsUbO1eYX+OCTaqjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tlbarbxEH/WA+vnpergShf9Z75NYDcxX/7PsiYDLk4k=; b=kc6kRLCRbG1nYISxT8T7dohxWlOX2W+MVqXzpAwhU96u0pXRnrvMM2vC+9npJiQ3JC21iHpuepnlG2M/KKEta/8B5BLzYAhi5o3vGZb6iI4NGw2vqb0Jcw3vUa8M6ON2eH0Efr4znTJMB7U0CQSYCAyYNrOM6aHpNZ53IyiFVNU/Z8HP0Ze/oh1fi9utSIa49O7pYhNckbeM9f2WKL4pT0GHdJHbE78cOjDj/Gh7Sxxkw5jgPZaLLQ4QjawDyMlx7L/OzrrHPP4Uz9SdiaNq8oJmtJPk+Vn4Ct+sGtwjiUDiTHQ37YTaDO90oaI1xb3zwXenUWuB2byje4MWRlkPVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.218.146.197) smtp.rcpttodomain=ietf.org smtp.mailfrom=ri.se; dmarc=pass (p=none sp=none pct=100) action=none header.from=ri.se; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector2-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tlbarbxEH/WA+vnpergShf9Z75NYDcxX/7PsiYDLk4k=; b=D1fo6a9lYyvgO4yVpfVp8FbnI0wB7IuFXNHE68QYF56y0cZWbQtVmBCLBWcXrCdYaP63u2L4o3hY+lwe3bLhnHNIRZAajp97f25bq89bdrIYUADMLFQWD/5lDAvjLWj7RiDceXbSuRd596WV7ThEJ22B+YICD9ZtPL2wpHwjXRU=
Received: from VI1P189CA0027.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:2a::40) by AM7P189MB0679.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.17; Fri, 27 Sep 2019 07:03:38 +0000
Received: from HE1EUR02FT048.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::204) by VI1P189CA0027.outlook.office365.com (2603:10a6:802:2a::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2305.17 via Frontend Transport; Fri, 27 Sep 2019 07:03:38 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=pass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by HE1EUR02FT048.mail.protection.outlook.com (10.152.10.243) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2305.15 via Frontend Transport; Fri, 27 Sep 2019 07:03:38 +0000
Received: from [10.112.134.122] (10.100.0.158) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Fri, 27 Sep 2019 09:03:37 +0200
To: Benjamin Kaduk <kaduk@mit.edu>, <draft-ietf-ace-oauth-authz.all@ietf.org>
CC: <ace@ietf.org>
References: <20190927015154.GY6424@kduck.mit.edu>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <e1b6d4bf-81e4-a1c4-1aa6-3fb669083adf@ri.se>
Date: Fri, 27 Sep 2019 09:03:27 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <20190927015154.GY6424@kduck.mit.edu>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms050603040507050608090203"
X-Originating-IP: [10.100.0.158]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(376002)(396003)(136003)(53754006)(189003)(199004)(106002)(568964002)(31696002)(86362001)(65806001)(386003)(2616005)(11346002)(44832011)(446003)(486006)(336012)(65956001)(31686004)(305945005)(71190400001)(3846002)(33964004)(2906002)(186003)(53546011)(6116002)(76176011)(7736002)(126002)(476003)(235185007)(5660300002)(58126008)(16586007)(316002)(478600001)(356004)(70586007)(70206006)(8676002)(81166006)(81156014)(8936002)(16526019)(26005)(6306002)(966005)(16576012)(6666004)(110136005)(4326008)(14444005)(229853002)(5024004)(2171002)(40036005)(6246003)(22756006)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM7P189MB0679; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a45b2564-2900-43f8-782d-08d74318d246
X-MS-TrafficTypeDiagnostic: AM7P189MB0679:
X-Microsoft-Antispam-PRVS: <AM7P189MB06790FD1502C8C11A4A2322382810@AM7P189MB0679.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691;
X-Forefront-PRVS: 0173C6D4D5
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: GXzOSkwcLiAw/pJuihpQzH09miiQM5aFXtotFnrDxIiKJ/Arz8gPU3lXYlKWlRfbxraq34vRv8knjdNTI+nyLIPGJwNVdIT9OVe54BDDSF1KmNknunFhWDD7QzWhUbMQMx9cY8H/C8mpUa9kGEecoIqDfJeeSZPgu9AGjHpV6k87JN3ff2kIGF4Zc3xqjlx4OTZHzLWWIHm5D7x3+YXFfIvX5M7iP0mPBvpTNf9/I+cgUG3oBwfaFKC76fVw3WIUaj2Xx4QVmXHLgDc789XGtRVg3kV9jAfeQwBYyC+AMlTIADv/wUQk43E/xaNUGa0yy0lyclZNuvjpBXOenEqL+0a5+HMN3Yjg7cM+LeMHPVUT41VWM6M4+d06vSYgjhytwUL9Uq8Tbyw8RUTYa8RHQ1YBPsKd+wwwzinuprtL76A=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2019 07:03:38.1663 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a45b2564-2900-43f8-782d-08d74318d246
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB0679
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/8ogb3GngYCsYzx6DMR81WfsuRYU>
Subject: Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 07:03:44 -0000

On 27/09/2019 03:51, Benjamin Kaduk wrote:
> Hi all,
> 
> The length of this review notwithstanding, this document is generally in
> good shape -- there's a bunch of localized items to tighten up, and we
> can flesh out the security considerations some more, but nothing too
> drastic should be needed.  Perhaps the most far-reaching changes needed
> will be to rename the "profile" claim, since that has already been
> allocated to OIDC Core for a very different usage.  I also made a pull
> request with a bunch of trivial editorial stuff that's easier to fix
> than describe how to fix, up at
> https://github.com/ace-wg/ace-oauth/pull/175 .
> 

I have a non-trivial comment on your pull request: In appendix B we 
summarize the steps taken by an RS to process a freshly received access 
token. You changed the suggested sequence from:

* Verify the token is from a recognized AS.
* Verify that the token applies to this RS.
* Check that the token has not expired (if the token provides expiration 
information).
* Check the token's integrity.
* Store the token so that it can be retrieved in the context of a 
matching request.

To

* Verify the token is from a recognized AS.
* Check the token's integrity.
* Verify that the token applies to this RS.
* Check that the token has not expired (if the token provides expiration 
information).
* Store the token so that it can be retrieved in the context of a 
matching request.


I don't think this is a big deal, but I put the integrity check later 
for a good reason (or so I believe): The integrity check is a 
potentially expensive cryptographic operation. Checking that the token 
applies to the RS is a matter of checking the audience claim, and 
checking that the token is not expired is a matter of comparing two 
timestamps, I consider both to be computationally much lighter and 
therefore quicker to execute. A failure of any of those two may make it 
unnecessary to verify the token integrity.

BUT! My suggested sequence only works if the token is signed or MACed 
and not if it is encrypted. If the token is encrypted the AEAD integrity 
check (and decryption) is necessarily the first processing step.

Any ideas how to resolve this gracefully (i.e. without adding a large 
amount of text) are most welcome.


Regards,

Ludwig

-- 
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51