Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

Jim Schaad <ietf@augustcellars.com> Fri, 22 June 2018 14:58 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B32F130E8E; Fri, 22 Jun 2018 07:58:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDQ-SDfylyo6; Fri, 22 Jun 2018 07:58:47 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39791130E8B; Fri, 22 Jun 2018 07:58:47 -0700 (PDT)
Received: from Jude (104.129.192.86) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 22 Jun 2018 07:55:42 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>, 'Mike Jones' <Michael.Jones@microsoft.com>, <draft-ietf-ace-cwt-proof-of-possession@ietf.org>
CC: <ace@ietf.org>
References: <VI1PR0801MB2112C4D6D3CED7C15D9AE886FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB2112C4D6D3CED7C15D9AE886FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Date: Fri, 22 Jun 2018 07:58:38 -0700
Message-ID: <01c501d40a39$82742390$875c6ab0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJmkbQj82tMYvZUbCUZIMhlVFE4oaNHTzaQ
Content-Language: en-us
X-Originating-IP: [104.129.192.86]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/9tygHljZ-f0qHSl_MDrpD0AUMKs>
Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 14:58:50 -0000

That language works if you assume that there is only one CWT that an RS will
look to.  If there are multiple CWTs then one needs coordination language
between them.

> -----Original Message-----
> From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>;
> Sent: Friday, June 22, 2018 6:36 AM
> To: Jim Schaad <ietf@augustcellars.com>;; 'Mike Jones'
> <Michael.Jones@microsoft.com>;; draft-ietf-ace-cwt-proof-of-
> possession@ietf.org
> Cc: ace@ietf.org
> Subject: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
> 
> Hi Jim,
> 
> I would like to comment on this issue.
> 
> -----
> > > 14.  I have real problems w/ the use of a KID for POP
> > > identification.  It
> may
> > identify the wrong key or, if used for granting access, may have
> > problems
> w/
> > identity collisions.  These need to be spelt out someplace to help
> > people tracking down questions of why can't I verify w/ this CWT, I
> > know it's
> right.
> >
> > The Key ID is a hint to help identify which PoP key to use.  Yes, if a
> > Key
> ID is
> > sent that doesn't correspond to the right PoP key, failures may occur.
> > I
> view
> > that as usage bug - not a protocol problem.  If keys aren't
> > consistently
> known
> > and identified by both parties, there are lots of things that can go
> wrong, and
> > this is only one such instance.  That said, I can try to say something
> about the
> > need for keys to be consistently and known by both parties, if you
> > think
> that
> > would help.
> 
> > My problem is that if there are two different people with the same Key
> > ID,
> either intentionally or unintentionally, then using the key ID to identify
the
> key may allow the other person to masquerade as the first person.  I am
> unworried about the instance of a failure to get a key based on a key id.
> That is not the problem you are proposing to address.
> 
> -----
> 
> I think we should document this issue. Here is some text proposal that
could
> go into a separate operational consideration section (or into the security
> consideration section instead).
> 
> "
> - Operational Considerations
> 
> The use of CWTs with proof-of-possession keys requires additional
> information to be shared between the involved parties in order to ensure
> correct processing. The recipient needs to be able to use credentials to
verify
> the authenticity, integrity and potentially the confidentiality of the CWT
and
> its content. This requires the recipient to know information about the
issuer.
> Like-wise there needs to be an upfront agreement between the issuer and
> the recipient about the claims that need to be present and what degree of
> trust can be put into those.
> 
> When an issuer creates a CWT containing a key id claim, it needs to make
> sure that it does not issue another CWT containing the same key id with a
> different content, or for a different subject, within the lifetime of the
CWTs,
> unless intentionally desired. Failure to do so may allow one party to
> impersonate another party with the potential to gain additional
privileges.
> "
> 
> 
> Ciao
> Hannes
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
recipient,
> please notify the sender immediately and do not disclose the contents to
any
> other person, use it for any purpose, or store or copy the information in
any
> medium. Thank you.