Re: [Ace] Security of the Communication Between C and RS
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 18 December 2018 08:47 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA1F213107D for <ace@ietfa.amsl.com>; Tue, 18 Dec 2018 00:47:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOG8R4fbEpUg for <ace@ietfa.amsl.com>; Tue, 18 Dec 2018 00:47:21 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10057.outbound.protection.outlook.com [40.107.1.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2664D127598 for <ace@ietf.org>; Tue, 18 Dec 2018 00:47:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mk5gok+4vTYmhGZr2dREc3QOdnSPRKSluQcxBUjW9LM=; b=doENgJ8ShYPC2uUVKQUE6eHVA1730FEZ/6bS4DdL26pFHcuCCZF9pVSPWfrcctZPXu3w0HjteKnkzTcudoIVSn3Ydu3eK/hSu3VHTUsFX+/BfMLk2TGiOcWUmTOPyMhABSX+MVKws6HvPJzJc5yumFbc9qOjVUFavPcYcxvGS7Q=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1440.eurprd08.prod.outlook.com (10.167.210.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.22; Tue, 18 Dec 2018 08:47:17 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::e8de:6a41:cbf4:89d8]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::e8de:6a41:cbf4:89d8%3]) with mapi id 15.20.1425.023; Tue, 18 Dec 2018 08:47:17 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Ludwig Seitz <ludwig.seitz@ri.se>, Stefanie Gerdes <gerdes@tzi.de>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Security of the Communication Between C and RS
Thread-Index: AQHUlquFKpsKbsbb2kGcq8Jrm430i6WELNAA
Date: Tue, 18 Dec 2018 08:47:17 +0000
Message-ID: <VI1PR0801MB21124D7C11F3A1F49DCA9A2CFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <154322421294.8323.8505315870685563404.idtracker@ietfa.amsl.com> <cbd083d1-cb95-0732-aa8b-7c7de3f480d1@ri.se> <a0cdd836-7fe3-339e-0c48-961503857447@tzi.de> <03b601d49191$7d1bb400$77531c00$@augustcellars.com> <945fbebe-659f-ac72-3ab6-8e05447e7c92@ri.se> <1c5b81f3-50ce-be68-bec3-68ce2ff15b43@tzi.de> <4ae4eccd-68bf-18ef-f909-142f8172eca1@ri.se> <81ba3ab4-a9ce-a6fd-fbe6-c36a6fbbd9a5@tzi.de> <VI1PR0801MB2112E04F9FD7412350995417FAA20@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b994af16-9bb8-4386-e7d2-321e453417fc@ri.se>
In-Reply-To: <b994af16-9bb8-4386-e7d2-321e453417fc@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.114.221]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1440; 6:qCRQJ23VqidA4PVfRd7mO2QchxkTO0T6xdIsI6AKwewGG+0aF5XNrQQvrAu/qjXJNNRKg3JM9+LiRixA/DG4G9QKlqiPiUiOR+lrSnHxa6CnC6rDnVaisuCDKff+bVTENPIamsXd3e/mtxv8VC67Sky0OBU6MJ29CeNlus+0kaoEJQsRunV897vC0igq6aZbYqkeiRh+ljsj9dyV90huAzuo3oTGwlt5zMc5Xs6x6iiyE72PsRp9KSuUfZ6wG7nYpljqoIjqGSMYnGGm8qFgBdO2g3uXA6MKcS3NTzZ0q+GYMnGEedYu42itHdSh3GTb5fzZP7bx2qj2HQ6yB9mQgUzmmHxa5QxzOn3wUGLUrS7j/3eSa+95C8kXNOpDC0cN03+joi2VPAY5f+wCPZDdOq3XWSVH8gRhvSNpFlfE209+9oCmfsfHChyq25sjhyd4Kf5aPAFsTbiydW4qINDtEQ==; 5:PDqSgPnadO3JBPf2iw6v6+6mhjAtQOyvG4UgGcfw/7PIr3K9Ssc5kv4hkD+hBSGseycoKzeUgXNwuUnTN4ypVgtipO6QEe5qpQSAubcxybUi8ZG9LwbJBczk2NElynAu7Dtzy1JUzFsVcdszcQqvzbGyx+Ka/wRyhnO8UIxdGJY=; 7:RSk2nSdgKYz4CID+HR6dG/amF5G3i7eTO0qObuvSXOxUBvs3/JvTthEcY5+ZDzd7kz2RwEi73aMrxeu06sXo1c87YAbOP3eNTqu1Mgf/gxCS/oJ3/w+DBCnvGHPt+uqIWEMt3x8VBoho/Q2Y63CdKw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c06b09f6-6c5d-4202-94a9-08d664c56a56
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1440;
x-ms-traffictypediagnostic: VI1PR0801MB1440:
x-microsoft-antispam-prvs: <VI1PR0801MB14400F1D7AC6B9DA19533535FABD0@VI1PR0801MB1440.eurprd08.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(999002)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231475)(944501520)(52105112)(6055026)(148016)(149066)(150057)(6041310)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:VI1PR0801MB1440; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1440;
x-forefront-prvs: 08902E536D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(376002)(39860400002)(396003)(346002)(40434004)(199004)(189003)(51444003)(13464003)(71200400001)(71190400001)(74316002)(229853002)(6116002)(66066001)(316002)(3846002)(93886005)(81166006)(81156014)(55016002)(97736004)(8676002)(106356001)(8936002)(105586002)(33656002)(86362001)(9686003)(99286004)(486006)(26005)(6246003)(186003)(53936002)(2501003)(478600001)(7736002)(14454004)(110136005)(102836004)(6436002)(2906002)(6506007)(53546011)(7696005)(76176011)(68736007)(256004)(14444005)(5024004)(5660300001)(72206003)(11346002)(446003)(476003)(305945005)(15650500001)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1440; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: XoKjTpeqlSFujPVPgFVEg/jlbe3SvxubU5PriqTNEup+p6sa501V7DRz4VjJe6cqWxmLTgfY04YtL8fRQvVrI3FyUaySP4FVCYMWvzkWKSisgk86qvfmhrV7VqxHgUAP2s7/fkUqF82qdUgVGu1t94ydh3b41fZfouCgfv9a2l8wgo9Jx4iwmG1sm5lhep69g/7FJm2IU94ZjgozsG85g7RCfbMjVB1kxDTxsncSmCm5Yz9N65/MmWMCbCor3GFEqG7MjNY/sME6K8yS4PYF4ylxjvxCYucTt3NbuVyVW3bdTOVZhAAUDDL1Sb6GQtQi
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c06b09f6-6c5d-4202-94a9-08d664c56a56
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2018 08:47:17.3335 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1440
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Pvr3e4_59skQgMn-bNiXWAyWcZ0>
Subject: Re: [Ace] Security of the Communication Between C and RS
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 08:47:25 -0000
Hi Ludwig, A few remarks inline: -----Original Message----- From: Ludwig Seitz <ludwig.seitz@ri.se> Sent: Dienstag, 18. Dezember 2018 09:27 To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Stefanie Gerdes <gerdes@tzi.de>; Jim Schaad <ietf@augustcellars.com>; ace@ietf.org Subject: Re: [Ace] Security of the Communication Between C and RS On 15/12/2018 16:04, Hannes Tschofenig wrote: > Hi Steffi, > > ~snip~ > >> I really think you should point out that symmetric keying material >> that the AS provides to the client is valid as long as the token. > > I think that's a useful recommendation. I do, however, believe that we > are not making the same assumption for an asymmetric key bound to the > token. > Ok, I'll add text to the draft that says this. Note that this can be trouble if a client asks the AS to bind an existing symmetric pop-key to another (new) token it is requesting. Which one of the two tokens bound to that key is now steering the expiration of the key? [Hannes] Normally, the client would only request a symmetric PoP token from the AS and the AS would create the symmetric key and return the PoP token + the symmetric key. Hence, in the normal case this shouldn't be happen. >> The access information optionally can contain an expires_in field. >> It would help to prevent security breaches under the following >> conditions: > 1. the keying material is valid as long as the ticket, 2. the > expires_in field is present in the access information that AS sends to > C, 3. the client checks the expires_in field when it gets the access > information from the AS, and 4. the client checks if the keying > material is still valid each time before it sends a request to RS. > > These checks make sense to me. > Are you proposing we make the expires_in field mandatory? If so, why isn't it mandatory already in OAuth (currently only RECOMMENDED)? [Hannes] I would do the check when the field is actually there. However, it is a good question why it is not mandatory in OAuth. Let me drop a mail to the list. Ciao Hannes /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Ace] Fwd: New Version Notification for draft-iet… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Overwriting Tokens Ludwig Seitz
- Re: [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Overwriting Tokens Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- [Ace] Token (In)Security Stefanie Gerdes
- [Ace] Security of the Communication Between C and… Stefanie Gerdes
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Jim Schaad
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Sebastian Echeverria
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Benjamin Kaduk