Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

Ludwig Seitz <ludwig.seitz@ri.se> Tue, 15 October 2019 14:14 UTC

Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 939C6120123; Tue, 15 Oct 2019 07:14:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HCkazbyiSsUg; Tue, 15 Oct 2019 07:14:52 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130077.outbound.protection.outlook.com [40.107.13.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39EF6120119; Tue, 15 Oct 2019 07:14:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OCXP7x4mWtsMA170Cpwl8wLShcEA0R2tLt20twAu27UrJpMrRiuZKTl7X8g4nGGat/VgXMjShceOgIa/W6wlTI9TrHGKy1dVhtW+M2twp0hJ4NVQbcXcHlmHFzMgsjoQ20Q1ugNZ1AAWMwmx+TEbPkdt1+UQyzUI/W4ernFZkPmzdHxwl+bOcvVsAVAmD22zzOCgOp/I5WoInBRll7mgtdtEx7gGbDCwFqw1qlMI8gjoXFSSNXOEZznTawXvoxC5CFrW5cRJqpFWSr78h7pDBLw279jEZOy84RnvkIZzUvMVczqSJkPD1MRievMUVIuLCh0RhVTAl12TNYpDUihMbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C3UGaBFDMxBvqIzfJ+d+brdInr4yJzf5T6MaRVyKjiA=; b=HLcXJq6IWjH94i0zVtzWisEFibCb3Yk9H5Iojl5eVqfmMDjBT0PRcPgTiZdT+hpRiBn2TdjQMb/Y3xKqjIKW3+OM7tQHgK0BOtTynGUVGC/Vn0DJVwSbcmtfSP1gfFG0sL2bykgUJS4P5uyKKPqt5kIvRlKF4AV7YwPbaSaHNsraKrfXiPYu+uJCePJeb8AJpaUvJAI3aeDxTG9oOkeX9kfczfMgy0znawsbIvixBXQNeYoubDs02CNOEl9+X79w4XFulAaODID6lX7mlZH3U8ZMj3l0v1TVhz0IoibwrvuLXwA5W4bhzq2k9d4Ybm/0AqkyLLZ4oPqGKKgNEXSltw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.218.146.197) smtp.rcpttodomain=ietf.org smtp.mailfrom=ri.se; dmarc=pass (p=none sp=none pct=100) action=none header.from=ri.se; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector2-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C3UGaBFDMxBvqIzfJ+d+brdInr4yJzf5T6MaRVyKjiA=; b=Xohemx/Px2FjtfEIsc2YrFdcJUi5lwXbWbcbmuzTjBAswABYJaZgVXQHilEjkAAVeFtxBTufngR8hEXBUCCVdFdlCy6oQPK0YzsY8tNZv2TAl9xp0gIG+Scul7aptCrkp1WvWVQrJnKzcUQnW1wV8wVT0z8pMzTyHgyNjJUW+nI=
Received: from VI1P189CA0003.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:2a::16) by AM5P189MB0561.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:22::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Tue, 15 Oct 2019 14:14:49 +0000
Received: from VE1EUR02FT063.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e06::207) by VI1P189CA0003.outlook.office365.com (2603:10a6:802:2a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16 via Frontend Transport; Tue, 15 Oct 2019 14:14:49 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=pass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by VE1EUR02FT063.mail.protection.outlook.com (10.152.13.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2347.16 via Frontend Transport; Tue, 15 Oct 2019 14:14:49 +0000
Received: from [10.112.134.122] (10.100.0.158) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1779.2; Tue, 15 Oct 2019 16:14:48 +0200
From: Ludwig Seitz <ludwig.seitz@ri.se>
To: Benjamin Kaduk <kaduk@mit.edu>, <draft-ietf-ace-oauth-authz.all@ietf.org>
CC: <ace@ietf.org>
References: <20190927015154.GY6424@kduck.mit.edu> <696c7ee4-75f9-48ec-8837-ea171137e9f8@ri.se>
Message-ID: <b50a66b5-26ef-dc32-0399-af51999da755@ri.se>
Date: Tue, 15 Oct 2019 16:14:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <696c7ee4-75f9-48ec-8837-ea171137e9f8@ri.se>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms050004060805080807060205"
X-Originating-IP: [10.100.0.158]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(396003)(376002)(346002)(199004)(189003)(126002)(16586007)(2616005)(229853002)(6246003)(486006)(58126008)(478600001)(81166006)(81156014)(106002)(71190400001)(8676002)(316002)(2171002)(31686004)(16576012)(476003)(31696002)(110136005)(22756006)(70586007)(336012)(40036005)(16526019)(26005)(6116002)(70206006)(3846002)(86362001)(186003)(44832011)(305945005)(446003)(53546011)(11346002)(568964002)(33964004)(76176011)(7736002)(386003)(5024004)(2906002)(14444005)(65956001)(65806001)(4326008)(356004)(22746008)(8936002)(36756003)(5660300002)(235185007)(5000100001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P189MB0561; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b798f29d-945f-4c9d-147b-08d7517a0a06
X-MS-TrafficTypeDiagnostic: AM5P189MB0561:
X-Microsoft-Antispam-PRVS: <AM5P189MB05612E00BE2A5DC61383768282930@AM5P189MB0561.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 01917B1794
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: eL7QrKrCa56lE7+n9AhOpQtrdm3DqbZg5Hp6SQMV5zv1n1S6RLtBlmlBZBauAf2wnrYdIMs9ZBe4BbRgQEjuhuPcqVz2by7ecDiF6OCR00/owMOI4N5WJZiCy2uoLP244AkVb+L29gGH2tK57BdgMkJUs9zKgPPC7/82kc8u6oxCYUjAZMqwvmZ97NIK9cOq931gx55aO/OIjDHprhVMi1pxSoRPch1KVKIWZ5Sv3u8DdunJNUxSfd4X81MGGJHqyPX0P57NkcamZ78TteQliKwbgv0WEIdgdKbjWmcbRDg99aWuWvzk87nxZ7014sHABRFIHVLPdgv7vOdIavv1tPse/OjrLr9zs0L+MnddcU49hwIk9FEDLXvKCzD1eb+VJ0uKCq0nrLoEjTZWJpWmVaSAfJ7dODYOi1SNb5Ai9kU=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2019 14:14:49.1224 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b798f29d-945f-4c9d-147b-08d7517a0a06
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P189MB0561
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/LvjP8KaXQ2w3ClfxSXHjXKxW1eY>
Subject: Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 14:14:56 -0000

On 15/10/2019 16:07, Ludwig Seitz wrote:

>> 78.)
>> Section 6.1
>>
>> I think we should have a little bit more discussion about what attacks
>> are possible even when a client hard-codes a list of trustworthy ASes,
>> e.g., when a device in one AS's purview is compromised and tries to get
>> the client to use a different (possibly also compromised, or maybe just
>> buggy) AS than the one that's supposed to be responsible for the device
>> in question.  In short, yes, spoofing is only possible within that set
>> of trusted ASes, but spoofing can still cause problems.
> 
> [LS] I have added some text in section 6.FIXME Please have a look if this
> covers what you were aiming at.
> 

A little typo snuck in here. "6.FIXME" should be "6.4"

/Ludwig

-- 
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51