Re: [Ace] Replay ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02

Mike Jones <Michael.Jones@microsoft.com> Fri, 22 June 2018 21:06 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE3BD130EF2 for <ace@ietfa.amsl.com>; Fri, 22 Jun 2018 14:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mjokC5o8q39L for <ace@ietfa.amsl.com>; Fri, 22 Jun 2018 14:06:34 -0700 (PDT)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-co1nam05on0727.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe50::727]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE376130F20 for <ace@ietf.org>; Fri, 22 Jun 2018 14:06:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mW5Hg52094kx/XB/sGsaOJg/PzCPnUzRC5addZ/NwYk=; b=XAbrFjs0vy/zpa5YXeuQql0EWzB1/+NBNQq9fGN0bA4cdpU4AGYbhXBmbOsEHohure4Xu+tvh6DDkb9Fr9RyuvyNYQcU2TideRzWrUBbjGLx6xKfmcyV+ftDntejunDLBPYaM3oTEFJDMY9rGiwhteik4kM4RjCq8DJ4MSkLrv0=
Received: from MW2PR00MB0298.namprd00.prod.outlook.com (52.132.148.29) by MW2PR00MB0443.namprd00.prod.outlook.com (52.132.149.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.935.0; Fri, 22 Jun 2018 21:06:30 +0000
Received: from MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::d927:b78e:8e51:1747]) by MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::d927:b78e:8e51:1747%2]) with mapi id 15.20.0930.000; Fri, 22 Jun 2018 21:06:30 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Roman Danyliw <rdd@cert.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Replay ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
Thread-Index: AdQJ+lWc2W0LPLoES1iMKd72DvNSVQAcnizQ
Date: Fri, 22 Jun 2018 21:06:30 +0000
Message-ID: <MW2PR00MB0298F2B9A67E1153B0858368F5750@MW2PR00MB0298.namprd00.prod.outlook.com>
References: <VI1PR0801MB2112707E5C33DB0F86231D98FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB2112707E5C33DB0F86231D98FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [8.46.76.24]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0443; 7:/zoTvdl8gr/fNhDwkIqkjRF1ExJMVz3gOsq3CCy+P3A8ETY9je2Dm1+IfouSGAzcW5PUY07fboD1C8xLus6Kx5tovJCLrXGkal4uHQgFD/zeW5tGqaCD/bBXyKa1opRXP3wt3WfIZxijsNwAfoCUxc1gGU6R5B0ycd/6XS/5WseoEOsDQ5G9H17fWWKY/K7TMhpewJ0LsrcsLC0nB//tfS3IFuu23cVPZRoi6V9I2irL1fuKDtXUszHzNaKcTXAB
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c17c8768-c107-4b92-fb79-08d5d88406a3
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600026)(711020)(48565401081)(2017052603328)(7193020); SRVR:MW2PR00MB0443;
x-ms-traffictypediagnostic: MW2PR00MB0443:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <MW2PR00MB0443F40DAF8713E5135CF42EF5750@MW2PR00MB0443.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(223705240517415);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(93006095)(93001095)(10201501046)(3231254)(2018427008)(944501410)(52105095)(3002001)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:MW2PR00MB0443; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0443;
x-forefront-prvs: 071156160B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(346002)(366004)(39860400002)(39380400002)(40434004)(189003)(199004)(13464003)(53936002)(26005)(66066001)(6306002)(6246003)(305945005)(33656002)(186003)(7736002)(110136005)(59450400001)(53546011)(6506007)(7696005)(316002)(76176011)(22452003)(25786009)(74316002)(8990500004)(102836004)(106356001)(10090500001)(105586002)(9686003)(486006)(3280700002)(81156014)(81166006)(966005)(8936002)(2906002)(14454004)(6116002)(3846002)(2900100001)(5250100002)(2501003)(5890100001)(8676002)(478600001)(99286004)(55016002)(10290500003)(86362001)(86612001)(97736004)(11346002)(72206003)(68736007)(5660300001)(476003)(3660700001)(229853002)(6436002)(446003); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0443; H:MW2PR00MB0298.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: JYkQeWXS4F390becKjrCYwZEi5AQJO6252K7Jk3ZE5pBDcq0u3u/Dwm5O/MpLG6s+NGMTKO4T3Ndd64GNVkabUnCvcwQJsZodgdkJN49GkY+JOQGIDdLvBAEtuGV2RfNJpPT5OCML2/MqgNSp90INCt3lt1uhgFU2GKroTj/3+M6mHen05cocg0T78QlaJ1AO4WKxes5CYnJaZwDT7eQ0/6Ojv9a8Tv40PCSKK9KjQ/I3B4NmQz6VPoQu8rn+yyn54vEr4dhubLtskFvaaFj93peMEUKPoVITQ1+o4FI9pIRaypYjFqAep8QtX27L1APXkgoabP4RSScW0/aorpZL9R/QnNeiLnRGtjXTX8dyAg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c17c8768-c107-4b92-fb79-08d5d88406a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2018 21:06:30.1185 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0443
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/EHNsqDZn7_Uj3SBclxl2Z-z2fho>
Subject: Re: [Ace] Replay ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 21:06:37 -0000

I agree with this proposed update and will apply it to the editor's draft.

-----Original Message-----
From: Ace <ace-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Friday, June 22, 2018 6:36 AM
To: Roman Danyliw <rdd@cert.org>rg>; ace@ietf.org
Subject: [Ace] Replay ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02

Hi Roman,

Thanks for your review.

As I was re-reading the reviews I spotted this comment:

>  (14) (Editorial)  Page 8, Section 4, Per "Replay can also be avoided if a sub-key is derived from a shared secret that is specific to the instance of the PoP demonstration."  PoP is spelled out everywhere else in this draft but here.  Yes, the acronym is defined, but for readability, I recommend against it using it and consistently spelling it out here too.

I believe the current text is a bit confusing. Here is what it says:

Proof of possession via encrypted symmetric secrets is subject to replay attacks.
This attack can, for example, be avoided when a signed nonce or challenge is used since the recipient can use a distinct nonce or challenge for each interaction.
Replay can also be avoided if a sub-key is derived from a shared secret that is specific to the instance of the proof-of-possession demonstration.

This somehow gives the impression that replay attacks are only a concern for symmetric key techniques.
Of course, this is not true. Furthermore, the text gives the impression that this attack is actually something that can be covered within the CWT-PoP token spec itself. This is also not the case.

For this reason I am suggesting to change the paragraph to:
"
CBOR Web Tokens with proof-of-possession keys are used in context of an architecture, such as ACE-OAuth [REF], where protocols are used by a presenter to request these tokens and to subsequently use them with recipients. To avoid replay attacks when the proof-of-possession tokens are sent to presenters a security protocol, which uses nonces or timestamps, has to be utilized.
Note that a discussion of the architecture or specific protocols CWT proof-of-possession tokens are used with are outside the scope of this specification. "

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace