IETF Logo Mail Archive

Re: [Ace] Review of draft-jones-ace-cwt-proof-of-possession-00

Mike Jones <Michael.Jones@microsoft.com> Fri, 30 June 2017 02:21 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8007A12EB03; Thu, 29 Jun 2017 19:21:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nBe8RhHw10za; Thu, 29 Jun 2017 19:21:23 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0128.outbound.protection.outlook.com [104.47.38.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0896F129B74; Thu, 29 Jun 2017 19:21:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=iRiDXz2QxZt8d1lqJOSXe38CCfKbyP6Ft5ub6whzsAE=; b=Dwwn6uwkMwj+vN5+XucobOAazhPZHaus+F27FgYbbwo0nJ8Dq++uDjubKSZP4SJhT8KAkSVoNtmA3O2BsIgpLciyWVHxOMtjrT7QORkt20B+BXtZpUDyFKceqokAJJl62SbL5cH7Jr7Qso8Xz7iDS8qVz5Dui+tiAcJnv/SJrKg=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0133.namprd21.prod.outlook.com (10.173.189.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.3; Fri, 30 Jun 2017 02:21:21 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.1240.007; Fri, 30 Jun 2017 02:21:20 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "draft-jones-ace-cwt-proof-of-possession@ietf.org" <draft-jones-ace-cwt-proof-of-possession@ietf.org>
CC: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Review of draft-jones-ace-cwt-proof-of-possession-00
Thread-Index: AdLu/J6lZrWV1b3ERWqpqeX4U+jwQACSHobQ
Date: Fri, 30 Jun 2017 02:21:20 +0000
Message-ID: <CY4PR21MB0504EE43C72886D487CA2A11F5D30@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <003701d2ef1a$07b13d90$1713b8b0$@augustcellars.com>
In-Reply-To: <003701d2ef1a$07b13d90$1713b8b0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-06-29T19:21:19.0068059-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
authentication-results: augustcellars.com; dkim=none (message not signed) header.d=none;augustcellars.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8:1::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0133; 7:MikNBGt0vkDnUG/ReQvhyCTusHZHWsg2AeXdqBIzVm8KpOHgBP4lOTpmXq14qym3GRs/Tmid7dq4L6+hqv0yz1Nq0kZR1aOFwI+nzUuMlwtlRcdG9KWYwhHM5GCDfgYxEk1ZqmAnbau61t+97FJaFHruOkugx701BDhy7F22zgge7GLu9ix7GEm7SSvIOtI7JY89oCwfUE0vtc9gFqa4kjW6UedDmcEsV/ovTkA1242VSqgDn2ZRHoJ5fIQUEHFu35xDJgtwDqbE2rTy9HqOuK8GijkqtX48pC9D83dsXJslR63j94Ip831oawuggK7ULvHRVqugR7gvSmJcmMW1eQnXoIty+z6hoN7Jp3E6+26LaYZUr+uSrPd9U03q6lF3aunP5QC9T0K14pVgLBNqimBEwaufMhG18tfM9zO4js0d6OPZd/VKfaGrKqs0SW8j4qN0zZ9vX3YfLvACOjEWa5rROeATm7XVAIzxTfQxbv6qBG5UchbliTTeiOu/h1doEjP4gCWAU2SFwtH0XlWE+AXBjpRBlNaK5eJumDjNygz1+Mpifcp8iQ4spBe9H+izjsrcuopJ4dSFlRTNVDoKcBgc+az4/pe8io2Ity+nepyyTtSr24gfga9LfMjerwk8/WMT2KPLu3qUF6LQV7G47RupoV+v1ogx40Q2AlxHaGEuVJZIrwmeIF/9WQBy118wPMVu5NG3suUxvCXN/Hm3gAoDBlfc2oKy7XbXZOICEiuXYbZSi0dLXTH6EVWzK33CdEoUsaJBtVWUtJfBJNqJzfp/IhziiEzECLhffQMNFigJnVveOK1s0/qEiTx+rPp7
x-ms-office365-filtering-correlation-id: 1bcca759-af37-45fa-3f1a-08d4bf5eb290
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY4PR21MB0133;
x-ms-traffictypediagnostic: CY4PR21MB0133:
x-microsoft-antispam-prvs: <CY4PR21MB0133437B36FB5337B60C8F35F5D30@CY4PR21MB0133.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(151999592597050)(278178393323532)(26388249023172)(236129657087228)(192374486261705)(131327999870524)(48057245064654)(148574349560750)(21748063052155)(247924648384137);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(601004)(2401047)(8121501046)(2017060910020)(5005006)(3002001)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0133; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0133;
x-forefront-prvs: 0354B4BED2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39850400002)(39400400002)(39840400002)(39860400002)(39450400003)(377454003)(13464003)(43784003)(6506006)(2906002)(3660700001)(6436002)(3280700002)(99286003)(10090500001)(4326008)(54896002)(6306002)(72206003)(86612001)(2950100002)(9686003)(55016002)(7696004)(25786009)(53936002)(76176999)(790700001)(54356999)(5660300001)(8990500004)(86362001)(6116002)(2900100001)(2501003)(50986999)(74316002)(38730400002)(6246003)(189998001)(102836003)(5005710100001)(7736002)(478600001)(8676002)(33656002)(14454004)(8936002)(77096006)(81166006)(10290500003)(230783001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0133; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0504EE43C72886D487CA2A11F5D30CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2017 02:21:20.8148 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0133
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/TEcYpaK7yh73U7KQ9iXyEmtRyRc>
Subject: Re: [Ace] Review of draft-jones-ace-cwt-proof-of-possession-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jun 2017 02:21:26 -0000

Thanks for your useful review, Jim.  Replies are inline below...



-----Original Message-----
From: Jim Schaad [mailto:ietf@augustcellars.com]
Sent: Tuesday, June 27, 2017 12:50 AM
To: draft-jones-ace-cwt-proof-of-possession@ietf.org
Cc: ace@ietf.org
Subject: Review of draft-jones-ace-cwt-proof-of-possession-00



Abstract - I am unclear how this is a profile of RFC 7800 rather than a

restatement of that document.   In what way does this qualify as a profile?



The draft now says that it provides equivalent functionality to RFC 7800 rather than being a profile of it.



Introduction - I do not understand the second half of the first sentence in the introduction.  It claims that the document is going to show how proof of possession is done, however this seems to be explicitly declared as out of scope in section 3.5.



You're right.  I have deleted the second half.



Section 2 - Since this document is currently planned to come from the ACE working group,  I would suggest that it would be reasonable to provide the equivalent terminology to what is in this document. -- see actors



Maybe we can talk about specific proposed edits in Prague.



Section 3 - para 1 - missed  a s/JSON/CBOR/



Fixed



Section 3 - para 2 - I am not sure of the following:

- Why this is included here and not a separate section



It was here in RFC 7800.  It could be moved and given its own section but wanted to start out with a completely parallel document.



- Why the concept of an anonymous POP is not supported



I assume you're talking about a situation in which the identity of the presenter is not known or revealed?  I assume this is related to your next comment?



- Why the concept of the issuer being inferred from the authentication key on the CWT is not supported



If this is done in practice, particularly within ACE, this could be explicitly mentioned in the future.



- I will note that draft-ietf-ace-oauth-authz does not require either of these fields to be present.



Thanks for pointing this out.  I've removed this requirement to give profiles full freedom of how to identify the presenter.



Section 3.1 - The first two sentences seems to be slightly contradictory - the first says the cnf claim is used to identify the POP key.  The second states that it may have something other than a POP key in it.



It's really about saying that "confirmation" is broader than "confirmation-by-PoP".  This draft covers the latter, but defines the "cnf" claim to enable the broader uses, as in SAML 2.0.  I'll think about how to word this more clearly.



Section 3.1 - I am not a fan of MUST ignore statements at this level.  It should be  profile statement if anything.



The "MUST be ignored" is essential for future extensibility.  Otherwise, anything new added breaks everything already deployed.



Section 3.1 - last paragraph - Does this mean that only one claim can be in the cnf claim - or are some values of different levels?  For example -can I have a COSE_Key and an Kid?  This might be considered to be multiple POP keys.



As long as the "kid" refers to the same key, you're golden.  I think it already says that somewhere, but I'll look into it further.



Section 3.2 - Profiles can require that additional elements can be required in the COSE_Key element - and example would be to require that the algorithm identifier be present.



That's fine.  The spec already says that other key elements can be included.



Section 3.2 - I do not understand why this paragraph is doing in this section give the section title.  Why is it not in section 3.3 or in a separate section.  I think it makes mores sense at the end of the next section.



Public keys are represented in the clear.  That's different than the symmetric keys in 3.3, which have to be encrypted to prevent them from being revealed.



Section 3.3 - Why is title not symmetric with section 3.2 and the word encrypted be absent?



See the previous reply



Section 3.4 - This section just makes me uncomfortable.  Use a value that was potentially chosen for collisions does not seem to be a good idea.  I think this really needs some additional guidance about using.



If both parties already have the key, using a Key ID rather than transmitting the key is an optimization that is used in practice.  What else would you like us to say about this?



Section 4 - Is there any reason to suppose that the use of asymmetric secrets are immune from replay attacks?



Is there particular Security Considerations text that you'd like to see included about this?



Section 3.1 - para 1 -sentence #2  -  I do not understand the implication that the POP key implies the authenticity of the token.  That statement makes no sense to me.  This would look  like a self-signed certificate as the authentication point.



See the SAML 2.0 comment earlier.



Jim



I plan to publish an updated version in the next day or so, after giving the authors of draft-ietf-ace-oauth-authz a chance to look it over.



                                                                Thanks again,

                                                                -- Mike

v2.23.0 | Report a Bug | By Email