IETF Logo Mail Archive

[Ace] draft-ietf-ace-oauth-authz-35 - unauthorized AS address, DoS, and privacy

John Mattsson <john.mattsson@ericsson.com> Wed, 09 September 2020 07:37 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85D0D3A1090; Wed, 9 Sep 2020 00:37:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kb4HXEqX3qu; Wed, 9 Sep 2020 00:37:08 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80050.outbound.protection.outlook.com [40.107.8.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A1903A1079; Wed, 9 Sep 2020 00:37:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GIPjuO9KIl/Lcwn+ID1BYouRuN9EMEhhHbh9KtmQvX0gB7aHyUynW8YWloeGYL6SKFVtcs9430vva+1AS/TATNMZ+PPM1fv7mDY+8puoEv6jHkt+sRskJY9wJJNytWSb+wtbZz6l3KClmSOo3yVzWy8ZiVpgT8EG0FNJWl+wDWTJaUTeSrefwTbcd7MI5i/aILHuXsahq09cQpo5pi7ePLKmIG+Fep11R5xmf3kr5yX8MYwAH/f3DLUXOWPVEm4DQu7XAzSHSMEGS7A+alxH2MnE5X3NLdkIlBIcjjuug49vX+XOmBqcalpwziNYFVvjQC20wJT7ewkI97liNmoJaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ewMMLlRsSXjokmOqhKSmnQU1mrixr54IKpFyQEWlIj4=; b=nibTK/NjaUEYgZ5KnbimlTlhIXKUVB427PG2khOqql7AZomhHwjQyxTyaulK/oXBKCnUJ/x7T3GxJ7vehbZhguJkjnmCiKKBctXnQqO3kp8F4k+1OQDUAJwM1i9RU2s+GyCSgYZvVn1+b5g3vdAPdhcM+LM2O6eiryNhWeky9OIsJAd+gWEzmRSrLmH3aEnTcQDEihAODy56RjGvydY+28s3JIorguvWcBQhumjtxflUIMrBGxc8buxfeL7q4ZtpQHuora1kDOE3wloeldvccM3V7mmNfa26qvvZ7GWBZ7iJv4F+iDkR3D0KyFTqadKEPVPUI0inUp2kdLYegq069g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ewMMLlRsSXjokmOqhKSmnQU1mrixr54IKpFyQEWlIj4=; b=hatlmT4lcaa+B6X/uyLTNe1XQ0SaBSviaYL9H0rlhmOqCXqt+TjsEYP80UVvBGOhfcn39TZH0ekmpxcR6+uIPlCpaWa1Tw0tgsnLoHNzllYyonK7vVCvJGBhfwjv4YPV430Ds5wM9cMclHT+8m5fGO6zo8UR8b/P89XzxyV7VCI=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM5PR0701MB2417.eurprd07.prod.outlook.com (2603:10a6:203:10::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.7; Wed, 9 Sep 2020 07:37:00 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb%2]) with mapi id 15.20.3370.015; Wed, 9 Sep 2020 07:37:00 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "ace@ietf.org" <ace@ietf.org>, "draft-ietf-ace-oauth-authz.all@ietf.org" <draft-ietf-ace-oauth-authz.all@ietf.org>
Thread-Topic: draft-ietf-ace-oauth-authz-35 - unauthorized AS address, DoS, and privacy
Thread-Index: AQHWhnwA43bpZmaNe02CEHxKiGnz1Q==
Date: Wed, 09 Sep 2020 07:37:00 +0000
Message-ID: <8CF8DD8C-895F-489D-8D21-FE2048B550EA@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9dfb98b7-64df-4d73-9f03-08d85493237f
x-ms-traffictypediagnostic: AM5PR0701MB2417:
x-microsoft-antispam-prvs: <AM5PR0701MB2417A7B29F6D9D3C6F4EF4B489260@AM5PR0701MB2417.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3zf5/tMv1M8YQR1HxKSncPyd/FLN6LAA8eyOD7NAJ9LWRnyODbRNqcGcugoVFZ9hm3MUgH9DKBg6iTiN2QOtFqw7UUVmYmDLf5h0dLbFfhmgaS3qGyWuY5KUzZHbZG6HT+sQLybXwY7CBIT12Td/nYdYGr57iqQNOTYDXzn7C4XBBrqxuOJnJs4Fnjgcn9y7uQy+S1kNJrLbeOBFazj4nl1tQhEE/vowRwhij9HnyC+k3M9h7SwEKfV2oWpcb+xW/KLtnoym5GYHO7SkBzlULRJE/JLgvHIBxb1pvuDTXf36bZRGVCwNCQxA+M8ZuKWz6vgEkjHteb0DVdgpagNLEg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(39860400002)(346002)(136003)(396003)(2616005)(450100002)(44832011)(33656002)(110136005)(8676002)(6512007)(5660300002)(316002)(86362001)(83380400001)(2906002)(6486002)(186003)(36756003)(6506007)(91956017)(478600001)(66574015)(66946007)(26005)(76116006)(66476007)(8936002)(71200400001)(66556008)(64756008)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Rxu6CHFZlBqZzOem/ar4+DjrqEOGjRwbz5LJrxdj7JLbQK0S7JRLuEWB48JtW0vrHZwMt3ohJoje4AHGiCpjuSZhuFK4xh3cmZfcDyfEJdTsYxFZAnOKhYK4H6P23QlhWIytHFJwFrz/+jrNNpttG6GtGZN6hgbRPoaCKXG2V+85udeGlXlx0DXnmeZOmBLSbFs6zmIZdkMIUEvyrUWTEyCqO9O7QPbyYwdGx0Lx1w69R0t44o/7aJckSw5ViJOiaHyibBlaSKaDyjgsCmvi1aLoMKjj3AQHsERt4b2rNJcYOaxX1eVU0iuA21UOZB/W5+tTPQY2MHQh+glK6SAZ1XD2+hULlsKfKB9e9Ec5XyOrurG7O6lpTs2pi86nOl7hLb95QAiZihqMdBZjYMHHaoQmwKwKgKqqjsIRLps1TtvArpVYRlSD+NRVf7L0mZJrMUu8v+o0BJF3RyQOPgSD/4OsVKXjIxWmcB5h1GXVnEL7nTTc/NCXWEtJUJGal7fbafhKjBhh8QsKP+FN/HRQli9TF5keG6kpVPeSirt3sfpLvZfR4QRDFnVwR1xhiducLaSgaRSr9N12/yHTlz0aGBv1e8gLZMSoOfHpgB4r0HBX+kcnKnejkPmEFqtVVXGrLCTG8I9L6raTleTLHc7ISw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <54F386667349504AAEAF10441B3EF339@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB4584.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9dfb98b7-64df-4d73-9f03-08d85493237f
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Sep 2020 07:37:00.4077 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KlND2b4JL8ICInXakY7o4auuw6nKNBD9gy0hxnq3epCmGbFqTpA1TFCBAa72wq66FyFNcLjwchzGkHNpzajMil2ORmKM3QQD0JPwSWdFIjU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2417
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/UpKXexf8TchNPUe_u8n0G3CbI28>
Subject: [Ace] draft-ietf-ace-oauth-authz-35 - unauthorized AS address, DoS, and privacy
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2020 07:37:10 -0000

Hi,

Summarizing my thoughts and opinion on this issue. Changing the title to highlight the issues better.

As currently specified in draft-ietf-ace-oauth-authz-35, the RS will happily send the AS address to any node that asks. This causes two problems.

- If C acts on the unauthorized information, this is an attack vector for DoS attacks as an attacker on the C-RS path can make C contact a chosen node on the Internet. 

- That RS shares the AS address with anybody that asks can be a severe privacy problem. If RS is a medical device, the AS address can reveal sensitive information. If RS is a blood pressure sensor it could e.g. be “AS address = coaps://as.hopkinsmedicine.org/kimmel_cancer_center/”

The requirement "the client MUST be able to determine whether an AS has the authority to issue access tokens for a certain RS. This can for example be done through pre-configured lists, or through an online lookup mechanism that in turn also must be secured." indicates that C is required to have another mechanism to determine the AS for a specific RS and that the unauthorized AS address is completely redundant.

The draft does not discuss the privacy issues of unauthorized AS addresses at all and the draft is diminishing the DoS issues by only talking about compromised RS and attacking an AS. This indicates that none of these issues has been discussed enough. 

I currently have a strong opinion that Unauthorized AS address should be removed from the specification.

Cheers,
John

v2.23.0 | Report a Bug | By Email