Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
Jim Schaad <ietf@augustcellars.com> Sat, 23 June 2018 16:05 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E3CE130E88; Sat, 23 Jun 2018 09:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edkX_5cU6175; Sat, 23 Jun 2018 09:05:35 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D8CD130E8B; Sat, 23 Jun 2018 09:05:35 -0700 (PDT)
Received: from Jude (151.127.12.101) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Sat, 23 Jun 2018 09:02:28 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>, draft-ietf-ace-cwt-proof-of-possession@ietf.org
CC: ace@ietf.org
References: <VI1PR0801MB2112C4D6D3CED7C15D9AE886FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com> <01c501d40a39$82742390$875c6ab0$@augustcellars.com> <MW2PR00MB0298632C8613747DD8D4077FF5750@MW2PR00MB0298.namprd00.prod.outlook.com>
In-Reply-To: <MW2PR00MB0298632C8613747DD8D4077FF5750@MW2PR00MB0298.namprd00.prod.outlook.com>
Date: Sat, 23 Jun 2018 18:05:27 +0200
Message-ID: <023701d40b0c$0244bf80$06ce3e80$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJmkbQj82tMYvZUbCUZIMhlVFE4oQG8s+LeAddrJ3CjLFNrcA==
Content-Language: en-us
X-Originating-IP: [151.127.12.101]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/W4vMA7OEkXF_CqTUc21a4qCW5Tk>
Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jun 2018 16:05:39 -0000
No not really, Hannes's language is much closer to what I am looking for. I don't care if they are different kinds of CWTs. I care about impersonation. > -----Original Message----- > From: Mike Jones <Michael.Jones@microsoft.com> > Sent: Friday, June 22, 2018 10:44 PM > To: Jim Schaad <ietf@augustcellars.com>; Hannes Tschofenig > <Hannes.Tschofenig@arm.com>; draft-ietf-ace-cwt-proof-of- > possession@ietf.org > Cc: ace@ietf.org > Subject: RE: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of- > possession-02 > > I think you're looking for language something along these lines, right Jim? > > "Likewise, if PoP keys are used for multiple different kinds of CWTs in an > application and the PoP keys are identified by Key IDs, care must be taken to > keep the keys for the different kinds of CWTs segregated so that an attacker > cannot cause the wrong PoP key to be used by using a valid Key ID for the > wrong kind of CWT." > > -- Mike > > -----Original Message----- > From: Jim Schaad <ietf@augustcellars.com> > Sent: Friday, June 22, 2018 7:59 AM > To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Mike Jones > <Michael.Jones@microsoft.com>; draft-ietf-ace-cwt-proof-of- > possession@ietf.org > Cc: ace@ietf.org > Subject: RE: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of- > possession-02 > > That language works if you assume that there is only one CWT that an RS will > look to. If there are multiple CWTs then one needs coordination language > between them. > > > -----Original Message----- > > From: Hannes Tschofenig <Hannes.Tschofenig@arm.com> > > Sent: Friday, June 22, 2018 6:36 AM > > To: Jim Schaad <ietf@augustcellars.com>; 'Mike Jones' > > <Michael.Jones@microsoft.com>; draft-ietf-ace-cwt-proof-of- > > possession@ietf.org > > Cc: ace@ietf.org > > Subject: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of- > > possession-02 > > > > Hi Jim, > > > > I would like to comment on this issue. > > > > ----- > > > > 14. I have real problems w/ the use of a KID for POP > > > > identification. It > > may > > > identify the wrong key or, if used for granting access, may have > > > problems > > w/ > > > identity collisions. These need to be spelt out someplace to help > > > people tracking down questions of why can't I verify w/ this CWT, I > > > know it's > > right. > > > > > > The Key ID is a hint to help identify which PoP key to use. Yes, if > > > a Key > > ID is > > > sent that doesn't correspond to the right PoP key, failures may occur. > > > I > > view > > > that as usage bug - not a protocol problem. If keys aren't > > > consistently > > known > > > and identified by both parties, there are lots of things that can go > > wrong, and > > > this is only one such instance. That said, I can try to say > > > something > > about the > > > need for keys to be consistently and known by both parties, if you > > > think > > that > > > would help. > > > > > My problem is that if there are two different people with the same > > > Key ID, > > either intentionally or unintentionally, then using the key ID to > > identify > the > > key may allow the other person to masquerade as the first person. I > > am unworried about the instance of a failure to get a key based on a key id. > > That is not the problem you are proposing to address. > > > > ----- > > > > I think we should document this issue. Here is some text proposal that > could > > go into a separate operational consideration section (or into the > > security consideration section instead). > > > > " > > - Operational Considerations > > > > The use of CWTs with proof-of-possession keys requires additional > > information to be shared between the involved parties in order to > > ensure correct processing. The recipient needs to be able to use > > credentials to > verify > > the authenticity, integrity and potentially the confidentiality of the > > CWT > and > > its content. This requires the recipient to know information about the > issuer. > > Like-wise there needs to be an upfront agreement between the issuer > > and the recipient about the claims that need to be present and what > > degree of trust can be put into those. > > > > When an issuer creates a CWT containing a key id claim, it needs to > > make sure that it does not issue another CWT containing the same key > > id with a different content, or for a different subject, within the > > lifetime of the > CWTs, > > unless intentionally desired. Failure to do so may allow one party to > > impersonate another party with the potential to gain additional > privileges. > > " > > > > > > Ciao > > Hannes > > > > IMPORTANT NOTICE: The contents of this email and any attachments are > > confidential and may also be privileged. If you are not the intended > recipient, > > please notify the sender immediately and do not disclose the contents > > to > any > > other person, use it for any purpose, or store or copy the information > > in > any > > medium. Thank you.
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-… Hannes Tschofenig
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Hannes Tschofenig
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Hannes Tschofenig
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Benjamin Kaduk
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Hannes Tschofenig
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Hannes Tschofenig
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Benjamin Kaduk
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Hannes Tschofenig
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Benjamin Kaduk
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Hannes Tschofenig
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Ludwig Seitz
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Benjamin Kaduk
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Mike Jones
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Mike Jones
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Samuel Erdtman
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Mike Jones
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Benjamin Kaduk
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Samuel Erdtman
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Samuel Erdtman
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Jim Schaad
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Ludwig Seitz
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Ludwig Seitz
- Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-… Mike Jones