Re: [Ace] Martin Duke's No Objection on draft-ietf-ace-oscore-profile-17: (with COMMENT)
Martin Duke <martin.h.duke@gmail.com> Sun, 21 March 2021 16:31 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C46563A1014; Sun, 21 Mar 2021 09:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USByFVUjSWRW; Sun, 21 Mar 2021 09:31:43 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B6153A100A; Sun, 21 Mar 2021 09:31:43 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id u10so12648560ilb.0; Sun, 21 Mar 2021 09:31:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WVOs7blZsns4eBTx1yJJ4dnwtVUAbqL2NvbC68X5Kng=; b=JTTXCk1gXdl11deVfHgwzU6PnvFeI+PyJ2KJ7FjN5qNWgvOmaB0hiVfBMcJXBRYtJA uO2SMQoSaKoTDOaIL/ToE+DdMp7P0LgPL0JE4Gzf2bWXflMDYXn+qDs59exZZhFCt9qR rQxkVZQuV/wYs3J7RehtjGlWrN0E1Cb6T1KiHN7QrqebuJSQrhp99pHq9al4vOqDKJD4 a+uppjaY37aFe4vffmI+G3YMDTuoWoVFE+zdVKpHdVT3Mr5BBUJTBJv2xZslTWOZMb2R /Av61nXdRvCizSbps8bajv0RtHG3XVs+C36s+TawqSXcDKCbBOUYS2FJfGKRFVX8PpQU TD+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WVOs7blZsns4eBTx1yJJ4dnwtVUAbqL2NvbC68X5Kng=; b=hxfR4Dh8Mdy9DGctLy32Kwch2279M6ZWGBvA1z3/nlzm0jjDrZMWamXGNSQGXU+m3A zpW+DUAzCDmPP5MkrIyDHKQFc8xkO6mrZkK7xn9NQUwDrWjNwds1zYNxXNzg7leHbM8W roNIMs1ayiIwUtFdP1O0BIY4trMyOQyco72suggxQprZ9dUcL9ryQfH6RNjwoJfnvxYz PjZrxwaHwnTBCwJ7Lm88wuJgmVmnYUhXATWOiGKlIAxKvy0dt3/DrnfMUthAMCofBw31 XdfcoNqdU7Gf1vmjJNxz7yRHR6+4EtzJQ04ZZ+mPktxW39KoHxhb+2hycDt91OL//DRp Mxhw==
X-Gm-Message-State: AOAM533swk1aisLNSwTgrAJR28D0PsGgomtEEsBz7uXz26VZ27Xns8FK nXjfL/CCJqF2hPWN6JOBXidIP78BdViVDYFZHzw=
X-Google-Smtp-Source: ABdhPJzu0ZAkivX9U8uahyAQavq2glLd7t3UHizfpRT+4kfIp96ne8L8hhIGWLT0cDVgkc2R1+LVx/swt8h/VXPF254=
X-Received: by 2002:a05:6e02:13e8:: with SMTP id w8mr8886347ilj.237.1616344300340; Sun, 21 Mar 2021 09:31:40 -0700 (PDT)
MIME-Version: 1.0
References: <161619357138.21782.3555422752704211953@ietfa.amsl.com> <20210321052640.GQ79563@kduck.mit.edu>
In-Reply-To: <20210321052640.GQ79563@kduck.mit.edu>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Sun, 21 Mar 2021 09:31:29 -0700
Message-ID: <CAM4esxRAffnfRwcJuTypE_qO7Xc0FkRMUmSbRfA8dCZ_eSdrvw@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ace-oscore-profile@ietf.org, Jim Schaad <ietf@augustcellars.com>, ace-chairs@ietf.org, ace@ietf.org
Content-Type: multipart/alternative; boundary="000000000000db4acb05be0e7b52"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/YfX0WApQNp2KZAektU3umbz63ZM>
Subject: Re: [Ace] Martin Duke's No Objection on draft-ietf-ace-oscore-profile-17: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Mar 2021 16:31:48 -0000
Thanks for taking my vague confusion and turning it into constructive action! On Sat, Mar 20, 2021, 22:26 Benjamin Kaduk <kaduk@mit.edu> wrote: > On Fri, Mar 19, 2021 at 03:39:31PM -0700, Martin Duke via Datatracker > wrote: > > Martin Duke has entered the following ballot position for > > draft-ietf-ace-oscore-profile-17: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-profile/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Sec 4.1. I don't understand how the OSCORE security context is secure. > In Sec > > 4.1 it says the C-RS communications need not be protected. But the > context is > > fully derived from parameters that go back and forth over this channel. > Why > > can't an observer simply compute the OSCORE keys? > > The POST to the authz-info endpoint includes just the access_token, nonce1, > and ace_client_recipientid. I think that your concerns focuus on the > access_token itself, since that is how the various OSCORE security context > parameters are conveyed from AS to RS (via C). Note that these parameters > need not be conveyed directly in the token, since the token could be an > opaque reference that requires the RS to use token introspection in order > to retrieve the associated parameters. However, when introspection is not > used, the security context parameters are indeed carried directly in the > token, and this scheme does not provide security in that case unless the > token contents themselves are protected. > > It seems (on a quick check, so I might have missed it) that we don't > actually say "you have to use an encrypted or opaque token" (not one that's > only signed) anywhere. So ... good catch, and thank you! > > -Ben >
- [Ace] Martin Duke's No Objection on draft-ietf-ac… Martin Duke via Datatracker
- Re: [Ace] Martin Duke's No Objection on draft-iet… Benjamin Kaduk
- Re: [Ace] Martin Duke's No Objection on draft-iet… Martin Duke
- Re: [Ace] Martin Duke's No Objection on draft-iet… Göran Selander
- Re: [Ace] Martin Duke's No Objection on draft-iet… Martin Duke