[Ace] Replay ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 22 June 2018 13:36 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F34D9130E5E for <ace@ietfa.amsl.com>; Fri, 22 Jun 2018 06:36:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnmPS1mn6r8I for <ace@ietfa.amsl.com>; Fri, 22 Jun 2018 06:36:18 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0057.outbound.protection.outlook.com [104.47.1.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 479C3130E58 for <ace@ietf.org>; Fri, 22 Jun 2018 06:36:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rv7yHmKUoMmrM7n6dQTjfq5qwPdb6XVgjEUQ6ZKihQY=; b=iLd1pPg7yglybDmPLY+/w5luKz4o0/CFKgxoNExumg9oI4JlChiK53FS6lUvs+G9xjWV5R31lgbVR6FmHWSUAmMmed6/l92rVGnOeVRFtyhsoOwaEBoSt9Z7UcV8dJLaX7qj6gqm2vDCdTiBg0kb7Sz3KcaAdW/NXzgvL+pPxRs=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1616.eurprd08.prod.outlook.com (10.167.211.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.863.19; Fri, 22 Jun 2018 13:36:15 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::d1df:1498:96ec:6b35]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::d1df:1498:96ec:6b35%4]) with mapi id 15.20.0863.021; Fri, 22 Jun 2018 13:36:15 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Roman Danyliw <rdd@cert.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Replay ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
Thread-Index: AdQJ+lWc2W0LPLoES1iMKd72DvNSVQ==
Date: Fri, 22 Jun 2018 13:36:15 +0000
Message-ID: <VI1PR0801MB2112707E5C33DB0F86231D98FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.115.225]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1616; 7:PYao8wgqtTm75+AZJHUT/XaaeH2q/SsjZrDw/rBuDiJNpZK2WQRYoENcBpC0mM6pZ1HQsING6ekQUC3+nHxkxGMRzfN/pzm2sWZFog7INSnKe0lyMPoq/pb3sPGRoR0FEs9siy0GtT1bY4vdmvjNwoLLa/royfO+G+dIYc2DfFAZ1+hVBlRMcUoZm8JhLTxN1GGIt9LCL/KhCMyQBNY58rsMko5X9h22LDbKQW6mkN0SLCpWg9EkCdcTeuCsYbng
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 25760215-b483-4486-6b88-08d5d84520b9
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(711020)(48565401081)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1616;
x-ms-traffictypediagnostic: VI1PR0801MB1616:
x-microsoft-antispam-prvs: <VI1PR0801MB1616BECC2AAA498D6F64AADBFA750@VI1PR0801MB1616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(223705240517415);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:VI1PR0801MB1616; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1616;
x-forefront-prvs: 071156160B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(39860400002)(39380400002)(396003)(346002)(40434004)(189003)(199004)(5660300001)(59450400001)(68736007)(86362001)(14454004)(2900100001)(102836004)(186003)(316002)(106356001)(105586002)(476003)(74316002)(6436002)(26005)(478600001)(72206003)(6506007)(7696005)(2906002)(99286004)(25786009)(305945005)(110136005)(3846002)(8936002)(3280700002)(9686003)(486006)(5890100001)(55016002)(5250100002)(6116002)(2501003)(66066001)(8676002)(53936002)(3660700001)(97736004)(7736002)(33656002)(81166006)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1616; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: B9xstJpMFJt6wDS+FbEPBN5YkxPtGY938aw5A3+Rb8u5kXZNKGPoE6vlsASmkOMIyqSEf/rjGedQv/5dOQ/cWHLJdytzGVwWqFX7GFBBd1hbJeAQv0RuJLAXAAR8AkU2gc2Ks2IB910GKVSjrFcViwWSEMJnLfBD46oNyCdfKO+Pm7cQ4ravM6BT3U7ZfPhRkoyION7i1VkHX9hXj82HCwiUdcYmY75xeVf/O6G2z4XPFaLvv+w1sDDL0+0HffoexztGKtv1To/7NndyI0VVnFIyZFkqXg5BiHcx3T0GU2gbR2MexBSLGdrmFvHOeUBUx+rlD+BujS0hMwfnYpjeeg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 25760215-b483-4486-6b88-08d5d84520b9
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2018 13:36:15.4777 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1616
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/bcgyfU0CX4Qlb5z0D8tN2K2CjtA>
Subject: [Ace] Replay ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 13:36:22 -0000
Hi Roman, Thanks for your review. As I was re-reading the reviews I spotted this comment: > (14) (Editorial) Page 8, Section 4, Per "Replay can also be avoided if a sub-key is derived from a shared secret that is specific to the instance of the PoP demonstration." PoP is spelled out everywhere else in this draft but here. Yes, the acronym is defined, but for readability, I recommend against it using it and consistently spelling it out here too. I believe the current text is a bit confusing. Here is what it says: Proof of possession via encrypted symmetric secrets is subject to replay attacks. This attack can, for example, be avoided when a signed nonce or challenge is used since the recipient can use a distinct nonce or challenge for each interaction. Replay can also be avoided if a sub-key is derived from a shared secret that is specific to the instance of the proof-of-possession demonstration. This somehow gives the impression that replay attacks are only a concern for symmetric key techniques. Of course, this is not true. Furthermore, the text gives the impression that this attack is actually something that can be covered within the CWT-PoP token spec itself. This is also not the case. For this reason I am suggesting to change the paragraph to: " CBOR Web Tokens with proof-of-possession keys are used in context of an architecture, such as ACE-OAuth [REF], where protocols are used by a presenter to request these tokens and to subsequently use them with recipients. To avoid replay attacks when the proof-of-possession tokens are sent to presenters a security protocol, which uses nonces or timestamps, has to be utilized. Note that a discussion of the architecture or specific protocols CWT proof-of-possession tokens are used with are outside the scope of this specification. " Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Ace] Replay ... RE: WGLC feedback on draft-ietf-… Hannes Tschofenig
- Re: [Ace] Replay ... RE: WGLC feedback on draft-i… Roman Danyliw
- Re: [Ace] Replay ... RE: WGLC feedback on draft-i… Mike Jones