Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme

"William J. Mills" <> Wed, 08 June 2011 02:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E25FA11E8093 for <>; Tue, 7 Jun 2011 19:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BdFgMC+-SL-D for <>; Tue, 7 Jun 2011 19:40:06 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id 8AC4921F8482 for <>; Tue, 7 Jun 2011 19:40:04 -0700 (PDT)
Received: from [] by with NNFMP; 08 Jun 2011 02:40:01 -0000
Received: from [] by with NNFMP; 08 Jun 2011 02:40:01 -0000
Received: from [] by with NNFMP; 08 Jun 2011 02:40:01 -0000
X-Yahoo-Newman-Property: ymail-3
Received: (qmail 30367 invoked by uid 60001); 8 Jun 2011 02:40:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=ginc1024; t=1307500800; bh=igtgdMlafKNXXXgX0IJWz0qWyJjefq/o4nz+eZJ8Njs=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=QMbedK2JX62LFEbS+zWvILP2CdIoynZPpV3H35GlUjcLPeNnX19h04w/zc5kVkroL5wZQkUZKcDWlVv+epC96q8ZaB7vFdmtxpeoMkb4Ir/88EUQLigwNjGeQC+oBBza4qHZWhYgIpvg6psw+FxP5J1r0hnsa2ZYEEZmPTy1m+U=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024;; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=gDxobXeIAY7NJCP6JKQT14sMq9ajpYx29amaX8rr8ETR2T5OORe22Xd7Ki5VZe2/RlrgQfIWxBQor6vRTmM2UJIdViq9hK97+IezI1gDlsqaCdI4x5vFmjy35ZrQeLAwuzmUi2voyHtUto+C2ZEeXCPoORDT7pgnElJJ5jl+10Y=;
X-YMail-OSG: Pq_6HkcVM1ktF0rmBX3uAidfzEbiW6Mq.rhQCYHB2.OReUV ya.C2GO76l6OqwvPIkhCZqlsV_6nmZQPO.QUVeYjt.Re4vjAoNsuHtqMbqLg nD.VbM05Y7ezyBs1hHwONQJVqoel3gmPoKv9Erj1itzhyA.552kZ.ReoTG5t aCIZD5KT6NVIpzPGhZpEI3.UwvISIVLxPetiOnfxRvjpwBzPTlTgyPLyyzYE Iyf12Zdk2hm1CKlVzrQIjv3gJF8bYl3dL7VTkpCjf5TAgckz8yIltuyaB8uL 1GSFXMG_1iab2aZzwf7EQ.vazYPl6xWIZ_qRcf766ceZ75XfvbY177TpKKvH Bb5d_L3.fwAh9oC738M6OC19IxiDbPTmQBbUV
Received: from [] by via HTTP; Tue, 07 Jun 2011 19:40:00 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <> <09c801cc24c2$a05bae00$e1130a00$> <> <00f101cc255e$2d426020$87c72060$> <> <> <> <> <> <>
Message-ID: <>
Date: Tue, 7 Jun 2011 19:40:00 -0700 (PDT)
From: "William J. Mills" <>
To: Tim <>, Nico Williams <>
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-787661544-1307500800=:70339"
X-Mailman-Approved-At: Wed, 08 Jun 2011 08:39:52 -0700
Cc: "" <>, OAuth WG <>, "" <>, HTTP Working Group <>
Subject: Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: "William J. Mills" <>
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Jun 2011 02:40:07 -0000

It is possible to implement decent security with MAC, it is also possible to screw it up.  It is far more difficult (impossible?) to implement decent security with cookies over HTTP.

From: Tim <>
To: Nico Williams <>
Cc: OAuth WG <>rg>; HTTP Working Group <>rg>; "" <>rg>; "" <>
Sent: Tuesday, June 7, 2011 4:41 PM
Subject: Re: [OAUTH-WG] [http-state] [apps-discuss] HTTP MAC Authentication Scheme

> > A passive attacker can sniff your cookie and thus hijack your session. All
> > you need to accomplish that attack is connect to any open wifi network and
> > use Firesheep. It's a good bit harder to be an active attacker, even on an
> > open wireless network.
> Yes, but only for resources that you've already stated you don't care about.
> If you cared about those resources you'd protect more of the request
> _and_ response, or you'd use TLS.  But you don't want to protect the
> response and you don't want to use TLS and you don't even want to
> protect the request body.  What you're proposing adds a very marginal
> degree of security that will be trivial to defeat on open wifi
> (particularly once the toolset for doing it gets published).
> Are we serious about security?  Or it this just for show?
> Or am I missing something?

I have to agree with Nico here.  In almost all cases I assert that, on
typical modern networks:

  let P = difficulty of passive attack
  let M = difficulty of active (man-in-the-middle) attack

O(P) = O(M)

This isn't to say the "real world" difficulty of an active attack is
just as easy, but it is within a constant factor.  If someone has
published a tool that conducts MitM attacks for the specific protocol
you're dealing with, the difference in difficulty clearly becomes
marginal.  Consider the complexity of the attacks implemented by
sslstrip and yet the relative ease with which you can use it to MitM
all SSL connections.

I didn't bring this up before because I didn't understand any of the
context behind the MAC proposal, but I will now, at risk of sounding

  What is the MAC Authentication proposal intended to accomplish, in a
security sense, above and beyond HTTP Digest?  

Yes, the HTTP Digest spec is, shall we say, a little rough around the
edges, but would it make more sense to simply *fix* the minor problems
with it and slightly extend it to integrate with OAuth?  Note that it
already does allow for arbitrary encrypted blob values to be attached
to the digest...  Ignoring the integration details for a minute
though, how does MAC improve on Digest from a security persepctive?

OAuth mailing list