IETF Logo Mail Archive

Re: [Emu] New Version Notification for draft-janfred-eap-fido-02.txt

Jan-Frederik Rieckers <rieckers@dfn.de> Tue, 05 March 2024 10:47 UTC

Return-Path: <rieckers@dfn.de>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3A98C14F69A for <emu@ietfa.amsl.com>; Tue, 5 Mar 2024 02:47:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dfn.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjfLl4HqIW9g for <emu@ietfa.amsl.com>; Tue, 5 Mar 2024 02:47:03 -0800 (PST)
Received: from a1004.mx.srv.dfn.de (a1004.mx.srv.dfn.de [IPv6:2001:638:d:c301:acdc:1979:2:58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03543C14F5E9 for <emu@ietf.org>; Tue, 5 Mar 2024 02:47:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dfn.de; h= content-type:content-type:in-reply-to:subject:subject :organization:from:from:references:content-language:user-agent :mime-version:date:date:message-id:received; s=s1; t=1709635616; x=1711450017; bh=bAvQjWLFKw4fGCyvkSzj6nbafa+fR9KG0vQqdaVS7/g=; b= SXc/yGV7Pm+Wo7JGyCR5C7aKW0o1GMuZwqF/0S/ijueyiK1DhKCmSqeWLILFWC5n U8HmIc++/zAAdneB6t2RWgXpOULurqvmQ2mJr9mGMuzdn7jOYoFDzeeEn9G7XiAH dn9iOqQG3BYDDuLJrjX0v/GHw0gBrqmaZMl10EnCzdk=
Received: from mail.dfn.de (mail.dfn.de [194.95.245.150]) by a1004.mx.srv.dfn.de (Postfix) with ESMTPS id EE14D2000D2 for <emu@ietf.org>; Tue, 5 Mar 2024 11:46:55 +0100 (CET)
Received: from [IPV6:2a02:8106:57:952a:c8a6:5f15:1740:f30c] (unknown [IPv6:2a02:8106:57:952a:c8a6:5f15:1740:f30c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mspool2.in.dfn.de (Postfix) with ESMTPSA id B96883D6 for <emu@ietf.org>; Tue, 5 Mar 2024 11:46:55 +0100 (CET)
Message-ID: <9ddcd434-c72d-4bcf-aeb6-a57b5314becb@dfn.de>
Date: Tue, 05 Mar 2024 11:46:44 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: emu@ietf.org
References: <170932527085.22824.18343512124707075119@ietfa.amsl.com> <66bca1b2-4b2d-429d-8f85-5c76d29005ad@dfn.de> <c2951f3d-bcc7-4b90-bcdd-077a506dd464@app.fastmail.com> <5e5f794d-a260-4fc4-b4c0-fbe13ed54691@dfn.de> <2A73CDC3-9D44-433B-8948-405917CA69F0@deployingradius.com> <bf52a9e3-bcf9-4e69-962d-42b6bb975142@app.fastmail.com> <CAA7Lko8diwXstKPKb1++tkS58xYFmoHTbR__ndz77-DkJ227ZA@mail.gmail.com>
From: Jan-Frederik Rieckers <rieckers@dfn.de>
Autocrypt: addr=rieckers@dfn.de; keydata= xjMEYS90/RYJKwYBBAHaRw8BAQdAWXYFYTJZD1YR1SztUNqHenPGnf+gdQe/9LjiHlr2XATN J0phbi1GcmVkZXJpayBSaWVja2VycyA8cmllY2tlcnNAZGZuLmRlPsKWBBMWCAA+AhsDBQsJ CAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE/fv7DCp4WBOrb8RyDYuiXSS+ypYFAmVbGkYFCQWP mkkACgkQDYuiXSS+ypYT0AD/TZAi4LsaVAAzkFSuejWnhQKRyJiPKcZUo7RHhGe1DAABAOBV K+OUb4o43IP2fVcVxKL9kyxArIAhehHp4cplQl8PzjgEYS90/RIKKwYBBAGXVQEFAQEHQBxo 6esD49rxn4d3su5fJJL79XjfKNy26LiFE9Gpg38+AwEIB8J+BBgWCAAmAhsMFiEE/fv7DCp4 WBOrb8RyDYuiXSS+ypYFAmVbGlAFCQWPmlMACgkQDYuiXSS+ypadsAEAqZTaohfkaVGeSk5x iiOcy47K43+ze2dUm5qja0eUUuQA/RNoF//lH8NeFNxN0Qs/Ej7MOdbr9B//R7To8AtqgiMJ
X-Enigmail-Draft-Status: N11222
Organization: DFN e.V.
In-Reply-To: <CAA7Lko8diwXstKPKb1++tkS58xYFmoHTbR__ndz77-DkJ227ZA@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms030904030308040409040105"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/poGH8mDeI-bG2dJ5eLeZcaM_vIg>
Subject: Re: [Emu] New Version Notification for draft-janfred-eap-fido-02.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 10:47:07 -0000


On 05.03.24 10:33, Heikki Vatiainen wrote:
> On Tue, 5 Mar 2024 at 09:56, Alexander Clouter <alex+ietf@coremem.com 
> <mailto:alex%2Bietf@coremem.com>> wrote:
> 
>     Using an entire serialiser to support only a map carrying attributes
>     with 1->3 *predetermined* keys seems a bit of a cannon to deal with
>     a mosquito solution as they go. As a hypothetical, would people have
>     a stronger opinion here if CBOR was swapped for protocol buffers or
>     ASN.1 in the document?
> 
> 
> Ok, I'll bite. I've worked recently with ASN.1 (hello GSM world) and 
> found it much easier to work than I initially though. I found the 
> interoperability of different MAP and TCAP (again GSM) implementations 
> to work well together. In other words, the software I made successfully 
> talked to other software from the beginning. This allowed the work to 
> concentrate on the software functionality instead of serialising bits on 
> the line.
> 
> I'd say the main point is: use encoding that's appropriate for the task. 
> ASN.1 suits for 2G/3G complex things. Simple TLVs have so far worked 
> well with EAP.
> 
> I haven't worked with CBOR, but I'd be interested to know if, for 
> example, how careful we need to be with serialiser/deserialiser to avoid 
> problems similar to exponential expansions attacks [1], etc. TLVs are 
> known for people working on Radius/Diameter/EAP. With CBOR it would be 
> useful if the draft were to have information to avoid potential 
> problems, especially if the CBOR input can come from untrusted sources. 
> I'm sure this information is available, and it would help the 
> implementers if they're notified about what to look out for, if needed.
> 
> [1] https://en.wikipedia.org/wiki/Billion_laughs_attack 
> <https://en.wikipedia.org/wiki/Billion_laughs_attack>

Well, the beauty of CBOR is that it is very easily extendable.
I completely agree that, with the limited list of map keys, using CBOR 
instead of TLVs seems like shooting cannons at mosquitos, but if in the 
future we want to do more with this, we can.

Resource exhaustion is a problem in CBOR, as it is in any other 
serialization/deserialization solution.

Here a quote from the CTAP2 spec regarding the use of CBOR in CTAP2 and 
how they deal with the problem:

https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#message-encoding

> Because some authenticators are memory constrained, the depth of nested CBOR structures used by all message encodings is limited to at most four (4) levels of any combination of CBOR maps and/or CBOR arrays. Authenticators MUST support at least 4 levels of CBOR nesting. Clients, platforms, and servers MUST NOT use more than 4 levels of CBOR nesting.

They also limit the length of a CBOR message, with a recommendation that 
every authenticator MUST support at least messages of 1024 bytes and 
that platforms have to respect the max message length signaled by the 
authenticator.

We could say something similar about the allowed depth and length of the 
CBOR messages sent in EAP-FIDO.

One thing that I still have to look into is how we would deal with 
multiple Discoverable Credentials registered for the same RPID, one 
solution would be to send a signature from all of them, and at least 
then I would put the tuple (Credential ID, authdata, signature) in a 
CBOR map, and have the possibility to put multiple of these maps in the 
message.


I'll try to get some Face2Face time with some CBOR experts and talk to 
them about the way they would suggest using CBOR in this protocol.


Cheers,
Janfred


-- 
Herr Jan-Frederik Rieckers
Security, Trust & Identity Services

E-Mail: rieckers@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370
Pronomen: er/sein | Pronouns: he/him
__________________________________________________________________________________

DFN - Deutsches Forschungsnetz | German National Research and Education 
Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1 | 10178 Berlin
https://www.dfn.de

Vorstand: Prof. Dr.-Ing. Stefan Wesner | Prof. Dr. Helmut Reiser | 
Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729B | USt.-ID. DE 136623822

v2.23.0 | Report a Bug | By Email