IETF Logo Mail Archive

Re: [OAUTH-WG] Google's view on signatures in the core OAuth2 spec

John Panzer <jpanzer@google.com> Fri, 24 September 2010 16:12 UTC

Return-Path: <jpanzer@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC8643A6BC5 for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 09:12:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.927
X-Spam-Level:
X-Spam-Status: No, score=-105.927 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQWgNvvC2yV8 for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 09:12:09 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id C4C8B3A6BB7 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:11:46 -0700 (PDT)
Received: from hpaq3.eem.corp.google.com (hpaq3.eem.corp.google.com [172.25.149.3]) by smtp-out.google.com with ESMTP id o8OGBtZ5010822 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:11:55 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1285344715; bh=/qwNxwBhRoWVcaKGdlA9Uh4ioJg=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=vfSdCJftLN95DRSi/zU1qIxcPsMJVvr9El16rXbnCnrRx0tXqkoZ9xom/tWgzyuqb g/n3vV3ILzh0INs8vebFw==
Received: from pvh11 (pvh11.prod.google.com [10.241.210.203]) by hpaq3.eem.corp.google.com with ESMTP id o8OGBq4Y006891 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:11:53 -0700
Received: by pvh11 with SMTP id 11so1036368pvh.18 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:11:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=vSsg9PZvD4KeIczvrCDLXQJbV05mlaa5dUc869hmBjM=; b=lRItlmnfQddgjtSSclOErHQewNzy6gme/uDhfQGhYZsRys7JEXxMyaBnjQO3py7RI5 70WW0nxzs39jNKOw8wtg==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=B+AkuyytLfHsPyvpL39UVtQSPAck4yJC3qAcr3J5udgVmQORKD91sHr3z/irw3S6Ge grY5gIawi0tN3x9OxbJw==
Received: by 10.142.141.11 with SMTP id o11mr1349985wfd.54.1285344712167; Fri, 24 Sep 2010 09:11:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.233.7 with HTTP; Fri, 24 Sep 2010 09:11:32 -0700 (PDT)
In-Reply-To: <BFF19F03-2B06-4C93-8CE0-2C9A6A267CE4@bbn.com>
References: <C8C16037.3AC75%eran@hueniverse.com> <1285335868.15179.98.camel@localhost.localdomain> <440E4C9A-41A2-4203-80B8-B6967D886A80@bbn.com> <1285339868.15179.139.camel@localhost.localdomain> <BFF19F03-2B06-4C93-8CE0-2C9A6A267CE4@bbn.com>
From: John Panzer <jpanzer@google.com>
Date: Fri, 24 Sep 2010 09:11:32 -0700
Message-ID: <AANLkTimVM7VaU=Y3wyVnT=LMOP1uVtAeHZNCV7DPNr2w@mail.gmail.com>
To: "Richard L. Barnes" <rbarnes@bbn.com>
Content-Type: multipart/alternative; boundary="000e0cd17e62fb9360049103a200"
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Google's view on signatures in the core OAuth2 spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 16:12:26 -0000

Richard,

I'm a bit confused because the made-up example you give below is,
essentially, what Magic Signatures does.  The algorithm you present is
basically the correct one IMHO.  Are you assuming that the recipient is
_also_ using the HTTP-level method and URL path for some  important security
decision?

(Note:  I'm assuming it's fine to use this unverified host/path data for
tentative routing to an intended recipient, because the worst thing a MITM
attacker can possibly do is to route it to the wrong recipient.  As long as
the recipient uses only signed information to decide whether it will
actually ACCEPT the data, it will be fine.  MITM attackers can always
mis-route even signed messages of course, given that firewalls etc. are not
aware of signatures, so I don't see this as a distinction.)

--
John Panzer / Google
jpanzer@google.com / abstractioneer.org <http://www.abstractioneer.org/> /
@jpanzer



On Fri, Sep 24, 2010 at 8:26 AM, Richard L. Barnes <rbarnes@bbn.com> wrote:

>  Yes, there is certainly a risk if someone just checks the signature and
>> does not verify the content of the message. This is a bad implementation
>> of an authorization system, to be sure, and it's an issue that people
>> need to be aware of. But simply signing metadata doesn't completely
>> solve the problem, either. In both cases there can be parameters that
>> are outside of the signed request that need to be checked and treated
>> appropriately.
>>
>
> Ah, perhaps I was unclear.  I didn't mean *signing* metadata, I meant
> *sending* metadata.  Using a completely made-up syntax:
>
> 1. Signer computes signature sig_val over data object:
>   { user_agent: "Mozilla", method: "GET" }
> 2. Signer sends { signed_fields: ['user_agent', 'method'], sig: sig_val }
> 3. Recipient reconstructs data object using signed_fields
> 4. Recipient verifies sig_val == sign(reconstructed_object)
>
> --Richard
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email