IETF Logo Mail Archive

[OAUTH-WG] Re: New Draft: draft-ambekar-oauth-epop-00 – Enveloped Proof of Possession

Ashwin Ambekar <ambekar@gmail.com> Mon, 25 May 2026 16:47 UTC

Return-Path: <ambekar@gmail.com>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 73189F4BA19A for <oauth@mail2.ietf.org>; Mon, 25 May 2026 09:47:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779727634; bh=9ezoR49/vUA2meMQmlwO3FDMk50rsD4u5xWBYaAQDOU=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=gksfnBC8tKy+ixRN2WpbcAIkm9OFkwByLnjurL19/nQHWNeyjYj9BbEJbZc//m9dK uQfRyVcp6JY902gkNbnM7GytXM3THTk1MZ14X9OQNaz8JBF6myO89nWj1Ds2uhGiJ1 OGiz+UL30tFwzdSgh3p9hjfTvab81Ni/y9EsRSWw=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eXjvGdjGjJUr for <oauth@mail2.ietf.org>; Mon, 25 May 2026 09:47:13 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CCFCDF4BA18C for <oauth@ietf.org>; Mon, 25 May 2026 09:47:13 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-67b6da5a618so14961546a12.2 for <oauth@ietf.org>; Mon, 25 May 2026 09:47:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1779727626; cv=none; d=google.com; s=arc-20240605; b=h+m4mT6J5V240V6C9DcEpXReORy6biZKieOPMJF6G+S7I2ZcxKqfteZ5UxGtPU+2Ig TfXAMb8Hg5sNn8/TPNeC8epoxcY3sKOKCR3sLuAdcBMQHT7H0OTiWut0HpMrKzOoSY7v /wxqqGZ9PPRts6j/ODz6P2WNrFk0qHyLctqrtWTUAe7sYgzif2BBaMLPagLTWp5+Ivmc 8dVjUf2GeOXl3xEy/tu2/sFenq98rArIuPXXLvkI4boBcD8e/EqZs/3RXa2i00oMkfBX 9Vdf5eB4OmS/UtnZp06gSeomAYugpMtIejIthrA+8g5okSXgZ1roB+OLLkP1tIwIVyFk OOxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=9ezoR49/vUA2meMQmlwO3FDMk50rsD4u5xWBYaAQDOU=; fh=YbZzzKs3bsqcHH9jvl2rMwA8ps7c+W6f/amaNT52GwU=; b=ba2Uo/2eNdX6mU/C3dQHMzuDD68fAHDcQbSKLuopyhmNbxPDi2tHCOICy3ZE50wTKN kQAbVP+8kYrUBJoenuTM+PPuBb9E3g25BogR0dTO1koao51oLW3R0657pbBCott5CD+v L0lidJwBwmqy1oHCBirLl6QNfy7k/C4JgJXK9mOHqJ/5FXbDSuyinCirSR8a0KrVDgvj 5HfyDkPd6rX1B2OYAtb7JOHHwanp7CkTib1q8wvwrwQ6DZ7J0sVIBzxTdjRT+lX2B0bi L+aPtD/OSWRHslchalZg+FkhJDQCRpcxxIomCM7P4wTmpCEpL1RlfrL7d6qBNajXBXsz 7B2g==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779727626; x=1780332426; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9ezoR49/vUA2meMQmlwO3FDMk50rsD4u5xWBYaAQDOU=; b=GIRqovhwMAUf7VSjW80dCu8mXWYI1ipmS+VJRRMGznz4PoPy7niTIkRCZQ8G5UcHUg vWCVh3v5YiIACLCjA8o9W8IOyFK7k+wisyM/wynuE/XPUJtr4lffE0Fs+JlwA2/Bm0XI TmRJjay5UZfkmLY1fT8Av84ggEPHCTRCrQ80lpZbwm16GU047gsj4xjxumr8vH3gVKw3 m3dPQpp6QaZcGTEzMWMYFvruQuqX7vCvGUUl9SI4uBkb3EX0jtgWNAyN8BLyEUQWeB1N DpzL/neaeuEq/s+hH0X0k1eiq4UamO19GrCrS13qAu1W6M0B67TPMe3ya56hmWHHZJ22 9ycQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779727626; x=1780332426; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=9ezoR49/vUA2meMQmlwO3FDMk50rsD4u5xWBYaAQDOU=; b=bgKupwDxAvAjvWNoIuKvp69b7vidCFdLpniZW/7XJib+9zR5oYaDMKwyE3sPbbDqg3 xx/6qL/vBs9q3G7sWmondqDEy8wvMhRXiGADHpPmUtoiKoqp0yZwWoaILdOKBAI8zCA9 RebzHrPNBWLyOm5K2dc/JjOshqa/ZrRh0MFeYzO4b577KfLd3Iat3PWgWXjxJXDOlbl2 v92axtCx9PZ6K4ka4w7Fh/VmDNUcNGsA7ZGXX5VgWbTRIgHBmY6/trKM4t2gG1+s402L rSVY5MXe0fAb8YcImdArYkN8dWN4LBrMLv5z/4ey4vl0KSR3IRATxxr3KG7qb1hgdk+N oawQ==
X-Forwarded-Encrypted: i=1; AFNElJ9szQ1c0LIKunTqCPs73njM2TY7mUv4pfoDkYPuwlKGL6zmwwIemxzcXX1IJXopOvoqDuOATA==@ietf.org
X-Gm-Message-State: AOJu0YwhxZGiuq6bpw24E9H0jtjOneFSANeOY+0SXvaAJwkXVi9F/06E b38ANooA5Sz+gzsoajR0YdbMEySHBib7Ev5pMie58mLhHoS8zULfei6vMIPMFng2W0RxKcPU+H3 4WSXTp8kiyZJGfilwWgBuluajWczzBpM=
X-Gm-Gg: Acq92OFp7PKxIyDoorDVFLYT/XNCNnUmoPPgZtX9TGc6TPT4rloOoC3PD/d9zIeauC8 ebH0DvnFwAXKIovmQSuGUJFGxDA3qeRd3zgH+Ts5pY7V8efFpiMEKYiQ2u5154UOFdt97EpUkgO 75yKnNiX34UA1kjCACPZ3bRwoY2T6RHDo04FFlQNqqHV055/4XZcfyDMMrCzi1UdhemAEmCubu9 atB32kXkCA54LgzXpCNfsoQZNjie+TcyKkzE9WwFHPlO2jVLUS13UAi7wL4/Hmyf65y9zLfgdN6 Cof9VK4j
X-Received: by 2002:a17:906:3198:b0:bdd:f2e9:37d2 with SMTP id a640c23a62f3a-bddf2e93cdfmr562740366b.33.1779727626344; Mon, 25 May 2026 09:47:06 -0700 (PDT)
MIME-Version: 1.0
References: <CAHcgzD+pyYsY5FHYNspKrckcdDvKCqKN5H0TLQvma_5Royb96A@mail.gmail.com> <7DADFCDA-D9BD-4C34-9008-12B59C3B0B7D@runbox.eu>
In-Reply-To: <7DADFCDA-D9BD-4C34-9008-12B59C3B0B7D@runbox.eu>
From: Ashwin Ambekar <ambekar@gmail.com>
Date: Mon, 25 May 2026 09:46:53 -0700
X-Gm-Features: AVHnY4Kz1_8QcbD4SBCmVD7ukHqFjadF4rCn3Txm8Yy0kgN-AuhJbkkEwAT8oAs
Message-ID: <CAHcgzD+zRW+ODdsH1_W_H6qhOLjPo2_6gL=TZYPzUZH_NDk9MQ@mail.gmail.com>
To: Neil Madden <neil.e.madden@runbox.eu>
Content-Type: multipart/alternative; boundary="000000000000f71e580652a72099"
Message-ID-Hash: VRGSSTTC3QR6EZTR3UVWLK4LRJACOURK
X-Message-ID-Hash: VRGSSTTC3QR6EZTR3UVWLK4LRJACOURK
X-MailFrom: ambekar@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Gabriel Corona <corona.gabriel@gmail.com>, oauth@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: New Draft: draft-ambekar-oauth-epop-00 – Enveloped Proof of Possession
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/-w-RrbPLXvwrgAlVo4QoM0UpQKE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Hi Niel

>While I can see the motivation, IMO the HTTP-specificity of DPoP is an
advantage from a security point of view. Otherwise, like this draft, you
end up with lots of crucial checks being conditional.
Are you suggesting separating drafts by protocols or suggesting that other
protocols should not be supported?

>The problem I think you have is that the EPOP proof is wrapping the token
..
>EPOP seems to have the further issue that the proof itself contains ..

The trust establishment pattern you describe as "suspending disbelief" is
the same two-phase model used in certificate-based authentication and
codified in RFC 9883: a self-asserted public key is presented, the relying
party verifies the signature with it (establishing key possession), and
authorization of that key is then confirmed via a separate chain check.
Nobody considers TLS client certificate authentication problematic on these
grounds. EPOP follows the same principle: steps 1–3 establish that the
sender holds the private key; step 8 (cnf.jkt cross-check) establishes that
the AS authorized that key for the nested credential. These answer
different questions and must run in sequence.

On parsing an "untrusted" token: after steps 1–3 pass, the outer token is
not unexamined — its signature has been verified. This proves key
possession. An attacker who wraps a stolen access token in their own EPOP
envelope will pass steps 1–3 but fail step 8, because the cnf.jkt inside
the AS-issued nested token does not match their self-generated JWK
thumbprint. The AS bound that value at issuance; it is not under attacker
control in the resource access flow.

On the cnf.jkt concern: I think there may be a conflation of two distinct
flows. In authorization code exchange, cnf.jkt is client-declared (same as
client_assertion in RFC 7521), and PKCE provides the complementary binding.
In resource access, cnf.jkt is embedded in the AS-issued access token and
is not under attacker control — this is the primary token substitution
defense. In rotation flow, new cnf.jkt is attested by the previously known
EPOP key, which is attested by the underlying refresh token.

On conditionality: DPoP has the same structural characteristic — nonce is
optional, ath is conditional on token type. EPOP's validation algorithm in
§5 is a strict sequential procedure with explicit normative requirements at
each step. I am open to discussion on whether specific conditions in the
draft need tighter language.

Regards
Ashwin

On Wed, May 20, 2026 at 1:04 PM Neil Madden <neil.e.madden@runbox.eu> wrote:

>
>
> > On 20 May 2026, at 19:52, Ashwin Ambekar <ambekar@gmail.com> wrote:
> >
> > 
> > Hi Gabriel,
> >
> > There is a broader point that I think gets missed in the ~ vs nesting
> discussion: neither SD-JWT nor DPoP address sender-constraining for opaque
> access tokens across non-HTTP transports. SD-JWT requires JWT structure —
> it has nothing to work with for opaque tokens. DPoP handles opaque tokens
> on HTTP via ath, but the htm/htu claims make it HTTP-only. A client holding
> an opaque AT on Kafka, MQTT, or SASL has no sender-constraining path under
> either mechanism.
>
> While I can see the motivation, IMO the HTTP-specificity of DPoP is an
> advantage from a security point of view. Otherwise, like this draft, you
> end up with lots of crucial checks being conditional.
>
> >
> > EPOP's ntk treats JWT and opaque tokens identically: the credential goes
> in ntk, the outer envelope provides the proof, and validation follows the
> same path regardless of token format or transport. This uniform treatment
> of opaque tokens across all transports is a primary design goal, not an
> incidental feature.
> > There is a convergence path where SD tokens can be the ntk claim inside
> the EPOP token, which I'll be willing to explore as a follow-on draft if
> you are interested.
>
> The problem I think you have is that the EPOP proof is wrapping the token,
> but the token needs to be validated in order to establish trust in the
> proof key. Sure, you can do that, but it means you have to suspend
> disbelief for a while - validating the EPOP proof based on a self-asserted
> JWK and only much later do you get around to checking if that key is
> trusted. That seems a problematic design to me. (I had a similar concern
> with DPoP, but this seems a step even further down that road). I shouldn’t
> be having to parse an untrusted token to find another token that’ll
> eventually let me tie off the trust knot. That way lies doom.
>
> EPOP seems to have the further issue that the proof itself contains a
> self-asserting cnf/jkt claim that sometimes seems to have to match the jwk
> header (both under attacker control, so pointless), but at other times
> might be a nested token where it matches the outer proof key.
>
> I think there’s just far too much complexity and conditionality in this as
> specified to make a robust security mechanism.
>
> — Neil





Regards
Ashwin Ambekar

v2.46.0 | Report a Bug | By Email | System Status