Re: [OAUTH-WG] draft-ietf-oauth-security-topics
Torsten Lodderstedt <torsten@lodderstedt.net> Sun, 10 June 2018 17:23 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45640130E9F for <oauth@ietfa.amsl.com>; Sun, 10 Jun 2018 10:23:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAF-g31sQ5mI for <oauth@ietfa.amsl.com>; Sun, 10 Jun 2018 10:23:35 -0700 (PDT)
Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.18.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3EBA130E9A for <oauth@ietf.org>; Sun, 10 Jun 2018 10:23:35 -0700 (PDT)
Received: from [84.158.233.58] (helo=Torstens-MacBook-Pro.local) by smtprelay04.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) (envelope-from <torsten@lodderstedt.net>) id 1fS43v-0000pg-IF; Sun, 10 Jun 2018 19:23:31 +0200
To: "McDorman, Doug" <Douglas.McDorman@T-Mobile.com>
References: <MWHPR02MB26057CD1C2F52A9EB00A9D93B09A0@MWHPR02MB2605.namprd02.prod.outlook.com> <F57DEBF2-8E1B-4F32-A42D-D14B71E563B7@lodderstedt.net> <MWHPR02MB260515F4E0E06359CC34C16FB0940@MWHPR02MB2605.namprd02.prod.outlook.com>
Cc: oauth@ietf.org
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Message-ID: <6b27c559-2518-38ce-46e4-88a2963421e4@lodderstedt.net>
Date: Sun, 10 Jun 2018 19:23:29 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <MWHPR02MB260515F4E0E06359CC34C16FB0940@MWHPR02MB2605.namprd02.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/1ziiJOOQ2bRkwrqoE1wM6EhI1Po>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-security-topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jun 2018 17:23:39 -0000
Hi Doug, Am 22.05.18 um 07:48 schrieb McDorman, Doug: > I attached 2 diffs which should help highlight the changes. thanks, that helped a lot! > > To summarize: > Added 1.1. Notational Conventions > > Section 3.1.1. Attacks on Authorization Code Grant > FROM > control, say "https://www.evil.com". > TO > control, say "https://www.evil.example.com". > > Section 3.1.2. Attacks on Implicit Grant > FROM > attacker's control, say "https://www.evil.com". > TO > attacker's control, say "https://www.evil.test.com". > > FROM > "redirect_to=https://client.evil.com" into the redirect URI and > TO > "redirect_to=https://client.evil.test.com" into the redirect > > FROM > %253Dhttps%253A%252F%252Fclient.evil.com%252Fcb HTTP/1.1 > TO > %253Dhttps%253A%252F%252Fclient.evil.test.com%252Fcb HTTP/1.1 > > FROM > redirect_to%3Dhttps%3A%2F%2Fclient.evil.com%2Fcb > TO > redirect_to%3Dhttps%3A%2F%2Fclient.evil.test.com%2Fcb# > > FROM > the URL "https://evil.example.com/cb". > TO > the URL "https://client.evil.test.com/cb". > > FROM > Location: https://client.evil.com/cb > TO > Location: https://client.evil.test.com/cb > > FROM > https://client.evil.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA&... > TO > https://client.evil.test.com/cb# > access_token=2YotnFZFEjr1zCsicMWpAA&... > > FROM > (4) The attacker's page at client.evil.com can access the fragment > and obtain the access token. > TO > (4) The attacker's page at client.evil.test.com can access the > fragment and obtain the access token. I took the liberty to use the "example" TLD in all examples as recommended in RFC 2606. > > Section 3.3.2. Access token in browser history > FROM > Actually [RFC6750]discourages this practice and asks to transfer > TO > Actually [RFC6750] discourages this practice and asks to transfer done > Section 3.7.1.1. Metadata (line break added to avoid line too long) > FROM > "access_token_resource_server":"https://hostedresource.example.com/path1", > TO > "access_token_resource_server": > "https://hostedresource.example.com/path1", done > > Section 3.8.2. Clients as Open Redirector (uppercase the NOT) > FROM > Client MUST not expose URLs which could be utilized as open > TO > Client MUST NOT expose URLs which could be utilized as open done > > Added section 3.10. Cryptographic Agility > NEW > Cryptographic agility is the ability to change algorithms if the need > arises. For example RS256 does not have the same formal validation > that PS256 does, so vulnerabilities might be found in RS256. > Similarly quantum computing may make elliptic curve ES256 or EdDSA > [RFC8037] a better option than RS256. So the protocol must be able to > adapt to other cryptographic algorithms. Over time cryptographic > algorithms are expected to become obsolete (DES, RC4, MD5, SHA1) often > with long time frames but new research and vulnerabilities can sometimes > shorten the time dramatically. > > The implementations SHOULD implement and test additional cryptographic > algorithms to support cryptographic agility. Typically implementations > indicate that they MUST implement RS256 (RSASSA-PKCS-v1_5 using SHA-256 > hash algorithm) but PS256 (RSASSA-PSS using SHA-256 hash algorithm and > MGF1 mask generation) has a better mathematical foundation of security > and [RFC8017] recommends a gradual transition to EMSA-PSS in PS256 is > recommended as a precaution against future developments. I agree crypto agility is a very important topic. I'm not quite sure whether this topic should be discussed in this document for two reasons: - this draft is about OAuth-specific security threats, I don't see a direct relationship - the draft nowhere talk about any crypto algorithms What does the WG think? > > Section 7.1. Normative References > NEW > [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate > Requirement Levels", BCP 14, RFC 2119, > DOI 10.17487/RFC2119, March 1997, > <http://www.rfc-editor.org/info/rfc2119>. done > > [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, > "PKCS #1: RSA Cryptography Specifications Version 2.2", > RFC 8017, DOI 10.17487/RFC8017, November 2016, > <https://www.rfc-editor.org/info/rfc8017>. > > [RFC8037] Liusvaara, I., "CFRG Elliptic Curve Diffie-Hellman (ECDH) > and Signatures in JSON Object Signing and Encryption (JOSE)", > RFC 8037, DOI 10.17487/RFC8037, January 2017, > <https://www.rfc-editor.org/info/rfc8037>. related to your text proposal - not adopted for the moment > > Section 7.2. Informative References > FROM > draft-ietf-oauth-jwsreq-15 (work in progress), July 2017. > TO > draft-ietf-oauth-jwsreq-16 (work in progress), April 2018. thanks for pointing this out. My local environment somehow fetched outdated data. It's been corrected now. > > FROM > mtls-07 (work in progress), January 2018. > TO > mtls-08 (work in progress), May 2018. > > FROM > tokbind-https-12 (work in progress), January 2018. > TO > tokbind-https-14 (work in progress), May 2018. > > Does that help? yes! best regards, Torsten. > > Thanks, > > Doug > > -----Original Message----- > From: Torsten Lodderstedt [mailto:torsten@lodderstedt.net] > Sent: Sunday, May 20, 2018 4:30 AM > To: McDorman, Doug <Douglas.McDorman@T-Mobile.com> > Cc: draft-ietf-oauth-security-topics@ietf.org > Subject: Re: draft-ietf-oauth-security-topics > > Hi Doug, > > thanks for your feedback. I changed the names to comply to RFC 2606. > > Can you please add all proposals to the body of your posting (including section/page references)? Otherwise, it’s nearly impossible to discuss proposals on the list. > > best regards, > Torsten. > >> Am 08.05.2018 um 08:48 schrieb McDorman, Doug <Douglas.McDorman@T-Mobile.com>: >> >> Hi working group, I made some edits to the current draft of this document. Edited version attached. >> >> The changes probably are not in the exact desired format, I have not edited an RFC before and I am not familiar with the tools and process. >> >> Summary: >> • I added a section 3.10. Cryptographic Agility >> • The domain evil.com is used but that is a real URL so I changed references to be evil.test.com, According to https://tools.ietf.org/html/rfc2606 test.com should be safe to use in documentation. >> • There was one wrong URL of https://evil.example.com/cb, which should have been https://client.evil.com/cbalthough I changed to https://client.evil.test.com/cb to be consistent with the other changes from evil.com to test.com >> • Updated some of the references to newer versions >> • A few other minor spacing issues >> >> Let me know if I can clarify anything or provide additional assistance. >> >> Thanks, >> >> Doug >> >> Doug McDorman >> Principal Architect, Security >> >> <image002.jpg> >> douglas.mcdorman@t-mobile.com >> www.t-mobile.com >> >> <draft-ietf-oauth-security-topics-05.txt>
- Re: [OAUTH-WG] draft-ietf-oauth-security-topics Torsten Lodderstedt