IETF Logo Mail Archive

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-06.txt

Neil Madden <neil.e.madden@gmail.com> Mon, 06 November 2023 13:46 UTC

Return-Path: <neil.e.madden@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A98BC09C204 for <oauth@ietfa.amsl.com>; Mon, 6 Nov 2023 05:46:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJ3w2sP_76Wd for <oauth@ietfa.amsl.com>; Mon, 6 Nov 2023 05:46:22 -0800 (PST)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EB4BC1D46E6 for <oauth@ietf.org>; Mon, 6 Nov 2023 05:44:42 -0800 (PST)
Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2c506d1798eso14298921fa.0 for <oauth@ietf.org>; Mon, 06 Nov 2023 05:44:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699278281; x=1699883081; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=4EdA0sbTNlJBMWIX93UPiiPnQ9JM/XtEEb8VQOtl4iY=; b=jPb6vUdfU3+e13eb1B8qrQl9ioKp3vW22AhVKYhVQtDggmP9xFhlNepm5jIe0qxCWw 9951TSMa84vuVpW9Hjg5eyvWPqoKLVfl/NRp6S+rYBVbs2rP/Gar5MDxdE6LDwc8LsEB jX9Br3M8hGUk/3WdVfpsrqONUJ+23AuqL165HX7tkeBhYCIGxj0fO4dU46L7xlU0e2ue /fGqO93T+n5e+Ngq2qEM4sx8rHnU3IHeTHC2S7IVgi+d/O5RxhMmCp76w0BengDwk9WI tg5Ie9YTgf4/Y2d/7MeyX95dPbh1Nh+sUQipyG4fmY+v7FeynrHqxaiFnP8ZVkxcShsM +/CA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699278281; x=1699883081; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=4EdA0sbTNlJBMWIX93UPiiPnQ9JM/XtEEb8VQOtl4iY=; b=DU6AZPiXk6NNwNdd1Kgbt1dGtVdil7MPFajIKgt2nC637pqLVGPNqRisrfJDBTF+nx m/B3lR+7IdVEb8b7kpm9WpMbP6lrvFTteI/a6cjc7Kqh7tMBDC+Uh+QSP9d97RLpT0pZ FWqTBVABPjqgIZg1gYpLln2tEtnEqZSUVAuGYqPXDqtyw0UJ+ftJdfGJRg4XtZjHPj/8 RfB7+ved47fuoBZ6/fNVM4XDZ3FnBVdCPuW5ubwwzGnqgm6BcoknaCzsUkL1XZVAcDcj yDrHNBxcPiu5j7v3JIU4CHZGCINrJcTvty7ZSTTwAEqP7drWcwhOr3yhgrR4ivJxFbUl fx6w==
X-Gm-Message-State: AOJu0YwgPdixHSarigBY0DyAn+KXTD7+m7TYBV/NWvxPmfHXDVB8j1xJ S3hwaKoQjeylwTIx32CtSfE=
X-Google-Smtp-Source: AGHT+IEho7fcvjKxkhE1gTfSd9S3qXqxOMbuQlB6Gs43cp52QvtOpRit6ltN2PmInZ3xAH3w8FGjUg==
X-Received: by 2002:a05:6512:3e02:b0:502:9b86:7112 with SMTP id i2-20020a0565123e0200b005029b867112mr22444449lfv.2.1699278280179; Mon, 06 Nov 2023 05:44:40 -0800 (PST)
Received: from smtpclient.apple ([185.147.91.181]) by smtp.gmail.com with ESMTPSA id o17-20020adfcf11000000b0032da319a27asm9562811wrj.9.2023.11.06.05.44.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Nov 2023 05:44:36 -0800 (PST)
From: Neil Madden <neil.e.madden@gmail.com>
Message-Id: <11488C75-EDB1-4D40-9761-36A09B657A18@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5B0DF55F-C8F5-4C81-A0FF-F9FC16BCDA3A"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Mon, 06 Nov 2023 13:44:24 +0000
In-Reply-To: <CA+k3eCSydp+4wR5XU8A0gu_x8L8s7AoJtdjy2pXKE+BCxz7REg@mail.gmail.com>
Cc: oauth <oauth@ietf.org>
To: Brian Campbell <bcampbell@pingidentity.com>
References: <61DA17C1-8CFA-429F-A031-57E50A294908@gmail.com> <CA+k3eCSydp+4wR5XU8A0gu_x8L8s7AoJtdjy2pXKE+BCxz7REg@mail.gmail.com>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/5A1kXMNiIm2DBEcXCadCwUpMhgI>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 13:46:27 -0000

Hi Brian,

Apologies for the late reply. I *think* we’re closing in on agreement here. Comments and some wording suggestions inline below.

> On 27 Oct 2023, at 00:26, Brian Campbell <bcampbell@pingidentity.com> wrote:
> 
> Thanks Neil!  Appreciate the productive discussion. Some more responses below (while also attempting to snip out and declutter the message).
> 
> On Thu, Oct 26, 2023 at 7:03 AM Neil Madden <neil.e.madden@gmail.com <mailto:neil.e.madden@gmail.com>> wrote:
>> On 25 Oct 2023, at 22:00, Brian Campbell <bcampbell@pingidentity.com <mailto:bcampbell@pingidentity.com>> wrote:
> 
> <snip> <snip>
>>> 
>>> The draft currently says that second-preimage resistance is needed, which prevents a malicious Holder from finding a different Disclosure value that results in a digest that's the same as one in the signed credential. Protecting against a malicious user effectively forging or modifying disclosed claim names/values is the security objective. Second-preimage resistance is not as strong as collision resistance but I believe is correct and sufficient for the context of use. And a malicious Issuer isn't something that's in scope and could do all kinds of other bad things. This is the section of the security considerations with that: 
>>> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#section-11.5
>> 
>> Ok, that is a fair enough stance. Without requiring collision resistance though it does make SD-JWT a slightly weird signature scheme, in that the issuer is not actually committed to the contents of the token like they would be for a normal signed JWT. That is a surprising property. For example, if you store SD-JWTs for audit trail purposes (as some people do for normal JWTs), the contents are potentially repudiable. Like you say, if you trust the issuer then maybe that is fine, but it’s a sharp edge that maybe it would be better to remove? Given that pretty much any hash function that is likely to be used with SD-JWT will almost certainly be CR anyway. 
> 
> 
> As a compromise of sorts - would you be willing to propose some additional text to go in section 11.5 that (maybe strongly) recommends the hash function be collision resistant?

How about the following?

—
To ensure privacy of claims that are not being selectively disclosed in a given presentation, the hash function MUST ensure that it is infeasible to calculate the salt and claim name and value (or any portion thereof) that results in a particular digest. This implies the hash function MUST be preimage resistant, but should also not allow an observer to infer any partial information about the undisclosed content. In the terminology of cryptographic commitment schemes, the hash function MUST be computationally hiding.

The hash function MUST be second-preimage resistant. For any salt and claim value pair, it is infeasible to find a different salt and claim value pair that result in the same digest.

The hash function SHOULD also be collision resistant. Although not essential to the anticipated uses of SD-JWT, without collision resistance an Issuer may be able to find multiple disclosures that have the same hash value. The signature over the SD-JWT would not then commit the Issuer to the contents of the JWT, which is surprising. Where this is a concern, the collision resistance of the hash function SHOULD match the collision resistance of the hash function used by the signature scheme. For example, use of the ES512 signature algorithm would require a disclosure hash function with at least 256-bit collision resistance, such as SHA-512.
—

(I’d like to add an informational reference defining these terms, but I can’t find a good one - even the NIST/FIPS standards seem to just take terms like “collision resistance” for granted, so maybe we can too?)

> 
> I'm envisioning the resultant 11.5 section saying that the hash function MUST be second-preimage resistant and fully irreversible (as it does/will now with slightly updated wording discussed below) but then also goes on to say that it SHOULD just be collision resistant. I can come up with some text recommending CR too but maybe not with the rationale/explanation as you could. 
> 
>  
> <snip><snip> 
>>> Preimage resistance maybe isn’t the term to use there. It’s used in that section-11.5 <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#section-11.5> along with some text that says that it needs to be “infeasible to calculate the salt and claim value that result in a particular digest”.  We are trying to say that the hash has to have the property that it can’t be reversed (or even partially reversed, to your point). There’s probably a better way to state that the hash function has to be not at all reversible. Can you perhaps suggest some text? Or could we just replace “preimage resistant” with “irreversible” in that text in 11.5? And maybe qualify that text a bit more too with something like “infeasible to calculate the salt and claim value (or any portion thereof) that results in a particular digest”.
>> 
>> That latter text seems a pretty good start to me. Part of the terminology problem I think is that SD-JWT is couched in terms of signatures but actually its primary security goal is confidentiality.
> 
> I'd push back a bit on that and argue that the primary security goal is twofold and, as https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#section-11 attempts to articulate, is about enabling confidentiality of selectively disclosable content and ensuring the integrity (as issued) thereof. There may still be some terminology difficulties :) But the primary security goal is not just about confidentiality.
> 
>  
>> As I said, I think the correct formal security notions come from the work on commitment schemes, which are “binding” and “hiding”. The hiding property is what you want here - it basically says that it’s infeasible for an attacker to learn anything about the message from the hash that they couldn’t already infer without the hash. 
>> 
>> The binding property is maybe too strong if we trust the issuer - it would require collision-resistance as I’ve said. There is a paper (https://eprint.iacr.org/2017/664) which distinguishes between “sender-binding” and “receiver-binding”, which sounds similar to what you want to express: trusted issuer, potentially untrusted holder/verifiers. However, I think the receiver binding notion is still too strong and would also require collision resistance. I’ll see if I can dig something up and suggest some wording. 
>> 
>> Your wording does look pretty good though so maybe we don’t need to be too formal about this?
> 
> Agree, I'm certainly okay going with that wording and not being too formal. Will plan on making those updates. 
> 
>  
> <snip><snip> 
> 
> 
>> 
>> What I want to ensure is that a migration path like the following works:
>> 
>> 1. at some future point in time the WG becomes aware of attack A and develops backwards-compatible mitigation M (think PKCE for example)
>> 
>> 2. verifiers roll out support for M
>> 
>> 3. issuers/holders gradually roll out support for M
>> 
>> Between steps 2 and 3 there can be verifiers that support the enhanced security but are dealing with a mixture of clients that do or do not support the new mitigation. This is where hard-coded requirements in the verifiers can cause issues, because it means you can’t turn on the new mitigation until all clients support it. Or the verifiers have to have complex rules about which clients support some mitigation and which don’t (a la user-agent sniffing). 
>> 
>> It’s much better to say “if there’s a code_challenge (or cnf or …) on this request then enforce it”. 
> 
> A verifier having an acceptance policy doesn't preclude conditional treatment of a new claim like that. We are certainly not trying to preclude or hinder future evolvability. I don't read the current text as disallowing a migration path like you've described. But maybe there's room for adjustment/improvement in the text so as to avoid giving that impression? 

The current wording of section 11.6 says:

“Verifiers MUST NOT take into account […] whether Key Binding data is present in the SD-JWT or not[…]”

While 11.8 says:

"Verifiers therefore MUST ensure that all claims they deem necessary for checking the validity of the SD-JWT are present (or disclosed, respectively) before checking the validity and accepting the SD-JWT"

I think these constraints do rule out the migration path that I described. I don’t see how a service could incrementally and securely roll-out support for Key Binding (for example) over time—starting from a base ecosystem that isn’t using Key Binding. Either they would have to suddenly *require* Key Binding, and therefore start rejecting clients that haven’t updated yet, or they may have the situation where a stolen key-bound SD-JWT can be treated as a simple bearer token by not selectively-disclosing the cnf claim.

Concretely, I think these phrases and section 8.4 should be removed/re-written.

> 
>  <snip><snip>
>>> 
>>> The 11.8 section could perhaps be stronger in saying that claims controlling the validity of the token shouldn’t be made selectively disclosable. But what exactly constitutes such a claim is actually rather murky and there are undoubtedly exceptions like you point out with “aud”.
>> 
>> It may be murky but I think we do need to try and look at this. I’m happy to think about some text to suggest here. 
> 
> Such suggested text would be very welcome and helpful. I just don't think it's feasible or realistic to have one exhaustive or complete listing of claims that can't/shouldn't be made selectively disclosable. But would be very open to tightening up and strengthening and improving this section.  

How about the following:

—
An Issuer MUST NOT allow any security-critical claim to be selectively disclosable. The exact list of “security-critical” claims will depend on the application, and SHOULD be listed by any application-specific profile of SD-JWT. The following is a list of standard claim names that SHOULD be considered as security-critical by any SD-JWT Issuer:

 * “iss” (Issuer)
 * “aud” (Audience), although issuers may want to allow individual entries in the array to be selectively-disclosable
 * “exp” (Expiration Time)
 * “nbf” (Not Before)
 * “iat” (Issued At)
 * “jti” (JWT ID)

In addition, the “cnf” (Confirmation Key) claim MUST NOT be selectively disclosable.
---
<snip>

Best wishes,

Neil

v2.23.0 | Report a Bug | By Email