[OAUTH-WG] DPoP key rotation
Dmitry Telegin <dmitryt@backbase.com> Tue, 08 June 2021 16:30 UTC
Return-Path: <dmitryt@backbase.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA123A35F9 for <oauth@ietfa.amsl.com>; Tue, 8 Jun 2021 09:30:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=backbase.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Te1Yyd94KE8v for <oauth@ietfa.amsl.com>; Tue, 8 Jun 2021 09:30:27 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C8133A35CF for <oauth@ietf.org>; Tue, 8 Jun 2021 09:30:26 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id f11so32897761lfq.4 for <oauth@ietf.org>; Tue, 08 Jun 2021 09:30:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=backbase.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=xdI91lSCeWXC+T64HDZNP0UizbeKGl9W8mL2tWuYstU=; b=UUiDEUKS2nrOYheOxe77cPctB0SuGBk3AdKYjZRgM1Nxm1PWRfHi070jzF4hqgMNR1 IxJMu62Dz5m2n9G3Ls4MggR07JzAk3eXWwhHhJK61zSPbAsZBfRCFT/k1V+EB5iz522D TGKGfw6o67996bj30PksDeZd9Rl5EcmgztvnUnfTmZranoPtxuJWHbjDllkaaJPb1Y8F 160MVd3qpx1zGl5jdGmG5IZjisC0yinKh1cBQizkj7036Yjg3Fx49+/3bQJKil58WMZq XEokGxJSiFVrxZrtaL35LPwuqaSjJaJrJklVyYwm93/qBNX2I02IwzcLIGt8PFvDZaCN ch6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xdI91lSCeWXC+T64HDZNP0UizbeKGl9W8mL2tWuYstU=; b=GbbyRIokZA7I0zD8y+kqYtfFO1DXOpt6tq2mccy6pfILcaNfeK7XN0mmZYWSBZ6Sh5 Rlvz0T6OR4ef5treFjRkBbIJjEWywSNIzPY0XT0cbGY8RcCfnspztNNOYpZLXO1e8gcP 3O4g+dyfx2vRnPnbFG33EcsFRgedP6AEv8puzzvEg8RsfTMgL0ERtY0jK2YzyLnwPQjP GDttwBDtEE3UiEvIHlGjmPZ7Yi1e4hGdErxwSGmOkn1XPju9TG5/Ql9W3lD23qSI06kz oBfYiUQ3tOLw6aAnO4SZMjmA6FFe66JzozQURLqsnX4N7OByqr0HbW/qt22I6kZMcyjF u7AA==
X-Gm-Message-State: AOAM533ioH3WxH+5uEZtEacC8x6/XPQCTVoE/5mk4U1GO4okR/eK9vPn EboT+O8KZQGn6LCAhPxdyfPDMuo1Ou9Ef+9q0FYcP4YrtrDEnQ==
X-Google-Smtp-Source: ABdhPJwR+e6GrooOtkHoIhQmu4g6E6EQU4mkanl9wK+auzkPmz+6hXgS8dFAp//7N5X2gkOeftuJllUV3SCDy8hCyvE=
X-Received: by 2002:a05:6512:38cc:: with SMTP id p12mr15800924lft.4.1623169823836; Tue, 08 Jun 2021 09:30:23 -0700 (PDT)
MIME-Version: 1.0
From: Dmitry Telegin <dmitryt@backbase.com>
Date: Tue, 08 Jun 2021 19:30:13 +0300
Message-ID: <CAOtx8D=mdXHAgaEFspp7qEam6qH70LNUBTW_UivGxwYih1GDbw@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c2a70d05c443accf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/65Aip95ixdP8PplzFXuIfREERvc>
Subject: [OAUTH-WG] DPoP key rotation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 16:30:40 -0000
Hi, I'm Dmitry Telegin, I'm currently working on DPoP implementation in Keycloak on behalf of my company, Backbase. Takashi Norimatsu of Hitachi supervises this process as the head of the Keycloak FAPI SIG. With the current DPoP design, once the keypair has been generated on the user agent and the initial token set has been obtained (using authorization_code grant), the whole chain of the subsequent access/refresh tokens will be bound to this particular keypair. That means, the keypair should be persisted on the user agent for the duration of the session. OTOH, sessions could be rather long-lived, especially if we take offline tokens [1] into account. In a nutshell, offline access provides a non-expiring refresh token. This could be highly relevant e.g. for mobile applications that would employ offline tokens to help users avoid logging in every time. The longer the session lasts, the higher the probability of key leakage is. Currently, the only way to switch to a new DPoP keypair is to start a new session (i.e. log in again). Do you think it might be worth incorporating some sort of key rotation concept into DPoP design? The most obvious way to perform key rotation is to do that during token refresh. For that, we could make the refresh_token grant honour the additional DPoP proof that would supersede the current one. From the technical PoV, it could be as easy as supplying two proofs within the DPoP header: DPoP: eyJ0eXAiO... eyJ0eXAiO... Or we can go with a single (old) DPoP proof, containing the new proof (to supersede the current one) as a claim (or vice versa). We'd appreciate any feedback from the WG. Also apologize if this ML is not the appropriate place to discuss issues like this. Regards, Dmitry Telegin Senior Backend Engineer, Backbase R&D B.V. [1] https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
- [OAUTH-WG] DPoP key rotation Dmitry Telegin
- Re: [OAUTH-WG] DPoP key rotation Brian Campbell
- Re: [OAUTH-WG] DPoP key rotation George Fletcher
- Re: [OAUTH-WG] DPoP key rotation Nikos Fotiou
- Re: [OAUTH-WG] DPoP key rotation Neil Madden