IETF Logo Mail Archive

[OAUTH-WG] draft-campbell-oauth-tls-client-auth-00 feedback

Sean Leonard <dev+ietf@seantek.com> Wed, 16 November 2016 08:47 UTC

Return-Path: <dev+ietf@seantek.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9EEC12956B for <oauth@ietfa.amsl.com>; Wed, 16 Nov 2016 00:47:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9spW7i8da24M for <oauth@ietfa.amsl.com>; Wed, 16 Nov 2016 00:47:20 -0800 (PST)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0897A129426 for <oauth@ietf.org>; Wed, 16 Nov 2016 00:47:19 -0800 (PST)
Received: from dhcp-898b.meeting.ietf.org (unknown [31.133.137.139]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 3A54822E1FA; Wed, 16 Nov 2016 03:47:13 -0500 (EST)
From: Sean Leonard <dev+ietf@seantek.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 16 Nov 2016 17:47:09 +0900
Message-Id: <6021A3BB-356B-4A02-AF0A-C6E8A0166609@seantek.com>
To: oauth@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6C9zTOq0ygnfwMr6C3oPiZ60diY>
Cc: draft-campbell-oauth-tls-client-auth@tools.ietf.org
Subject: [OAUTH-WG] draft-campbell-oauth-tls-client-auth-00 feedback
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 08:47:25 -0000

Hello OAuth folks:

I have some feedback about draft-campbell-oauth-tls-client-auth-00. Overall I think it is a good, concise effort, and should be adopted as a WG item. Sorry that it didn’t get addressed in the WG meeting.

Section 1 mentions “shared secret” as the default in OAuth 2.0, but this draft provides an alternative that (implicitly) does not require a shared secret between the client and server components. However, this draft does not elaborate on the advantages of avoiding shared secrets: the advantages should be addressed in Section 1 or in the Security Considerations. In particular, a lot of enterprise scenarios seem to do intentional man-in-the-middle attacks (aka endpoint termination) for “logging” and “auditing” purposes: see the IETF 97 TLS WG meeting materials <slides-97-tls-tls-visibility-inside-the-data-center>. These same enterprise use cases are significant motivators for eliminating shared secrets on the wire.

Section 5.2 discusses some ideas about associating/binding a certificate to a client identifier (client_id). I understand that in many use cases, the certificate and public key will be long-lived and issued by an authority prior to the client’s contact with the AS; in a minority of use cases (such as IoT devices), the AS will also issue certificates to clients.

The best and most flexible way to do this is to define an attribute, let’s say “oauthClientID”, of type VisibleString, which can be multi-valued. By defining it as an attribute, it can be put in at least four useful protocol slots:
1. Subject Directory Attributes (RFC 5280 Section 4.2.1.8): this is where metadata about the subject goes that is not part of the distinguished name.
2. Subject attributes: this is when you want the client_id to be bound more authoritatively to the certificate, i.e., the utility and lifetime of the certificate == the lifetime of the client/AS association.
3. LDAP attributes: this is where metadata about the subject is associated together with the certificate, but not part of the certificate (which is usually in the userCertificate attribute for the LDAP entry).
4. “other places” where metadata gets associated with certificates, such as crypto tokens and databases (LDAP, of course, is just a type of database).

By making the attribute multi-valued, one can associate multiple client_ids with one certificate, which means that the same certificate/keypair can be used with multiple services.

Creating a new attribute is strongly preferable to reusing a field such as “commonName”, since commonName is overused and can lead to conflicts (compare with SSL’s legacy use of commonName). subjectAltName is also not preferable because the client_id itself is not really a globally unique name; it’s closer to a serial number or random (but not secret) string. To make it globally unique it needs to be combined with an identifier for the AS, and that makes such a structure more complicated. Furthermore, subjectAltName is specific to being inside a certificate; it does not have semantics outside of a certificate, whereas a generic directory attribute has equal semantics inside and outside of certificates.

Editorial: there is a typo: Section 5.2: “specifc” should be “specific”.

Regards,

Sean

v2.23.0 | Report a Bug | By Email