Re: [OAUTH-WG] Nonce-based Replay Protection for DPoP

Brian Campbell <> Thu, 18 March 2021 20:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 668E93A342A for <>; Thu, 18 Mar 2021 13:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5g3d75FzFYan for <>; Thu, 18 Mar 2021 13:52:00 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 87C593A3428 for <>; Thu, 18 Mar 2021 13:52:00 -0700 (PDT)
Received: by with SMTP id 15so9315204ljj.0 for <>; Thu, 18 Mar 2021 13:52:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sU3b88mSGcRq7XClv23cPVdH3eohHeJaehVnFKnHlXo=; b=VDFoQ8qWMTClAAZhXDpO2eIahKk+819tmX4sfDDIXt2ghvFuffu6OSYLbeOdNytmIR +qEnASkLXBjYASOJDKHh3YAZ3AZIS0HdEWBI2Y14B/W3JiD8F1H79eFll7Pz+ZulHvxu SeR+yn9LdI0zDlrlBIunNaXDIS2xHgJl5jD6fPOM1Nm/VNKjRWM34Mz3fbu474daUzfN ZUxjKHLm2NhEqqjI3jZ1aM5rH/Ct/jpmKCEWiIeN3ylL+rn27BGpcBJM9ycHpVpWUPMi 1TiXwQZ5li/3QZwBzZ/QNw+ihc59RULHp3kyan381ELIK+CK25pNwsD6do6weNDwdC41 KcUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sU3b88mSGcRq7XClv23cPVdH3eohHeJaehVnFKnHlXo=; b=tY0JsgONl8haB+yBsow+i6ixsx1zmkLlCM0hLIizT/rw8epMA6v8rH4q4yJnXrCp9e T+jOcfN2FhBP5KoAI5MEYEA6rGUAFDKgYekOV43fm89laFzcb207b6hLSr16xzW4reaJ WDPhzUzpEfD8XmTlBQPubHnG0qMIBDQhYRG4Z3HcZNGGh90ecKwrLnotW9ZpuEpKMaQ6 tjn+RHVZaRpOPFUgkYemhFz/76GkHLiFqlMOxz0YIdZEuoQdNjieSD7TXOKHdK82GHLU JXOjfu8cd3DYWaJGRoxq/D1rHDbO1WKKV9jrywZ81LredR7O8uV5mvxJpyg2VOxfAIA3 442A==
X-Gm-Message-State: AOAM531Vw4iGvosTbftAG52y9phXHXrEgQnkYaYebb4wYtb3AQor1Y2F wqntzUDMbIPuWwRkDnB3dm0OOd4jEsvpEzXwHUJNDunDYH2Hd3UCFE9gAkKVLYoO3tUXs6fu1vU M/5tty8SfjjIYoQ==
X-Google-Smtp-Source: ABdhPJymkooDdbfpJNJsALrrw7AUTjo4r0AJUKjgV2m4Z1qNrG+N6lsy1RPyh+rox+ZSgHGFxZe6lFjX9qhX8D9MJ6c=
X-Received: by 2002:a2e:87d8:: with SMTP id v24mr6263359ljj.387.1616100717024; Thu, 18 Mar 2021 13:51:57 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Brian Campbell <>
Date: Thu, 18 Mar 2021 14:51:30 -0600
Message-ID: <>
To: Benjamin Kaduk <>
Cc: Rifaat Shekh-Yusef <>, oauth <>
Content-Type: multipart/alternative; boundary="00000000000028eda505bdd5c5f5"
Archived-At: <>
Subject: Re: [OAUTH-WG] Nonce-based Replay Protection for DPoP
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 18 Mar 2021 20:52:02 -0000

The discussion during the interim wasn't really about replay protection but
rather about precomputation and exfiltration.  Something like a server
contributed nonce can potentially work to address both though so discussing
such things gets fuzzy quickly.

The approach to reply protection in DPoP is a bit different than what
ACME's done. It's arguably somewhat less robust but I think it is
appreciably simpler and is appropriately so because the replay of a DPoP
proof itself isn't of primary interest. To the extent possible/reasonable,
simplicity was and still is a goal of the DPoP design.

On Tue, Mar 16, 2021 at 5:21 PM Benjamin Kaduk <> wrote:

> On Tue, Mar 16, 2021 at 05:45:46PM -0400, Rifaat Shekh-Yusef wrote:
> > Brian,
> >
> > For a nonce-based replay protection you. might want to look at the ACME
> > protocol here:
> >
> Yes, that one is really solid for the sort of thing it does, and I find
> myself recommending it over and over again.
> Of course, that workflow is not universally applicable, so sometimes it's
> not the right thing to do (and I don't remember enough about DPoP to say if
> it works there).
> -Ben

_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._