Re: [OAUTH-WG] Nonce-based Replay Protection for DPoP
Brian Campbell <bcampbell@pingidentity.com> Thu, 18 March 2021 20:52 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 668E93A342A for <oauth@ietfa.amsl.com>; Thu, 18 Mar 2021 13:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5g3d75FzFYan for <oauth@ietfa.amsl.com>; Thu, 18 Mar 2021 13:52:00 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87C593A3428 for <oauth@ietf.org>; Thu, 18 Mar 2021 13:52:00 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id 15so9315204ljj.0 for <oauth@ietf.org>; Thu, 18 Mar 2021 13:52:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sU3b88mSGcRq7XClv23cPVdH3eohHeJaehVnFKnHlXo=; b=VDFoQ8qWMTClAAZhXDpO2eIahKk+819tmX4sfDDIXt2ghvFuffu6OSYLbeOdNytmIR +qEnASkLXBjYASOJDKHh3YAZ3AZIS0HdEWBI2Y14B/W3JiD8F1H79eFll7Pz+ZulHvxu SeR+yn9LdI0zDlrlBIunNaXDIS2xHgJl5jD6fPOM1Nm/VNKjRWM34Mz3fbu474daUzfN ZUxjKHLm2NhEqqjI3jZ1aM5rH/Ct/jpmKCEWiIeN3ylL+rn27BGpcBJM9ycHpVpWUPMi 1TiXwQZ5li/3QZwBzZ/QNw+ihc59RULHp3kyan381ELIK+CK25pNwsD6do6weNDwdC41 KcUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sU3b88mSGcRq7XClv23cPVdH3eohHeJaehVnFKnHlXo=; b=tY0JsgONl8haB+yBsow+i6ixsx1zmkLlCM0hLIizT/rw8epMA6v8rH4q4yJnXrCp9e T+jOcfN2FhBP5KoAI5MEYEA6rGUAFDKgYekOV43fm89laFzcb207b6hLSr16xzW4reaJ WDPhzUzpEfD8XmTlBQPubHnG0qMIBDQhYRG4Z3HcZNGGh90ecKwrLnotW9ZpuEpKMaQ6 tjn+RHVZaRpOPFUgkYemhFz/76GkHLiFqlMOxz0YIdZEuoQdNjieSD7TXOKHdK82GHLU JXOjfu8cd3DYWaJGRoxq/D1rHDbO1WKKV9jrywZ81LredR7O8uV5mvxJpyg2VOxfAIA3 442A==
X-Gm-Message-State: AOAM531Vw4iGvosTbftAG52y9phXHXrEgQnkYaYebb4wYtb3AQor1Y2F wqntzUDMbIPuWwRkDnB3dm0OOd4jEsvpEzXwHUJNDunDYH2Hd3UCFE9gAkKVLYoO3tUXs6fu1vU M/5tty8SfjjIYoQ==
X-Google-Smtp-Source: ABdhPJymkooDdbfpJNJsALrrw7AUTjo4r0AJUKjgV2m4Z1qNrG+N6lsy1RPyh+rox+ZSgHGFxZe6lFjX9qhX8D9MJ6c=
X-Received: by 2002:a2e:87d8:: with SMTP id v24mr6263359ljj.387.1616100717024; Thu, 18 Mar 2021 13:51:57 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP-15WuaYQzyvN=kq5agj5Moq_uqP_U49gHXB_j=cDyUkg@mail.gmail.com> <20210316232147.GP79563@kduck.mit.edu>
In-Reply-To: <20210316232147.GP79563@kduck.mit.edu>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 18 Mar 2021 14:51:30 -0600
Message-ID: <CA+k3eCRHyh3e4qi=h3ix9m2_Bkro4TJX=oT746HBv_ZS1wesgQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000028eda505bdd5c5f5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6DHML6UeAH9jo4uNo4uryPK35Jo>
Subject: Re: [OAUTH-WG] Nonce-based Replay Protection for DPoP
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 20:52:02 -0000
The discussion during the interim wasn't really about replay protection but rather about precomputation and exfiltration. Something like a server contributed nonce can potentially work to address both though so discussing such things gets fuzzy quickly. The approach to reply protection in DPoP is a bit different than what ACME's done. It's arguably somewhat less robust but I think it is appreciably simpler and is appropriately so because the replay of a DPoP proof itself isn't of primary interest. To the extent possible/reasonable, simplicity was and still is a goal of the DPoP design. On Tue, Mar 16, 2021 at 5:21 PM Benjamin Kaduk <kaduk@mit.edu> wrote: > On Tue, Mar 16, 2021 at 05:45:46PM -0400, Rifaat Shekh-Yusef wrote: > > Brian, > > > > For a nonce-based replay protection you. might want to look at the ACME > > protocol here: > > https://tools.ietf.org/html/rfc8555#section-6.5 > > Yes, that one is really solid for the sort of thing it does, and I find > myself recommending it over and over again. > Of course, that workflow is not universally applicable, so sometimes it's > not the right thing to do (and I don't remember enough about DPoP to say if > it works there). > > -Ben > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Nonce-based Replay Protection for DPoP Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Nonce-based Replay Protection for … Benjamin Kaduk
- Re: [OAUTH-WG] Nonce-based Replay Protection for … Brian Campbell