IETF Logo Mail Archive

[OAUTH-WG] Re: We cannot trust Issuers

Wayne Chang <wayne@spruceid.com> Tue, 23 July 2024 01:52 UTC

Return-Path: <wayne@spruceid.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80504C1E6433 for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 18:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spruceid.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5MstTzi-sQza for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 18:52:00 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC1B4C1E6428 for <oauth@ietf.org>; Mon, 22 Jul 2024 18:52:00 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id 2adb3069b0e04-52f01afa11cso2881223e87.0 for <oauth@ietf.org>; Mon, 22 Jul 2024 18:52:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spruceid.com; s=google; t=1721699518; x=1722304318; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1CiIqHtoCNrytPYVSx+/RdBQfZ3PdBIpVnty3AjtA7M=; b=boAJamtG0nTSF1RqCYvTyAaMrAHweco8UkeP1vCYt/9X2b71nMBKAcSRn0OoWFvbYp /t6A0Pe4v54MLhJufSpzrO9LFFEdMvsA2S2FA+cfizs5t8Ap2JiUu1XaTV+/0+A+r1HR xetw6ZodLJYMY9/DwzFchZs8vU63txtUxnSBhYy5M0Enwuw3SJ63aVKXRv9wYU6lfHc3 IuQVce+05uLSTTJxW6CHSkQaIA37oQtTBzZ63UPTUMOs3ZEhNnbAel6wneOkOh/EYTg3 9/s8AoJ2jqNbqnCXJRpoNH9W1hByMfc9P6oIA05zOS8DYKr9Sl6GUkr3MrRG0izhYvIa 80nQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721699518; x=1722304318; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1CiIqHtoCNrytPYVSx+/RdBQfZ3PdBIpVnty3AjtA7M=; b=hYXrQvhJvhZ5dLjy9VMAbHftieRn38Hedvyw8XYkeWOI+N7sACqR9PqGzHNb04XiQ2 j7VicA2yD1N2j2YeYaK+KCjNgl0ghiEPkjP+XK655Ruln1tEjYipltfIMqUL5XB4mBKM 12YD8ss4t+5sattPNxCcwANy00vbh/c6j8qi6tZs4ar1jUgVvRCKrqS+c9x3TAI2zxnC piGpY4p57YWJnvsv9lEwkq6CBXhpatgSCyVq/+SQ39B0leTBITyY5NIdoZLbdaCYQGWb iJOqQvaGRRtMXqRJwVDYkbbxvkCtbPD23IKXYZe1KoRO9M4RCoaLEyq1v69KAphWmtQj IpDA==
X-Gm-Message-State: AOJu0YzV4mtoeL62FDuTDHG8U7XhE5Iz62rzwVoaxX9gckS4PLteoWkm +hvXwrhLR5D/ZGgDzAcLmTVehdubNfiQtdRfEyv5CradgPBG0DEmraOUhF6yeXYFosaRSxCVJxq e3okQrcQWB+qs6KSM8GgngSGrVfah4S8CkYL/RU+t0KMu9KPYoug/h6+jV0Y=
X-Google-Smtp-Source: AGHT+IEtm36c9GKQtqm7UhQuQC53IxM52E2ljWqrpkqy+ovJ2UfaaDJzqC/IAV2N+tw+W14RkSRloFlV9Aper+wbvR8=
X-Received: by 2002:a05:6512:3e1e:b0:52b:bf8e:ffea with SMTP id 2adb3069b0e04-52fc406dc89mr1078184e87.40.1721699518293; Mon, 22 Jul 2024 18:51:58 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cmy03viT6wboUZeVu_8Yf-m7As0rxcjpda2W_Xw6ohKNg@mail.gmail.com> <CAANoGhLsm1yqJvKuPEH_is-ep60EVNfLfi17T9M17KJFfAFiNQ@mail.gmail.com> <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com>
In-Reply-To: <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com>
From: Wayne Chang <wayne@spruceid.com>
Date: Mon, 22 Jul 2024 18:51:47 -0700
Message-ID: <CAFTzAXgcfeE84xq=G_+jpLt8Co8BasOan0t84QJyTsufhmLWsw@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000032d301061de06870"
Message-ID-Hash: LLTPIMW6WUMIPXIQJC3NURKE6GF2MVWK
X-Message-ID-Hash: LLTPIMW6WUMIPXIQJC3NURKE6GF2MVWK
X-MailFrom: wayne@spruceid.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: We cannot trust Issuers
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6fWPaAjUwzoM6nnmYOWrfEl0lio>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Hi Watson,

Here’s an approach based on TEEs that can in theory create unlinkability
for things like mdocs and SD-JWTs while also conforming to FIPS 140-2/-3.
No new crypto, and PQC-friendly.

https://blog.spruceid.com/provably-forgotten-signatures-adding-privacy-to-digital-identity/

Best,
- Wayne

On Mon, Jul 22, 2024 at 16:26 Watson Ladd <watsonbladd@gmail.com> wrote:

>
>
> On Mon, Jul 22, 2024, 3:30 PM John Bradley <ve7jtb@ve7jtb.com> wrote:
>
>> I agree that single-use proof keys and batch issuance are a must.
>>
>> Issuer verifier collusion is admittedly a problem.   To address that we
>> do need different cryptographic methods.
>>
>> MDOC also has the same issue.
>>
>> We should document the risk, but short of stopping EUID and mobile
>> driver's license deployment, we have limited options.
>>
>
> The problem only appears when the drivers license or EUID is used in a way
> that makes the user think their data is private. You don't have to support
> UX that lies to the user.
>
>
>> Hopefully, we can make quick progress on JWP.
>>
>> John B.
>>
>> On Mon, Jul 22, 2024 at 2:14 PM Watson Ladd <watsonbladd@gmail.com>
>> wrote:
>>
>>> Dear Oauth,
>>>
>>> I'm disappointed to see SD-JWT work continue with inadequate privacy
>>> considerations. The fact is an Issuer can link any showings to
>>> issuance of the credential. This is not foregrounded sufficiently in
>>> privacy considerations, nor do we discuss how to ensure users are
>>> aware. We really need to use more RFC 2119 language and highlight
>>> these issues. Section 11.1 about local storage which has never been an
>>> IETF concern before is far more prescriptive than 11.4, and that's not
>>> a good thing. To be clear, the threat model must include an issuer
>>> that is a government issuing credentials that if used to verify age on
>>> certain websites or via a digital wallet on site, and learned about by
>>> the issuer who may have access to data from the site, will result in
>>> imprisonment or execution. This is not a hypothetical scenario.
>>>
>>> Users and UX designers will have intuitions that do not match the
>>> reality and that result in bad decisions being made. That's on us. A
>>> driver's license doesn't leave a trace of where you showed it, but the
>>> SD-JWT does.
>>>
>>> At a minimum I think we mandate batch issuance and one time usage
>>> using RFC 2119 language. We need to say in clear, unambiguous English
>>> that this mechanism enables an issuer to connect every presentation of
>>> a credential to the issuance.
>>>
>>> Sincerely,
>>> Watson Ladd
>>>
>>> --
>>> Astra mortemque praestare gradatim
>>>
>>> _______________________________________________
>>> OAuth mailing list -- oauth@ietf.org
>>> To unsubscribe send an email to oauth-leave@ietf.org
>>>
>> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>

v2.36.0 | Report a Bug | By Email | System Status