[OAUTH-WG] Comments on draft-ietf-oauth-pop-key-distribution-03
Denis <denis.ietf@free.fr> Fri, 24 March 2017 08:51 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 362FF12E76A for <oauth@ietfa.amsl.com>; Fri, 24 Mar 2017 01:51:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.118
X-Spam-Level:
X-Spam-Status: No, score=-2.118 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9ir-O-hrO1H for <oauth@ietfa.amsl.com>; Fri, 24 Mar 2017 01:51:22 -0700 (PDT)
Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [212.27.42.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F42E1294E9 for <oauth@ietf.org>; Fri, 24 Mar 2017 01:51:21 -0700 (PDT)
Received: from [192.168.0.14] (unknown [88.182.125.39]) by smtp6-g21.free.fr (Postfix) with ESMTP id 92F9E780333 for <oauth@ietf.org>; Fri, 24 Mar 2017 09:51:18 +0100 (CET)
To: oauth <oauth@ietf.org>
From: Denis <denis.ietf@free.fr>
Message-ID: <1f3a6bb2-6312-027c-31fe-87dc355db073@free.fr>
Date: Fri, 24 Mar 2017 09:51:18 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------7A801C84D79569B3A71ACEB4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/7EWTC77iKzHGIvLj77s7_PsU6sw>
Subject: [OAUTH-WG] Comments on draft-ietf-oauth-pop-key-distribution-03
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 08:51:26 -0000
I have 2 comments. 1.At the bottom of page 13, the text states: Token replay is also not possible since an eavesdropper will also have to obtain the corresponding private key or shared secret that is bound to the access token. Saying "Token replay is also not possible" is incorrect, since it is only true in the case of an eavesdropper. So this case is restricted to eavesdroppers only: this should be said upfront. Note that this is the /stealing /of an access token by an eavesdropper. Proposed change: *Token stealing by an eavesdropper is not possible*since the eavesdropper will also have to obtain the corresponding private key or shared secret that is bound to the access token. Since it is important to say first that confidentiality protection is needed, this sentence should be moved on the next page after the following sentences: *The authorization server MUST offer confidentiality protection for any interactions with the client.This step is extremely important since the client will obtain the session key from the authorization server for use with a specific access token.Not using confidentiality protection exposes this secret (and the access token) to an eavesdropper thereby making the OAuth 2.0 proof-of-possession security model completely insecure.* 2.Then the text states: *Similarly to the security recommendations for the bearer token specification [12] developers MUST ensure that the ephemeral credentials (i.e., the private key or the session key) is not leaked to third parties.An adversary in possession of the ephemeral credentials bound to the access token will be able to impersonate the client.Be aware that this is a real risk with many smart phone app and Web development environments.* After that text, add: Two users can voluntarily agree to use a specific piece of software that will allow one user who has legitimately obtained an access token to transmit it to another user with the keying material or to transmit it to another user while making the appropriate cryptographic computations for the benefit of the other user so that this other user can successfully use that access token. As soon as someone will develop that piece of software and make it publicly available, everybody will be able to use it. RFC 6819 (OAuth 2.0 Threat Model and Security Considerations) issued in January 2013 has not identified this threat and hence does not suggest any means to counter it.Whatever kind of cryptographic is being used, when two users collaborate, a software-only solution will be unable to prevent the transfer of an attribute of a user that possess it to another user that does not possess it. The use of a secure element simply protecting the confidentiality and the integrity of some secret key or private key will be ineffective to counter this collusion attack. Additional functional and security properties are required for the secure element. Denis