IETF Logo Mail Archive

[OAUTH-WG] Re: We cannot trust Issuers

Wayne Chang <wayne@spruceid.com> Tue, 23 July 2024 04:34 UTC

Return-Path: <wayne@spruceid.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBF0BC1840E1 for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 21:34:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spruceid.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZhwtjr5rzrU for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 21:34:54 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC696C180B4A for <oauth@ietf.org>; Mon, 22 Jul 2024 21:34:53 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id 38308e7fff4ca-2eeb1ba0468so68056271fa.0 for <oauth@ietf.org>; Mon, 22 Jul 2024 21:34:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spruceid.com; s=google; t=1721709291; x=1722314091; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GBK+/8NUKQePkJ/nqtW1y9GHk6skFvRRAdU3eqKSgyc=; b=ab3EF7Besg2m8uFdGa+lWzjTZTkKcgtxDIqJC/tag1MThMB67FF+tzN8bW3Uj5ePpa k6KDuqvnkcgnrKFKBVxHGmGNY3u0CqtmoCZFY2cnBdrXggEiUpQvAzk+ge4vaxgXlRUA vzNzqaoDJrxEGCQ87G/H3GbeWSlQ/VRrNgiK0ESRiWZC/wz/Wqmv6/X5iryrmf+nRapQ fhEDWKlDWa9xjlxRRwIEteTM64OBQrfNj7NSUhQK9wQDwVlBwnruWPBoSHvDKaqynfT2 TYOVi9fjFrhUmEh3M5a5sLq4UlSCZhkIlYMJH7bH1jl0I9h+7gwkJzt5dw0HtqG6vkct WaSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721709291; x=1722314091; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GBK+/8NUKQePkJ/nqtW1y9GHk6skFvRRAdU3eqKSgyc=; b=sNKfJeCIcxQPWg+BXmMdLqHRip1KWlsPZkkX9Q4EnhOJ+ok+KEUv9RdzQaE0MxzjDN ka7zvgyA0JHBbqw+QLEH8x+qFpzUEjLcjzt4CktXkas0oL4ApjiZ4hc8kHWLrddRMfPV Qy9Ps7PUtnTdN1+8t9SzNmTmEHsvmjB+dyHkG0C/D1nh49aHPpp0GpaODMBOkGBmRiiB lQ41BQIEzjnJeeJmHWUYjHdBe0KfmXHCL//H5WKe1Im5X/dd709yFwdHrO4H6kcNf5yS +4gk5QVi68NV7ePfbuywt0BxfWgPD06MJYI/pk0L+Kxx76SUbOBJCy11S6GyAgkFdJe7 z7Zg==
X-Gm-Message-State: AOJu0YxhDvULqVM+21szjLMDmhfgrmoV0FqG5uSotu/7qUlrcYmYE6SL c7adFGuJA3UQEcCDhdQ1PK2wHsjpCkT/B1Y3VBFc60xwWCUh9v3jJGF+Bnfaz2giD13LPxZG8bS uyPjX5al8i0IrP99gDXqTeZvYsvIFSE8teVrxLw==
X-Google-Smtp-Source: AGHT+IE0AVVPTZw3a6C1QbESaXu9GKG1t2zqxlRrWDWIk/iHIsGgni24sNk3i2PqBoje60wS4N933Gm2iBLRjsE6ou8=
X-Received: by 2002:a2e:9b87:0:b0:2ee:847f:9e9b with SMTP id 38308e7fff4ca-2ef16798d42mr61958261fa.28.1721709291210; Mon, 22 Jul 2024 21:34:51 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cmy03viT6wboUZeVu_8Yf-m7As0rxcjpda2W_Xw6ohKNg@mail.gmail.com> <CAANoGhLsm1yqJvKuPEH_is-ep60EVNfLfi17T9M17KJFfAFiNQ@mail.gmail.com> <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com> <CAFTzAXgcfeE84xq=G_+jpLt8Co8BasOan0t84QJyTsufhmLWsw@mail.gmail.com> <CACsn0cmUa6xZGmJkKOoO+W_rCgNLYsGsd+xDtB=hTd7=Rqn2kg@mail.gmail.com>
In-Reply-To: <CACsn0cmUa6xZGmJkKOoO+W_rCgNLYsGsd+xDtB=hTd7=Rqn2kg@mail.gmail.com>
From: Wayne Chang <wayne@spruceid.com>
Date: Mon, 22 Jul 2024 21:34:40 -0700
Message-ID: <CAFTzAXi1qZ7npqKmaSkt_QiE3bUmGkhSuE38OO+c2PxB2YSo4A@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000b5a480061de2ae3f"
Message-ID-Hash: DNQ66L7AGCDWUHVCZJD6VXRFXPWASCJ2
X-Message-ID-Hash: DNQ66L7AGCDWUHVCZJD6VXRFXPWASCJ2
X-MailFrom: wayne@spruceid.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: We cannot trust Issuers
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/CEa55C2VXqBCiXsl1sqG8LoKhzc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Yep, TEEs definitely have limitations that should be managed via
defense-in-depth to prevent things like side channel attacks.

It’s also true that such identity systems based on transmission of raw
digital signatures have been deployed in production today and continue to
gain momentum.

It’s important that we balance the various approaches to privacy, as not to
let perfect be the enemy of the good, while also paving a path to the ideal.

Best,
- Wayne

On Mon, Jul 22, 2024 at 20:33 Watson Ladd <watsonbladd@gmail.com> wrote:

> And the draft doesn't have a sufficiently strong statement saying this
> tech (which has significant limitations: every TEE has fallen due to side
> channels) is needed for relevant application scenarios.
>
> I'm not saying this work shouldn't continue: I'm saying that we need to
> ensure we get the privacy and security considerations right, and make clear
> the limitations and that users shouldn't be mislead about the degree of
> anonymity they have. The applications being envisioned are dangerous.
>
> Sincerely,
> Watson Ladd
>
> On Mon, Jul 22, 2024, 6:51 PM Wayne Chang <wayne@spruceid.com> wrote:
>
>> Hi Watson,
>>
>> Here’s an approach based on TEEs that can in theory create unlinkability
>> for things like mdocs and SD-JWTs while also conforming to FIPS 140-2/-3.
>> No new crypto, and PQC-friendly.
>>
>>
>> https://blog.spruceid.com/provably-forgotten-signatures-adding-privacy-to-digital-identity/
>>
>> Best,
>> - Wayne
>>
>> On Mon, Jul 22, 2024 at 16:26 Watson Ladd <watsonbladd@gmail.com> wrote:
>>
>>>
>>>
>>> On Mon, Jul 22, 2024, 3:30 PM John Bradley <ve7jtb@ve7jtb.com> wrote:
>>>
>>>> I agree that single-use proof keys and batch issuance are a must.
>>>>
>>>> Issuer verifier collusion is admittedly a problem.   To address that we
>>>> do need different cryptographic methods.
>>>>
>>>> MDOC also has the same issue.
>>>>
>>>> We should document the risk, but short of stopping EUID and mobile
>>>> driver's license deployment, we have limited options.
>>>>
>>>
>>> The problem only appears when the drivers license or EUID is used in a
>>> way that makes the user think their data is private. You don't have to
>>> support UX that lies to the user.
>>>
>>>
>>>> Hopefully, we can make quick progress on JWP.
>>>>
>>>> John B.
>>>>
>>>> On Mon, Jul 22, 2024 at 2:14 PM Watson Ladd <watsonbladd@gmail.com>
>>>> wrote:
>>>>
>>>>> Dear Oauth,
>>>>>
>>>>> I'm disappointed to see SD-JWT work continue with inadequate privacy
>>>>> considerations. The fact is an Issuer can link any showings to
>>>>> issuance of the credential. This is not foregrounded sufficiently in
>>>>> privacy considerations, nor do we discuss how to ensure users are
>>>>> aware. We really need to use more RFC 2119 language and highlight
>>>>> these issues. Section 11.1 about local storage which has never been an
>>>>> IETF concern before is far more prescriptive than 11.4, and that's not
>>>>> a good thing. To be clear, the threat model must include an issuer
>>>>> that is a government issuing credentials that if used to verify age on
>>>>> certain websites or via a digital wallet on site, and learned about by
>>>>> the issuer who may have access to data from the site, will result in
>>>>> imprisonment or execution. This is not a hypothetical scenario.
>>>>>
>>>>> Users and UX designers will have intuitions that do not match the
>>>>> reality and that result in bad decisions being made. That's on us. A
>>>>> driver's license doesn't leave a trace of where you showed it, but the
>>>>> SD-JWT does.
>>>>>
>>>>> At a minimum I think we mandate batch issuance and one time usage
>>>>> using RFC 2119 language. We need to say in clear, unambiguous English
>>>>> that this mechanism enables an issuer to connect every presentation of
>>>>> a credential to the issuance.
>>>>>
>>>>> Sincerely,
>>>>> Watson Ladd
>>>>>
>>>>> --
>>>>> Astra mortemque praestare gradatim
>>>>>
>>>>> _______________________________________________
>>>>> OAuth mailing list -- oauth@ietf.org
>>>>> To unsubscribe send an email to oauth-leave@ietf.org
>>>>>
>>>> _______________________________________________
>>> OAuth mailing list -- oauth@ietf.org
>>> To unsubscribe send an email to oauth-leave@ietf.org
>>>
>>

v2.35.0 | Report a Bug | By Email | System Status