IETF Logo Mail Archive

Re: [OAUTH-WG] WGLC for DPoP Document

Daniel Fett <fett@danielfett.de> Tue, 29 March 2022 13:13 UTC

Return-Path: <fett@danielfett.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92BFC3A077F for <oauth@ietfa.amsl.com>; Tue, 29 Mar 2022 06:13:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=danielfett.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdHh0wIUULJH for <oauth@ietfa.amsl.com>; Tue, 29 Mar 2022 06:13:38 -0700 (PDT)
Received: from d3f.me (redstone.d3f.me [5.9.29.41]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E273A183C for <oauth@ietf.org>; Tue, 29 Mar 2022 06:13:38 -0700 (PDT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by d3f.me (Postfix) with ESMTPA id AC8691E106 for <oauth@ietf.org>; Tue, 29 Mar 2022 13:13:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1648559615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8kkLIrVAZgYWd4fzHN01CULKcfCr1bXQTR6UpIclwW8=; b=BzaPh0AL1A1HPN0dvCkE9DS29VcVniR6Env6pOGWWeaYxBGwWZBlxJPMz/Cy5jAUJaPtLc 7gGuJnZjVklFiWxvQfwRP3u3+ukEMGejSJOb0pBRyX07m5xHE8RFyoWrL9Y3mbwfQRe7mF dnS+T5GywluTXDbC45tSXcTtyp2c2vg=
Content-Type: multipart/alternative; boundary="------------HNNMZBi0P3v0ucWs3t5koYod"
Message-ID: <3b0fbfe6-f043-5c93-ace5-ad448c4cdb55@danielfett.de>
Date: Tue, 29 Mar 2022 15:13:35 +0200
MIME-Version: 1.0
Content-Language: de-DE
To: oauth@ietf.org
References: <CADNypP-_WxX62=LrieDEZYOFec3UAd2FMmnWsfiNu1Zmots+Pg@mail.gmail.com> <73015e12-337d-5853-91cc-455b39c97921@free.fr> <CAHsNOKdh5UN333CkQFLZVkOpWeyPYjr8JTmU9XBzk6EgiCEWOQ@mail.gmail.com> <F455136A-2961-4043-8CA2-786AE91D5C10@mit.edu>
From: Daniel Fett <fett@danielfett.de>
In-Reply-To: <F455136A-2961-4043-8CA2-786AE91D5C10@mit.edu>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1648559615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8kkLIrVAZgYWd4fzHN01CULKcfCr1bXQTR6UpIclwW8=; b=f2jqvirJFlmZZc6/26Of+0NpL0N/5PiGisGKnze1ajwuM5iElbZvTE1ng5Jtm80XbD7x90 O6O98lJ0FsyrUTv7fMd7SSWUegcb5aI84l+bNW48kdxbtIWTb7XH+uYlFGYt0DsWWtIqWY UQPF4m+VvRVqrcL1R0tKf0QvgEbm010=
ARC-Seal: i=1; s=dkim; d=danielfett.de; t=1648559615; a=rsa-sha256; cv=none; b=E4ksNcRS8jI0tceWriL6txXZt8QrRB/xjWmr8ciAzk00F/jUtbbS/vJrSv0KshbxVkZbtO lBI/qjiOQx5L1kTMWXkODDmHpBS1Y/W/8zEZ9OEml5PWOE0skxDz0vUllszW5PWbsY7KJa f1/iOwsSitKEe7s/w+H3ZALnt91qfsA=
ARC-Authentication-Results: i=1; d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
Authentication-Results: d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
X-Spamd-Bar: ---
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/D62u209bpATIfgPpmi3g0Pe1uCY>
Subject: Re: [OAUTH-WG] WGLC for DPoP Document
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2022 13:13:44 -0000

+1

Am 29.03.22 um 15:10 schrieb Justin Richer:
> And this is exactly the problem with the “collaborating clients” 
> attack, as has been pointed out any number of times it’s been brought 
> up before. If two clients are willingly collaborating in this way, 
> they do not need to share any cryptographic material and impersonate 
> each other.
>
> You don’t need to steal my license if I’m willing to just go buy you beer.
>
> The DPoP draft does address signed request re-use, which some see as a 
> feature to be carefully applied.
>
>  — Justin
>
>> On Mar 28, 2022, at 1:04 PM, Steinar Noem <steinar@udelt.no> wrote:
>>
>> Interesting, but won't two collaborating clients just pass any data 
>> they want to each other? Why would these collaborating clients go 
>> through the trouble of exchanging private keys, dpop proofs or 
>> tokens? Could you elaborate some more on the scenario?
>>
>> S
>>
>> man. 28. mar. 2022 kl. 16:29 skrev Denis <denis.ietf@free.fr>:
>>
>>     Rifaat & Hannes,
>>
>>     Hereafter are my comments:
>>
>>     The introduction states :
>>
>>            Recipients of such tokens are then able to verify the
>>     binding of the token to the key pair thatthe client has demonstrated
>>            that it holds via the DPoP header, thereby providing some
>>     assurance that the client presenting the token also possesses the
>>     private key.
>>
>>            In other words, the legitimate presenter of the token is
>>     constrained to be the sender that holds and can prove possession
>>     of the private part of the key pair.
>>
>>     The client presenting the token *does not necessarily possess the
>>     private key*. The client presenting the token has been able to use
>>     the results of some cryptographic functions using the private
>>     part of the key pair.
>>
>>     These results may be communicated by one client to another
>>     client, if the two clients agree to collaborate. This statement
>>     will be added later on.
>>
>>     Proposed rewording:
>>
>>            Recipients of such tokens are then able to verify the
>>     binding of the token to the key pair thatthe client has demonstrated
>>            that it holds via the DPoP header, thereby providing some
>>     assurance that the client presenting the token *either *also
>>     possesses
>>            the private key *or* has been able to use the result of
>>     cryptographic computations from another client that possesses the
>>     private key.
>>
>>            In other words, the presenter of the token can prove that
>>     it has been able to use the results of cryptographic computations
>>     performed
>>            by using the private part of the key pair.
>>
>>     The objectives states
>>
>>            The primary aim of DPoP is to prevent unauthorized or
>>     illegitimate parties from using leaked or stolen access tokens,
>>            by binding a token to a public key upon issuance and
>>     requiring that the client proves possession of the corresponding
>>            private key when using the token.
>>
>>     DPoP does not prevent unauthorized or illegitimate parties from
>>     using access tokens, as soon as two clients agree to collaborate.
>>
>>     Proposed rewording:
>>
>>            The primary aim of DPoP is to bind a token to a public key
>>     upon issuance and requiring that the client proves possession
>>            of the corresponding private key when using the token.This
>>     does not demonstrate that the client presenting the token is
>>            necessarily the legitimate client. In the case of
>>     non-collaborating clients, DPoP prevents unauthorized or
>>     illegitimate parties
>>            from using leaked or stolen access tokens. In the case of
>>     collaborating clients, the security of DPoP is ineffective
>>            (see section 11.X).
>>
>>     Section 11 is about "Security Considerations" and addresses the
>>     following topics:
>>
>>     11.1.DPoP Proof Replay
>>     11.2.DPoP Proof Pre-Generation
>>     11.3.DPoP Nonce Downgrade
>>     11.4.Untrusted Code in the Client Context
>>     11.5.Signed JWT Swapping
>>     11.6.Signature Algorithms
>>     11.7.Message Integrity
>>     11.8.Access Token and Public Key Binding
>>     11.9.Authorization Code and Public Key Binding
>>
>>     The case of collaborative clients should be addressed within
>>     section 11.
>>
>>     Text proposal.
>>
>>     11.X. Collaborative clients
>>
>>                 DPoP demonstrates that the client presenting the
>>     token has been able to use the results of some cryptographic
>>     functions
>>     using the private part of the key pair.
>>
>>     If a client agrees to collaborate with another client, the
>>     security of DPoP is no longer effective.When two clients agree to
>>     collaborate,
>>     these results of the cryptographic computations performed by one
>>     client may be communicated to another client.
>>
>>     Even if the private key used for DPoP is stored in such a way
>>     that it cannot be exported, e.g., in a hardware or software
>>     security module,
>>     the client can perform all the cryptographic computations needed
>>     by the other client to create DPoP proofs.
>>
>>     The client can easily create new DPoP proofs as long as the other
>>     client is online.
>>
>>     Note: There exist other techniques able to limit, in some cases,
>>     the use of a token transmitted voluntarily by a legitimate client
>>                           to an illegitimate client.
>>
>>     Denis
>>
>>
>>>     All,
>>>
>>>     As discussed during the IETF meeting in *Vienna* last week, this
>>>     is a *WG Last Call *for the *DPoP* document:
>>>     https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
>>>
>>>     Please, provide your feedback on the mailing list by April 11th.
>>>
>>>     Regards,
>>>      Rifaat & Hannes
>>>
>>>
>>>     _______________________________________________
>>>     OAuth mailing list
>>>     OAuth@ietf.org
>>>     https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>     _______________________________________________
>>     OAuth mailing list
>>     OAuth@ietf.org
>>     https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> -- 
>> Vennlig hilsen
>>
>> Steinar Noem
>> Partner Udelt AS
>> Systemutvikler
>> | steinar@udelt.no <mailto:steinar@udelt.no> | hei@udelt.no  | +47 
>> 955 21 620 | www.udelt.no <http://www.udelt.no/> |
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
https://danielfett.de

v2.23.0 | Report a Bug | By Email