Re: [OAUTH-WG] WGLC for DPoP Document
Daniel Fett <fett@danielfett.de> Tue, 29 March 2022 13:13 UTC
Return-Path: <fett@danielfett.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92BFC3A077F for <oauth@ietfa.amsl.com>; Tue, 29 Mar 2022 06:13:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=danielfett.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdHh0wIUULJH for <oauth@ietfa.amsl.com>; Tue, 29 Mar 2022 06:13:38 -0700 (PDT)
Received: from d3f.me (redstone.d3f.me [5.9.29.41]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E273A183C for <oauth@ietf.org>; Tue, 29 Mar 2022 06:13:38 -0700 (PDT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by d3f.me (Postfix) with ESMTPA id AC8691E106 for <oauth@ietf.org>; Tue, 29 Mar 2022 13:13:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1648559615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8kkLIrVAZgYWd4fzHN01CULKcfCr1bXQTR6UpIclwW8=; b=BzaPh0AL1A1HPN0dvCkE9DS29VcVniR6Env6pOGWWeaYxBGwWZBlxJPMz/Cy5jAUJaPtLc 7gGuJnZjVklFiWxvQfwRP3u3+ukEMGejSJOb0pBRyX07m5xHE8RFyoWrL9Y3mbwfQRe7mF dnS+T5GywluTXDbC45tSXcTtyp2c2vg=
Content-Type: multipart/alternative; boundary="------------HNNMZBi0P3v0ucWs3t5koYod"
Message-ID: <3b0fbfe6-f043-5c93-ace5-ad448c4cdb55@danielfett.de>
Date: Tue, 29 Mar 2022 15:13:35 +0200
MIME-Version: 1.0
Content-Language: de-DE
To: oauth@ietf.org
References: <CADNypP-_WxX62=LrieDEZYOFec3UAd2FMmnWsfiNu1Zmots+Pg@mail.gmail.com> <73015e12-337d-5853-91cc-455b39c97921@free.fr> <CAHsNOKdh5UN333CkQFLZVkOpWeyPYjr8JTmU9XBzk6EgiCEWOQ@mail.gmail.com> <F455136A-2961-4043-8CA2-786AE91D5C10@mit.edu>
From: Daniel Fett <fett@danielfett.de>
In-Reply-To: <F455136A-2961-4043-8CA2-786AE91D5C10@mit.edu>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1648559615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8kkLIrVAZgYWd4fzHN01CULKcfCr1bXQTR6UpIclwW8=; b=f2jqvirJFlmZZc6/26Of+0NpL0N/5PiGisGKnze1ajwuM5iElbZvTE1ng5Jtm80XbD7x90 O6O98lJ0FsyrUTv7fMd7SSWUegcb5aI84l+bNW48kdxbtIWTb7XH+uYlFGYt0DsWWtIqWY UQPF4m+VvRVqrcL1R0tKf0QvgEbm010=
ARC-Seal: i=1; s=dkim; d=danielfett.de; t=1648559615; a=rsa-sha256; cv=none; b=E4ksNcRS8jI0tceWriL6txXZt8QrRB/xjWmr8ciAzk00F/jUtbbS/vJrSv0KshbxVkZbtO lBI/qjiOQx5L1kTMWXkODDmHpBS1Y/W/8zEZ9OEml5PWOE0skxDz0vUllszW5PWbsY7KJa f1/iOwsSitKEe7s/w+H3ZALnt91qfsA=
ARC-Authentication-Results: i=1; d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
Authentication-Results: d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
X-Spamd-Bar: ---
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/D62u209bpATIfgPpmi3g0Pe1uCY>
Subject: Re: [OAUTH-WG] WGLC for DPoP Document
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2022 13:13:44 -0000
+1 Am 29.03.22 um 15:10 schrieb Justin Richer: > And this is exactly the problem with the “collaborating clients” > attack, as has been pointed out any number of times it’s been brought > up before. If two clients are willingly collaborating in this way, > they do not need to share any cryptographic material and impersonate > each other. > > You don’t need to steal my license if I’m willing to just go buy you beer. > > The DPoP draft does address signed request re-use, which some see as a > feature to be carefully applied. > > — Justin > >> On Mar 28, 2022, at 1:04 PM, Steinar Noem <steinar@udelt.no> wrote: >> >> Interesting, but won't two collaborating clients just pass any data >> they want to each other? Why would these collaborating clients go >> through the trouble of exchanging private keys, dpop proofs or >> tokens? Could you elaborate some more on the scenario? >> >> S >> >> man. 28. mar. 2022 kl. 16:29 skrev Denis <denis.ietf@free.fr>: >> >> Rifaat & Hannes, >> >> Hereafter are my comments: >> >> The introduction states : >> >> Recipients of such tokens are then able to verify the >> binding of the token to the key pair thatthe client has demonstrated >> that it holds via the DPoP header, thereby providing some >> assurance that the client presenting the token also possesses the >> private key. >> >> In other words, the legitimate presenter of the token is >> constrained to be the sender that holds and can prove possession >> of the private part of the key pair. >> >> The client presenting the token *does not necessarily possess the >> private key*. The client presenting the token has been able to use >> the results of some cryptographic functions using the private >> part of the key pair. >> >> These results may be communicated by one client to another >> client, if the two clients agree to collaborate. This statement >> will be added later on. >> >> Proposed rewording: >> >> Recipients of such tokens are then able to verify the >> binding of the token to the key pair thatthe client has demonstrated >> that it holds via the DPoP header, thereby providing some >> assurance that the client presenting the token *either *also >> possesses >> the private key *or* has been able to use the result of >> cryptographic computations from another client that possesses the >> private key. >> >> In other words, the presenter of the token can prove that >> it has been able to use the results of cryptographic computations >> performed >> by using the private part of the key pair. >> >> The objectives states >> >> The primary aim of DPoP is to prevent unauthorized or >> illegitimate parties from using leaked or stolen access tokens, >> by binding a token to a public key upon issuance and >> requiring that the client proves possession of the corresponding >> private key when using the token. >> >> DPoP does not prevent unauthorized or illegitimate parties from >> using access tokens, as soon as two clients agree to collaborate. >> >> Proposed rewording: >> >> The primary aim of DPoP is to bind a token to a public key >> upon issuance and requiring that the client proves possession >> of the corresponding private key when using the token.This >> does not demonstrate that the client presenting the token is >> necessarily the legitimate client. In the case of >> non-collaborating clients, DPoP prevents unauthorized or >> illegitimate parties >> from using leaked or stolen access tokens. In the case of >> collaborating clients, the security of DPoP is ineffective >> (see section 11.X). >> >> Section 11 is about "Security Considerations" and addresses the >> following topics: >> >> 11.1.DPoP Proof Replay >> 11.2.DPoP Proof Pre-Generation >> 11.3.DPoP Nonce Downgrade >> 11.4.Untrusted Code in the Client Context >> 11.5.Signed JWT Swapping >> 11.6.Signature Algorithms >> 11.7.Message Integrity >> 11.8.Access Token and Public Key Binding >> 11.9.Authorization Code and Public Key Binding >> >> The case of collaborative clients should be addressed within >> section 11. >> >> Text proposal. >> >> 11.X. Collaborative clients >> >> DPoP demonstrates that the client presenting the >> token has been able to use the results of some cryptographic >> functions >> using the private part of the key pair. >> >> If a client agrees to collaborate with another client, the >> security of DPoP is no longer effective.When two clients agree to >> collaborate, >> these results of the cryptographic computations performed by one >> client may be communicated to another client. >> >> Even if the private key used for DPoP is stored in such a way >> that it cannot be exported, e.g., in a hardware or software >> security module, >> the client can perform all the cryptographic computations needed >> by the other client to create DPoP proofs. >> >> The client can easily create new DPoP proofs as long as the other >> client is online. >> >> Note: There exist other techniques able to limit, in some cases, >> the use of a token transmitted voluntarily by a legitimate client >> to an illegitimate client. >> >> Denis >> >> >>> All, >>> >>> As discussed during the IETF meeting in *Vienna* last week, this >>> is a *WG Last Call *for the *DPoP* document: >>> https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ >>> >>> Please, provide your feedback on the mailing list by April 11th. >>> >>> Regards, >>> Rifaat & Hannes >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> -- >> Vennlig hilsen >> >> Steinar Noem >> Partner Udelt AS >> Systemutvikler >> | steinar@udelt.no <mailto:steinar@udelt.no> | hei@udelt.no | +47 >> 955 21 620 | www.udelt.no <http://www.udelt.no/> | >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- https://danielfett.de
- [OAUTH-WG] WGLC for DPoP Document Rifaat Shekh-Yusef
- Re: [OAUTH-WG] WGLC for DPoP Document Denis
- Re: [OAUTH-WG] WGLC for DPoP Document Steinar Noem
- Re: [OAUTH-WG] WGLC for DPoP Document Denis
- Re: [OAUTH-WG] WGLC for DPoP Document David Waite
- Re: [OAUTH-WG] WGLC for DPoP Document Justin Richer
- Re: [OAUTH-WG] WGLC for DPoP Document Daniel Fett
- Re: [OAUTH-WG] WGLC for DPoP Document Denis
- Re: [OAUTH-WG] WGLC for DPoP Document Roberto Polli
- Re: [OAUTH-WG] WGLC for DPoP Document Justin Richer
- Re: [OAUTH-WG] WGLC for DPoP Document Denis
- Re: [OAUTH-WG] WGLC for DPoP Document Justin Richer
- Re: [OAUTH-WG] WGLC for DPoP Document Denis
- Re: [OAUTH-WG] WGLC for DPoP Document Hans Zandbelt
- [OAUTH-WG] WGLC for DPoP Document: new thread abo… Denis
- Re: [OAUTH-WG] WGLC for DPoP Document: new thread… Hans Zandbelt
- Re: [OAUTH-WG] WGLC for DPoP Document Mike Jones
- Re: [OAUTH-WG] WGLC for DPoP Document: new thread… Denis
- Re: [OAUTH-WG] WGLC for DPoP Document David Waite
- Re: [OAUTH-WG] WGLC for DPoP Document Steinar Noem
- Re: [OAUTH-WG] WGLC for DPoP Document Daniel Fett
- Re: [OAUTH-WG] WGLC for DPoP Document Dave Tonge
- Re: [OAUTH-WG] WGLC for DPoP Document Steinar Noem
- Re: [OAUTH-WG] WGLC for DPoP Document Torsten Lodderstedt
- Re: [OAUTH-WG] WGLC for DPoP Document Warren Parad
- Re: [OAUTH-WG] WGLC for DPoP Document Pieter Kasselman
- [OAUTH-WG] Fwd: WGLC for DPoP Document Neil Madden
- Re: [OAUTH-WG] WGLC for DPoP Document Vladimir Dzhuvinov
- Re: [OAUTH-WG] WGLC for DPoP Document Nat Sakimura
- Re: [OAUTH-WG] WGLC for DPoP Document John Bradley
- Re: [OAUTH-WG] WGLC for DPoP Document Brian Campbell
- Re: [OAUTH-WG] WGLC for DPoP Document Brian Campbell