[OAUTH-WG] Mix-Up Revisited
Daniel Fett <fett@danielfett.de> Mon, 04 May 2020 17:35 UTC
Return-Path: <fett@danielfett.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 383A73A0DC4 for <oauth@ietfa.amsl.com>; Mon, 4 May 2020 10:35:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=danielfett.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5jWa3lNYRqL6 for <oauth@ietfa.amsl.com>; Mon, 4 May 2020 10:35:49 -0700 (PDT)
Received: from d3f.me (redstone.d3f.me [5.9.29.41]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE3953A0DC0 for <oauth@ietf.org>; Mon, 4 May 2020 10:34:58 -0700 (PDT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by d3f.me (Postfix) with ESMTPA id AF6331902 for <oauth@ietf.org>; Mon, 4 May 2020 17:34:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1588613696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=VKfHWKj2qRYvSwFR4Iji66ABOB0BznRwmQaMqvScMFk=; b=MiCUOhiQFUzS+Gi+xnEZyn9dmHcqKkLi4WbrauULrKBdmwQ7n+NEfJ/rVmk+wOPcBPQ/fT vbr8JFtim58LUet69Mvs/imqxpx98ZAO5gmPkQRs+6MFZTQ+aD6tgYtzMqywjKAW1vP1X2 H4+yxZtVkFRWkggrqkNZ2q44bxwc5vo=
To: oauth@ietf.org
From: Daniel Fett <fett@danielfett.de>
Message-ID: <101390f1-0d6e-e5fe-861b-4d7e9b7816dd@danielfett.de>
Date: Mon, 04 May 2020 19:34:56 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------ADF0DA7AF487FD566E4ED30D"
Content-Language: de-DE
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=dkim; t=1588613696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=VKfHWKj2qRYvSwFR4Iji66ABOB0BznRwmQaMqvScMFk=; b=ipJ07YpHZziZhTc6U31U0g+TgnvW7HJdt7qPlMSJ31xi6twUS4zAd9M6Tmv4ZcySUXfm6g 2Bovjv1Hv0FcD4qwFrujLCh29SuJGhlI4z1vqbQZjcvSEZSfFrd3Q0p8RSq/3frs1kjwbR 6SP3RWWzVwvrvlH8DnznwbqDDvw8Zus=
ARC-Seal: i=1; s=dkim; d=danielfett.de; t=1588613696; a=rsa-sha256; cv=none; b=iCgGgQHIuQp5uEUnBJ99cLH1UKYRg28Vc+qTMXZf/oahn5ERHUQxt9wbfxTwk5mY6HWWsd wS2sUw/kT0RLtg4/r3auKFbdlNuRBlk+W7KcJxLQzOPYTA0uYBKFE0/tWtiqvs4eVSsXqz b6BkCmNyskJ0P95H7r0mple4o+pbIwE=
ARC-Authentication-Results: i=1; d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
Authentication-Results: d3f.me; auth=pass smtp.auth=fett@danielfett.de smtp.mailfrom=fett@danielfett.de
X-Spamd-Bar: /
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/DQR2ZXtGKfa-8UGtuPYyZoAaBIc>
Subject: [OAUTH-WG] Mix-Up Revisited
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 17:35:51 -0000
Hi all, to make substantiated recommendations for FAPI 2.0, the security considerations for PAR, and the security BCP, I did another analysis on the threats that arise from mix-up attacks. I was interested in particular in two questions: * Does PAR help preventing mix-up attacks? * Do we need JARM to prevent mix-up attacks? I wrote down several attack variants and configurations in the following document: https://danielfett.github.io/notes/oauth/Mix-Up%20Revisited.html The key takeaways are: 1. The security BCP needs to make clear that per-*AS* redirect URIs are only sufficient if OAuth Metadata is not used to resolve multiple issuers. Otherwise, per-*Issuer* redirect URIs or the iss parameter MUST be used. 2. PAR-enabled authorization servers can protect the integrity better and protect against Mix-Up Attacks better if they ONLY accept PAR requests. 3. We should emphasize the importance of the iss parameter (or issuer) in the authorization response. Maybe introduce this parameter in the security BCP or another document? 4. Sender-constrained access tokens help against mix-up attacks when the access token is targeted. 5. Sender-constraining the authorization code (PAR + PAR-DPoP?) might be worth looking into. I would like to hear your thoughts! -Daniel
- [OAUTH-WG] Mix-Up Revisited Daniel Fett
- Re: [OAUTH-WG] Mix-Up Revisited Daniel Fett
- Re: [OAUTH-WG] Mix-Up Revisited Brian Campbell
- Re: [OAUTH-WG] [EXTERNAL] Re: Mix-Up Revisited Mike Jones
- Re: [OAUTH-WG] [EXTERNAL] Re: Mix-Up Revisited Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] [EXTERNAL] Re: Mix-Up Revisited Torsten Lodderstedt
- Re: [OAUTH-WG] [EXTERNAL] Re: Mix-Up Revisited Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] [EXTERNAL] Re: Mix-Up Revisited Torsten Lodderstedt