Re: [OAUTH-WG] on PKCE for CSRF prevention instead of state parameter
Daniel Fett <danielf+oauth@yes.com> Thu, 11 April 2019 12:27 UTC
Return-Path: <danielf+oauth@yes.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 391571201C7 for <oauth@ietfa.amsl.com>; Thu, 11 Apr 2019 05:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yes.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CLRgTGYfXvL6 for <oauth@ietfa.amsl.com>; Thu, 11 Apr 2019 05:27:42 -0700 (PDT)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2652D120048 for <oauth@ietf.org>; Thu, 11 Apr 2019 05:27:42 -0700 (PDT)
Received: by mail-wm1-x331.google.com with SMTP id a184so6482330wma.2 for <oauth@ietf.org>; Thu, 11 Apr 2019 05:27:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yes.com; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=Bk6D5TxtbnEpJrPJfw0D24RGBRTKoy2xIt2z6FD3k/0=; b=tL/bMdJ1MiOzvvs9hdFwBRRzp9ITBL0CPTlhyXQB3KVRYo1dNGXjaboVvboItecT7b 2kN4hAEGOAaGjzsPVU85DNvqcGw/mddgnb0mG+iHSirNxws4QAjvhygYFUj4XTWoBveu daM3usxH/TBmTUbrRI+58FJFyoJjRnNCgCbekVrtKw6EjPlX0a5mhhtlUiUs6sF6YFMc 9BAuW3QyQKenkqiuJFdK8Lu6HA1AXs9nbPwdbsGcIJk/Q0R7IJx/L/YK+OEJwt7Nw1gr 2ZsJU+e/KY9sXnaXZZxHR81+8gO8VZAvpE6wv61dE2ptrBljROZhEwTwFwMRCfk7Ond3 OMNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=Bk6D5TxtbnEpJrPJfw0D24RGBRTKoy2xIt2z6FD3k/0=; b=fSn5XNixGBL5HQ7h+Zgkk8n4zXgE7r0oZi5geeuJ7nG6C7dZuyqgAk4olh8d2CLpnu METKCJQCfqdFxnRlUWWkXxe2a5u2u6b3TkqU0P8d83AhTLXyCKGguYVlpnDYLU1GW4Uo NbaSftC71GszhzpN2d9wx/6jLI6v2RdCAsj12RD/Gqo5DCX3hCO8RNJUbc9Hf2k5p7kD k8We4w+TTQFNuSfc7sapSgQKsEJ98I0f5sscl90G3JqQnqe0NE9moHU4vf1lbaob4Ksz 77V5o4x+s+4KGhsRVm2b/1NcY7oWI9m/HAjWwI9VjNyJo0sMjdiWZLBl7jO6vQ5EGyCB LJLA==
X-Gm-Message-State: APjAAAWM59dRdm7fZc31Smw4W/upsc/MXuUtCxZ+HmBW7PRDDTmV8Oqv sG3P8L9g8dj0jPb+O9Ieguy/GCCt6Yw=
X-Google-Smtp-Source: APXvYqxMJZ+UjkND8qNPsmquF+7rarcTbSyoyLCDQwRIvO3FADpBTnmIRUtPfiDN85NXst6V8Ds/HA==
X-Received: by 2002:a1c:658a:: with SMTP id z132mr6569962wmb.92.1554985660128; Thu, 11 Apr 2019 05:27:40 -0700 (PDT)
Received: from ?IPv6:2003:c1:4f3b:1400:5065:45ab:802c:3ea5? (p200300C14F3B1400506545AB802C3EA5.dip0.t-ipconnect.de. [2003:c1:4f3b:1400:5065:45ab:802c:3ea5]) by smtp.gmail.com with ESMTPSA id r16sm27861160wrx.37.2019.04.11.05.27.38 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Apr 2019 05:27:39 -0700 (PDT)
To: oauth@ietf.org
References: <CALAqi_8oZjXri+wKei-fUW+O5YaJQTsTFDUJhE7z9xAGJ=dyjw@mail.gmail.com>
From: Daniel Fett <danielf+oauth@yes.com>
Message-ID: <08ab4caa-922f-c8f3-67ed-56e10611946e@yes.com>
Date: Thu, 11 Apr 2019 14:27:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CALAqi_8oZjXri+wKei-fUW+O5YaJQTsTFDUJhE7z9xAGJ=dyjw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------DB0849387CD93429E77957B7"
Content-Language: de-DE
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/FbBWT-HcpI6ikaJUQws16Dxpwo0>
Subject: Re: [OAUTH-WG] on PKCE for CSRF prevention instead of state parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 12:27:45 -0000
Hi Filip, This is an important point that you raise here. In an ideal world, the client would be able to learn whether the AS supports PKCE or not. My proposal for a normative text would be this: --- If PKCE [@RFC7636] is used by the client and the authorization server supports PKCE, clients MAY opt to not use state for protection against Cross-Site Request Forgery, as such protection is provided by PKCE. In this case, state MAY be used again for its original purpose, namely transporting data about the application state of the client. It is important to note that: * If state is used for carrying application state, and integrity of its contents is a concern, clients MUST protect state against tampering and swapping. This can be achieved by binding the contents of state to the browser session and/or signed/encrypted state values [@I-D.bradley-oauth-jwt-encoded-state]. * There is no defined mechanism for clients to detect whether an authorization server supports PKCE or not. Clients that use PKCE despite the authorization server not supporting it will not receive any indication of the lack of support for PKCE. If the authorization server does not support PKCE, state MUST be used for CSRF protection. --- - Daniel Am 11.04.19 um 13:35 schrieb Filip Skokan: > In Prague we've seen and talked about this point from Torsten's deck > <https://datatracker.ietf.org/meeting/104/materials/slides-104-oauth-sessa-security-topics-00> > > > Use PKCE for CSRF prevention instead of state parameter > > * PKCE is mandatory now and can fulfill this additional task > * Simplifies recommendations and makes state available again for > original purpose (carry client transaction data) > > > While PKCE is now the suggested countermeasure to some attacks and is > to be used by Clients it's not yet mandatory to be implemented by the > AS and the client has no way of knowing for sure if it's implemented > (due to how PKCE is defined as backwards compatible to clients when AS > is missing its support). > > Since at no point in time does the client receive anything from the AS > suggesting that PKCE is in effect, is this a wise recommendation to > make in the current form? Some might interpret this as if they don't > need state to carry any client transaction data they might as well > just use PKCE and omit state altogether altho the server does not > support PKCE. > > S pozdravem, > *Filip Skokan* > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] on PKCE for CSRF prevention instead of… Filip Skokan
- Re: [OAUTH-WG] on PKCE for CSRF prevention instea… Daniel Fett