Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation Draft
Paul Madsen <paul.madsen@gmail.com> Fri, 22 January 2016 19:00 UTC
Return-Path: <paul.madsen@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E4011B2BFB for <oauth@ietfa.amsl.com>; Fri, 22 Jan 2016 11:00:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P_DIZEKWwaph for <oauth@ietfa.amsl.com>; Fri, 22 Jan 2016 11:00:17 -0800 (PST)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449531B2BFE for <oauth@ietf.org>; Fri, 22 Jan 2016 11:00:17 -0800 (PST)
Received: by mail-qk0-x22a.google.com with SMTP id o6so32420464qkc.2 for <oauth@ietf.org>; Fri, 22 Jan 2016 11:00:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=Cg/1+af7bPE+NR61I5gDjaupPKAvTncTNNush9n82pc=; b=qAdhVhc3dRwiFIZGs/9ZMlpBudT8Xp2lOD6U4WNm951D6jrmpnnWEZrhVDni2jC3X5 947fhR9O5P6YcDAImB79ZBAYotcEYeb+VPOozZ1rgd4wEktqgmZF+onrCc70lzRfBH2U 4hPDMNvJQ/Y4wyk9Pkm+Vrz+HSKDIed4O2usw1i46FXG7b+iLmFY9zjvFV3K8zc0UVFY D2N7nvp4BmQnPeuLiNv60Ng3MCxkwZSXxDncsNHOHiE6+lNxf/7bmN+CPhT2fi3CXvha RcuXE4uuL40VS6p2tgyiM4t9fYu/zCvhuTrhWzsyP1kgMAIno5w05TG/MLyqaSvcBiKj 02ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type; bh=Cg/1+af7bPE+NR61I5gDjaupPKAvTncTNNush9n82pc=; b=j0n1qvOeuUNf6GzZynKV71lvKGn5RXI1tNnRg1UYMCzZext2IZUdDuF0/0e43I5rfi s3RqJnsA0EXCt+W40Gq0AL9j9NAeVLor7IxOxONL8LZN+5sbSKIgUD9sxOfTkz9dlpgV Wri8ljAHiqrjtY4ShNVF1T75GETKRPOpq4RJJ49km+UWmKr3WaVBRcnEWJt3fXvlpjD7 ylT5YWTEWA+MwjkkJAfXNTFW0zBcbjPNAfJTtESkqd/1QVKf8zHQqrE8YcGki41loduE b1YB8zlQu+XcByZpKTJi1jMsSnPeczFq/w+4TDvGL6G0Aso88QLe4pq50J/lA7IORRck vKPQ==
X-Gm-Message-State: AG10YOQy7bdG/gV7RXf3Kt45qcuzyxvZiJhCGBFQIkktly0cZ76Jhx6+InUYbi0zvIbONg==
X-Received: by 10.55.73.85 with SMTP id w82mr5792066qka.52.1453489216334; Fri, 22 Jan 2016 11:00:16 -0800 (PST)
Received: from [192.168.1.65] (CPE84948c5cbf81-CM84948c5cbf80.cpe.net.cable.rogers.com. [99.224.83.138]) by smtp.googlemail.com with ESMTPSA id 136sm3292116qhx.49.2016.01.22.11.00.14 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jan 2016 11:00:15 -0800 (PST)
To: John Bradley <ve7jtb@ve7jtb.com>, David Waite <david@alkaline-solutions.com>
References: <BY2PR03MB442662C73E3904E73D9B9EFF5C30@BY2PR03MB442.namprd03.prod.outlook.com> <2EB9855D-BAB2-4B90-B649-F1B24B8834EC@alkaline-solutions.com> <DC542E43-8D0B-4728-AB46-AC70F190D8AD@ve7jtb.com> <80218A07-9D37-42A3-B90A-56AEDBC3A86C@alkaline-solutions.com> <CAANoGhJT8j0ZO09kBJHpg+QVkFi-RuoA42Rb+zd698aC9AmLUw@mail.gmail.com> <CAAP42hCzVtXiECAZzaU-YEQe01BPbOc6OTL-u=PLQkxdsYeSfQ@mail.gmail.com> <56A260B6.4060302@aol.com> <478C8683-0E47-43E7-A7F3-75F89AB1DCDA@alkaline-solutions.com> <EB5584D0-33AD-4CEB-8A51-D30A4D57B7BE@ve7jtb.com>
From: Paul Madsen <paul.madsen@gmail.com>
Message-ID: <56A27C3E.2070301@gmail.com>
Date: Fri, 22 Jan 2016 14:00:14 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <EB5584D0-33AD-4CEB-8A51-D30A4D57B7BE@ve7jtb.com>
Content-Type: multipart/alternative; boundary="------------030507090708020407090103"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/G1nDEGaLNYJ0hc9nfmkGByJiuLY>
Cc: IETF oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation Draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2016 19:00:20 -0000
tshirt or it didnt happen On 1/22/16 1:57 PM, John Bradley wrote: > Now that we have a cool name all we need is a logo for the attack and > per haps an anime character, and we are done with all the hard work:) > > John B. >> On Jan 22, 2016, at 2:54 PM, David Waite >> <david@alkaline-solutions.com <mailto:david@alkaline-solutions.com>> >> wrote: >> >> It’s pronounced FronkenSTEEN-ian. >> >> -DW >> >>> On Jan 22, 2016, at 10:02 AM, George Fletcher <gffletch@aol.com >>> <mailto:gffletch@aol.com>> wrote: >>> >>> "Frankensteinian Amalgamation" -- David Waite >>> >>> I like it! :) >>> >>> On 1/22/16 8:11 AM, William Denniss wrote: >>>> +1 ;) >>>> On Fri, Jan 22, 2016 at 8:45 PM John Bradley <ve7jtb@ve7jtb.com> wrote: >>>> >>>> Perhaps Frankenstein response is a better name than cut and >>>> paste attack. >>>> >>>> John B. >>>> >>>> On Jan 22, 2016 1:22 AM, "David Waite" >>>> <david@alkaline-solutions.com >>>> <mailto:david@alkaline-solutions.com>> wrote: >>>> >>>>> On Jan 21, 2016, at 2:50 PM, John Bradley >>>>> <ve7jtb@ve7jtb.com> wrote: >>>>> >>>>> In that case you probably would put a hash of the state in >>>>> the code to manage size. The alg would be up to the AS, >>>>> as long as it used the same hash both places it would work. >>>> Yes, true. >>>>> >>>>> Sending the state to the token endpoint is like having >>>>> nonce and c_hash in the id_token, it binds the issued code >>>>> to the browser instance. >>>> I think I understand what you are saying. Someone won’t be >>>> able to frankenstein up a state and a token from two >>>> different responses from an AS, and have a client >>>> successfully fetch an access token based on the amalgamation. >>>>> This protects against codes that leak via redirect uri >>>>> pattern matching. failures etc. It prevents an attacker >>>>> from being able to replay a code from a different browser. >>>> Yes, if a party intercepts the redirect_url, or the AS >>>> fails to enforce one time use (which even for a compliant >>>> implementation could just mean the attacker was faster than >>>> the state propagated within the AS) >>>> >>>> Makes sense. Thanks John. >>>> >>>> -DW >>>> >>>>> If the client implements the other mitigations on the >>>>> authorization endpoint, then it wouldn't be leaking the >>>>> code via the token endpoint. >>>>> >>>>> The two mitigations are for different attacks, however >>>>> some of the attacks combined both vulnerabilities. >>>>> >>>>> Sending the iss and client_id is enough to stop the >>>>> confused client attacks, but sending state on its own >>>>> would not have stopped all of them. >>>>> >>>>> We discussed having them in separate drafts, and may still >>>>> do that. However for discussion having them in one >>>>> document is I think better in the short run. >>>>> >>>>> John B. >>>>> >>>>>> On Jan 21, 2016, at 4:48 PM, David Waite >>>>>> <david@alkaline-solutions.com >>>>>> <mailto:david@alkaline-solutions.com>> wrote: >>>>>> >>>>>> Question: >>>>>> >>>>>> I understand how “iss" helps mitigate this attack (client >>>>>> knows response was from the appropriate issuer and not an >>>>>> attack where the request was answered by another issuer). >>>>>> >>>>>> However, how does passing “state” on the >>>>>> authorization_code grant token request help once you have >>>>>> the above in place? Is this against some alternate flow >>>>>> of this attack I don’t see, or is it meant to mitigate >>>>>> some entirely separate attack? >>>>>> >>>>>> If one is attempting to work statelessly (e.g. your >>>>>> “state” parameter is actual state and not just a randomly >>>>>> generated value), a client would have always needed some >>>>>> way to differentiate which issuer the authorization_code >>>>>> grant token request would be sent to. >>>>>> >>>>>> However, if an AS was treating “code” as a token (for >>>>>> instance, encoding: client, user, consent time and >>>>>> approved scopes), the AS now has to include the client’s >>>>>> state as well. This would effectively double (likely more >>>>>> with encoding) the state sent in the authorization >>>>>> response back to the client redirect URL, adding more >>>>>> pressure against maximum URL sizes. >>>>>> >>>>>> -DW >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>>> >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> -- >>> Chief Architect >>> Identity Services Engineering Work:george.fletcher@teamaol.com >>> AOL Inc. AIM: gffletch >>> Mobile: +1-703-462-3494 Twitter:http://twitter.com/gffletch >>> Office: +1-703-265-2544 Photos:http://georgefletcher.photography >> > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation Dra… Mike Jones
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… John Bradley
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Justin Richer
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… John Bradley
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Justin Richer
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Hans Zandbelt
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Justin Richer
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… David Waite
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… John Bradley
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… David Waite
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… John Bradley
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… William Denniss
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Thomas Broyer
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… John Bradley
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… George Fletcher
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… David Waite
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… John Bradley
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Paul Madsen
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… George Fletcher
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Roland Hedberg
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… George Fletcher
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Torsten Lodderstedt
- Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation… Phil Hunt (IDM)