Re: [OAUTH-WG] Comments on draft-ietf-oauth-security-topics-06.txt
Joseph Heenan <joseph@authlete.com> Thu, 24 May 2018 18:52 UTC
Return-Path: <joseph@authlete.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30D91276AF for <oauth@ietfa.amsl.com>; Thu, 24 May 2018 11:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.608
X-Spam-Level:
X-Spam-Status: No, score=-2.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=authlete-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zghS0vCh296n for <oauth@ietfa.amsl.com>; Thu, 24 May 2018 11:52:48 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC0C612E8E4 for <oauth@ietf.org>; Thu, 24 May 2018 11:52:47 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id j4-v6so7939240wme.1 for <oauth@ietf.org>; Thu, 24 May 2018 11:52:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=authlete-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=nZfNCwu4PV9HHRtx0asdwY3bPH5RuiMhs0P2fsMMnYU=; b=ckWp/+FjDISJp/h/Wu1V6Ptz/XxRGbeLXPdgAtRlY95CYZ4IPVqXPzYiizwowlhP5g 3n07zKLb03sLsqTI62Vz9E0wfRysRoQY8p5tojUXFndVJ1r72NJOdLdjl/419bAceFuj uFQFi8dcTIE9CE6TUWh0g8NphIJPnD+0rtc9+c9Ve3u6/WKOWbSboAdeDSbjMJYA/5Pf lyABeUbmNbCx+dpECvf2Q1Vx6IzBzVUsft6A9ru8MvgUVhRjQrjPxGlXMeKDI7RR/UVy 0tSRBg7VSJm1/JEvLY4/77mh/Y1i7gbUl8Aq7ss7KadE2YPixpUIzfG8pYw/dcyHv3Um qF7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=nZfNCwu4PV9HHRtx0asdwY3bPH5RuiMhs0P2fsMMnYU=; b=q+F/vkg3/6J2Ecydp8eFI/XL4edrxB6oErl8heHfrcG29KfI95pBn0Td12gQi5hqr7 /q3qkhqr2NPMLeHGTSAy2RauAdli23z/77Y9OFTNUftwPw8hfor87kHyNHeGbeJPoQPV FSTJ9SVhQOinoehkeVa9G/d4WnNcKieeMQWSdDjVW/j6jHKWT3oShdqZzrJQ5Amx0+73 irLXFYRewKapqhAWQA3g6ghiP3s1Im31CKY4PJxx0SZ6npfYCtEs4JIvZTuYXcwtDBp3 IFZRecfnFmD7Z0CQ5tbG9sOPH/AnAg9M+ADTlZP8aer1wiIjoCxyPcAsAOIio8ti8Rfe MfIQ==
X-Gm-Message-State: ALKqPwdC7+vADVxXFoVP0LdQ8ySoJDJzz1O29+dcHFArCz5LAAhalCyD LPhCcOuRUWrZfVWPNxAbgEd+AQ==
X-Google-Smtp-Source: AB8JxZrEgillEDiwxDLloSI4kJYdrB2N4PP/icpDSLtUgtGGNYWEXmS7Tm8bYp83yuYZGWC+DmvX7A==
X-Received: by 2002:a1c:7f0a:: with SMTP id a10-v6mr9524686wmd.97.1527187966339; Thu, 24 May 2018 11:52:46 -0700 (PDT)
Received: from dhcp127.sh2.org.uk (home.heenan.me.uk. [212.159.108.133]) by smtp.gmail.com with ESMTPSA id p17-v6sm4330843wmc.17.2018.05.24.11.52.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 24 May 2018 11:52:45 -0700 (PDT)
From: Joseph Heenan <joseph@authlete.com>
Message-Id: <F25C4755-B881-4F5C-A667-17B7091D0E24@authlete.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0BC99E8C-8843-439E-B709-91010EABFC06"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Thu, 24 May 2018 19:52:44 +0100
In-Reply-To: <b2df8f14-9d2e-b572-708f-d8c50fcdcd05@free.fr>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
To: Denis <denis.ietf@free.fr>
References: <152681629717.2793.15028642368623108299@ietfa.amsl.com> <34B9FBE9-788E-4B1C-B2A4-08FD14EC2BD5@lodderstedt.net> <1fe04f5e-b968-5a6d-efe8-b47da5e28592@free.fr> <689F7720-B5D8-4686-A8E1-79E2ABEBEDF1@authlete.com> <b2df8f14-9d2e-b572-708f-d8c50fcdcd05@free.fr>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GK6KLEwDfR1GI3e6xlG3QUQCpAs>
Subject: Re: [OAUTH-WG] Comments on draft-ietf-oauth-security-topics-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2018 18:52:51 -0000
Hi Denis, This presentation is only describing one attack. Page 12 summarises it. The attack is not a full attack targeted against oauth, but it shows how a malicious network can steal any codes returned to the browser in the URL, even if the codes are always sent over TLS. I was only responding to your assertion that PKCE is not required when TLS is in use. I believe that assertion was not right, as the above attack is against TLS enabled servers and PKCE would have made any stolen auth code useless, so PKCE still has value even when using TLS. Thanks Joseph > On 23 May 2018, at 12:58, Denis <denis.ietf@free.fr> wrote: > > Hi Joseph, > > Among these 39 slides, to which attack(s) are you referring ? > > I wrote:"It is quite hard to understand under which context(s) and conditions OAuth 2.0 could be safely used". > > For each counter-measure, it would be useful to explain under which context(s) or under which assumptions > it should be used. > > Denis > >> Hi Denis, >> >>> On 22 May 2018, at 14:05, Denis <denis.ietf@free.fr <mailto:denis.ietf@free.fr>> wrote: >>> In particular, the text states: >>> >>> "Clients shall use PKCE [RFC7636] in order to (with the help of the authorization server) detect and prevent attempts >>> to inject (replay) authorization codes into the authorization response". >>> >>> This is incorrect, since RFC7636 should be used when the authorization code is returned from the authorization endpoint >>> within a communication path that is not protected by Transport Layer Security (TLS). >>> >> That is not really the full story as we've seen attacks where URLs that you would expect to be protected by TLS are vulnerable; one example is: >> >> https://www.blackhat.com/docs/us-16/materials/us-16-Kotler-Crippling-HTTPS-With-Unholy-PAC.pdf <https://www.blackhat.com/docs/us-16/materials/us-16-Kotler-Crippling-HTTPS-With-Unholy-PAC.pdf> >> >> IMHO it would be sane to use PKCE anywhere where a code is returned in the URL and there isn't another proof of possession / token binding mechanism in play. >> >> Joseph >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-security-… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-secur… Torsten Lodderstedt
- [OAUTH-WG] Comments on draft-ietf-oauth-security-… Denis
- Re: [OAUTH-WG] Comments on draft-ietf-oauth-secur… Joseph Heenan
- Re: [OAUTH-WG] Comments on draft-ietf-oauth-secur… Denis
- Re: [OAUTH-WG] Comments on draft-ietf-oauth-secur… Joseph Heenan