[OAUTH-WG] Re: We cannot trust Issuers
Richard Barnes <rlb@ipv.sx> Mon, 22 July 2024 23:43 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A6A2C14CF1E for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 16:43:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AaXBBrP3GFmc for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 16:43:46 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEAB9C14F748 for <oauth@ietf.org>; Mon, 22 Jul 2024 16:43:46 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id ca18e2360f4ac-8152f0c63c1so191271639f.1 for <oauth@ietf.org>; Mon, 22 Jul 2024 16:43:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1721691826; x=1722296626; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6US5vcecpPYZFElgOlfJ9pyhIeRIi13mVJgeuST0otg=; b=SWAvc+Qm/9vqOofMR6fSbJJbURoVtLho+Htd6QJliMqukebhCKBGYTnY1/D1Nwyo/j DQTpLJfEVgutfMSKdt7ORb//utObDhK6Uf4wmeSXTNunk1mmOy4VAyV/FHHFI07EUTce jneux02Y1wqcomTsBq9e/jIHiEc66rCDBW7oHbYBHLWBOJSWO5uZ2kXX52K6tWi9+445 Sm+y9rBGKqTZYjnTZ6cpEKSvY6Tv0TxjrCVs9UoMpdNI2kWzqaZaMLPJj6mdn357C8eg ZqbgF2vhm7LnYDQbc20R3fTZJ2TbE1OOai7MBOxr/09Hb0xDSRk3UKiOWyAMxnLEcX7k ZN5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721691826; x=1722296626; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6US5vcecpPYZFElgOlfJ9pyhIeRIi13mVJgeuST0otg=; b=ZRMItMt9DTYyVbGR9IBcTiRfHQGF9Ehlw7ZOgrQIR5TaA54xGiMajWA/QnMgnSbZD4 9BPRpde/NZDviS6nlWZftiezRHqO/tlpuTxVnk8RPJPVkIghocBI0/oYKscZoHdVOxmO 1VFcjy2kdOapIFajanyXKSrOZsDxyh5fZ3Guvahjd07RB3vtF/o29MvTyaq+pyXz5aKg TZiqwaGi67eaFwIxfbcilxvCYJbwKNULAGamvzhFj+U2kwOMbJ2jRnrnTgtf8JsW78o9 +GjtWuh5rl2ptAMrNuz5p45CYuc8+2PvbOzhKGulCI1h98Ato87Ge8EHlEbcO9lDayik DPhA==
X-Forwarded-Encrypted: i=1; AJvYcCVaGPcQ3MXeHT+2lJzJkMtaEfjJHU8/MJCYOU/vh62KJU4lH7Op641M9YNPxiH/8+wmAYTRflW+Ofm9txTdHQ==
X-Gm-Message-State: AOJu0Yx4F9aFobz1+WJgva1+xniH2zJKasp+kV+r1lCUJIs2P+D+Shkk F7+S4C1cGH2zT06gIsnYM4omoOWrg9kMGyoGRCmCrFzjCy1dW4fCEHFnMdbFAxKAsVZd/pcP0Ls XW/1W1K5KGfC0oZE+9VQyPBzsECi3+KSC7XAorw==
X-Google-Smtp-Source: AGHT+IF+gMhivn1EV8xbLp/PbUxy/GiWlSLRTSBAoFPyrrJgJHvjKxfwmNIAtAR9OCBkV27Np/WJMCHnWUoNhFEFTrA=
X-Received: by 2002:a92:c563:0:b0:375:e04f:55ac with SMTP id e9e14a558f8ab-39a0c8e50cfmr15472045ab.16.1721691825884; Mon, 22 Jul 2024 16:43:45 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cmy03viT6wboUZeVu_8Yf-m7As0rxcjpda2W_Xw6ohKNg@mail.gmail.com> <CAANoGhLsm1yqJvKuPEH_is-ep60EVNfLfi17T9M17KJFfAFiNQ@mail.gmail.com> <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com>
In-Reply-To: <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 22 Jul 2024 19:43:35 -0400
Message-ID: <CAL02cgRPc8Ef8LjL4pNOCOmApSNaCSZSekmxxcps7yAZ6ZhdqA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000b1ec07061dde9d6b"
Message-ID-Hash: UQURR4H2IAO6PELKTRMO5NJDHUL2OPQB
X-Message-ID-Hash: UQURR4H2IAO6PELKTRMO5NJDHUL2OPQB
X-MailFrom: rlb@ipv.sx
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: We cannot trust Issuers
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GLWRrHziS6cxujzqm2dEjwNzF2c>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
I would observe that any solution based on garden-variety digital signature (not something zero-knowledge like BBS / JWP) will have problems with issuer/verifier collusion. One-time tokens and batch issuance don't help. There is no such thing as SD-JWT with issuer/verifier collusion resistance. At best you could have SD-JWP. I don't think this needs to be a blocker on SD-JWT. There are use cases that don't require issuer/verifier collusion resistance. We should be clear on the security considerations and warn people away who care about issuer/verifier collusion resistance, and accelerate work on SD-JWP if that's an important property to folks. --Richard On Mon, Jul 22, 2024 at 7:25 PM Watson Ladd <watsonbladd@gmail.com> wrote: > > > On Mon, Jul 22, 2024, 3:30 PM John Bradley <ve7jtb@ve7jtb.com> wrote: > >> I agree that single-use proof keys and batch issuance are a must. >> >> Issuer verifier collusion is admittedly a problem. To address that we >> do need different cryptographic methods. >> >> MDOC also has the same issue. >> >> We should document the risk, but short of stopping EUID and mobile >> driver's license deployment, we have limited options. >> > > The problem only appears when the drivers license or EUID is used in a way > that makes the user think their data is private. You don't have to support > UX that lies to the user. > > >> Hopefully, we can make quick progress on JWP. >> >> John B. >> >> On Mon, Jul 22, 2024 at 2:14 PM Watson Ladd <watsonbladd@gmail.com> >> wrote: >> >>> Dear Oauth, >>> >>> I'm disappointed to see SD-JWT work continue with inadequate privacy >>> considerations. The fact is an Issuer can link any showings to >>> issuance of the credential. This is not foregrounded sufficiently in >>> privacy considerations, nor do we discuss how to ensure users are >>> aware. We really need to use more RFC 2119 language and highlight >>> these issues. Section 11.1 about local storage which has never been an >>> IETF concern before is far more prescriptive than 11.4, and that's not >>> a good thing. To be clear, the threat model must include an issuer >>> that is a government issuing credentials that if used to verify age on >>> certain websites or via a digital wallet on site, and learned about by >>> the issuer who may have access to data from the site, will result in >>> imprisonment or execution. This is not a hypothetical scenario. >>> >>> Users and UX designers will have intuitions that do not match the >>> reality and that result in bad decisions being made. That's on us. A >>> driver's license doesn't leave a trace of where you showed it, but the >>> SD-JWT does. >>> >>> At a minimum I think we mandate batch issuance and one time usage >>> using RFC 2119 language. We need to say in clear, unambiguous English >>> that this mechanism enables an issuer to connect every presentation of >>> a credential to the issuance. >>> >>> Sincerely, >>> Watson Ladd >>> >>> -- >>> Astra mortemque praestare gradatim >>> >>> _______________________________________________ >>> OAuth mailing list -- oauth@ietf.org >>> To unsubscribe send an email to oauth-leave@ietf.org >>> >> _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org >
- [OAUTH-WG] We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers John Bradley
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Richard Barnes
- [OAUTH-WG] Re: We cannot trust Issuers Michael Prorock
- [OAUTH-WG] Re: We cannot trust Issuers Dick Hardt
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Leif Johansson
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Nat Sakimura
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Tom Jones
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd