Re: [OAUTH-WG] WGLC for "OAuth 2.0 Security Best Current Practice"

Denis <denis.ietf@free.fr> Tue, 12 November 2019 09:19 UTC

Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB2701201E3 for <oauth@ietfa.amsl.com>; Tue, 12 Nov 2019 01:19:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74lQMGZOIGMu for <oauth@ietfa.amsl.com>; Tue, 12 Nov 2019 01:19:25 -0800 (PST)
Received: from smtp.smtpout.orange.fr (smtp04.smtpout.orange.fr [80.12.242.126]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62CE9120046 for <oauth@ietf.org>; Tue, 12 Nov 2019 01:19:24 -0800 (PST)
Received: from [192.168.1.11] ([90.79.49.31]) by mwinf5d07 with ME id QxKM2100E0gNo7u03xKMJ0; Tue, 12 Nov 2019 10:19:22 +0100
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Tue, 12 Nov 2019 10:19:22 +0100
X-ME-IP: 90.79.49.31
From: Denis <denis.ietf@free.fr>
To: oauth@ietf.org
References: <VI1PR08MB5360FBBAF0D3A38BDBED618BFA790@VI1PR08MB5360.eurprd08.prod.outlook.com> <CAMVRk++o2MdndK37FfADzEZJx988o=PvPWN_mhdgDK=OU1dtow@mail.gmail.com> <3ECDBBC5-F183-4227-857A-A95C53C74274@mit.edu> <d021c84a-36f3-f371-2903-2b6051ee654f@free.fr> <8324a1d3-2fe8-430c-facc-1f3c5d7db260@danielfett.de> <21a36a19-1f24-25d9-9478-1e282a1bea19@free.fr> <CA+iA6uhqVf9B2VxzS7cFx_ATSymB9gsAk0ebpjdv99ymW6RjXA@mail.gmail.com> <ff668a74-52f9-3ac9-acf0-ad3e27e98ea9@free.fr> <9927a0d5-6202-3375-4ff3-2ee510beb814@danielfett.de>
Message-ID: <91777738-cbac-ad52-8226-01712f336952@free.fr>
Date: Tue, 12 Nov 2019 10:19:22 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <9927a0d5-6202-3375-4ff3-2ee510beb814@danielfett.de>
Content-Type: multipart/alternative; boundary="------------D8FCC4A2B0B9830F6459F117"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Gc8T8mRkF5vJT7fV3uSc66B_9Fs>
Subject: Re: [OAUTH-WG] WGLC for "OAuth 2.0 Security Best Current Practice"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2019 09:19:28 -0000

Daniel,

> I have the feeling that this attack aims at breaking a security 
> property that OAuth does not claim to fulfill (and that nobody expects 
> OAuth to fulfill):

The first comment sent to the list was to ask whether the list of 
attacks was complete. IMO, the list should not be limited to the attacks 
that can be mitigated
using best current practices, but should include all /known /kinds of 
attacks.

At the moment a reader might get the impression that all /known /types 
of attacks have been analyzed and considered.

The document even refers to formal methods (which might impress some 
readers), but when looking at the perimeter of the model that has been 
used,
it is obvious that the ABC attack could not be discovered and thus 
considered.

> "Given two colluding clients A and B, where A has obtained an access 
> token T, B cannot use T to access protected resources."
> (analogously for two users U_A and U_B of the clients, where the users 
> have some session with a backend client.)
>
> And there are good reasons why this is not captured by the security 
> property (Hans' screenshot, for example).
???
> As far as I know, this property is neither achieved by classical 
> first-party session-based authentication/authorization nor by any 
> other web-based mechanism, or is it?

Please refer back to what I said, i.e."Whatever kind of cryptographic is 
being used, when two users collaborate, a software-only solution will be 
unable to prevent
the transmission of an attribute of a user that possess it to another 
user that does not possess it"and you will get the response. Since OAuth 
is a software based solution,
it is unable to counter clients collusion attacks. Adding a secure 
element to only protect private/secret keys is ineffective to counter 
clients collusion attacks.

For potential implementers, it is important to know the limitations of a 
protocol before implementing it.

Denis

> -Daniel
>
> Am 08.11.19 um 14:13 schrieb Denis:
>> Hello Hans,
>>
>> You wrote:
>>
>>> one client can always share the protected data with another client 
>>> once retrieved, regardless of pop or secure elements
>>
>> No, there exist means that prevent a client to share the protected 
>> data with another client , simply because the client cannot access to it.
>> The protected data is placed inside the secure element and thus a 
>> client has no way to extract it for the benefit of another client.
>>
>> The protected data is used by the secure element in such a way so 
>> that it cannot be used for the benefit of another user.
>>
>> But we are already in the field of the solutions and no more in the 
>> field of the requirements.
>>
>> Denis
>>
>>>
>>> Hans.
>>>
>>> On Fri, Nov 8, 2019 at 8:38 AM Denis <denis.ietf@free.fr 
>>> <mailto:denis.ietf@free.fr>> wrote:
>>>
>>>     Daniel,
>>>
>>>     No. It is not a correct summary. One client can allow another
>>>     client to get an access token that belongs to it.
>>>     The key point is that a software only solution can't prevent
>>>     this collaborative attack and since, at this time,
>>>     the OAuth WG is not considering the use of secure elements, the
>>>     attack cannot be countered.
>>>
>>>     Please have a look at:
>>>     https://www.ietf.org/mail-archive/web/oauth/current/msg16767.html
>>>
>>>     Denis
>>>
>>>>     Hi Denis,
>>>>
>>>>     Am 07.11.19 um 09:16 schrieb Denis:
>>>>>
>>>>>     *Whatever kind of cryptographic is being used, when two users
>>>>>     collaborate, a software-only solution will be unable to
>>>>>     prevent the transmission *
>>>>>     *of an attribute of a user that possess it to another user
>>>>>     that does not possess it. *
>>>>>
>>>>     To stay in OAuth lingo, what you are saying is: Two
>>>>     collaborating clients can exchange their access tokens and use
>>>>     them.
>>>>
>>>>     Is that a correct summary of your attack?
>>>>
>>>>     -Daniel
>>>>
>>>>
>>>>
>>>>     _______________________________________________
>>>>     OAuth mailing list
>>>>     OAuth@ietf.org  <mailto:OAuth@ietf.org>
>>>>     https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>>     _______________________________________________
>>>     OAuth mailing list
>>>     OAuth@ietf.org <mailto:OAuth@ietf.org>
>>>     https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>>
>>> -- 
>>> hans.zandbelt@zmartzone.eu <mailto:hans.zandbelt@zmartzone.eu>
>>> ZmartZone IAM - www.zmartzone.eu <http://www.zmartzone.eu>
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth