IETF Logo Mail Archive

Re: [OAUTH-WG] Signatures spec proposal, take 2

Dirk Balfanz <balfanz@google.com> Fri, 24 September 2010 16:45 UTC

Return-Path: <balfanz@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE2A63A69F6 for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 09:45:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.905
X-Spam-Level:
X-Spam-Status: No, score=-105.905 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j6tfrKGyIIMs for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 09:45:06 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 0406B3A688F for <oauth@ietf.org>; Fri, 24 Sep 2010 09:45:05 -0700 (PDT)
Received: from wpaz29.hot.corp.google.com (wpaz29.hot.corp.google.com [172.24.198.93]) by smtp-out.google.com with ESMTP id o8OGjbbB003444 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:45:37 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1285346737; bh=ACs3NBTi56YHfIRKIvszQvYO5Co=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=Cv9cChbmOGrxV/JhhOkX1KlfbVfVd4IEZfPI47Zr70Xa30PN1Rz0MlpaL/tab+F7L dEq64pyEEiBONmTiVOl7A==
Received: from iwn6 (iwn6.prod.google.com [10.241.68.70]) by wpaz29.hot.corp.google.com with ESMTP id o8OGjMPM015812 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:45:36 -0700
Received: by iwn6 with SMTP id 6so1952806iwn.21 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:45:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=Gf0m/UvQ3rW8n1CRep+Az+4mGWrgK6M5ZP/wOFST8ok=; b=ERc+Eui8pIy0rnMB43KnJTd2gm1D4ayvsGzc/EMs3rqa5cB17LmNWPcDcMl1GzpIF8 o3kV+YYU79+aTLSsakuA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=p5RZ2GOYWXfBP85C5uBlA47v1Zvako2W23NfI3OSeQlBzIu01eVgpI4vVXAwqFzzYB crI/cNlEJQCKH5mtTArg==
MIME-Version: 1.0
Received: by 10.231.31.1 with SMTP id w1mr3701963ibc.162.1285346736044; Fri, 24 Sep 2010 09:45:36 -0700 (PDT)
Received: by 10.231.130.9 with HTTP; Fri, 24 Sep 2010 09:45:35 -0700 (PDT)
In-Reply-To: <89CF75F1-4A51-4B92-8305-BC7430D36F7C@bbn.com>
References: <C8C15BD3.3AC6C%eran@hueniverse.com> <89CF75F1-4A51-4B92-8305-BC7430D36F7C@bbn.com>
Date: Fri, 24 Sep 2010 09:45:35 -0700
Message-ID: <AANLkTinRQDgVynrE6vdMVYBT=_+fpDMqWaL1C+BNzf_e@mail.gmail.com>
From: Dirk Balfanz <balfanz@google.com>
To: "Richard L. Barnes" <rbarnes@bbn.com>
Content-Type: multipart/alternative; boundary="0022152d6d8d9d7b880491041b81"
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Signatures spec proposal, take 2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 16:45:19 -0000

On Thu, Sep 23, 2010 at 7:59 PM, Richard L. Barnes <rbarnes@bbn.com> wrote:

> Basically, this argument comes down to which validation pattern you prefer.
>
> OPTION 1:
> 0. Input = object + signature
> 1. Verify match between object data and HTTP fields
> 2. Verify signature over the object
>
> OPTION 2:
> 0. Input = signature
> 1. Construct object data from HTTP fields
> 2. Verify signature over the object
>
> So the choice is between memcmp and memcpy :)
>
> As Eran noted, there is some security advantage in option 2, since it
> forces the data in the signed object to correspond to the actual HTTP
> request instead of relying on the recipient to verify.  I would prefer that
> pattern, for that reason.
>

I think it's more robust to verify than to generate. In option 2, you have
to "guess" what the signer actually signed. To be fair, you have pretty good
signals, like the HTTP request line, the Host: header, etc., but in the end,
you don't _know_ that the signer really saw the same thing when they
generated the signature. I can't help but feeling that that's a bit of a
hack. In option 1, you always know what the signer saw when they generated
the signature, and it's up to you (the verifier) to decide whether that
matches your idea of what your endpoint looks like.


>
> That's not to say that the JSON token proposal is without any utility.  For
> example, option 2 could take as input a JSON token with the 'data' element
> removed; the recipient would then reconstruct the 'data' element from the
> HTTP request and verify the  token.
>
> As an editorial note, it would be very helpful if the JSON token document
> could be made a little more stand-alone w.r.t. the Magic Signatures draft.
>

Yeah, we were going back and forth on this. Should we just reference Magic
Signatures? Should we copy-and-paste? etc. The MS spec itself is more
complex, allows for multiple signatures (although not in the compact
serialization, which we use), has other serializations, etc. I thought that
it would be a bit of work for the reader to figure out exactly which pieces
of the MS spec they would have to understand in order to implement JSON
Tokens. I agree, though, that it is a bit, umh, unusual, to put excerpts of
another spec into your spec (especially if that ends up being 80% of your
spec :-).


>  An example would also help, just to illustrate the overall structure of
> the token.
>

Agreed.

Dirk.



>
> --Richard
>
>
>
> On Sep 23, 2010, at 10:32 PM, Eran Hammer-Lahav wrote:
>
> First, thanks for putting this together. It provides a pretty comprehensive
> story about the signed tokens proposal. I don’t have much to add at this
> point to the drafts.
>
> My position, which I have expressed many times before about this approach
> is:
>
> Any solution involving repeating the HTTP request elements in some sort of
> envelope will require validation .In this case, you need to define all the
> rules for validating the ‘audience’ parameter.
>
> This approach makes it too tempting for server developers to ignore the
> HTTP request and only use the values of the ‘audience’ and ‘method’
> parameters. In order to validate those parameters, the server needs to
> perform some sort of normalization (which eventually leads to the same
> signature mismatch problems). Not looking at the HTTP request will lead to
> security problems because it will allow bypassing existing HTTP firewall
> rules which operate on the request URI and HTTP method.
>
> As a matter of personal taste, this smells too much like SOAP. And that’s a
> really bad thing.
>
> I am not in favor of any solution that replicates components of the HTTP
> request within the request (as is the case here). Recent experience shows
> that with a little help and good libraries, developers can figure out how to
> normalize and sign an HTTP request successfully, when motivated.
>
> EHL
>
>
> On 9/23/10 7:07 PM, "Dirk Balfanz" <balfanz@google.com> wrote:
>
>
>
> On Thu, Sep 23, 2010 at 6:51 PM, Eran Hammer-Lahav <eran@hueniverse.com>
> wrote:
>
> In part II, how is the signature bound to the HTTP request URI? I see the
> method and body, but not the request URI.
>
>
> The request URI goes in the audience parameter that's defined in part I.
>
> Dirk.
>
>
>
> EHL
>
>
>
> On 9/23/10 3:39 PM, "Dirk Balfanz" <balfanz@google.com <
> http://balfanz@google.com> > wrote:
>
> Hi guys,
>
> sorry it took a while, but here is an updated proposal. It's still in three
> parts:
>
> Part I is about "JSON Tokens" that can be used for all sorts of things, not
> just OAuth:
> http://balfanz.github.com/jsontoken-spec/draft-balfanz-jsontoken-00.html
>
> Part II is about how to embed an OAuth token and (some parts of) an HTTP
> request into a JSON Token:
> http://balfanz.github.com/jsontoken-spec/draft-balfanz-signedoauth2-00.html
>
> Part III is how to use signatures instead of client secrets for assertions
> in OAuth:
>
> http://balfanz.github.com/jsontoken-spec/draft-balfanz-clientassertions-00.html
>
> Diffs from the last specs are:
>
> - JSON Tokens are now just a profile of Magic Signatures, which John Panzer
> has helpfully extended for this purpose
> - There was a vulnerability to masquerading attacks in the last proposal,
> which is addressed in this proposal by adding a data_type parameter that is
> part of the signature, but _not_ part of the payload.
> - no more support of X.509 certs - the only supported format for discovered
> public keys is now the Magic Key format. We'll give people tools (which are
> quite easy to write) to convert their self-signed or CA-issued certs to
> magic keys.
> - The specs are now formatted as I-Ds.
>
> Comments, please!
>
> Dirk.
>
>
>
>
>  _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>

v2.23.0 | Report a Bug | By Email