Re: [OAUTH-WG] OAuth mTLS and JWK use/key_ops
Neil Madden <neil.madden@forgerock.com> Mon, 08 March 2021 13:19 UTC
Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 142763A29D0 for <oauth@ietfa.amsl.com>; Mon, 8 Mar 2021 05:19:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WiN1XAWNzdSB for <oauth@ietfa.amsl.com>; Mon, 8 Mar 2021 05:19:55 -0800 (PST)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEA5A3A29CE for <oauth@ietf.org>; Mon, 8 Mar 2021 05:19:54 -0800 (PST)
Received: by mail-wm1-x32d.google.com with SMTP id y124-20020a1c32820000b029010c93864955so3787677wmy.5 for <oauth@ietf.org>; Mon, 08 Mar 2021 05:19:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=YYNmOAx+oTgmSwyjUDXvq0qrEdf38uHgl8NI5+hGvyA=; b=OY4bgYpdbcB8PQjtNI7Yh075BiVdkfzjmuO+ufuHDJLX2TBxY/pFvPwaRgGuD4R0Mg /1bFoD9p3C3E/jz3w2WagF9335lPKM7XoGmLm1Tx9LHudyVwjNng7CEPGco9oPpQcA9W OOc1yRe7saUGRxbp4f6BYRSTyLtGDFZfAV2ik=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=YYNmOAx+oTgmSwyjUDXvq0qrEdf38uHgl8NI5+hGvyA=; b=l9PJlVYkheyWpvdeTyPheih4SfLORJo+Qr5Z8qF85D4dFeFwiD5GOGulkzX/7ceGv3 E02GZni3cbYtoEn6mA7s987YnYZ1shu2Tv08g2SiQ7xoxmneMXbPCgPftzhdYfOiKpIm u8O7GyLVTv3iKbVir2awwFs64IjCaxDql+D01fO9e8WXxR0MDsf5vclN2/jC23pu03WX nkISHHQJ5PtJ4eBuzF03Rd7k8vJU/3GCOUmBuzi6TSd54krsWpaj85wo5+HqN4FGoKZq 30w6tLu/FpyfE/IyYYqy40diLVwU5YRrbWaRsz6r03YqH3HYv4NG7JHiA7DZ831fa1jZ FEjg==
X-Gm-Message-State: AOAM532FzHOMKwgEIgtUEltNVoHk6aA5gyxlHIwvHoB5zma2A9lThMLx l1ypS97OGYTGdfX+DpEFU2jC2PjfeQZNzyUg1Lshhdt13nxSHDIZHKxT1nYoNw7QcYfJZWBuZlF icyurvprvssHsZ7hu7elV4hf3Na7oOdZGADOlB7UDkO7xt6mAojEw1/gR89Kzu2MWdcy2
X-Google-Smtp-Source: ABdhPJwU/OCm031j2HRk96/I13Mb9zzSsQHp5LyeqxbIDoHyX/Zxvsp78F6uHYdonp2DAa74kOvhHg==
X-Received: by 2002:a05:600c:4fd0:: with SMTP id o16mr15073197wmq.123.1615209587913; Mon, 08 Mar 2021 05:19:47 -0800 (PST)
Received: from [10.0.0.6] (252.207.159.143.dyn.plus.net. [143.159.207.252]) by smtp.gmail.com with ESMTPSA id f14sm18641406wmf.7.2021.03.08.05.19.47 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Mar 2021 05:19:47 -0800 (PST)
From: Neil Madden <neil.madden@forgerock.com>
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Mon, 08 Mar 2021 13:19:46 +0000
References: <F8D17A80-E4BC-48F8-A4DD-55C5DC45B20E@forgerock.com>
To: oauth <oauth@ietf.org>
In-Reply-To: <F8D17A80-E4BC-48F8-A4DD-55C5DC45B20E@forgerock.com>
Message-Id: <F2B38868-A153-435B-9EE7-8099C2EB67F2@forgerock.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Content-Type: multipart/alternative; boundary="Apple-Mail=_D926CEB7-65BB-46DF-8A79-9C49FBE488EE"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/MsCYqqIVPh7FQa7XEY0F6-125Pw>
Subject: Re: [OAUTH-WG] OAuth mTLS and JWK use/key_ops
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 13:19:57 -0000
> On 8 Mar 2021, at 12:50, Neil Madden <neil.madden@forgerock.com> wrote: > > An interesting question was raised by our developers around the interpretation of JWK “use” and “key_ops” constraints when publishing a self-signed certificate for mTLS client authentication. In X.509 the KeyUsage extension distinguishes between keys intended for use for verifying general signatures (digitalSignature) and those used for verifying signatures on certificates (keyCertSign). The JWK spec doesn’t make this distinction, so there is only the generic “use”:”sig” and “key_ops”: [“verify”] indicators. So, is “use”:”sig” (or “key_ops”:[“verify”]) compatible with publishing an X.509 certificate (x5c claim) that asserts KeyUsage keyCertSign? > > It seems plausible that an application might also choose to consume CA certificates from a central certificate management service that publishes them in JWK format on an internal HTTPS endpoint. So this question is potentially broader than just self-signed certs, although that is the only case discussed in RFC 8705. > > In the course of trying to answer this question, I came across https://github.com/openssl/openssl/issues/1418 <https://github.com/openssl/openssl/issues/1418> which has links to various relevant RFCs in the discussion. The conclusion appears to be that when processing self-signed certificates the KeyUsage check should be skipped. The reasoning appears to be that we don’t want self-signed certs to assert the keyCertSign bit, because this increases the risk of them being mistaken for genuine CA certs. In fact, the language from RFC 5280 suggests this check should be skipped for any trust anchor, whether self-signed or not. I have this part backwards - RFC 5280 path validation skips the KeyUsage check for the end-entity certificate, not the trust anchor cert. This makes more sense. The rest of my comments/questions still apply though. > > RFC 8705 is silent on how to interpret use/key_ops in this case, and RFC 7517 doesn’t discuss whether the signature-related use/key_ops are intended to cover certificate signatures or not. RFC 7517 also doesn’t say whether applications are even required to enforce use/key_ops constraints - it seems left to the discretion of the application. (There’s no language like “the application MUST NOT use the key for a use not specified”). In general, RFC 7517 is silent about how constraints on any X.509 certificate interact with constraints specified in the JWK itself. > > My feeling is that “use”:”sig” and “key_ops”:[“verify”] probably shouldn’t imply that the key can be used to verify certificate signatures (danger lies that way), and that when processing a JWK specifically as a self-signed trust anchor we should follow the lead of RFC 5280 and instruct applications to ignore any use/key_ops constraints on the JWK. What do others think? (And how would we go about clarifying this? As an errata?) > > — Neil -- ForgeRock values your Privacy <https://www.forgerock.com/your-privacy>
- [OAUTH-WG] OAuth mTLS and JWK use/key_ops Neil Madden
- Re: [OAUTH-WG] OAuth mTLS and JWK use/key_ops Neil Madden
- Re: [OAUTH-WG] OAuth mTLS and JWK use/key_ops Benjamin Kaduk