IETF Logo Mail Archive

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-06.txt: Collaborative attacks against a Verifier

Denis <denis.ietf@free.fr> Tue, 31 October 2023 16:10 UTC

Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63918C16F417 for <oauth@ietfa.amsl.com>; Tue, 31 Oct 2023 09:10:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.992
X-Spam-Level:
X-Spam-Status: No, score=-1.992 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XobZCVqbb_dV for <oauth@ietfa.amsl.com>; Tue, 31 Oct 2023 09:10:52 -0700 (PDT)
Received: from smtp4-g21.free.fr (smtp4-g21.free.fr [212.27.42.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B01C16F414 for <oauth@ietf.org>; Tue, 31 Oct 2023 09:10:51 -0700 (PDT)
Received: from [192.168.1.11] (unknown [90.79.69.161]) (Authenticated sender: pinkas@free.fr) by smtp4-g21.free.fr (Postfix) with ESMTPSA id 796D219F73B; Tue, 31 Oct 2023 17:10:49 +0100 (CET)
Content-Type: multipart/alternative; boundary="------------I0aZr582CQllmLUZSvWdJp0p"
Message-ID: <bd054cc7-f8a0-6944-d447-a6360c390c6d@free.fr>
Date: Tue, 31 Oct 2023 17:10:48 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1
Content-Language: en-GB
To: mail@danielfett.de
References: <169807785056.8814.13239353071835579185@ietfa.amsl.com> <defbfabc-0a6c-4ae0-8cb2-a67d4d0315b5@danielfett.de> <ced0a8c1-a4b8-e790-f5ae-9e2ae3c631e2@free.fr> <4185c8f3-e8d4-48a0-9afc-b753e386a0d8@danielfett.de>
From: Denis <denis.ietf@free.fr>
Cc: oauth@ietf.org
In-Reply-To: <4185c8f3-e8d4-48a0-9afc-b753e386a0d8@danielfett.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/OW_3VM0hmqO_Pe8GEJgctmTQtM0>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-06.txt: Collaborative attacks against a Verifier
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2023 16:10:54 -0000

Hi Daniel,
>
> Hi Denis,
>
> a discussion on claims-based/biometric binding, probably what you're 
> hinting at,
>
I am not hinting at a discussion "on claims-based/biometric binding".

> is out of the scope of this document, since we define neither 
> mechanisms nor rules for that.
>
> This should be part of a discussion with a larger scope, like the 
> Security & Trust document in OIDF's DCP group.
>
RFC 3552 (Guidelines for Writing RFC Text on Security Considerations) 
states in its Introduction section:

      All RFCs are required by RFC 2223 to contain a Security 
Considerations section. The purpose of this is both to encourage
      document authors to consider security in their designs and to 
inform the reader of relevant security issues.

Section 5 of RFC 3552 states:

      5. Writing Security Considerations Sections

      (...)

      There should be a clear description of the kinds of threats on the 
described protocol or technology. This should be approached as an
      effort to perform "due diligence" in describing *all known or 
foreseeable risks and threats *to potential implementers and users.

      Authors MUST describe

        1. which attacks are out of scope (and why!)
        2. which attacks are in-scope
            2.1 and the protocol is susceptible to
            2.2 and the protocol protects against

"Collaborative attacks against a Verifier" should be added to the 
Security Considerations section.

Denis

> -Daniel
>
> Am 26.10.23 um 11:01 schrieb Denis:
>> Hi All,
>>
>> Section 11.6. is about "Key Binding" which is indeed an important 
>> security feature.
>> However, in the context of "selective disclosure" while this feature 
>> is essential, it is insufficient.
>>
>> Let us take an example: If a Token indicates that an individual has 
>> the nationality X, in case of a collusion between two individuals
>> and when using two pieces of software specifically developed for that 
>> purpose, an individual would be able to compute and transmit
>> a Token to another individual for the benefit of that other 
>> individual in order to cheat a Verifier. This is a collusion between 
>> two individuals.
>>
>> The first individual may not have the knowledge of the private key 
>> but since he has the use of the private key, he is in a position to sign
>> anything he wants. Since the Token does not include claims allowing 
>> to uniquely identity the individual, "if he is not seen, he will not 
>> be caught".
>>
>> "Collaborative attacks against a Verifier" should be added to the 
>> Security Considerations section.
>>
>> There exist ways to counter collaborative attacks against a Verifier. 
>> These ways should be mentioned in the core of the document.
>>
>> Denis
>>
>>> Hi all,
>>>
>>> this release of SD-JWT includes one important normative change, 
>>> which is a hash in the key binding JWT to ensure the integrity of 
>>> presentations. The second biggest change is that we restructured 
>>> some sections of the document to make it more readable.
>>>
>>> As always, we're looking forward to discussing SD-JWT here on the 
>>> mailing list and in Prague.
>>>
>>> -Daniel
>>>
>>> This is the full changelog:
>>>
>>>    -06
>>>
>>>     *  Added hash of Issuer-signed part and Disclosures in KB-JWT
>>>
>>>     *  Fix minor issues in some examples
>>>
>>>     *  Added IANA media type registration request for the JSON
>>>        Serialization
>>>
>>>     *  More precise wording around storing artifacts with sensitive data
>>>
>>>     *  The claim name _sd or ... must not be used in a disclosure.
>>>
>>>     *  Added JWT claims registration requests to IANA
>>>     *  Ensure claims that control validity are checked after decoding
>>>        payload
>>>
>>>     *  Restructure sections around data formats and Example 1
>>>
>>>     *  Update JSON Serialization to remove the kb_jwt member and allow
>>>        for the disclosures to be conveyed elsewhere
>>>
>>>     *  Expand the Enveloping SD-JWTs section to also discuss enveloping
>>>        JSON serialized SD-JWTs
>>>
>>> Am 23.10.23 um 18:17 schrieb internet-drafts@ietf.org:
>>>> Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-06.txt is now
>>>> available. It is a work item of the Web Authorization Protocol (OAUTH) WG of
>>>> the IETF.
>>>>
>>>>     Title:   Selective Disclosure for JWTs (SD-JWT)
>>>>     Authors: Daniel Fett
>>>>              Kristina Yasuda
>>>>              Brian Campbell
>>>>     Name:    draft-ietf-oauth-selective-disclosure-jwt-06.txt
>>>>     Pages:   90
>>>>     Dates:   2023-10-23
>>>>
>>>> Abstract:
>>>>
>>>>     This specification defines a mechanism for selective disclosure of
>>>>     individual elements of a JSON object used as the payload of a JSON
>>>>     Web Signature (JWS) structure.  It encompasses various applications,
>>>>     including but not limited to the selective disclosure of JSON Web
>>>>     Token (JWT) claims.
>>>>
>>>> The IETF datatracker status page for this Internet-Draft is:
>>>> https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
>>>>
>>>> There is also an HTML version available at:
>>>> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html
>>>>
>>>> A diff from the previous version is available at:
>>>> https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-selective-disclosure-jwt-06
>>>>
>>>> Internet-Drafts are also available by rsync at:
>>>> rsync.ietf.org::internet-drafts
>>>>
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> -- 
>>> Please use my new email address:mail@danielfett.de
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> -- 
> Please use my new email address:mail@danielfett.de
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email