[OAUTH-WG] Re: Deferred Key Binding / TMB

Justin Richer <jricher@mit.edu> Thu, 05 June 2025 21:06 UTC

From: Justin Richer <jricher@mit.edu>
To: Watson Ladd <watsonbladd@gmail.com>
Thread-Topic: [OAUTH-WG] Deferred Key Binding / TMB
Thread-Index: AQHb1jk3/8LCdLbD2Uezp0Bo8vdKH7P0znaAgAA+qWw=
Date: Thu, 05 Jun 2025 21:06:38 +0000
Message-ID: <LV8PR01MB8677FB35032113000029E2A1BD6FA@LV8PR01MB8677.prod.exchangelabs.com>
References: <E40270D7-F032-49B1-9B10-87167331EA3C@mit.edu> <CACsn0cmbadUJTR7pi36ZwOQFAxvTNraYof30bPcv60qGSRNzdA@mail.gmail.com>
In-Reply-To: <CACsn0cmbadUJTR7pi36ZwOQFAxvTNraYof30bPcv60qGSRNzdA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Wfm7NhcabA4hD/sFiIoua5yo6H91P7yE/tc1JAlUcLDicexlIovjkUTPv+YCxAIom4RJXupp3wAP/zLhh6tDVrEZ8MJVICVuQyPQHKP5NDEJ8JUBY71DYFNrYIAD8J8M/Y+7RIAO/sqHeBWm6IeR04meQG9XcGh4IV4wwPwxUa5kieqDDLRHqmNkGDahTMCp8ntwEi28bsPMY4yGQkzq9oevE7SF8st/txU92xl5tt8YomdAt84TRgX/FNjR9gP2rPWJdtqKcyq3H19rxZROA2V28TZEoMqAPuEIWJ/+689mBhGjDAFTx/C5OKE7p0Lg/xqOs8SUC9SdwNonAGJltT0/v9T9RS0YGOjMIgKBKqX7/emnav+QCWusj3Kzg9tz5Hu2Fbpkcw+w3qhnYpqTPsZK/9SV5Lx55Dh1p7RCoOy5txNr1FTDye7p/U7KX8iQ4f0gLGNTO0qE306lu9RnnJHM6+zdEjtxE326rwKAWU9Se2cgv0IU5DLMvbeCeveKWWTZQOtaE3HYs6tVSvrDzPBwYMlq36gir11R1tPkfcvwbSSmrsnBVNSdXltIGy/jhcuc87QojYZyQeu7nuk2zlx8MdQLTE7D5AW4yIg4QvDr10rl8zRYK+XWmffeJawGVbc3NN9QYoJ4rO2a0HazTLvdcAX757SYA9EcYa8z/hg/gfo7Cdtw+xi6Td8eT2iumI6vHHqHsQ1Kp7FJH1dXPAiCDO8JoJQa+7lDUqBaMxkhmm+IIDgZH5X89WP9JOGLtkHSvDazE7qqvB56JEC3De0H6UwvfJMuOIGj3MiFrHWk7dv418oRXYYiWoxTbUbHgdR3XKT1sTxlICk0tLaFdaTvXzBUMk/88hgSd4dYkGILFjFzRWHeOLQyBqIE6WwG2GQD9ZU3UDMARnuvViiZHRbFjvnOODv50ekzrHPgmbz1YX4vaicepC3eUthZyrT5Wg1zu4viN4Zd7yBW+O6foz5RcnZ4lrqOBrG4LVkSQZyGtPDaf5JcuaJU1o7uBG9XlEiupG9D/dmE8kx99lI0RhH//PM0Y0W3aB4QUuYUkbViOJPE0AAG4VnKr8hzfEkTUpAwv4Cilk48yd5qxt0FBqWx0oZuVabz5xyU8Ai9HIhn+cbybCNGDtcVbQOK6SxJiQjTP2gFCZXpgVx19MldCXgbXmKTpA5ekf6EGQdAK+UBB8qoF3ucwXY4Aa7eB70rZgc+x2lt2wSwH8DS7szyAv+kRPr+kFWMOgvV6es0OgzckE/5caQm3oUh2Hy0rqd17m+IjdhUspgwU5EjPXXETcKDMBf59LQIUf4aIMG6hmxr3XnG2D7MACe7U+b/MIPF+5gpA/XhTwSAz1q3wWdp/ZRJuUtZInlCk69I4CauQOFpD6tudCeQi2yBS2ODk9tZCSJ2GZHfXGE7zX9Aal9x8tKAAqFbL6HkF9jiC1St2EXsAk9YD1xivZE1HL95T0zDTkQhp4tYsrYZuSOuAyCKjItJMyL3KS/5CrMPYPgofB1dkfyj5L8+ovBSfryMdXqWF29T5yv30YW+o/0CIaINaFnPiWeZ+meASIpwISevSOs=
Content-Type: multipart/alternative; boundary="_000_LV8PR01MB8677FB35032113000029E2A1BD6FALV8PR01MB8677prod_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b1c23594-4464-4048-4503-08dda474dcee
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2025 21:06:38.6041 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G1YU7Ie8FzG+OQ89baeTn2j2aNvZvMcsiRplOVKitBvVRv7FbxCco2ryfk0tY+Kb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR01MB8897
Message-ID-Hash: YMCP34ZTWJJECGGEGIB7UNPEVFFUUIEK
X-Message-ID-Hash: YMCP34ZTWJJECGGEGIB7UNPEVFFUUIEK
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Deferred Key Binding / TMB
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/PAsetXo7eLnLPOqKvYKEZuhM7vQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Yes, this completely upends the security assumptions of PoP as we know it. That's exactly why we should discuss this as a distinct pattern, because people are doing this in the wild and it needs to be handled differently.
________________________________
From: Watson Ladd <watsonbladd@gmail.com>
Sent: Thursday, June 5, 2025 1:15 PM
To: Justin Richer <jricher@mit.edu>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Deferred Key Binding / TMB

On Thu, Jun 5, 2025 at 9:45 AM Justin Richer <jricher@mit.edu> wrote:
>
> Hi Chairs and WG,
>
> Back in Bangkok, we presented the draft https://datatracker.ietf.org/doc/draft-richer-oauth-tmb-claim/ that introduces, in a concrete way, the notion of getting a token bound to a key that you don’t possess. As we discussed, this is a topic that keeps coming up in the OAuth space and is usually dutifully pushed aside for the sake of simplicity (and some would argue sanity).
>
> The chairs mentioned pulling together an interim meeting for the OAuth WG for us to discuss this topic ahead of Madrid, to see if there was anything more we as a community want to do with it. As we’re now more than halfway between the meetings, we wanted to bring that up again and see if that interim can get scheduled soon. I’d also like to encourage people to read through the draft and open the discussion here on the list more.

This draft, plus the properties of many existing signature schemes
like RSA and ECDSA, creates the possibility of an attacker getting a
credential issued that will work with an already existing PoP exchange
without actually having possession of the key. (They register the
credential after seeing the PoP exchange, but before finishing). This
is a very subtle change in the semantics that likely invalidates a lot
of security assumptions.

Why do we need to do this?

>
>  — Justin
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org

--
Astra mortemque praestare gradatim

[OAUTH-WG] Deferred Key Binding / TMB Justin Richer
[OAUTH-WG] Re: Deferred Key Binding / TMB Watson Ladd
[OAUTH-WG] Re: Deferred Key Binding / TMB Ethan Heilman
[OAUTH-WG] Re: Deferred Key Binding / TMB Justin Richer
[OAUTH-WG] Re: Deferred Key Binding / TMB Watson Ladd
[OAUTH-WG] Re: Deferred Key Binding / TMB John Kemp
[OAUTH-WG] Re: Deferred Key Binding / TMB Justin Richer
[OAUTH-WG] Re: Deferred Key Binding / TMB Filip Skokan
[OAUTH-WG] Re: Deferred Key Binding / TMB Justin Richer
[OAUTH-WG] Re: Deferred Key Binding / TMB Pieter Kasselman
[OAUTH-WG] Re: Deferred Key Binding / TMB John Kemp