IETF Logo Mail Archive

Re: [OAUTH-WG] Google's view on signatures in the core OAuth2 spec

"Richard L. Barnes" <rbarnes@bbn.com> Fri, 24 September 2010 16:20 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 252E03A6AE0 for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 09:20:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.409
X-Spam-Level:
X-Spam-Status: No, score=-102.409 tagged_above=-999 required=5 tests=[AWL=0.189, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vC81aFiXHCVj for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 09:20:00 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 53F583A6A1D for <oauth@ietf.org>; Fri, 24 Sep 2010 09:20:00 -0700 (PDT)
Received: from ros-dhcp192-1-51-60.bbn.com ([192.1.51.60]:63104) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1OzB0h-000IS3-R2; Fri, 24 Sep 2010 12:20:32 -0400
Message-Id: <64B7C801-DAC2-4155-AB9D-88DFF709A689@bbn.com>
From: "Richard L. Barnes" <rbarnes@bbn.com>
To: John Panzer <jpanzer@google.com>
In-Reply-To: <AANLkTimVM7VaU=Y3wyVnT=LMOP1uVtAeHZNCV7DPNr2w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-14--52130400"
Mime-Version: 1.0 (Apple Message framework v936)
Date: Fri, 24 Sep 2010 12:20:31 -0400
References: <C8C16037.3AC75%eran@hueniverse.com> <1285335868.15179.98.camel@localhost.localdomain> <440E4C9A-41A2-4203-80B8-B6967D886A80@bbn.com> <1285339868.15179.139.camel@localhost.localdomain> <BFF19F03-2B06-4C93-8CE0-2C9A6A267CE4@bbn.com> <AANLkTimVM7VaU=Y3wyVnT=LMOP1uVtAeHZNCV7DPNr2w@mail.gmail.com>
X-Mailer: Apple Mail (2.936)
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Google's view on signatures in the core OAuth2 spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 16:20:02 -0000

Maybe I've misunderstood the Magic Signatures proposal.  I thought  
that the MagicSig blob actually contained the data that was signed, so  
that step (3) below would be unnecessary.  (Note that the object in  
Step 2 has only field *names*, not *values*.)  Including the data is  
the part of that scheme that causes some heartburn, since the  
recipient can choose not to verify the match against the original data  
(the HTTP request).

Like I said earlier, though, Magic Signatures / JSON token could  
probably still be useful, as long as the signed data is reconstructed,  
not provided in the token.  The correspondence in my example was  
deliberate :)

--Richard



On Sep 24, 2010, at 12:11 PM, John Panzer wrote:

> Richard,
>
> I'm a bit confused because the made-up example you give below is,  
> essentially, what Magic Signatures does.  The algorithm you present  
> is basically the correct one IMHO.  Are you assuming that the  
> recipient is _also_ using the HTTP-level method and URL path for  
> some  important security decision?
>
> (Note:  I'm assuming it's fine to use this unverified host/path data  
> for tentative routing to an intended recipient, because the worst  
> thing a MITM attacker can possibly do is to route it to the wrong  
> recipient.  As long as the recipient uses only signed information to  
> decide whether it will actually ACCEPT the data, it will be fine.   
> MITM attackers can always mis-route even signed messages of course,  
> given that firewalls etc. are not aware of signatures, so I don't  
> see this as a distinction.)
>
> --
> John Panzer / Google
> jpanzer@google.com / abstractioneer.org / @jpanzer
>
>
>
> On Fri, Sep 24, 2010 at 8:26 AM, Richard L. Barnes <rbarnes@bbn.com>  
> wrote:
> Yes, there is certainly a risk if someone just checks the signature  
> and
> does not verify the content of the message. This is a bad  
> implementation
> of an authorization system, to be sure, and it's an issue that people
> need to be aware of. But simply signing metadata doesn't completely
> solve the problem, either. In both cases there can be parameters that
> are outside of the signed request that need to be checked and treated
> appropriately.
>
> Ah, perhaps I was unclear.  I didn't mean *signing* metadata, I  
> meant *sending* metadata.  Using a completely made-up syntax:
>
> 1. Signer computes signature sig_val over data object:
>   { user_agent: "Mozilla", method: "GET" }
> 2. Signer sends { signed_fields: ['user_agent', 'method'], sig:  
> sig_val }
> 3. Recipient reconstructs data object using signed_fields
> 4. Recipient verifies sig_val == sign(reconstructed_object)
>
> --Richard
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email