[OAUTH-WG] Re: We cannot trust Issuers
Brian Campbell <bcampbell@pingidentity.com> Wed, 31 July 2024 12:31 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01A52C14F707 for <oauth@ietfa.amsl.com>; Wed, 31 Jul 2024 05:31:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRn1wwAOW_J8 for <oauth@ietfa.amsl.com>; Wed, 31 Jul 2024 05:31:49 -0700 (PDT)
Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A016C14F6EC for <oauth@ietf.org>; Wed, 31 Jul 2024 05:31:48 -0700 (PDT)
Received: by mail-ot1-x334.google.com with SMTP id 46e09a7af769-70943b07c2cso2762200a34.1 for <oauth@ietf.org>; Wed, 31 Jul 2024 05:31:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1722429108; x=1723033908; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GcHBLqEF40v2yws873O9PKneOeCOzKwkDmI3h5kEcjM=; b=JZtLbrDG7heu6FP4k4nwGDyCX2B7gs0olGF+IoTwnQjUStyAP8VmoDea7hEW5RYPB7 U/KE698vksz9I7crTpeWKXAa0bUpugrmYwK87vgYGBb2L+g3TjxOs7k/730SHqqCrnEh Vu/JG44HuiOXdPNUqP0hZ+i3IgF5dYe3pe2w15OKgy5k7A8aJ5CCs7kwrrsPpoWT3ymM YVsi0kj4IdykGNequYBbrujApEHhCrXI2TquLzqPDSZ2M6ov6lJEHUm5ugFy2qXat89U FjAFkBt+m0HcRvIyaOE4zQUugHAgJ0vGD7pGZrLGx2uoFL5YgNGlQLbVzxJXOMDf0NVc sKpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722429108; x=1723033908; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GcHBLqEF40v2yws873O9PKneOeCOzKwkDmI3h5kEcjM=; b=iM3QZfP4Ma+Jni7P0xVq9720kPyA4u9Zkxn6Ht2vCMEIMAhOP7OOKnx7mVE2H13GGL fmCKY59JEU2oJCKduXF3BTVRjOuJQG0A9+T6EjpHJY7ixdf5oblHYfLwZ6v8xL/CBRMX jn1HWevC7J9XgyjfmiQ0BodKPrtrDNykuQfEtJctpAs0gLpTmJomPBcFVQaSVJzNym6V iLzRvf5xn+yK2Zow5SrTAMWPmPcxazGtOZRAVSKhLl04uE1wXsvNvm56sbbYHy7UBf7M yhUpv1HmTN1kav4bIypVfbnyOuXYx87QIKPYBbl6vc4aRacO7txRagIyn4j9KggFXl6N 3Q3A==
X-Forwarded-Encrypted: i=1; AJvYcCXzxalnsDL2vleubIt0PreD2uAzzRhqijhCLyH+FijN13m1K3qnKL6ZKMtbAJgAhLXcgvuX3fMnH7Pgqz0d0Q==
X-Gm-Message-State: AOJu0YzqA2kpsUzy/aRBnoRmMq1WLvYXczipBEAC3r3Ksb/oJgZo2Zso Xw+2b5t5psnN0k82O/sT4ATuxLKYoCQWMNQx19dDUvsSeMFRTMbu1nwr7qMhuGPRgs4VIpZ9rw3 fSO1DTpy5IWTP25WIgWPSwu7JvRT6nY5qjQrTV+vroI/I+XOuWefDZNR2O6aQoOHvwRFs9P36ul r8V9MFhVccnQ==
X-Google-Smtp-Source: AGHT+IGk18as9iD4VmKynSQ+1vzXShEBbLxawujeJ6+6n3D/C4bp7Kg/5F4ejolieUYL2hYCYqPdf4aa+SBUbYUyikM=
X-Received: by 2002:a05:6218:260a:b0:1ac:cdba:8c87 with SMTP id e5c5f4694b2df-1addc156eb9mr1618011055d.10.1722429107854; Wed, 31 Jul 2024 05:31:47 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cmy03viT6wboUZeVu_8Yf-m7As0rxcjpda2W_Xw6ohKNg@mail.gmail.com> <CAANoGhLsm1yqJvKuPEH_is-ep60EVNfLfi17T9M17KJFfAFiNQ@mail.gmail.com> <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com> <CAL02cgRPc8Ef8LjL4pNOCOmApSNaCSZSekmxxcps7yAZ6ZhdqA@mail.gmail.com> <c464d1fc1530c267bf9ecc64ef3e5723c171829d.camel@mnt.se>
In-Reply-To: <c464d1fc1530c267bf9ecc64ef3e5723c171829d.camel@mnt.se>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 31 Jul 2024 06:31:21 -0600
Message-ID: <CA+k3eCQom6=o+fSYWRd+qWZnWqki3Enij1X8tYhn75Ksuz=jvA@mail.gmail.com>
To: Leif Johansson <leifj@mnt.se>
Content-Type: multipart/alternative; boundary="00000000000020500b061e8a473a"
Message-ID-Hash: QJXNVKLYERI3AM33NWIWD3JD62FFCSDM
X-Message-ID-Hash: QJXNVKLYERI3AM33NWIWD3JD62FFCSDM
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: We cannot trust Issuers
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/R53ZeHu5RH4zBP2pAsT0cX7d5E4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
On Tue, Jul 23, 2024 at 11:15 AM Leif Johansson <leifj@mnt.se> wrote: > On Mon, 2024-07-22 at 19:43 -0400, Richard Barnes wrote: > > I would observe that any solution based on garden-variety digital > > signature (not something zero-knowledge like BBS / JWP) will have > > problems with issuer/verifier collusion. One-time tokens and batch > > issuance don't help. There is no such thing as SD-JWT with > > issuer/verifier collusion resistance. At best you could have SD-JWP. > > > > I don't think this needs to be a blocker on SD-JWT. There are use > > cases that don't require issuer/verifier collusion resistance. We > > should be clear on the security considerations and warn people away > > who care about issuer/verifier collusion resistance, and accelerate > > work on SD-JWP if that's an important property to folks. > > > > > +1 on this > I'm generally a +1 on this too. There is an attempt at a discussion around unlinkablity in the privacy considerations at https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-unlinkability currently. Concrete suggestions to that text about how to better frame the risks and difficulties around Issuer/Verifier Unlinkability (perhaps especially with respect to something like a government issuer compelling collusion from verifiers) would be welcome for consideration. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers John Bradley
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Richard Barnes
- [OAUTH-WG] Re: We cannot trust Issuers Michael Prorock
- [OAUTH-WG] Re: We cannot trust Issuers Dick Hardt
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Leif Johansson
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Nat Sakimura
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Tom Jones
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd