Re: [OAUTH-WG] Signed JWK Sets
Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> Wed, 17 April 2024 18:35 UTC
Return-Path: <rifaat.s.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC197C14F5F7 for <oauth@ietfa.amsl.com>; Wed, 17 Apr 2024 11:35:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_kt1HHont5E for <oauth@ietfa.amsl.com>; Wed, 17 Apr 2024 11:35:36 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B1D1C14F5F2 for <oauth@ietf.org>; Wed, 17 Apr 2024 11:35:36 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2d4a8bddc21so1006711fa.0 for <oauth@ietf.org>; Wed, 17 Apr 2024 11:35:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713378934; x=1713983734; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=j6V1xNBO4/27VITkwdzl3Q74aLYOZjaFhF1ED+HWUvA=; b=UfuiNYmcPth9xbavRh88JF1PplEwtxr+vt57WN5Wb1a4gRl6OWeUS9Q+JitAatHB6W MYjE0wmQ5Y4sbDvijiIO7S3ALRLYcu+EEAFF1b7BUaFep3X59Jgu1eSUrAn8djxVbyRn NjLR6bCNtszB4WVxOwuv/Jh4APMkSDMD/iTaM6FJVPeLhRG5+Op+ZxXOLef9ZXVqniWJ jHBXES4JxES4Tp344xp8qqcKg2dhqb+2jLf4uJP0S7SCfS250XuDbQrbtwDz6BuoXl1+ 6rvHCt/8cLvV7scN3LswqyUIsYT7w1QUdhito8HQVdgCwlAR8mAf6sq6jfGEtHfp6FJ+ QSog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713378934; x=1713983734; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=j6V1xNBO4/27VITkwdzl3Q74aLYOZjaFhF1ED+HWUvA=; b=pEZfBa8Z6cD1MTrV4SJLbC+tiL+hxVMPye3BFbQu9/mZEckhPDtlLlUwmkqgw+dA5b fk0SnragnZR0a9qSDGbVSfGi2f/iWSukeBmJa0kcjFTvgEm++qq1pAPDomq6YR8rqw0w xDkbhLxujcehc3Bx5e2DZL91JgN67TkY7lWKYBMJi4zRToey1z3uwtKYjXRb7xE/1y/G TrUDVOqDQiVWAMGrzZ4bRCjQ1LoUswSZBL+BCfwBDlZF3VEf2JGZLLyCKO3eweoKefGV n4BKEodoSX3F9BQhEG08totXxFZhrCCfOhLNLh+9J5M7rJpAHFRGxzOwFBK/aZDWbkFW UAug==
X-Gm-Message-State: AOJu0YwehkT5cdXBoEUr6v3eKZ37a8iOLEmD710IwCxwfven4lxrW8GL JysJoE0MOL4P65bmNkbbYDAn006C8UY9NCsymbjarm17+TfcXlsudJWAt7qkilIsPn2oXxN4wFG FF4rqyFt6Ef6P+WE6nvVXExSAwH6Hig==
X-Google-Smtp-Source: AGHT+IHv69qdsxqPogRIfZOYMEsVodRVmPazyQfWGajnw9+sTJLAnNuM+j5x2SSppfwyBIH7IHhJ7mbJAWxWwd0NyYQ=
X-Received: by 2002:a2e:a411:0:b0:2d7:1f9e:670 with SMTP id p17-20020a2ea411000000b002d71f9e0670mr105734ljn.0.1713378933335; Wed, 17 Apr 2024 11:35:33 -0700 (PDT)
MIME-Version: 1.0
References: <CANhuC9Qa+jH-OhXJX0Fiyr4CZWfjiVm45cQ8m-ZekotQKqKmsw@mail.gmail.com>
In-Reply-To: <CANhuC9Qa+jH-OhXJX0Fiyr4CZWfjiVm45cQ8m-ZekotQKqKmsw@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Wed, 17 Apr 2024 14:35:22 -0400
Message-ID: <CADNypP93E5W1upCHKWM6TR-DZaucuadjvSkV7PJKVfC2T7ALjw@mail.gmail.com>
To: John Zila <john@jzila.com>
Cc: oauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000aff3d106164f1e43"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/SY03Nf-_SVET5_cGQEp2Z9aVqVc>
Subject: Re: [OAUTH-WG] Signed JWK Sets
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 18:35:36 -0000
Just to be clear, this is *not* a call for adoption at this time. So, please focus on discussing the concept described in this individual draft. Regards, Rifaat On Wed, Apr 17, 2024 at 1:43 PM John Zila <john@jzila.com> wrote: > On 11 Apr 2024, at 21:15, Neil Madden <neil.e.madden@gmail.com> wrote: > > > I'm still digesting this draft, and generally supportive of it. However, > I don't think it stops the attack you mention here, which sounds similar to > threats that Ryan Sleevi discussed for FastFed in [1]. Essentially, in the > current OIDC model, an attacker that briefly compromises the jwks_uri of an > OP (e.g. through a mis-issued TLS cert) can serve a JWK Set containing > public keys under their own control with a long Cache-Control header. > Clients then might blindly cache that key set even beyond the time when the > certificate is revoked and the rightful owner restored. > > > > But I think this attack is basically the same even with PIKA. The > attacker in this case just uses their mis-issued cert to sign the PIKA and > serve that instead, perhaps putting a really long "exp" claim in it so that > clients cache it for a really long time. The only thing that would stop > that is if the draft insisted that clients regularly perform an OCSP or CRL > lookup on the cert in the x5c chain to make sure it hasn't been revoked. > But that would completely negate the benefits of avoiding clients all > hitting the OP jwks_uri: we've just shifted the burden from the OP to the > CA. > > I am also supportive of this draft. Chain of Trust is a real problem in > JWT issuance, and it's nice to see a simple solution that addresses it. > Regarding Neil's attack above, rather than requiring clients to separately > do OCSP or CRL, you could envision an OCSP stapling-like approach that > could include a signature over a timestamped PIKA as a "staple" in a JWT, > which moves up the proof of issuer validity to the time of issuance of the > JWT, rather than just the last time you retrieved the PIKA. If you see a > new PIKA staple, you know you need to fetch again. If you see a staple for > a PIKA you've already cached, then you know it hasn't been revoked. > > You could additionally layer this approach by stapling the PIKAs > themselves, where the PIKA staples are periodically updated to assert > continued validity of the signing certificate. With such a system, you can > provide guarantees regarding validity latency down the entire signature > chain. > > - John > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- Re: [OAUTH-WG] Signed JWK Sets John Zila
- [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Michael Jones
- Re: [OAUTH-WG] Signed JWK Sets Michael Jones
- Re: [OAUTH-WG] Signed JWK Sets Watson Ladd
- Re: [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Watson Ladd
- Re: [OAUTH-WG] Signed JWK Sets Joseph Salowey
- Re: [OAUTH-WG] Signed JWK Sets Orie Steele
- Re: [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Ethan Heilman
- Re: [OAUTH-WG] Signed JWK Sets Neil Madden
- Re: [OAUTH-WG] Signed JWK Sets Ethan Heilman
- Re: [OAUTH-WG] Signed JWK Sets Joseph Salowey
- Re: [OAUTH-WG] Signed JWK Sets Neil Madden
- Re: [OAUTH-WG] Signed JWK Sets Neil Madden
- Re: [OAUTH-WG] Signed JWK Sets Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Signed JWK Sets James Carnegie