Re: [OAUTH-WG] JWT Response for OAuth Token Introspection and nonce

Neil Madden <neil.madden@forgerock.com> Thu, 18 March 2021 07:44 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9631E3A23DB for <oauth@ietfa.amsl.com>; Thu, 18 Mar 2021 00:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyqWlKp_OBDV for <oauth@ietfa.amsl.com>; Thu, 18 Mar 2021 00:44:54 -0700 (PDT)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E70B13A23DC for <oauth@ietf.org>; Thu, 18 Mar 2021 00:44:53 -0700 (PDT)
Received: by mail-ed1-x534.google.com with SMTP id h10so5373198edt.13 for <oauth@ietf.org>; Thu, 18 Mar 2021 00:44:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=from:mime-version:subject:date:message-id:references:cc:in-reply-to :to:content-transfer-encoding; bh=IBbbhgrEvo+NRyZ1Z4QJLAu+oosSijgxR1eTlmNfz5s=; b=EZbTBeenRWjEpvPTvGO76PSCwcZLp/9sYj4fXU6BVd3NJ46YUvu8LwXv0ecym8qq9l F1mBztzeJTJ7KZ67pyQqS+P3FSjai3ZXJPHEPDiWbPQQjV1vnP3tWCjwSmlmf+w4gDS2 IkubHOBHWDrCvnfNbeuH6xQAYhRtCRLSP52Z0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to:content-transfer-encoding; bh=IBbbhgrEvo+NRyZ1Z4QJLAu+oosSijgxR1eTlmNfz5s=; b=k12pXMqdgH50xoygVuYgjeasNPBzJRNM87K06KLfKv9jIqhYapJLo3aXS1FyP+le2X aSF+QkEa8whn8mVnDASi+FYCq1gw7w0ehVXYX8xIuE7Kpoc0bHOaPHRVBxcCTYreBq2z DobkUFvNnqe4bg9Xjp7DaZXpo5FRSB6E8xFl0DLjeYxMxIO9L3FX1enYxUFWcqwE127L esvgkdyKL7oTo/nmrfrVduwaPuKtDOIULYVSsQAEFGGb+/DvkvUmiCM4N7h3be150OD9 Ra+EziXv8551x37uPqWrRKoFG3uZofVuuVcpui1ZLA3X7pTvuLqrwhFpBhGJ9qGiQ759 isTw==
X-Gm-Message-State: AOAM531FdgTlv5tNYHtuVHFxJazwgBE7GpoNwVjim+539RuvFTuXmS7/ F0DlGSnpt6CIvk7o4LopXlNO0WBYbHKKxKap2hkihJIHb5Z+als6doFQeTZNQLAb2RUhm95jaA= =
X-Google-Smtp-Source: ABdhPJxrMEm9TvsOvJRcZkAs6fvNRXWO4qjjTWXinFVzZ6tagXcSGEzfSAnKmHecgpWHxOv+7mPROw==
X-Received: by 2002:a05:6402:104c:: with SMTP id e12mr1948787edu.108.1616053489934; Thu, 18 Mar 2021 00:44:49 -0700 (PDT)
Received: from [10.0.0.2] (252.207.159.143.dyn.plus.net. [143.159.207.252]) by smtp.gmail.com with ESMTPSA id ak20sm1105225ejc.72.2021.03.18.00.44.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 18 Mar 2021 00:44:49 -0700 (PDT)
From: Neil Madden <neil.madden@forgerock.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 18 Mar 2021 07:44:48 +0000
Message-Id: <D4516625-A215-4864-A893-16975A1E901D@forgerock.com>
References: <CALkShcttq5WKzJ4Zp8396hd+Dnoa6x74s0ekBGGNddWhoNqJ=g@mail.gmail.com>
Cc: oauth <oauth@ietf.org>, draft-ietf-oauth-jwt-introspection-response@ietf.org
In-Reply-To: <CALkShcttq5WKzJ4Zp8396hd+Dnoa6x74s0ekBGGNddWhoNqJ=g@mail.gmail.com>
To: Andrii Deinega <andrii.deinega@gmail.com>
X-Mailer: iPhone Mail (18D52)
Content-Type: multipart/alternative; boundary=Apple-Mail-7CCCD1BC-F59C-4FFC-A651-B2E9C53BC4A4
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/T0wKA6QSHsgKzo6r93knGySTfPo>
Subject: Re: [OAUTH-WG] JWT Response for OAuth Token Introspection and nonce
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 07:44:56 -0000


> On 18 Mar 2021, at 05:33, Andrii Deinega <andrii.deinega@gmail.com> wrote:
> 
> 
> The Cache-Control header, even with its strongest directive "no-store", is pretty naive protection... Below is an excerpt from RFC 7234 (Hypertext Transfer Protocol: Caching).
> 
>> This directive is NOT a reliable or sufficient mechanism for ensuring privacy.  In particular, malicious or compromised caches might not recognize or obey this directive, and communications networks might be vulnerable to eavesdropping.

This quote is about privacy. Your concerns so far have been about replay protection. TLS protects both. 

> 
> Regarding TLS, I've mentioned that we don't always have the luxury to see what is going on with the infrastructure. A bright example would be an AS implemented as a serverless application and hosted by one of the cloud providers.

Right, but (as I’ve said before) the same reasoning applies to a JWT too. The infrastructure could just as easily “terminate JWS” as it currently terminates TLS. As I keep saying, it’s much better to spend your time ensuring end-to-end TLS than end-to-end JWT. We should try to avoid writing specs just to work around badly configured infrastructure. 

(The counterexample to this is IoT applications, where messages often have to traverse protocol-translating proxies. But that’s not the case here).

> 
> As for,
> 
>> Right - so trying to solve this issue by replacing TLS with another technology that is just as susceptible to the problem is not a real solution. 
> 
> Following your logic, other RFCs such as 8555 (Automatic Certificate Management Environment) went the wrong way with their mandatory anti-replay built-in mechanism in quite similar circumstances.
> 
> https://tools.ietf.org/html/rfc8555#section-6.5

The only justification of the replay nonce given in RFC8555 is for protection of 0RTT early-data (which does not benefit from TLS’s normal replay protections). As to why a protocol that can typically tolerate latencies of several weeks (for cert renewal) needs 0RTT, you’ll have to ask the authors of that RFC. It makes little sense to me. 

— Neil

-- 
ForgeRock values your Privacy <https://www.forgerock.com/your-privacy>