Re: [OAUTH-WG] Omit "jwk" (or use "kid" instead) in DPoP Proof?

Brian Campbell <> Tue, 15 September 2020 23:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B51683A0F04 for <>; Tue, 15 Sep 2020 16:13:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nNwWLu6cadJp for <>; Tue, 15 Sep 2020 16:13:37 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E8B483A0F02 for <>; Tue, 15 Sep 2020 16:13:36 -0700 (PDT)
Received: by with SMTP id z17so4864967lfi.12 for <>; Tue, 15 Sep 2020 16:13:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XLq4anjY9oVbC1W046vmeyzat/wreX2NjC2PaQzWD1g=; b=Sp8cL1g7EadEQzQyySku5H/7FBx2c36mdtNxed3XYsi8uN9ExGI/nE8SSlwjpoWGNp /NLjxXuqRToR1AECKSSSMtmtDOhMr9Q0/Ipx9ekZSipJkFHSyrhox/zTlLR1mZ7DauPk +q6O42S3DDHJJ/z1n/KXD/uu54qaRaR7gfL6LlNllMQExHPFZ34beg24AAeL4EAdBoez H0NDacqohpoFT1MP9bY7ikkdeni6GkB+YYCWLeo2TNohk/ppWaikSir53lS/Sx2pBQxY rtiXUruYUW4+qL0rX2O+xTp3B44S0u7bYfdcvBa7UeCaZOsdffL+77DPsjKLQ7u8f+G3 s4Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XLq4anjY9oVbC1W046vmeyzat/wreX2NjC2PaQzWD1g=; b=PBIzxJw0YQekZrPn9OCw7D+j5+m46jI8oB9N0lNR9zeSIsnlWNd4JOLlwAidBEAdYc wZZ1MMhBJqCPg3CBiitLa15M+Tr0wEJPFgrearf1I9+IOYnn27NkZ7kPyXckb9zDVWZP f0T+UVeRLBuz1OwaUnmiXKkXqeP3I9xo7L/nQQ4sga5WmYHVNVpdEk+cSlKqLViFtH5T 9a72x2pqAm0hjl5Pii8tB/moh8dh3DiWkNJ7zxK7QBgGESuXav77Pszo4C7fcPByebJO Msszq9F7ZOftVnSX8iWhqVTHJzPLzeNt3j/nCCTK8nWV3frxZgw1TJJZgYRhcboJq5B3 M/CA==
X-Gm-Message-State: AOAM531U5trO1sUvxAbTWEMLVaoUdSSx7pHiR7dF/h5/KayTwlF+uHYg wqPYQsIGD9SxnC6UE6H8midDkb3zIL/Q19Vp24iYdgkACpxtToHHXo/3SWDGoinw5mhRDO0Hhqg zO/lcFy0lDMg2GA==
X-Google-Smtp-Source: ABdhPJwdELI4eBAYF+1yFOmttbFY1sMx7d+6Gz9r5/xBu51u+vE7JX83/CwcWB1P1Wj4sLjNjWomIGFsiP0sLTUwSjg=
X-Received: by 2002:ac2:4c07:: with SMTP id t7mr6404572lfq.194.1600211614848; Tue, 15 Sep 2020 16:13:34 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: Brian Campbell <>
Date: Tue, 15 Sep 2020 17:13:08 -0600
Message-ID: <>
To: Dick Hardt <>
Cc: Neil Madden <>, oauth <>
Content-Type: multipart/alternative; boundary="000000000000de7c9405af624cf4"
Archived-At: <>
Subject: Re: [OAUTH-WG] Omit "jwk" (or use "kid" instead) in DPoP Proof?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Sep 2020 23:13:41 -0000

The tl;dr is that I believe Neil's suggestion is of sufficient merit to
warrant seriously considering making the change.

That was more words than it needed to be too. But maybe clarifies.

On Tue, Sep 15, 2020 at 4:51 PM Dick Hardt <> wrote:

> That was a lot of words Brian. What is the "tl;dr:"? (I read it, but I'm
> not sure where you landed given your last sentence)
> ᐧ
> On Tue, Sep 15, 2020 at 3:16 PM Brian Campbell <bcampbell=
>> wrote:
>> Sorry for the slow reply to this one, Neil. It's gotten me thinking a bit
>> and it took some time to gather my thoughts and attempt to articulate them.
>> It is true that, as defined in the current -01 draft, there is the
>> additional step for the RS to check that the proof key matches the hash in
>> the AT. But I think that equating it to "exactly" that kind of
>> CVE-2018-0114 mistake or Moxie’s Cryptographic Doom Principle is a
>> significant mischaracterization. The DPoP proof message and its signature
>> are used to establish that the sender holds the corresponding private key.
>> Then binding tokens to that key or checking such bindings can be done.
>> That's quite different from checking the signature/integrity of a message
>> against a trusted key before relying on the content of the message, which
>> is what CVE-2018-0114 and erroneously trusting the key is about. I'm
>> admittedly a little touchy about this because I tried to speak up about the
>> potential problems with blindly trusting the jwk header back in the days of
>> developing the JOSE specs. And have even joked more recently that the DPoP
>> proof finally uncovered a legitimate use for it. So with all that said, I
>> don't think it rises to the level of doom. And the step of checking the
>> binding of the token to the proof key is pretty fundamental. It's
>> conceptually the same as how the AT binding is done with MTLS / RFC 8705
>> and the expired/defunct draft-ietf-oauth-token-binding. That doesn't make
>> it right per se but there's some precedent for the general approach.
>> Following that conceptual precedent was part of the motivation for the
>> current approach - not so much as simplicity for the client but simplicity
>> in the form of consistency in the protocol definition itself. But maybe
>> that motivation was too much so as the hash based cnf binding is kinda
>> necessary in those that are doing the key proof at or closer to the
>> transport layer but DPoP has all the stuff at the same layer so could do it
>> differently. Putting the jwk in the cnf of the AT would eliminate the
>> possibility of resource servers forgetting to check the binding. Of course
>> there are still mistakes that could be made but removing even the
>> possibility of that particular one is compelling.
>> The efficiency gains you mention are dependent on circumstance and not
>> always applicable, as you've kinda alluded to. The many variations of
>> deployment options (e.g., reference vs self-contained tokens, introspection
>> vs. local validation and either with various caching strategies, location
>> of entities and communication path between them) make quantifying it rather
>> difficult and circumstantially dependent. However, moving the jwk from the
>> DPoP proof to the AT (by value or reference) would reduce the overall
>> amount of data that is conveyed across the two items from a jwk and its
>> hash to just the jwk. That's not a huge gain but it is more than nothing.
>> It would also eliminate the need to codify a hash function for the jwk
>> thumbprint, which admittedly would be rather nice.
>> I guess that's a lot of words to try and kinda defend the current
>> approach while also admitting that I'm coming around to seeing the light in
>> your suggestion.
>> On Wed, Sep 9, 2020 at 12:43 AM Neil Madden <>
>> wrote:
>>> I disagree with this rationale, I’m afraid. I don’t think the simplicity
>>> gain for the client is really very great and I think we will regret this
>>> decision.
>>> Most importantly, including the JWK directly in the proof token
>>> increases the likelihood that somebody will just validate the signature
>>> using that key and fail to check that it matches the hash in the AT. We’ve
>>> already seen at least one vendor make exactly this kind of mistake in the
>>> past [1]. Letting the proof tell you the key to use to verify the proof is
>>> another example of Moxie’s Cryptographic Doom Principle [2] - trusting the
>>> message before you’ve authenticated it.
>>> Moving the jwk from the DPoP proof to the AT/introspection response
>>> reduces the chances of these kind of mistakes.
>>> As a bonus it also has efficiency gains because the size of the DPoP
>>> proof is reduced - potentially by a lot for RSA keys. Although the JWK
>>> still has to be communicated to the RS, this can be more efficient because:
>>> - For token introspection, in many deployments the introspection request
>>> will be within a datacenter and so over a high-bandwidth low-latency
>>> network. This is usually not the case for the DPoP proof, which may be over
>>> a poor mobile connection.
>>> - For embedded directly in a JWT access token, the JWK will be in the
>>> claims rather than the header and so can at least be compressed. (Albeit
>>> not by much, because public keys don’t compress well, but the rest of the
>>> AT will and that can compensate a little for the extra bulk).
>>> [1]:
>>> [2]:
>>> — Neil
>>> On 8 Sep 2020, at 23:46, Brian Campbell <bcampbell=
>>>> wrote:
>>> Indeed there are cases, as you point out, where the key might be
>>> knowable to the server via some other means, which makes the "jwk" header
>>> in the DPoP proof not strictly necessary. And while omitting the key in
>>> such cases would reduce the size of some messages (the DPoP proof anyway),
>>> such optionality would add complexity to implementations and deployments
>>> (and that kind of complexity can and often does degrade interoperability
>>> and even security). How, for example, would a client know if the access
>>> token includes the public key and thus whether or not to include the key
>>> with the proof? Sure the access token could always include the key (rather
>>> than thumbprint) but then there's the question of how to get the key to the
>>> AS. As well as the stated desire to utilize the same DPoP Proof structure
>>> for requests to both the AS and RS. There will be some clients that have
>>> public key(s) registered and some that won't (maybe a lot that won't as a
>>> driving use case for many for this is key binding access and refresh tokens
>>> for public clients). The protocol defined by the draft needs to account for
>>> both.
>>> Ultimately there are a number of different ways the necessary data could
>>> flow through the various protocol elements. And there are some tradeoffs
>>> with different approaches and/or trying to accommodate variations under one
>>> approach. The approach the draft has taken thus far is to prioritize
>>> consistency and simplicity as much as is possible. And that ethos has led
>>> to how it's currently defined, which is to always include the key in the
>>> proof and bind to a hash of the key in the access token.
>>> On Tue, Sep 8, 2020 at 3:29 AM <> wrote:
>>>> Hi all,
>>>> In section 4.1 of draft-ietf-oauth-dpop-01, the "jwk" header parameter
>>>> is
>>>> REQUIRED. However, there are some cases where "jwk" is not necessary in
>>>> theory.
>>>> For example, consider a case where the client is registered with the
>>>> Authorization Server, and its one and only public key is also
>>>> registered with
>>>> the AS. In that case, when the AS receives a request on Token endpoint,
>>>> it can
>>>> just use the public key registered for the client to verify the DPoP
>>>> Proof.
>>>> There is no need to send the public key in DPoP Proof.
>>>> The same goes for requests to the Resource Server, if the AS and RS
>>>> share the
>>>> storage for clients' public keys. Things are a little difficult if the
>>>> AS and RS
>>>> are separate. Probably the Access Token or its introspection result
>>>> have to
>>>> include the public key (instead of its thumbprint as described in
>>>> section 7).
>>>> If the client registers multiple keys with the AS, it needs to specify
>>>> which key
>>>> it uses to sign the DPoP Proof. However, there is still no absolute
>>>> need to send
>>>> the whole key in DPoP Proof. Instead, the client could use "kid" header
>>>> parameter to specify the key.
>>>> Daniel Fett once mentioned the above case in the GitHub issue #26 [*1],
>>>> but I'm
>>>> not sure what happened to the discussion. There was also a comment on
>>>> the latest
>>>> draft about the "jwk" header parameter [*2]. I agree with using the
>>>> same DPoP
>>>> Proof structure for requests to AS and RS, but I think there are some
>>>> cases
>>>> where we can omit "jwk" in BOTH requests. Making "jwk" OPTIONAL would
>>>> allow
>>>> those cases to reduce some messaging overhead.
>>>> I'd like to hear your opinions about it.
>>>> [*1]:
>>>> [*2]:
>>>> Best regards,
>>>> Toshio Ito
>>>> -------------
>>>> Toshio Ito
>>>> Research and Development Center
>>>> Toshiba Corporation
>>>> _______________________________________________
>>>> OAuth mailing list
>>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>>> privileged material for the sole use of the intended recipient(s). Any
>>> review, use, distribution or disclosure by others is strictly prohibited.
>>> If you have received this communication in error, please notify the sender
>>> immediately by e-mail and delete the message and any file attachments from
>>> your computer. Thank you.*
>>> _______________________________________________
>>> OAuth mailing list
>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>> privileged material for the sole use of the intended recipient(s). Any
>> review, use, distribution or disclosure by others is strictly prohibited.
>> If you have received this communication in error, please notify the sender
>> immediately by e-mail and delete the message and any file attachments from
>> your computer. Thank you.*_______________________________________________
>> OAuth mailing list

_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._