Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-threatmodel

Mark Mcgloin <mark.mcgloin@ie.ibm.com> Tue, 24 April 2012 14:10 UTC

Return-Path: <mark.mcgloin@ie.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B819F21F87A9 for <oauth@ietfa.amsl.com>; Tue, 24 Apr 2012 07:10:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZvIzAT9H2rs for <oauth@ietfa.amsl.com>; Tue, 24 Apr 2012 07:10:37 -0700 (PDT)
Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108]) by ietfa.amsl.com (Postfix) with ESMTP id D377921F87A7 for <oauth@ietf.org>; Tue, 24 Apr 2012 07:10:36 -0700 (PDT)
Received: from /spool/local by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <mark.mcgloin@ie.ibm.com>; Tue, 24 Apr 2012 15:10:30 +0100
Received: from d06nrmr1806.portsmouth.uk.ibm.com (9.149.39.193) by e06smtp12.uk.ibm.com (192.168.101.142) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 24 Apr 2012 15:10:28 +0100
Received: from d06av12.portsmouth.uk.ibm.com (d06av12.portsmouth.uk.ibm.com [9.149.37.247]) by d06nrmr1806.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q3OEAST42715656; Tue, 24 Apr 2012 15:10:28 +0100
Received: from d06av12.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av12.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q3OEARb6027059; Tue, 24 Apr 2012 08:10:27 -0600
Received: from d06ml091.portsmouth.uk.ibm.com (d06ml091.portsmouth.uk.ibm.com [9.149.104.170]) by d06av12.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id q3OEARTp027052; Tue, 24 Apr 2012 08:10:27 -0600
In-Reply-To: <4F96A99F.7010303@mtcc.com>
References: <CALaySJLy6jpuPqxQXfKfpx0TpcK1gav1NtcTOoh+NOr11JSCbw@mail.gmail.com> <4F8DE789.4030704@mtcc.com> <CALaySJK1ej_HkP5Jz26XT-KjULirD2iFfVOpRkHgPZp-CbJCrg@mail.gmail.com> <4F957EA7.3060004@mtcc.com> <OF3ECF645E.478720A4-ON802579EA.002D0B13-802579EA.002D8D07@ie.ibm.com> <4F96A99F.7010303@mtcc.com>
X-KeepSent: 827108F6:2A40EB27-802579EA:004D6EF2; type=4; name=$KeepSent
To: Michael Thomas <mike@mtcc.com>
X-Mailer: Lotus Notes Release 8.5.1FP5 SHF29 November 12, 2010
Message-ID: <OF827108F6.2A40EB27-ON802579EA.004D6EF2-802579EA.004DDCE8@ie.ibm.com>
From: Mark Mcgloin <mark.mcgloin@ie.ibm.com>
Date: Tue, 24 Apr 2012 15:10:20 +0100
X-MIMETrack: Serialize by Router on D06ML091/06/M/IBM(Release 8.5.2FP1 ZX852FP1HF12|September 28, 2011) at 24/04/2012 15:10:20
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
x-cbid: 12042414-8372-0000-0000-0000025C6F73
Cc: Barry Leiba <barryleiba@computer.org>, "oauth@ietf.org" <oauth@ietf.org>, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-threatmodel
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2012 14:10:37 -0000

Michael Thomas <mike@mtcc.com> wrote on 24/04/2012 14:24:47:

>
> Re: [OAUTH-WG] Shepherd review of draft-ietf-oauth-v2-threatmodel
>
> On 04/24/2012 01:17 AM, Mark Mcgloin wrote:
> > Hi Thomas
> >
> > Your additional text is already covered in a countermeasure for section
> > 4.1.4.  In addition, section 4.1.4.4 states the assumption that the
auth
> > server can't protect against a user installing a malicious client
> >
>
> The more I read this draft, the more borked I think its base assumptions
> are. The client *is* one of the main threats. Full stop. A threat
document
> should not be asking the adversary to play nice. Yet, 4.1.4 bullets 1 and
> 3 are doing exactly that again. If those are countermeasures, then so is
> visualizing world peace.
>

Irrelevant - we are only discussing bullet 2

> As for bullet two, it doesn't mention revocation, and I prefer Barry's
> section generally. I can't find a section 4.1.4.4
>

Sorry, section 4.4.1.4, not section 4.1.4.4. It is implicit that bad
clients will be revoked - for brevity sake, we don't need to spell that
out.

> Mike
>