IETF Logo Mail Archive

[OAUTH-WG] FW: MAC: Cookie name or value as MAC key id

"Manger, James H" <James.H.Manger@team.telstra.com> Tue, 14 June 2011 14:26 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D44E9E801E for <oauth@ietfa.amsl.com>; Tue, 14 Jun 2011 07:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWmUWzBXBPu8 for <oauth@ietfa.amsl.com>; Tue, 14 Jun 2011 07:26:53 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by ietfa.amsl.com (Postfix) with ESMTP id 26E389E800A for <oauth@ietf.org>; Tue, 14 Jun 2011 07:26:52 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.65,364,1304258400"; d="scan'208";a="38036690"
Received: from unknown (HELO ipcbvi.tcif.telstra.com.au) ([10.97.217.204]) by ipocvi.tcif.telstra.com.au with ESMTP; 15 Jun 2011 00:26:50 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6376"; a="28831906"
Received: from wsmsg3751.srv.dir.telstra.com ([172.49.40.172]) by ipcbvi.tcif.telstra.com.au with ESMTP; 15 Jun 2011 00:26:50 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3751.srv.dir.telstra.com ([172.49.40.172]) with mapi; Wed, 15 Jun 2011 00:26:50 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: oauth <oauth@ietf.org>
Date: Wed, 15 Jun 2011 00:25:12 +1000
Thread-Topic: MAC: Cookie name or value as MAC key id
Thread-Index: AcwqL/kMOBs9DL99R+SHchOEYK5ihAAJnmqwAAJMj+AADybjsA==
Message-ID: <255B9BB34FB7D647A506DC292726F6E112868E56E3@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [OAUTH-WG] FW: MAC: Cookie name or value as MAC key id
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 14:26:54 -0000

>> There have been suggestions that the MAC calculation could/should cover
>> the key id. In that situation it is even more crucial that the id field isn't just a
>> name referring to the real value elsewhere - as then the security changes
>> based on the syntax used to issue the credentials.

>What suggestions? We could not come up with any reason to include the key identifier in the >normalized string.

Adam Barth said "one possibility is to include the value of the Cookie header in the MAC". That was in response to Robert Sayre's suggestion of a server-provided nonce ("opaque" parameter) that would be covered by the MAC, which Adam said could go into the key id. Adam did go on to say he hadn't seen much demand for this feature from site operators he has talked to. [http://www.ietf.org/mail-archive/web/oauth/current/msg06631.html]

So not a complete suggestion with proposed text for the spec -- just a hint that it was a possible design. HTTP Digest signs the username, for instance. I don't have a specific reason to sign the key id. I don't think it would be harmful. Perhaps it could help where the key id is actually a combination of complicated assertions (eg SAML) by giving a bit more protection against attacks that modify the Authorization header. Various PKI specs include a cert id in the data they sign, purportedly for security/legal reasons.

The point was that an id field that is sometimes the key id, but at other times just a pointer to the key id (with no indication of which mode is in use), does not feel like a good design -- at least not until I understand the compelling reason for keeping the Cookie header when using MAC with Cookie-issued credentials.


Adam provides an ok argument for why tacking MAC-... attributes on to an existing cookie will be the simplest implementation choice. (Thanks)

>Most folks who run web sites use cookies to generate sessions.  These
>folks will layer the MAC protections on top of their existing systems
>by adding a couple cookie attributes and verifying an HMAC.  If we
>removed the MAC cookie from the Cookie header, the Cookie header would
>be different in supporting and legacy user agents, causing pain and
>misery.
>
>It might be instructive to try using MAC in a real deployment.  You'll
>see immediately why this behavior is preferable.


Perhaps omitting the id parameter from the Authorization header would be an even better approach than using the cookie name. It avoids that minor repetition, and is an unambiguous signal that the key id comes from elsewhere (ie from a cookie value).

--
James Manger

v2.23.0 | Report a Bug | By Email