[OAUTH-WG] DPoP symmetric key idea
Dick Hardt <dick.hardt@gmail.com> Thu, 21 November 2019 10:07 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F224120AB8 for <oauth@ietfa.amsl.com>; Thu, 21 Nov 2019 02:07:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oW5L4kDqt0MG for <oauth@ietfa.amsl.com>; Thu, 21 Nov 2019 02:07:33 -0800 (PST)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7054C120AB5 for <oauth@ietf.org>; Thu, 21 Nov 2019 02:07:33 -0800 (PST)
Received: by mail-lj1-x235.google.com with SMTP id p18so2530535ljc.6 for <oauth@ietf.org>; Thu, 21 Nov 2019 02:07:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=SVcxCN9DGaHWV0OsLjYPrhLqEdVqYBYT+U3MKdEIll0=; b=sYnBhj0giis6ajzQsuF7m0P4z8OAbW3B2j8mLWIPeEMAWjNzyvfgPn9lh9MGQPyS3J 5xnPwc6gzS+SrhA2uYXwvRTU0WPGUG6A19Vyo7WyFfAtNfgWhBhwRsCXVXF8m8S/pyZL ZVM5HnB9cKauMIDsodetCy8DdNiQkGHVd48D0AkN7/200WO/K0Hj3KSfJGidrGxLFS25 ou75LSiXPJ8YSgw+Nys+RJ0WJNCf40xlQcp3moGGtP3NaErFHSBn9Z+lQ+IRjBiaR0Fl Rzak7M/JomhvNE35o492yILpUJv43rGiRc8xSqZw3vY6HgzYeVbzEcVZUKD7FjWaYa/L dWGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SVcxCN9DGaHWV0OsLjYPrhLqEdVqYBYT+U3MKdEIll0=; b=rG9t8Mov5uZqHSTbvn6xcOKRCt5+uZH1cq+31DWde/8+77a3o4fbeaS+tGk7blqWVn ITMWolp3mtX7/FOJixk6ghTsERff5WSTYmdIVkHjyv2bZyOGdR7elZP68caMw49nRPXj wNqSin5WtGd7uT5hVHHf3tR5KBztDa+D8SrJ6k1F45amuzrTFfYXMrS8Om+KEI4Nx1Js hfkKLYRQ9SSV697L9JnKmwGnxgkG76zRae3Pl6mpYUDg4ADFytvnuvGXL7renLPZ1YjW 9NFJg2AtnYNRFjyiHq0Vtfw2rEetiJFkqgI3OJD7f8uCrs9MzP2rxxAe2u5vDc/dXuDt ZDdw==
X-Gm-Message-State: APjAAAXS2t4EpjPpWztWunzDMRPs7eBp1bNNxZvNc25ibZLe1wd/D44U MH84G0v9amLH1OamRXHGZ54YGeImcwTmqxASJBmLlV5HYlQZRg==
X-Google-Smtp-Source: APXvYqw/BWsEW1Q/wf40oAgLXXoqkcIsDUXAepvUuWlHgjsIOuqTuBcsMjvrJGdPCvbyAz8POi9llLRWcF43a3pyUWw=
X-Received: by 2002:a2e:3313:: with SMTP id d19mr6835143ljc.240.1574330851279; Thu, 21 Nov 2019 02:07:31 -0800 (PST)
MIME-Version: 1.0
From: Dick Hardt <dick.hardt@gmail.com>
Date: Thu, 21 Nov 2019 18:07:19 +0800
Message-ID: <CAD9ie-v_Whj=2zbnTaBkfC2QV1OXBYh=0n9B8fo-m-b5G7vASA@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002646c00597d87749"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/b6tfoilmfR4I95w8N9_JpVNYUqs>
Subject: [OAUTH-WG] DPoP symmetric key idea
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 10:07:38 -0000
One take away I had from the meeting today, and form the mail list, is the concern of doing asymmetric crypto on API calls. How about if we use the Client's public key to encrypt a symmetric key and pass that back to the Client in the token request response? EG: In response to the token request, the AS additionally returns a derived symmetric key (SK) encrypted in a JWE using the Client's public key from the DPoP Proof. The SK = hash( salt, R ) R and the salt version V are included in the access token The AS and the RS share salts with versions. The Client decrypts the JWE and now has a symmetric key to sign a Symmetric DPoP Proof. The RS take R and V to calculate SK, and verify the signature of the Symmetric DPoP Here is an updated flow: +--------+ +---------------+ | |--(A)-- Token Request ------------------->| | | Client | (DPoP Proof) | Authorization | | | | Server | | |<-(B)-- DPoP-bound Access Token ----------| | | | (token_type=DPoP) +---------------+ | | PoP Refresh Token for public clients | | Symmetric Key JWE Client decrypts DPoP Symmetric Key | | | | +---------------+ | |--(C)-- DPoP-bound Access Token --------->| | | | (Symmetric DPoP Proof) | Resource | | | | Server | | |<-(D)-- Protected Resource ---------------| | | | +---------------+ +--------+
- [OAUTH-WG] DPoP symmetric key idea Dick Hardt
- Re: [OAUTH-WG] DPoP symmetric key idea David Waite