Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-bcp
Mike Jones <Michael.Jones@microsoft.com> Mon, 05 November 2018 08:39 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51926128CFD for <oauth@ietfa.amsl.com>; Mon, 5 Nov 2018 00:39:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.47
X-Spam-Level:
X-Spam-Status: No, score=-2.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzeJyESti9Gb for <oauth@ietfa.amsl.com>; Mon, 5 Nov 2018 00:39:31 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640134.outbound.protection.outlook.com [40.107.64.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E172B12D4EB for <oauth@ietf.org>; Mon, 5 Nov 2018 00:39:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ssfDhdHYgPUC1cV3b/nb6MT2AspSC4GjZGQJRHMgvTo=; b=KTjqmgUBtSmVdIK/mXm0grHiW7jtnPzKnrHSiZqVpLQC9alNHhEdF7iqy9zGWX46mdMq6Xh6z6THhpZGasZdEmql7B/EHYUU4ES1jPlbAxXEpG8rVBa/UftNUyWcczQJvyZAyqabwcm3gy9K9w5crfBuwglOvp2bkUyFGZwHblQ=
Received: from SN6PR00MB0301.namprd00.prod.outlook.com (52.132.117.155) by SN6PR00MB0317.namprd00.prod.outlook.com (52.132.117.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1349.0; Mon, 5 Nov 2018 08:39:28 +0000
Received: from SN6PR00MB0301.namprd00.prod.outlook.com ([fe80::a519:cc84:ebe4:5f51]) by SN6PR00MB0301.namprd00.prod.outlook.com ([fe80::a519:cc84:ebe4:5f51%10]) with mapi id 15.20.1351.000; Mon, 5 Nov 2018 08:39:28 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, oauth <oauth@ietf.org>
CC: Yaron Sheffer <yaronf.ietf@gmail.com>
Thread-Topic: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-bcp
Thread-Index: AQHUPYBLZ8Pf3pDy70ieP7DpSsramaVBSSJg
Date: Mon, 05 Nov 2018 08:39:28 +0000
Message-ID: <SN6PR00MB0301C6909630591B0BAB27DDF5CA0@SN6PR00MB0301.namprd00.prod.outlook.com>
References: <CABcZeBOwbN9-Yjoshc-NW7Px_c5RkVQg_8P3dHpZnRszNuJtQg@mail.gmail.com>
In-Reply-To: <CABcZeBOwbN9-Yjoshc-NW7Px_c5RkVQg_8P3dHpZnRszNuJtQg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [31.133.129.171]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR00MB0317; 6:k8crRTOjOtrj0A8ZW8C1v5iN7UjyOzf6p6xcyF9rggjGwBcUIwKRodmuDXWPxW8hXNftqIhBUnp7ogOOrG3cWa5kOmhxOWnu1GX+gsOy9FPjY9ASmYNqb6n5Vk+nH1zEskzpGlsrS+L6BT45yNACQlQof41vOzp1gwSNsLcxyKtMVwXHI60Hs8IMjLF9PSwyJr5l5OeTApzgdLpbY9rWVJIx0WJNNknfwzS7aTKOxreVydJAsYd6k9ZWO/XmKlUTthIHZwSxpe/0XGkVM/tnrWOKIavT3Vf6zBi4MEGmDQDw5ktteRuxxO0tGKt9XWI+PzwKagav2VV8FQEPuly2Xg07dmU4UcbCVc4g4HRaQ/kh851QSenmQZ64HuNreWrxGKxIoML2xj9xwWp4mKL9gSXQL0XfIQWpMLz36J3J/N5vHLu5yp93XqCmVboedPAcqkFNE1BmvnCKSCWxZd4VKw==; 5:0cudjJaJR1ZLS8c4buUNGamfY2yXvofCRE1hBAwWd9vDulJzF76KuWaIFKjzVTrLyApNWI4KksXmRE2+oRI71G/ljPxC09h7GueeJIlM0ePjgLEY/J5wIJRvvJRmIbGilOPIS9aCAa+m/59hczM0Z1PNxpLMk3TKJsKKPw4hXGU=; 7:VQ0CgaZgM9Ewdtc8ZpKwh7VY89ssXbYWrztVx7G8i+LqBirLIyI6NqPG+sVpmI60g7gnpLyfXd9H3CBjTTrzO6Acn7xnXOh6Ib4THzYuJ3ZzaITfedkkZ0u48cfEcGk6rJh8P4V+0DPchMEdy0aJhg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d68414e0-f156-4289-2a03-08d642fa3337
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:SN6PR00MB0317;
x-ms-traffictypediagnostic: SN6PR00MB0317:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <SN6PR00MB03175ABE14093B3E9EC57FB6F5CA0@SN6PR00MB0317.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(8220035)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3002001)(3231382)(944501410)(52105102)(2018427008)(10201501046)(93006095)(93001095)(6055026)(148016)(149066)(150057)(6041310)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:SN6PR00MB0317; BCL:0; PCL:0; RULEID:; SRVR:SN6PR00MB0317;
x-forefront-prvs: 08476BC6EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(376002)(396003)(346002)(136003)(189003)(199004)(102836004)(6246003)(6436002)(39060400002)(2900100001)(11346002)(71200400001)(71190400001)(446003)(476003)(76176011)(74316002)(55016002)(99286004)(110136005)(86362001)(22452003)(66066001)(68736007)(10090500001)(486006)(14444005)(316002)(86612001)(256004)(606006)(81166006)(81156014)(5660300001)(8676002)(551544002)(14454004)(26005)(6506007)(53546011)(8936002)(33656002)(186003)(8990500004)(4326008)(72206003)(966005)(3846002)(790700001)(6116002)(7696005)(6306002)(54896002)(9686003)(53936002)(478600001)(236005)(97736004)(25786009)(229853002)(2906002)(106356001)(10290500003)(105586002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR00MB0317; H:SN6PR00MB0301.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: RbZK0R+z9PCANt/kl3bu6ze/JmYoY8pipz6St4zkMpRznpsRe3sLoj/RuPjJmdbIU4CkoCPAynJIWZUmBYAdpAwg8Fs5pMeWtWExyVppiJKp8AppsmSY8PkVwVKOaYY3eyEk7rwPgp4WwqpWsXYU35LnAJVuBkkPW3OKx72XlKlR9p3J/LowkwpIOTmDcGI8Xo1iRl9D19tkmSgeirpNaxI3jfZ4Z7upfB02A2FnwpBhlwRVOdETwVcmVqtzCcNkUKXqUo3pD+kYig6wrcssk2CmHYbvq/EQIs0Jmsc+GcNQ/0MJkH4bwfhsWwjFgWU0LOg7LYSb+aTtL265lpCsdImUN1QbJyBPcsTtvVCjcK4=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR00MB0301C6909630591B0BAB27DDF5CA0SN6PR00MB0301namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d68414e0-f156-4289-2a03-08d642fa3337
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2018 08:39:28.6343 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR00MB0317
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/kCpf4fKE2roxUncdJmE4r62aD0g>
Subject: Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-bcp
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 08:39:36 -0000
Hi Eric. Thanks again for your review. https://github.com/yaronf/I-D/pull/24 is intended to address your review comments. Text changes made to address each of your comments are listed below. From: OAuth <oauth-bounces@ietf.org> On Behalf Of Eric Rescorla Sent: Monday, August 27, 2018 4:03 AM To: oauth <oauth@ietf.org> Subject: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-bcp Rich version of this review at: https://mozphab-ietf.devsvcdev.mozaws.net/D4649 COMMENTS S 1.2. > 1.2. Conventions used in this document > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in > [RFC2119]. You will want to cite 8174 here. < The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", < "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be < interpreted as described in {{RFC2119}}. --- > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL > NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", > "MAY", and "OPTIONAL" in this document are to be interpreted as > described in BCP 14 {{RFC2119}} {{RFC8174}} when, and only when, they > appear in all capitals, as shown here. S 2.6. > > 2.6. Substitution Attacks > > There are attacks in which one recipient will have a JWT intended for > it and attempt to use it at a different recipient that it was not > intended for. If not caught, these attacks can result in the I don't understand this attack. Can you go into more detail? > For instance, if an OAuth 2.0 {{RFC6749}} access token is presented to an OAuth 2.0 protected resource > that it is intended for, that protected resource might attempt to gain access to a different > protected resource by presenting that same access token to the different protected resource, > which the access token is not intended for. S 3.2. > Therefore, applications MUST only allow the use of cryptographically > current algorithms that meet the security requirements of the > application.. This set will vary over time as new algorithms are > introduced and existing algorithms are deprecated due to discovered > cryptographic weaknesses. Applications must therefore be designed to > enable cryptographic agility. Is this must normative? < Applications must therefore be designed to enable cryptographic agility. --- > Applications MUST therefore be designed to enable cryptographic agility. S 3.2. > may be no need to apply another layer of cryptographic protections to > the JWT. In such cases, the use of the "none" algorithm can be > perfectly acceptable. JWTs using "none" are often used in > application contexts in which the content is optionally signed; then > the URL-safe claims representation and processing can be the same in > both the signed and unsigned cases. I think you probably need to have a clearer "don't use none by default" statement here. > The "none" algorithm should only be used when the JWT is cryptographically protected by other means. S 3.4. > ECDH-ES ephemeral public key (epk) inputs should be validated > according to the recipient's chosen elliptic curve. For the NIST > prime-order curves P-256, P-384 and P-521, validation MUST be > performed according to Section 5.6.2.3.4 "ECC Partial Public-Key > Validation Routine" of NIST Special Publication 800-56A revision 3 > [nist-sp-800-56a-r3]. Is there an X25519 specification for JWE? If so, you should probably specify the appropriate checks. > Likewise, if the "X25519" or "X448" {{RFC8037}} algorithms are used, > then the values MUST be validated according {{RFC7748}}. S 3.5. > 3.5. Ensure Cryptographic Keys have Sufficient Entropy > > The Key Entropy and Random Values advice in Section 10.1 of [RFC7515] > and the Password Considerations in Section 8.8 of [RFC7518] MUST be > followed. In particular, human-memorizable passwords MUST NOT be > directly used as the key to a keyed-MAC algorithm such as "HS256". If you can't use them "directly" than how should you use them? Do you want to say anything about password hashing (argon, etc.)? > Rather, the principles from {{RFC2898}} SHOULD be used > to derive cryptographic keys from user-supplied passwords. S 3.12. > of JWTs. > > Given the broad diversity of JWT usage and applications, the best > combination of types, required claims, values, header parameters, key > usages, and issuers to differentiate among different kinds of JWTs > will, in general, be application specific. I get that this is the state we find ourselves in, but it seems like it's unfortunate. This might be a good time to re-emphasize the recommendation for explicit types in 3.11. > For new JWT applications, the use of explicit typing is RECOMMENDED. Thanks again, -- Mike
- [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-bcp Eric Rescorla
- Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-… Mike Jones
- Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-… Mike Jones
- Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwt-… Eric Rescorla
- [OAUTH-WG] Fwd: AD Review of draft-ietf-oauth-jwt… Eric Rescorla
- Re: [OAUTH-WG] Fwd: AD Review of draft-ietf-oauth… Mike Jones