[OAUTH-WG] draft-ietf-oauth-dpop-00 comments
"Peck, Michael A" <mpeck@mitre.org> Wed, 01 April 2020 17:14 UTC
Return-Path: <mpeck@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60D5C3A13D2 for <oauth@ietfa.amsl.com>; Wed, 1 Apr 2020 10:14:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfxyiESdU2h3 for <oauth@ietfa.amsl.com>; Wed, 1 Apr 2020 10:14:08 -0700 (PDT)
Received: from smtpvbsrv1.mitre.org (smtpvbsrv1.mitre.org [198.49.146.234]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E16143A1406 for <oauth@ietf.org>; Wed, 1 Apr 2020 10:14:06 -0700 (PDT)
Received: from smtpvbsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id BF482332031 for <oauth@ietf.org>; Wed, 1 Apr 2020 13:14:03 -0400 (EDT)
Received: from smtprhbv1.mitre.org (unknown [129.83.19.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpvbsrv1.mitre.org (Postfix) with ESMTPS id 711EA33201E for <oauth@ietf.org>; Wed, 1 Apr 2020 13:14:03 -0400 (EDT)
Received: from mbfesmtp-mgt.mitre.org (unknown [198.49.146.235]) by smtprhbv1.mitre.org (Postfix) with ESMTP id 6464E80C0D3 for <oauth@ietf.org>; Wed, 1 Apr 2020 13:14:03 -0400 (EDT)
Received: by mbfesmtp-mgt.mitre.org (Postfix, from userid 600) id 48st8W2rJmzlYC; Wed, 1 Apr 2020 17:13:49 +0000 (UTC)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02lp2101.outbound.protection.outlook.com [104.47.64.101]) by mbfesmtp-mgt.mitre.org (Postfix) with ESMTPS id 48st8B55qVzlnd for <oauth@ietf.org>; Wed, 1 Apr 2020 17:13:46 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jMlIHuaJp9B2t5oD0drREUMLTFzQYMclDam+kPBoqZc76OxD/wTFZMxnyq5McxLmeMnMCpLdhju9OwyE4/Zmt8NNrXozX+xtfpXgqj5YdlvQBP3w2+MvW+O8ea7P2XfGdonJ2sqMwQgyYjdQlaCU5wST1MCvYS/EXglM4iUK/tKbyl5k+PJQ5DDRkR0+eZYzpJhbaAheRxbNMIHhzciiMhcpjz/NkfHnuur71CltT07pXSYOCC2ohT29C+daIMmCRfgxDqGzZeCohP6bsv/4IsLtfFw2gxoIRdT5vYP/mKAw1grcENJUp1W/9d96kwKbOQRJtPMV5b3yIDB87CWzhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1p3ajwvRED6qn5ULI9HeIOUUvSNVW1JQULeh2DxmtpE=; b=VC5o4RyGtzZ7Q6jv3iFYvLbE+peZ+njAPF7ZoeFnVeDmearj/X4aFI7PgTfQH2jODLjSqu20kvkK+8bRJW/L/B2aJuchVLtWHgVVpP7mFhRN8N5DcQmbwtOrf1O8lP+zzsFwOnXmkSGtDeg+FdDT37QWtlOgqgHFpSphEYnCYxpuA8FBj7a46czmMP+DO+xXSp6cRa8W/78sDLIqq0VeLlbd18reN0L5/TIpH6ewQtCYBt7ErF8tQMJ6l6dcRj7dv0vgEf2bvO5gTPUvVyPjYacartq7o9TFyMkT9gXKiWu8bC9u5AVvhZsXzr9qfNyhhtCGEXwwjegUYBqhtK2KSQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mitre.org; dmarc=pass action=none header.from=mitre.org; dkim=pass header.d=mitre.org; arc=none
Received: from BL0PR0901MB4578.namprd09.prod.outlook.com (2603:10b6:208:1c5::17) by BL0PR0901MB3731.namprd09.prod.outlook.com (2603:10b6:207:38::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.18; Wed, 1 Apr 2020 17:13:46 +0000
Received: from BL0PR0901MB4578.namprd09.prod.outlook.com ([fe80::4c0:c5a6:52f:6e08]) by BL0PR0901MB4578.namprd09.prod.outlook.com ([fe80::4c0:c5a6:52f:6e08%6]) with mapi id 15.20.2856.019; Wed, 1 Apr 2020 17:13:46 +0000
From: "Peck, Michael A" <mpeck@mitre.org>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: draft-ietf-oauth-dpop-00 comments
Thread-Index: AQHV/VsiS+GbQkdim0uit4ZD3i6X4w==
Date: Wed, 01 Apr 2020 17:13:45 +0000
Message-ID: <0995BBB3-73E2-4831-B07E-BB5CB5F17AE9@mitre.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mpeck@mitre.org;
x-originating-ip: [192.160.51.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: bf9dda87-1883-45ff-a855-08d7d6600974
x-ms-traffictypediagnostic: BL0PR0901MB3731:
x-microsoft-antispam-prvs: <BL0PR0901MB373156AA356D808F492ABE51B9C90@BL0PR0901MB3731.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03607C04F0
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR0901MB4578.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(366004)(136003)(396003)(346002)(376002)(39860400002)(316002)(6916009)(81156014)(6506007)(8936002)(2906002)(966005)(81166006)(478600001)(6486002)(64756008)(26005)(8676002)(66556008)(66446008)(33656002)(71200400001)(76116006)(6512007)(66476007)(66946007)(86362001)(186003)(36756003)(2616005)(5660300002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XQGw5w3T2ytcnwDB51whZeDyi2K9iQzVdZJ+jlOv9cyu5JlVXVtIXdJVHz8yaB7bouUe6VaVhMxlYEn9AcQNYCNydyjelZI+2Hfapij+p5B7m20bM0KCX5nIBARqgkKbGETzusMtIGkRRuSQFo8WcQkPEHQjNW7mz7CdmQe3PuswwMo/wJiJuWw9aUrPwC5cHAraug2wmxRc+KXwf7ueD8Axrf6WAHjBTvv6CCAefMe20Tz0pnefFBwEu5YBwgSxS7Qlm1VPSJ3hAshU6VaIlpQm0z0ScxcmltwtFpFp+1oeL2ZScJR74eXFirKYdNMfTu3Hd8zVIt81QJWhDJfjezQHY8QVuoKlyj09zJnT0tafnXwQ3Ix7pGaJrjHPWMK8iL4X3Tth2F6QGR1Z8owAG7Tidf/sXfU7g3mp3sQkEBDu99vWfHIlDB/oAhy1Pl++p5ujZnKgymDV7G4k7fgWMknZkIUhttvFU3dtWmqP/zVcZxWkNf/Pqa3y4xEmYfRWDDK4oMp9f3moaRB3leiR8A==
x-ms-exchange-antispam-messagedata: GFvm7r2cg9Vr1WGZnBz7z7oF5M7WE6/Ey/9fhNwWZUVWwyB4TA+d/S/RG32jLSa0RHXIhfqIYtgmZFg/gP4Iw2NIgeMGPaRuNC1LYM1xeCUtibLCgZLu2WKQCHEAewSQpzhbeesgKAftrXOxdum4Wg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <87BF6E69B5537C4A8F9BA665E7118BBF@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: mitre.org
X-MS-Exchange-CrossTenant-Network-Message-Id: bf9dda87-1883-45ff-a855-08d7d6600974
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2020 17:13:45.8157 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tqsHYOhJyVA3xHbLnodGkSK2xnfZGMjRBxIkcdp4m/zViaZE01VkKVVjiMjt92ic
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR0901MB3731
X-MITRE: 8GQsMWxq66rxk57w
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=from:to:subject:date:message-id:content-type:content-id:content-transfer-encoding:mime-version; s=selector1; bh=1p3ajwvRED6qn5ULI9HeIOUUvSNVW1JQULeh2DxmtpE=; b=FIaidYZak5q43klAWW+5U2wvOzvmT9IgVRknMR4fGE/EEAixJT3UNEPEiWNWDnCpHane/lpINXidknqBnP0FeL6GXcNjLtuydS0s6Fyd15nS2/knLmKE3FSxdjAVEnI0PFbjpNpSM45kTubo6d2AwdeyN9Zwc1JhEnqCsFMCUAE=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/cT5KZrJt7JhrCzatIuaGWixwhVs>
Subject: [OAUTH-WG] draft-ietf-oauth-dpop-00 comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2020 17:14:16 -0000
Hi, Glad to see DPoP moving forward as a working group item. I have a couple of comments on the current draft: 1. I recommend expanding the description of the threat model. It's not entirely clear to me what threats DPoP is expected to address, which makes it hard to evaluate whether DPoP meets its objectives. Section 2 states that the main objective is to prevent an adversary who set up a counterfeit AS or RS from replaying a received refresh token or access token at another server. Would it be possible to expand upon the description of this threat and how it may occur? Are there other situations where an adversary may be able to capture a refresh token or access token that should be mentioned as objectives to address - e.g. malicious / third-party JavaScript code? Presumably the counterfeit AS or RS will not have the same hostname (e.g. with an illegitimately issued server certificate) as the legitimate server, as otherwise DPoP wouldn’t provide protection. Why would the client send the refresh token to the wrong AS? For resource servers, why wouldn’t an access token audience restriction suffice? Is the concern that the access token might not contain an audience restriction, or might contain multiple audiences? (If the concern is that the resource server wouldn’t check the audience, I’d have a similar concern that it wouldn’t check a DPoP proof.) 2. DPoP currently does not provide any guarantees that the DPoP signature was freshly generated, as there is no nonce from the server incorporated into the signature. I assume there is no practical means for the server to send a nonce to the client to use with each request that wouldn't over-complicate DPoP. I also don't see any guidance in the draft about lifetime/rotation of each DPoP key or whether the same key can be used with multiple servers. My concern is that something analogous to this Kerberos PKINIT attack - https://mailarchive.ietf.org/arch/msg/krb-wg/pLgID35fNG1Zh_QJjgXH9vEbwoQ/ - could occur if DPoP signatures can be pre-computed by an adversary that somehow gains the ability to compute signatures with the private key but doesn't gain access to the private key itself. Could that potentially happen with malicious JavaScript code? The iat timestamp is insufficient since future values could be inputted with the signatures stored for later use. I could envision a private key potentially being re-used for a long period of time, and depending on how DPoP ends up getting used in practice, a private key being used with multiple servers? If guaranteeing some degree of freshness of the signature is a concern, one solution could be to incorporate the authorization code into the DPoP signature for token requests to the AS with grant_type=authorization_code, incorporate the refresh token into the DPoP signature for token requests to the AS with grant_type=refresh_token, and incorporate the access token into the DPoP signature for requests to a resource server. That would prevent pre-computing DPoP signatures before the authorization code / refresh token / access token is generated by the AS, as long as the recipient properly checks the DPoP proof. I'd also suggest adding guidance on rotating the DPoP key - e.g. mandate/recommend that the client create a new keypair for each token request? Thanks, Mike
- [OAUTH-WG] draft-ietf-oauth-dpop-00 comments Peck, Michael A
- Re: [OAUTH-WG] draft-ietf-oauth-dpop-00 comments Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-dpop-00 comments Justin Richer
- Re: [OAUTH-WG] draft-ietf-oauth-dpop-00 comments Benjamin Kaduk
- Re: [OAUTH-WG] draft-ietf-oauth-dpop-00 comments Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-dpop-00 comments Benjamin Kaduk