Re: [OAUTH-WG] DPoP key rotation
Brian Campbell <bcampbell@pingidentity.com> Fri, 11 June 2021 20:20 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1695C3A1463 for <oauth@ietfa.amsl.com>; Fri, 11 Jun 2021 13:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzbbQdEHa893 for <oauth@ietfa.amsl.com>; Fri, 11 Jun 2021 13:20:49 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3F733A145F for <oauth@ietf.org>; Fri, 11 Jun 2021 13:20:48 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id i10so10325839lfj.2 for <oauth@ietf.org>; Fri, 11 Jun 2021 13:20:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PLL2fxIm29d+ABkBUziLmFOlA/xCDSCZuo8ZMgQd8GE=; b=d0Y9mbhxHaemrtL0IzJ+4p6bt98LxDB3W4u0MAlMrj14o++aR0EVA2yV/69XUAOPzK maBYV09WQqJ93+h06BVE+pAzqiHcWCdtmCxd8fBKYcmo79uTeuB3qcirveaKqKLQPVbD a0P+SqDleUwNv8MZC85CzrUsp0p4dKGgVkEqOjFVa8a327/YhdDgdPT9bSYEpZnTyd/X kFplenZrcZoDq+a3Jkr7WiUWHEFZH32byQrwyjn9ZB9ENENZHH1BdBcA2aMmZ3mn7CZ0 vY0+9XsO0lV4A2llIYyn/PeFWTqp56lkq1crezysml4dcEQLJUU3dCUZFBz8UOI5rTAl 2SOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PLL2fxIm29d+ABkBUziLmFOlA/xCDSCZuo8ZMgQd8GE=; b=Kf8dhYYJ0Sad9C5CVogAqZjZEOFdKaCsAsg1Rf79+uH6NjgktWpUuAnuXRDnFq1ZJz LJAOopDD67+kduoBXRqvF6tfX25hOgiH9T07EJDs0mcdBI2pjEnGYJAeD0m7BtHBK0th wDIH0el1o9PmFZtPnQxX5Hehk0NFR5cvdh5qo3QkD8XFxsaNHUkzc/y+bUHRPlF9MQKv sV2Ns9W/Mq6shXAuE1RKTjnd2nUCBn9SLX1R/lDklbdBOp9gxtr1bj1nfyTsM3w57Icz HwfYk4c5hE++MuShb4zvIWNvMhPTIcaeHglaOjya2BF4eaUA+NvtRPvvUOJ1BDyPMhJR l3Uw==
X-Gm-Message-State: AOAM532BcjS3/6pZpcq2L4U5tA5V4ojlPc9oijj+qap22Qu9TLdVmNlg vaf27HHnTPwy719wvbuOaPxJkVtbILo84fvocJuaTTyQqraN+xAsaAa4k8K4kH4skOmXPEzMcxG FWJVPDcvBRUm5iw==
X-Google-Smtp-Source: ABdhPJy5vjxf2E5IORVlfniBRFi3berKoygnwDjy7pdvsbNwtl2WvIdvL49ofgyXbyIO5VNSEtsK57k6KkFbb3XmxQc=
X-Received: by 2002:a19:f504:: with SMTP id j4mr3882604lfb.242.1623442846003; Fri, 11 Jun 2021 13:20:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAOtx8D=mdXHAgaEFspp7qEam6qH70LNUBTW_UivGxwYih1GDbw@mail.gmail.com>
In-Reply-To: <CAOtx8D=mdXHAgaEFspp7qEam6qH70LNUBTW_UivGxwYih1GDbw@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 11 Jun 2021 14:20:19 -0600
Message-ID: <CA+k3eCS4yA6GmWi8s87oXTVz3DAhjdaMukO289nh8Dqk-NAHnw@mail.gmail.com>
To: Dmitry Telegin <dmitryt=40backbase.com@dmarc.ietf.org>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000264b5405c4833eb2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/cl3GEsWXwdoxEENfHtT0ddGZB0k>
Subject: Re: [OAUTH-WG] DPoP key rotation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2021 20:20:54 -0000
Hi Dmitry, This ML is indeed the appropriate place for this kind of thing. You raise a legitimate question, however, the general rough consensus thinking has been that allowing for DPoP key rotation for refresh tokens and public clients (the only case where it's relevant) didn't add enough value to justify the added complexity. It doesn't help with the threat model for in-browser applications. And mobile applications have really good options for key storage - to the point that the kind of event that might compromise a DPoP key would involve a lot more than key rotation to cleanup from. On Tue, Jun 8, 2021 at 10:31 AM Dmitry Telegin <dmitryt= 40backbase.com@dmarc.ietf.org> wrote: > Hi, > > I'm Dmitry Telegin, I'm currently working on DPoP implementation in > Keycloak on behalf of my company, Backbase. Takashi Norimatsu of Hitachi > supervises this process as the head of the Keycloak FAPI SIG. > > With the current DPoP design, once the keypair has been generated on the > user agent and the initial token set has been obtained (using > authorization_code grant), the whole chain of the subsequent access/refresh > tokens will be bound to this particular keypair. That means, the keypair > should be persisted on the user agent for the duration of the session. > > OTOH, sessions could be rather long-lived, especially if we take offline > tokens [1] into account. In a nutshell, offline access provides a > non-expiring refresh token. This could be highly relevant e.g. for mobile > applications that would employ offline tokens to help users avoid logging > in every time. > > The longer the session lasts, the higher the probability of key leakage > is. Currently, the only way to switch to a new DPoP keypair is to start a > new session (i.e. log in again). Do you think it might be worth > incorporating some sort of key rotation concept into DPoP design? > > The most obvious way to perform key rotation is to do that during token > refresh. For that, we could make the refresh_token grant honour the > additional DPoP proof that would supersede the current one. From the > technical PoV, it could be as easy as supplying two proofs within the DPoP > header: > > DPoP: eyJ0eXAiO... eyJ0eXAiO... > > Or we can go with a single (old) DPoP proof, containing the new proof (to supersede the current one) as a claim (or vice versa). > > We'd appreciate any feedback from the WG. Also apologize if this ML is not the appropriate place to discuss issues like this. > > Regards, > > Dmitry Telegin > > Senior Backend Engineer, Backbase R&D B.V. > > [1] https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] DPoP key rotation Dmitry Telegin
- Re: [OAUTH-WG] DPoP key rotation Brian Campbell
- Re: [OAUTH-WG] DPoP key rotation George Fletcher
- Re: [OAUTH-WG] DPoP key rotation Nikos Fotiou
- Re: [OAUTH-WG] DPoP key rotation Neil Madden