Re: [OAUTH-WG] New Version Notification for draft-fett-oauth-dpop-03.txt

Torsten Lodderstedt <> Fri, 22 November 2019 13:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9135312084E for <>; Fri, 22 Nov 2019 05:33:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rOb7YQxyVhlO for <>; Fri, 22 Nov 2019 05:33:29 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A6533120143 for <>; Fri, 22 Nov 2019 05:33:29 -0800 (PST)
Received: by with SMTP id b137so1060917pga.6 for <>; Fri, 22 Nov 2019 05:33:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=idcctkzAniDFdkKUPVfmt3LLNpLthR4TNAPlI0khgo0=; b=BfMVRPqiIpPysa2usftYXy94QuJdSOix0SOPSFvbViZIIg4rB5RL3oO7BoNTHWcOVl su/iHCM1dtEpgCyd+dfnfY8utdXRJyTEu9TOMEXxZkwkRxYhRod5p8j0l8UiBGkUAtkH fjt2ewmlqnubE14A6oQ3Ugx9WqFwUScoL5z0WzZj4742RgpKcFMPeAMy2byFAtrJd3Gl gicpoP5VwIyC3zWHAB7zhgJnqu8XE9SbRvfIpIXchJ7P/Xfb9r6LQg8w2oVq2SpuBaK5 /5foQosZ3TtoIFJ+gLTrwRflwiu405CzpQXbXh3BRoLmj7mDtOy+Z9Q6Y++yi6y8n/ar rXSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=idcctkzAniDFdkKUPVfmt3LLNpLthR4TNAPlI0khgo0=; b=dW199wQKL/ntJToEVYtZPRpKKf50USYiIy/jAbYJOqcscjhPbKZPF1wcWxP6tSIYlz byuMD0PY/8BG3YVbI7DYEgvBOKa+JST35I8qNaA4CCLUsppDx2OUUIawq+XvgTe1k/J8 blstcdSYlnPWB+b30wJFXqceBsi8MV4EfmjW5Q0eG8qZpMQfDaLdET8sQ8l6K3DYRNur nMMrRViPvRjY9vVkdJ36bAx+jSLV/GrAdVCm+X45LA2/g0Obid+j9MwxH453DxJj6ohb jBKuiGWokItZFbJvYMywynHXXzGtSRD1YQrCXjGYSY/1S8VQBH2b8F3tsYrp0LWRociA rZVQ==
X-Gm-Message-State: APjAAAXdQ3gY8+O9Hy+d+NtFUOwk96vhFN9L+n3eWeo1N6F/86UWC1fS ABSCq0BXnFYTsaD1fgm1b5xHmw==
X-Google-Smtp-Source: APXvYqy3KriTsh69x7XcBCJO8Zby4wZXc/FHJZ/sKiBAuX7jykx+FU3eGycrpDN5y3xXpLBsS/Y6eA==
X-Received: by 2002:a63:cc56:: with SMTP id q22mr15999180pgi.439.1574429608961; Fri, 22 Nov 2019 05:33:28 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id 71sm7711226pfx.107.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Nov 2019 05:33:27 -0800 (PST)
From: Torsten Lodderstedt <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_2E0F5978-1D63-46A5-852B-64442296BE25"; protocol="application/pkcs7-signature"; micalg="sha-256"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\))
Date: Fri, 22 Nov 2019 21:33:21 +0800
In-Reply-To: <>
Cc: Justin Richer <>, oauth <>
To: Neil Madden <>
References: <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3601.0.10)
Archived-At: <>
Subject: Re: [OAUTH-WG] New Version Notification for draft-fett-oauth-dpop-03.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 22 Nov 2019 13:33:33 -0000

Hi Neil,

> On 22. Nov 2019, at 20:50, Neil Madden <> wrote:
> Hi Torsten,
> On 22 Nov 2019, at 12:15, Torsten Lodderstedt <> wrote:
>> Hi Neil,
>>> On 22. Nov 2019, at 18:08, Neil Madden <> wrote:
>>> I think the phrase "token replay" is ambiguous. Traditionally it refers to an attacker being able to capture a token (or whole requests) in use and then replay it against the same RS. This is already protected against by the use of normal TLS on the connection between the client and the RS. I think instead you are referring to a malicious/compromised RS replaying the token to a different RS - which has more of the flavour of a man in the middle attack (of the phishing kind).
>> I would argue TLS basically prevents leakage and not replay.
> It also protects against replay. If you capture TLS-encrypted packets with Wireshark you not only cannot decipher them but also cannot replay them because they include specific anti-replay measures at the record level in the form of unique session keys and record sequence numbers included in the MAC calculations. This is essential to the security of TLS.

I understand. I was looking onto TLS from an application perspective, that might explain differing perception.

>> The threats we try to cope with can be found in the Security BCP. There are multiple ways access tokens can leak, including referrer headers, mix-up, open redirection, browser history, and all sorts of access token leakage at the resource server
>> Please have a look at
>> also has an extensive discussion of potential counter measures, including audience restricted access tokens and a conclusion to recommend sender constrained access tokens over other mechanisms.
> OK, good - these are threats beyond token replay (at least as I understand that term). It would be good to explicitly add them to the DPoP document motivation.
> Note that most of these ways that an access token can leak also apply equally to leak of the DPoP JWT, so the protection afforded by DPoP boils down to how well the restrictions encoded into the JWT prevent it from being reused in this case - e.g., restricting the expiry time, audience, scope, linking it to a specific request (htm/htu) etc. 
> Every single one of those restrictions can be equally well encoded as caveats on a macaroon access token without any need for public key signatures or additional tokens and headers.
>>> But if that's the case then there are much simpler defences than those proposed in the current draft:
>>> 1. Get separate access tokens for each RS with correct audience and scopes. The consensus appears to be that this is hard to do in some cases, hence the draft.
>> How many deployments do you know that today are able to issue RS-specific access tokens?
>> BTW: how would you identify the RS?
>> I agree that would be an alternative and I’m a great fan of such tokens (and used them a lot at Deutsche Telekom) but in my perception this pattern needs still to be established in the market. Moreover, they basically protect from a rough RS (if the URL is used as audience) replaying the token someplace else, but they do not protect from all other kinds of leakage/replay (e.g. log files).
> Many services already do this. For example, Google encodes the intended RS into the scopes on GCP ( A client can do a single authorization flow to authorize all the scopes it needs and then use repeated calls to the refresh token endpoint to obtain individual access tokens with subsets of the authorized scopes for each endpoint.

And that works at google? How does the client indicate the RS it wants to use the first access token (that is obtains in the course of the code exchange)?

> (I think Brian also mentioned this pattern at OSW, but it might have been somebody else).

I know the pattern and we used this at Deutsche Telekom, but I don’t know any other deployment utilising this pattern. In my observation, most people treat access tokens as cookies and use them across RSs. Another reason might be that, before resource indicators, there was no interoperable way to ask for a token for a certain RS.

>>> 2. Make the DPoP token be a simple JWT with an "iat" and the origin of the RS. This stops the token being reused elsewhere but the client can reuse it (replay it) for many requests.
>>> 3. Issue a macaroon-based access token and the client can add a correct audience and scope restrictions at the point of use.
>> Why is this needed if the access token is already audience restricted? Or do you propose this as alternative? 
> These are all alternatives. Any one of them prevents the specific attack of replay by the RS to another RS.

And which does for replay with the same RS?

> -- Neil