[OAUTH-WG] Fwd: Comments on Section 10.10 of OAuth 2.0
Nat Sakimura <sakimura@gmail.com> Thu, 09 February 2012 01:23 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83BA611E8087 for <oauth@ietfa.amsl.com>; Wed, 8 Feb 2012 17:23:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.436
X-Spam-Level:
X-Spam-Status: No, score=-2.436 tagged_above=-999 required=5 tests=[AWL=-0.443, BAYES_00=-2.599, DEAR_SOMETHING=1.605, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7sXQQ8sVOuP for <oauth@ietfa.amsl.com>; Wed, 8 Feb 2012 17:23:26 -0800 (PST)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id F1B8411E8075 for <oauth@ietf.org>; Wed, 8 Feb 2012 17:23:25 -0800 (PST)
Received: by lahl5 with SMTP id l5so1226580lah.31 for <oauth@ietf.org>; Wed, 08 Feb 2012 17:23:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=OxY0ZSDjukaYMD9+nyjxb6jQ4QQQPuz72KmSdmDjMto=; b=rePG6jc5SmEHaNDesBO3rzf28pCVNGja2HPmP4a/BsgwhRv6mXbmGOaXT5NUS+DYdK t1QhFgPYMUfUZ3nmJxYjQWMuhwW8oAZcGOCmK8OfiK05rKicIqCJN2IKU58P1dsQkkz6 TTCOi9uV6Vk3UT9uas7iV213fsvlwMuAcnMpU=
MIME-Version: 1.0
Received: by 10.112.44.101 with SMTP id d5mr8522981lbm.40.1328750604820; Wed, 08 Feb 2012 17:23:24 -0800 (PST)
Received: by 10.152.21.133 with HTTP; Wed, 8 Feb 2012 17:23:24 -0800 (PST)
In-Reply-To: <CABzCy2Cm2e221WOUGR+o1S3uOduHRNoLEabCFAQwg9evwN+k8Q@mail.gmail.com>
References: <CABzCy2Cm2e221WOUGR+o1S3uOduHRNoLEabCFAQwg9evwN+k8Q@mail.gmail.com>
Date: Thu, 09 Feb 2012 10:23:24 +0900
Message-ID: <CABzCy2AQgN-KXXWc86qaChKUFBpUCgYjJoSH5ZWCt9euBAiCgg@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="bcaec554d52ccba41004b87ddb07"
Subject: [OAUTH-WG] Fwd: Comments on Section 10.10 of OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2012 01:23:27 -0000
Forgot to cc the oauth list on this, so here it goes! =nat ---------- Forwarded message ---------- From: Nat Sakimura <sakimura@gmail.com> Date: Tue, Feb 7, 2012 at 12:46 PM Subject: Comments on Section 10.10 of OAuth 2.0 To: ietf@ietf.org Dear Sir/Madam: Attached below, please find the comment in response to the Last Call: <draft-ietf-oauth-v2-23.txt> (The OAuth 2.0 Authorization Protocol) to Proposed Standard. These comments are on the changes between rev.22 and rev.23. Yours faithfully, Nat Sakimura =============================== Comment on Section 10.10 =============================== Title: "constructed from" vague ================================ Comment -------- The current text goes as: The authorization server MUST prevent attackers from guessing access tokens, authorization codes, refresh tokens, resource owner passwords, and client credentials. Generated tokens and other credentials not intended for handling by end-users MUST be constructed from a cryptographically strong random or pseudo-random number sequence ([RFC4086]) generated by the authorization server. (Note: 1750 was modifed to be 4086) It is unclear from this sentence if it only allows the sequence that is compliant to Section 6.2 of RFC4086. It is also unclear whether it could be a string that included such random string during the generation, or has to be the prn sequence. I believe the former is the case. Clarification is desired. Title: Only allowing the construction from PRN sequence too limiting ==================================================================== Comment ------- An alternative measure would be to use digital signatures. The current text seem to only allow PRN sequence. Other measures should be allowed as well. Title: Probability requirement needs refinement ================================================ Comment -------- The current text goes: The probability of any two values being identical MUST be less than or equal to 2^(-128) and SHOULD be less than or equal to 2^(-160). This seems to be simply stating the randomness requirement. What we would like to do to control the credentials guessing attacks depends on the kind of token in question. Title: Last para 10.10 is normative yet undefined =================================================== Comment -------- It goes: The authorization server MUST utilize other means to protect credentials intended for end-user usage. Since it has a "MUST", it is a normative language. Yet it only requires "other means", which is undefined. It also excludes the possibility of using server generated PRN sequece as the user password. ======== Proposal ======== 10.10. Credentials Guessing Attacks The authorization server MUST prevent attackers from guessing access tokens, authorization codes, refresh tokens, resource owner passwords, and client credentials. The appropriate probability of the success of the attack during the lifetime of the tokens and credentials depends on the risk profile of the application in question. The application SHOULD set the policy requiring the probability of the success of the attack during the lifetime of each type of tokens and credentials and implementations MUST adhere to such policy. For the generated tokens and other credentials that are not intended for handling by end-users, one way to achieve it is to construct them including a cryptographically strong random or pseudo-random number sequence described in Section 6.2 of [RFC4086] generated by the authorization server. Typically, the probability of any two values being identical is set to be less than or equal to 2^(-128) and often considered desirable to be less than or equal to 2^(-160). Other possible control measures includes: - Progressive slow down and token revocation on the failed attempts - Pattern analysis of failed token and credential usage For the credentials intended for end-user usages, typical controls includes: - Progressive slow down and other mechanisms such as captcha on the failed attempts to thwart brute force - Pattern analysis of failed token and credential usage - Enforce the use of strong passwords (e.g., complex, non-dictionary strings that contain mixtures of upper case, lower case, numeric, and special characters) - Enforce the use of Multi-Factor authentication and other strong authentication mechanisms END -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
- [OAUTH-WG] Fwd: Comments on Section 10.10 of OAut… Nat Sakimura