Return-Path: <matake@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 3266E3A03FF
 for <oauth@ietfa.amsl.com>; Thu, 14 May 2020 00:37:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id a8mTKQPErfue for <oauth@ietfa.amsl.com>;
 Thu, 14 May 2020 00:37:54 -0700 (PDT)
Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com
 [IPv6:2607:f8b0:4864:20::543])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 717463A03F6
 for <oauth@ietf.org>; Thu, 14 May 2020 00:37:54 -0700 (PDT)
Received: by mail-pg1-x543.google.com with SMTP id r10so909371pgv.8
 for <oauth@ietf.org>; Thu, 14 May 2020 00:37:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=UOi1DMQKJOpZvPvIZ4+QOoOgCKxWDMI2400vZJkUzyg=;
 b=lEwgZA8xgWB8UuYw8k5N+lpZYBZsZC6kNGCokcj0F2yX5I8SX4fURWNs6eHCyWmSUv
 E/TtWzyqzT0P4mrZ2vqGv05qFFr+ANbyBozGFMT0pCJNH1nmrD5ElncgiRQGTrcxGpW0
 dMpdtOnKI8dZraRmt/wBXs6gbOgiGVrY6KYnfukBPmY2HXiWpC31/AcAU4JbW5NgVv1U
 MA8cU3iio2qktE3t6de5Bb/qYTLMikP6bSMeWqcCpu26acphzGc8EBlplzysgxNIdCal
 K58L3PSwEN5R8y6lBYWPUeFir3D8cvMezgFgHPhStpK6ZQDZ83ByPeeqFXrcAAheKwx3
 XdAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=UOi1DMQKJOpZvPvIZ4+QOoOgCKxWDMI2400vZJkUzyg=;
 b=d4KDeCdGTGmFU/maKEDOwefxTvXG7Uqp+zuw08Cghn/NMhVX7USdzwC+mKt9zXM1nA
 zCz5EsIBanvoAl6FtyVEfgbOXf38yqO3UsrHkHqNjZBTjUaLGrRvwOlLjZASAr8DTdWN
 DKXGsk4bCoFdFFjMi5eWQgu93HzSJThdkLH6P+nwNlQyXIhvCUNXTs+y2NB7eWCBinuS
 I/hR0NCJ7l6NzzCo87PNPK8JSIV2hP8Znzab3SLHcorxh095bOQm9iTbGn0baw9pImtD
 HquBJmk77oNbLd0Uo6In6nHAVM7z2dQL2A6gmU1J0Y0il8pr+uEDOcRK88JM1wljTRA0
 /rRQ==
X-Gm-Message-State: AOAM5311QZYO+g0AT8bCmPZZYTjwJ8E1KXNhNAlJ72OPPO5T4eIYFivX
 z3/GRgdz50lPxGyACInsAaYuXQ9KBvI=
X-Google-Smtp-Source: ABdhPJzt9dca2fcPkQkJMy47lmDIrg6inaKHsTmxcLPIvkrPem705irXWCnh4t8i0QFFRR/BSFOAQA==
X-Received: by 2002:a63:5b07:: with SMTP id p7mr2956357pgb.218.1589441873767; 
 Thu, 14 May 2020 00:37:53 -0700 (PDT)
Received: from [172.16.80.79] (122x210x153x65.ap122.ftth.ucom.ne.jp.
 [122.210.153.65])
 by smtp.gmail.com with ESMTPSA id c1sm1456079pgk.76.2020.05.14.00.37.51
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 14 May 2020 00:37:52 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Nov Matake <matake@gmail.com>
In-Reply-To: <2298156A-1CAE-478D-B036-DD32A6EEBEF0@lodderstedt.net>
Date: Thu, 14 May 2020 16:37:49 +0900
Cc: OAuth WG <oauth@ietf.org>,
 Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9B5EBD2C-09EF-403A-9270-A53EEE691E40@gmail.com>
References: <MN2PR00MB068633B7B72E5416AA8984D1F5BE0@MN2PR00MB0686.namprd00.prod.outlook.com>
 <2298156A-1CAE-478D-B036-DD32A6EEBEF0@lodderstedt.net>
To: Torsten Lodderstedt <torsten=40lodderstedt.net@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/f0tUKBHhip0QLZvVtLD9F651GuM>
Subject: Re: [OAUTH-WG] proposed resolution for PKCE in OAuth 2.1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>,
 <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>,
 <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2020 07:37:56 -0000

Hi,

Why not allowing public clients use "other suitable mechanisms=E2=80=9D =
then?
OAuth WG can allow both type of clients do so, then OIDF will define =
nonce as the alternative only for confidential clients.

> 2020/05/14 15:56=E3=80=81Torsten Lodderstedt =
<torsten=3D40lodderstedt.net@dmarc.ietf.org>=E3=81=AE=E3=83=A1=E3=83=BC=E3=
=83=AB:
>=20
> Hi all,
>=20
> I would also like to thank everybody for the substantial discussion. =20=

>=20
> The proposed change for Section 4.1.2.1 works for me (as already =
stated). I=E2=80=99m not fully comfortable with the proposed change for =
Section 9.7 for the following reasons:
>=20
> - The text is weaker than Section 4.1.2.1 since it RECOMMENDS use of =
PKCE instead of requiring it (with a well-defined exception).
> - Given the latest findings re nonce I don=E2=80=99t feel comfortable =
with recommending any mechanism that this WG is not responsible for and =
thus did not conduct the security threat analysis for. I think the =
better way for us as WG is to define the extension point for other =
mechanisms. The OpenID Foundation (or any other body) can then fill in =
and issue a statement that nonce (or another suitable mechanism) fulfils =
the requirements of the extension point.=20
>=20
> Based on this considerations, I propose the following text for Section =
9.7:
>=20
> Clients MUST prevent injection (replay) of authorization codes into
> the authorization response by attackers. Public clients MUST use the=20=

> "code_challenge=E2=80=9D with a transaction-specific value that is
> securely bound to the client and the user agent in which the
> transaction was started. Confidential clients MUST use=20
> the =E2=80=9Ccode_challenge=E2=80=9D in the same way or other suitable =
mechanisms to=20
> mitigate authorization code injection.=20
>=20
> This text follows the logic in Section 4.1.2.1 and allows use of the =
nonce for confidential clients.
>=20
> best regards,
> Torsten.=20
>=20
>> On 12. May 2020, at 02:21, Mike Jones =
<Michael.Jones=3D40microsoft.com@dmarc.ietf.org> wrote:
>>=20
>> That works for me.  Thanks all for the useful back-and-forth that got =
us to this point of clarity.  I suspect many of us learned things along =
the way; I know that I did!
>>=20
>>                                                       Cheers,
>>                                                       -- Mike
>>=20
>> From: Aaron Parecki <aaron@parecki.com>=20
>> Sent: Monday, May 11, 2020 4:55 PM
>> To: OAuth WG <oauth@ietf.org>
>> Cc: Neil Madden <neil.madden@forgerock.com>; Mike Jones =
<Michael.Jones@microsoft.com>
>> Subject: Re: [OAUTH-WG] proposed resolution for PKCE in OAuth 2.1
>>=20
>> Thank you Neil.
>>=20
>> To address Mike's concerns in the previous threads, I would like to =
also update section 9.7 with the following text:
>>=20
>> Clients MUST prevent injection (replay) of authorization codes into =
the=20
>> authorization response by attackers. The use of the `code_challenge`
>> parameter is RECOMMENDED to this end. For confidential clients, the=20=

>> OpenID Connect `nonce` parameter and ID Token Claim {{OpenID}} MAY be =
used=20
>> instead of or in addition to the `code_challenge` parameter for this=20=

>> purpose. The `code_challenge` or OpenID Connect `nonce` value MUST be
>> transaction-specific and securely bound to the client and the user =
agent=20
>> in which the transaction was started.
>>=20
>> This change better clarifies the specific circumstances under which =
the "nonce" parameter is sufficient to protect against authorization =
code injection.
>>=20
>> Aaron Parecki
>>=20
>> On Mon, May 11, 2020 at 11:55 AM Neil Madden =
<neil.madden@forgerock.com> wrote:
>> I am happy with this proposed wording. Thanks for updating it.
>>=20
>> =E2=80=94 Neil
>>=20
>>=20
>> On 11 May 2020, at 19:52, Aaron Parecki <aaron@parecki.com> wrote:
>>=20
>> Thanks for the lively discussion around PKCE in OAuth 2.1 everyone!=20=

>>=20
>> We would like to propose the following text, which is a slight =
variation from the text Neil proposed. This would replace the paragraph =
in 4.1.2.1 =
(https://tools.ietf.org/html/draft-parecki-oauth-v2-1-02#section-4.1.2.1) =
that begins with "If the client does not send the "code_challenge" in =
the request..."
>>=20
>> "An AS MUST reject requests without a code_challenge from public =
clients, and MUST reject such requests from other clients unless there =
is reasonable assurance that the client mitigates authorization code =
injection in other ways. See section 9.7 for details."
>>=20
>> Section 9.7 is where the nuances of PKCE vs nonce are described.
>>=20
>> As Neil described, we believe this will allow ASs to support both =
OAuth 2.0 and 2.1 clients simultaneously. The change from Neil's text is =
the clarification of which threats, and changing to MUST instead of =
SHOULD. The "MUST...unless" is more specific than "SHOULD", and since we =
are already describing the explicit exception to the rule, it's more =
clear as a MUST here.
>>=20
>> Aaron Parecki
>>=20
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth