[OAUTH-WG] Re: We cannot trust Issuers
Brian Campbell <bcampbell@pingidentity.com> Wed, 31 July 2024 23:58 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD459C15153F for <oauth@ietfa.amsl.com>; Wed, 31 Jul 2024 16:58:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.103
X-Spam-Level:
X-Spam-Status: No, score=-7.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTf15LGTAXdi for <oauth@ietfa.amsl.com>; Wed, 31 Jul 2024 16:58:03 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD942C15108F for <oauth@ietf.org>; Wed, 31 Jul 2024 16:58:03 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id ada2fe7eead31-4929f9a28c7so1600447137.1 for <oauth@ietf.org>; Wed, 31 Jul 2024 16:58:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1722470283; x=1723075083; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=lkGWK5OiSoNYG1jru39BXzZf4LOVzo+EMwkcIqeD0r8=; b=Gk6ljzEDDrKq1ZveoCGOIU9Pi8IbLhsWNGv84TYSGp/zqkPcri03Bbt7DJMOqrBP6A RKd3qyweHowtOskgXSFaMD1ymgQaz/gvaTs5zZbBWpRkXH0wlc4xODvsxnag3WHcEVrg 9H8fUqI0EZeEcNLjv6zPFGNdxS2klEJCZ/RfYiz7C7nNqqzAnE5ODAObikboiyqcXM44 S7jeAUlZgI23+1OD04mdOK/5A8k0FjgaUt4IaSBMhpPtEPzSugpxmEecwvEWopi5awSS vdyKofv6Nyh8+4JyXRtwuQpadaysO/ksMDNtBBgI7mKMNPmBnENhfQJsxqq6sgBCeZ/g nR8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722470283; x=1723075083; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lkGWK5OiSoNYG1jru39BXzZf4LOVzo+EMwkcIqeD0r8=; b=g6HvvK0T4Cqq5J4sKDKNkG8ykRKoyugPButA6UDMeeHTtSVmhgHY5E4tZ8ibDpS4xC fZ+uf4KDMsJAPiZd2k9Qo21DTPexojDCVfk9FMMxl9JUo93TT7/S1x6HwlmG6F6kcJWx aW53lQnmCQvlR3k0EXhrtlinOUAOada1vm6cgjjSBYgvz9m8bvrzmjoIdDRYC0/PIYkn e7C8ArVtdixCYyxHwaZVxfIHpqVwGl5oTlD/E63buYEbC+fp/OSqj6fRVaFCgMcdvt9Z 7lga9r925fDTlle2qANcnKgCWTNGHc0kujuJ83uuTTHlQN1cveZrSh4TDpDOYSXfnBSn Au7w==
X-Forwarded-Encrypted: i=1; AJvYcCV30zjQd5AQMVCqpL31ohfzzIzef+v3Thxl3rm5SuvlIaI1vNFIGwogh/B/UcUQ5Akn/dbECCQK8u5H/Xl5NA==
X-Gm-Message-State: AOJu0YyStEGqeqy/EOOR69CMSlNPwPUtvG7RQEQ4SsIKxV6Yw3toYe4c /qKAi4ONRZb+iusTsHrD3ahRVlC7gdxSw1Aw+efw8pmePmyb5UtE9tFCXXdjct1wql6H+HJs18b /YlAQF2SJY3duHxLZvmJPHoXbkYyW/YapHdpOvkLFPmxPMh+N1IHO6LfCZdY64BC5kg9yRT+tbz AzUbaiBKo1ZoDjEvK5vCmrtaE=
X-Google-Smtp-Source: AGHT+IEGSDxR1GAuURM77SfKQP5/CvJ+J3A23sJK54rLNxcOwaX2+nCOxvXlR9wCgbAVJ6UWmYzixa/9p4XNYuanvNo=
X-Received: by 2002:a05:6102:4194:b0:48f:a7a6:bacb with SMTP id ada2fe7eead31-494506e173dmr1294950137.12.1722470282690; Wed, 31 Jul 2024 16:58:02 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cmy03viT6wboUZeVu_8Yf-m7As0rxcjpda2W_Xw6ohKNg@mail.gmail.com> <CAANoGhLsm1yqJvKuPEH_is-ep60EVNfLfi17T9M17KJFfAFiNQ@mail.gmail.com> <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com> <CAL02cgRPc8Ef8LjL4pNOCOmApSNaCSZSekmxxcps7yAZ6ZhdqA@mail.gmail.com> <c464d1fc1530c267bf9ecc64ef3e5723c171829d.camel@mnt.se> <CA+k3eCQom6=o+fSYWRd+qWZnWqki3Enij1X8tYhn75Ksuz=jvA@mail.gmail.com> <CACsn0cno1Lq5BN0ZwqDdPXrGgjAo_xjVH3mUGJa9CQu_F8Y6wA@mail.gmail.com>
In-Reply-To: <CACsn0cno1Lq5BN0ZwqDdPXrGgjAo_xjVH3mUGJa9CQu_F8Y6wA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 31 Jul 2024 17:57:36 -0600
Message-ID: <CA+k3eCRNkQmcgcmWzKobZcAqrbS2CScKQ=oMi4OWhiEqHfxJZw@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000562610061e93ddb0"
Message-ID-Hash: HR2DUXA55OXDBFIDIUGPXLXIRI5FC67K
X-Message-ID-Hash: HR2DUXA55OXDBFIDIUGPXLXIRI5FC67K
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: We cannot trust Issuers
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/fDYIWVE50nhW6F8IO_jeUafKABo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
I guess I had envisioned suggestions that didn't delete a bunch of existing valuable and useful text. Rather I was expecting (or maybe just hoping) for thoughtful suggestions adding to what's already written that, as I'd said, better frame the risks and difficulties around Issuer/Verifier Unlinkability (perhaps especially with respect to something like a government issuer compelling collusion from verifiers). I'm also not a big fan of broad strokes RFC 2119 language in privacy considerations. On Wed, Jul 31, 2024 at 11:31 AM Watson Ladd <watsonbladd@gmail.com> wrote: > I've opened > https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/448 > as a step torwads this. > > On Wed, Jul 31, 2024 at 5:31 AM Brian Campbell > <bcampbell@pingidentity.com> wrote: > > > > > > > > On Tue, Jul 23, 2024 at 11:15 AM Leif Johansson <leifj@mnt.se> wrote: > >> > >> On Mon, 2024-07-22 at 19:43 -0400, Richard Barnes wrote: > >> > I would observe that any solution based on garden-variety digital > >> > signature (not something zero-knowledge like BBS / JWP) will have > >> > problems with issuer/verifier collusion. One-time tokens and batch > >> > issuance don't help. There is no such thing as SD-JWT with > >> > issuer/verifier collusion resistance. At best you could have SD-JWP. > >> > > >> > I don't think this needs to be a blocker on SD-JWT. There are use > >> > cases that don't require issuer/verifier collusion resistance. We > >> > should be clear on the security considerations and warn people away > >> > who care about issuer/verifier collusion resistance, and accelerate > >> > work on SD-JWP if that's an important property to folks. > >> > > >> > >> > >> +1 on this > > > > > > I'm generally a +1 on this too. There is an attempt at a discussion > around unlinkablity in the privacy considerations at > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-unlinkability > currently. Concrete suggestions to that text about how to better frame the > risks and difficulties around Issuer/Verifier Unlinkability (perhaps > especially with respect to something like a government issuer compelling > collusion from verifiers) would be welcome for consideration. > > > > CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you. > > > > -- > Astra mortemque praestare gradatim > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers John Bradley
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Richard Barnes
- [OAUTH-WG] Re: We cannot trust Issuers Michael Prorock
- [OAUTH-WG] Re: We cannot trust Issuers Dick Hardt
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Leif Johansson
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Nat Sakimura
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Tom Jones
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd