Re: [OAUTH-WG] Fixing the Authorization Server Mix-Up: Call for Adoption

Vladimir Dzhuvinov <vladimir@connect2id.com> Tue, 23 February 2016 12:35 UTC

Return-Path: <vladimir@connect2id.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 628481A889D for <oauth@ietfa.amsl.com>; Tue, 23 Feb 2016 04:35:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NP1-9NrRlA8p for <oauth@ietfa.amsl.com>; Tue, 23 Feb 2016 04:35:06 -0800 (PST)
Received: from p3plsmtpa08-07.prod.phx3.secureserver.net (p3plsmtpa08-07.prod.phx3.secureserver.net [173.201.193.108]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D677D1A886B for <oauth@ietf.org>; Tue, 23 Feb 2016 04:35:06 -0800 (PST)
Received: from [192.168.0.104] ([77.77.164.50]) by p3plsmtpa08-07.prod.phx3.secureserver.net with id Mob41s00715ZTut01ob5XF; Tue, 23 Feb 2016 05:35:06 -0700
To: oauth@ietf.org
References: <56C7702B.2000401@gmx.net> <BY2PR03MB442E9BF84AFA890378C5116F5A00@BY2PR03MB442.namprd03.prod.outlook.com> <56C77D92.5050203@pingidentity.com> <88DE9988-2CDB-4206-86CE-E7EFF93FB27A@oracle.com> <CAAP42hD96u0Nepdo8YcHeXEo2v1Mo=a_Zo4OcS9ppu7rU-=8Ag@mail.gmail.com> <56C8360C.8010203@gmx.net> <BY2PR03MB44257DFC0BD58DC443A5BB3F5A10@BY2PR03MB442.namprd03.prod.outlook.com> <56C83EEA.8000306@gmx.net> <BY2PR03MB442B1EFAAB9911D5569A833F5A10@BY2PR03MB442.namprd03.prod.outlook.com> <56CC21CB.7070404@connect2id.com> <56CC3437.9020908@uni-trier.de>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
X-Enigmail-Draft-Status: N1110
Organization: Connect2id Ltd.
Message-ID: <56CC51F8.5040707@connect2id.com>
Date: Tue, 23 Feb 2016 14:35:04 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56CC3437.9020908@uni-trier.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms030600050304010603020209"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/g4ttvZBXvM4HiHV0kYSDElQ9SBA>
Subject: Re: [OAUTH-WG] Fixing the Authorization Server Mix-Up: Call for Adoption
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 12:35:08 -0000

This sounds fantastic, Daniel. I was only aware of the work by the
researchers from RUB.de about the CSRF attack on OIDC discovery. I'm
reading the paper right now and want to take some time off to study it
in more detail.

Congratulations for doing this,

Vladimir

On 23/02/16 12:28, Daniel Fett wrote:
> Hi Valdimir,
>
> this is exactly what we did in our research paper. We also analyzed and
> established a proof of security for one of the proposed mitigations.
>
> Of course, any proof always depends on some assumptions (e.g., no
> untrusted third-party code on RP's web site) and aims at specific
> security properties.
>
> As you can see from the paper, due to the web itself being complex, the
> analysis is also rather lengthy.
>
> In the related work section we also refer to other approaches of
> formally analyzing web protocols. We do not think that approaches
> "unrelated to web protocols" can produce useful results, because the web
> brings many very specific features and constraints.
>
> Cheers,
> Daniel
>
> On 23.02.2016 10:09, Vladimir Dzhuvinov wrote:
>> Hi Mike,
>>
>> You mention that you spent considerable time in research. I wonder if
>> there is existing theory, in communications or information theory, that
>> can be used to formally establish and prove (or disprove) the security
>> of the proposed OAuth measures? Perhaps some work that is totally
>> unrelated to identity and the web protocols, but could well apply here?
>>
>> My reasoning is that we have a closed system that is fairly simple, so
>> formal analysis must be entirely possible.
>>
>> 1. We have 5 parties (client, AS, RS, user, user agent).
>>
>> 2. The OAuth protocol follows a simple and well-defined pattern of
>> messages between the parties.
>>
>> 3. The points and the number of ways by which an adversary may break
>> into OAuth must therefore be finite.
>>
>> 4. The security requirement is essentially to guarantee the precedence
>> and authenticity of the messages from discovery endpoint to RS, and the
>> preferred way to do that is by establishing a binding between the
>> messages, which can be forward or backward binding.
>>
>>
>> Right now the WG concern is whether all possible attacks have been
>> recognised, and then taken care of. If we can have a formal model that
>> can reliably reveal and prove that, this will be a huge breakthrough.
>>
>> Cheers,
>>
>> Vladimir
>>
>>