Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS

John Bradley <> Thu, 04 February 2016 16:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5A7AD1B3246 for <>; Thu, 4 Feb 2016 08:14:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=unavailable
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2CeRkScQ1_96 for <>; Thu, 4 Feb 2016 08:14:34 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5D0681B3240 for <>; Thu, 4 Feb 2016 08:14:34 -0800 (PST)
Received: by with SMTP id b35so45234970qge.0 for <>; Thu, 04 Feb 2016 08:14:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SrisFAo+ThRZoPS1TnHl121cEBpTg174ipMwDqKibTY=; b=YaqRfeHIkpT/JT0dtsLf3V6aFuSn88I/wuuoBzpVfZ1g+7V2gkEyprdP2Dh9mRL9/X 8setkbN5zYQHkMbtXg8r2kS52CbvbfISBuczFR/gYvBzStIo0/cRE2fDocIPXLr9aMXQ vEjrjI4igyN67VKhG8fBwydUBLlxQkL1SeSEnptqNu7URwnnbkY6qeC29no/K8v+rBey gZJQNpN4qi+JDzY++KoBeVkYda35D14oeYJRA03xC1W/i5API1hBiihkeq6Hm+2i3RSK Qd6mTowBkPdPMhfD/WlO7vcH3cW7G6yCaFZgt1fq9y+Q7R0QtT/mp1F9+ScvBEVXUhex mkNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=SrisFAo+ThRZoPS1TnHl121cEBpTg174ipMwDqKibTY=; b=DevQMotl5e5fsSRjlc7awA2N3597XUfo9uLgJVwhTqRRxLF2k4duaSAoFjttK5rVko XmoCWrJkh+5+u4a7OM7/5oiaXOWQcv1knJnFp15VIywuy/STC5sPtwlODGh1PL8lz4PE GC3c+UhYg7WJj5mY/pM2AUL9+F/kLh+5c+Z0K7EV2ppEjlsAo96B6msu5bOJvRkyjB4A 8XLQjB+BwaCMsVGEfcZ2pffAStNO26nznGzA0g0aMeJaAPvo6zNK8JWGIP13hbuQAbv+ fuvxB2GC6QjcuT4eE/s+4UqouNy+xKMSpYp9zu2vbiOK+hGGsqFG2uzj/h9+BI2QKBOE kDYA==
X-Gm-Message-State: AG10YORS5kAYnn1dFzt2gKMyW1Fro/a2XPoSm5SGpCNuqApntHe0FOEzoKVEj7/JNppxBg==
X-Received: by with SMTP id 20mr10046266qgh.60.1454602473421; Thu, 04 Feb 2016 08:14:33 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id 47sm5470468qgj.11.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 04 Feb 2016 08:14:32 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: John Bradley <>
In-Reply-To: <>
Date: Thu, 04 Feb 2016 13:14:28 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <>
To: Ludwig Seitz <>
X-Mailer: Apple Mail (2.3112)
Archived-At: <>
Cc: Michael Richardson <>,,
Subject: Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Feb 2016 16:14:36 -0000


The proof key is included in the access token or provided out of band. 

The proof mechanism to the RS is what would determine if the key type needs to match DTLS .  
If the proof is DTLS then they would need to match.  

POP will have different presentment mechanisms such as signing the payload or binding to mutual TLS client auth.

For a symmetric key you would encrypt it in the Access token with a Key known to the RS so only the token decryption key needs to be managed out of band.

John B.

> On Feb 4, 2016, at 11:58 AM, Ludwig Seitz <> wrote:
> Thank you Michael! Comments inline.
> /Ludwig
> On 02/04/2016 03:31 PM, Michael Richardson wrote:
>> Ludwig Seitz <> wrote:
>>     > Assuming we are using (D)TLS to secure the connection between C and RS,
>>     > assuming further that we are using proof-of-possession tokens [2],
>>     > i.e. tokens linked to a key, of which the client needs to prove possession in
>>     > order for the RS to accept the token.
>>     > Do we need to support cases, where the type of key used with DTLS does not
>>     > match the type of key in the PoP-token?
>>     > Example:
>>     > The client uses its raw public key as proof of possession, but the DTLS
>>     > connection C - RS is secured with a pre-shared symmetric key.
>>     > Is that a realistic use case?
>> Before I agree that it's unrealistic, I think it's worth going out of charter
>> scope and ask how much these two credentials were created/distributed.
>> I think that in this case, the pre-shared symmetric key is initialized
>> through some out-of-band (perhaps human mediated?) process, while the raw
>> public key did not need any other pre-arrangement.
> Actually even the raw public key needs to be provisioned out-of-band to those supposed to trust it for authentication.
>> So my question is then: could the out-of-band process have pre-exchanged the
>> raw public key (and the RS's key/certificate!) as well?
> Short answer: Yes but only to the AS not to the client(s).
> Long answer: I am laboring under the assumption that the AS not only provides the OAuth token and the corresponding PoP key to the client, but also some information on the communication security protocols that the RS supports. Furthermore the AS facilitates the establishment of a security context between client and RS by providing things such as a (D)TLS-PSK or the RS's raw public key, depending on the (D)TLS mode that the RS is going to support. Thus individual clients would not, a-priori, know the raw public key of a RS, but would be able to get that information from the AS.
> -- 
> Ludwig Seitz, PhD
> SICS Swedish ICT AB
> Ideon Science Park
> Building Beta 2
> Scheelevägen 17
> SE-223 70 Lund
> Phone +46(0)70 349 9251
> _______________________________________________
> OAuth mailing list