[OAUTH-WG] Re: We cannot trust Issuers
Michael Prorock <mprorock@mesur.io> Mon, 22 July 2024 23:48 UTC
Return-Path: <michael.prorock@mesur.io>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF81C180B4E for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 16:48:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mesur-io.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id adUihBP7foPF for <oauth@ietfa.amsl.com>; Mon, 22 Jul 2024 16:48:41 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 475F6C14F6B7 for <oauth@ietf.org>; Mon, 22 Jul 2024 16:48:40 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-a6265d3ba8fso17269666b.0 for <oauth@ietf.org>; Mon, 22 Jul 2024 16:48:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mesur-io.20230601.gappssmtp.com; s=20230601; t=1721692118; x=1722296918; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tvFM3QZDowuK4cIw6ZcL7hBgccOj3nqMJbYX1Z2kxF0=; b=mfTGppdD8+v3Iaov2D+YUjZ2C0wtQ/STs2tjz1EI0hY/lD/0C2hwyPTSDonhcBTh9n xN85n7tpTnTNpAg/Ym4n/4AaeE1qiyaqD8CH3e/XIVUCacA0zT6xE7I9VoM2Dnkb/P6n iNrLr1z3i/D8tMsAzqlLX3c/pERCz8ELGa9DF8WFoNzZ2yVrVCHA12vEWS+ypqW7XLs+ NeIj0ZpJHMTeEjZJ7PDnW6EUEB4TQ7MMq6TcQz2Kel7W3g5iGORJjX0lQqfq3DeQEocU eeqWGTzIBTuyZzhxf0QSV6COR/uWFA8Ma5QhnpuSPv6LqQyc19kPgx9/3uAro2/IY3hj XNkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721692118; x=1722296918; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tvFM3QZDowuK4cIw6ZcL7hBgccOj3nqMJbYX1Z2kxF0=; b=UE6RBy8vMJwRwHjOk5qvA8G++gcXavLjMZbW+qVgqVFusdFra49bd9fr8MMVb/NT9z kJg201wJbtfaxZ7IiKvuJkD2ku+ZJfvhQXQW6/+204D260j8gzYxDs0w4yqpux7k08+H 6l78nEzIPGTpqtvnWyvLpDfbZwiQpYhqwOw2dbZLM9cNbSEQAAv4HvvmtgmI8rpdsUAZ a981Q7j9Acj4BaxIcCYXwalcf6LLSSawBcQzmvxSq/8UTuqi5LnWlHIUoskNFclZqoQw XG1FqpbBMTS3T2010qR6LW4bwxQF6ezoDX82qu2kw0RjhOM4oOXGguNar6MuyLzrm2gy b/oA==
X-Forwarded-Encrypted: i=1; AJvYcCUIh5LiT4YEE88U1hSdfcmG6gqlkzl/BOz+mtZcj7PCy7lMtSNy1fktUmVGsUKzct1TdxYEJijK+0bKA4QVSA==
X-Gm-Message-State: AOJu0Yy61UOhPLYIBQYqclRgVW82vsI4SYzzaIdiNp1PBYy8nYBkds8p ZJev9i8xe9jCBGIr9Tycz9UM9Rsfei/m0pw9iSWm8PLts6LttWt2mj4Gplmx8LsCzmxohCNtW0k mJSere0UnRl/Xvx3PxGxtIDinuJsOGaeUGJnANd3t4V/lrGVpzTFj
X-Google-Smtp-Source: AGHT+IFu0hMufuvFQe2OTXyi1HznpgByiIRkvUGixjvkud7CP4GkNelT59VNDHob5woqJtKzS5c4cC4gzJrXkPFFVmc=
X-Received: by 2002:a17:907:3e1a:b0:a77:bfca:da57 with SMTP id a640c23a62f3a-a7a885cbe1cmr105912066b.44.1721692118210; Mon, 22 Jul 2024 16:48:38 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cmy03viT6wboUZeVu_8Yf-m7As0rxcjpda2W_Xw6ohKNg@mail.gmail.com> <CAANoGhLsm1yqJvKuPEH_is-ep60EVNfLfi17T9M17KJFfAFiNQ@mail.gmail.com> <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com> <CAL02cgRPc8Ef8LjL4pNOCOmApSNaCSZSekmxxcps7yAZ6ZhdqA@mail.gmail.com>
In-Reply-To: <CAL02cgRPc8Ef8LjL4pNOCOmApSNaCSZSekmxxcps7yAZ6ZhdqA@mail.gmail.com>
From: Michael Prorock <mprorock@mesur.io>
Date: Mon, 22 Jul 2024 17:48:27 -0600
Message-ID: <CAGJKSNTDyXz296Wh8b1KGaxvaui-JJfJmaonsPu8TtF9hc=UVw@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary="0000000000001e7274061ddeaf29"
Message-ID-Hash: CKD4Q3XEDJJC3F66YDWU7JDS26LWNPNJ
X-Message-ID-Hash: CKD4Q3XEDJJC3F66YDWU7JDS26LWNPNJ
X-MailFrom: michael.prorock@mesur.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: We cannot trust Issuers
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/gawYGug2i7NF7aycGlf5QBuceUs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
+1 Richard Mike Prorock Founder https://mesur.io/ Grab a meeting! https://calendar.app.google/aNUcr41gvTAiMUG49 On Mon, Jul 22, 2024 at 5:44 PM Richard Barnes <rlb@ipv.sx> wrote: > I would observe that any solution based on garden-variety digital > signature (not something zero-knowledge like BBS / JWP) will have problems > with issuer/verifier collusion. One-time tokens and batch issuance don't > help. There is no such thing as SD-JWT with issuer/verifier collusion > resistance. At best you could have SD-JWP. > > I don't think this needs to be a blocker on SD-JWT. There are use cases > that don't require issuer/verifier collusion resistance. We should be > clear on the security considerations and warn people away who care about > issuer/verifier collusion resistance, and accelerate work on SD-JWP if > that's an important property to folks. > > --Richard > > On Mon, Jul 22, 2024 at 7:25 PM Watson Ladd <watsonbladd@gmail.com> wrote: > >> >> >> On Mon, Jul 22, 2024, 3:30 PM John Bradley <ve7jtb@ve7jtb.com> wrote: >> >>> I agree that single-use proof keys and batch issuance are a must. >>> >>> Issuer verifier collusion is admittedly a problem. To address that we >>> do need different cryptographic methods. >>> >>> MDOC also has the same issue. >>> >>> We should document the risk, but short of stopping EUID and mobile >>> driver's license deployment, we have limited options. >>> >> >> The problem only appears when the drivers license or EUID is used in a >> way that makes the user think their data is private. You don't have to >> support UX that lies to the user. >> >> >>> Hopefully, we can make quick progress on JWP. >>> >>> John B. >>> >>> On Mon, Jul 22, 2024 at 2:14 PM Watson Ladd <watsonbladd@gmail.com> >>> wrote: >>> >>>> Dear Oauth, >>>> >>>> I'm disappointed to see SD-JWT work continue with inadequate privacy >>>> considerations. The fact is an Issuer can link any showings to >>>> issuance of the credential. This is not foregrounded sufficiently in >>>> privacy considerations, nor do we discuss how to ensure users are >>>> aware. We really need to use more RFC 2119 language and highlight >>>> these issues. Section 11.1 about local storage which has never been an >>>> IETF concern before is far more prescriptive than 11.4, and that's not >>>> a good thing. To be clear, the threat model must include an issuer >>>> that is a government issuing credentials that if used to verify age on >>>> certain websites or via a digital wallet on site, and learned about by >>>> the issuer who may have access to data from the site, will result in >>>> imprisonment or execution. This is not a hypothetical scenario. >>>> >>>> Users and UX designers will have intuitions that do not match the >>>> reality and that result in bad decisions being made. That's on us. A >>>> driver's license doesn't leave a trace of where you showed it, but the >>>> SD-JWT does. >>>> >>>> At a minimum I think we mandate batch issuance and one time usage >>>> using RFC 2119 language. We need to say in clear, unambiguous English >>>> that this mechanism enables an issuer to connect every presentation of >>>> a credential to the issuance. >>>> >>>> Sincerely, >>>> Watson Ladd >>>> >>>> -- >>>> Astra mortemque praestare gradatim >>>> >>>> _______________________________________________ >>>> OAuth mailing list -- oauth@ietf.org >>>> To unsubscribe send an email to oauth-leave@ietf.org >>>> >>> _______________________________________________ >> OAuth mailing list -- oauth@ietf.org >> To unsubscribe send an email to oauth-leave@ietf.org >> > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org >
- [OAUTH-WG] We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers John Bradley
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Richard Barnes
- [OAUTH-WG] Re: We cannot trust Issuers Michael Prorock
- [OAUTH-WG] Re: We cannot trust Issuers Dick Hardt
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Leif Johansson
- [OAUTH-WG] Re: We cannot trust Issuers Wayne Chang
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Nat Sakimura
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Tom Jones
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd
- [OAUTH-WG] Re: We cannot trust Issuers Brian Campbell
- [OAUTH-WG] Re: We cannot trust Issuers Watson Ladd