IETF Logo Mail Archive

Re: [OAUTH-WG] DPoP key rotation

Neil Madden <neil.madden@forgerock.com> Tue, 15 June 2021 10:00 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10C013A292E for <oauth@ietfa.amsl.com>; Tue, 15 Jun 2021 03:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_xk_C4zCuSP for <oauth@ietfa.amsl.com>; Tue, 15 Jun 2021 03:00:23 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A76203A295B for <oauth@ietf.org>; Tue, 15 Jun 2021 03:00:23 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id h22-20020a05600c3516b02901a826f84095so1630277wmq.5 for <oauth@ietf.org>; Tue, 15 Jun 2021 03:00:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=vBcDReAGP6Zyu5tQ/mY8HK9pq+9o3Sz9V0kz/k3K+fI=; b=CZ8B7qrMrg5G/FSmoE250lpdpy6NiNHSIztnYlx9OqmjquKt3YLLFvglcqsRfQuKly AtEBpdnqaAEwnMJG622eD6A6kRZATH1fay/1K4thwUckPV0UtN5zKETVJnpPEh/DvTNz Yc2wOynXmqiwqcY4SqQ0t3zbnyQoNRli13A1M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=vBcDReAGP6Zyu5tQ/mY8HK9pq+9o3Sz9V0kz/k3K+fI=; b=dV2Yv2b7OA9xVSqphT1dIBtJMc/rc+fY1iaPhqow7yf5BL0uxV9PrYS0/v+8gJI5iS dNQAYpXRxDcvfOJRnKVPIYMt3JzvOWLEOxPFPAtxgofNQHrrJQ7Z0kKgsu2ENZE9qd+E yRN4fuVo1dO5Tz09stZiu0tJc3MTR7UkFhCnbuTtA32xIxYkRtdf5P79/N0rOuLclofp 10w+n66CKEhEnMtFqPVX2JZmIIFDp0ru9ZB8mGkVTWjxiTg+kjoXPSuZqmc8Kr0EfTi9 5bs/bf/fFEJQoCNy4nMmWWo38Yfz/10Md9zukGXRPSsBjyc7cZBy0EXhSGxu4U5lACGS jO9w==
X-Gm-Message-State: AOAM533JcwhVycDFMM05nj9LnD4ghlOBi/MTzsHnvnoJw5LYJ8jIkbuj jqMpgSp5cn4JX7R56IqTWf09mgPpIqDPZDSr1+rbE7u7Z/Dx7QJ/2XsebrRrE/mdZqbuUmfIEQ= =
X-Google-Smtp-Source: ABdhPJynl/YxHqZRKcg9j3FTJ8hPd/srGLK3xCcOJqrdwmi4ZIotxcGhurpdfIolQM2Xm508OT+KKw==
X-Received: by 2002:a05:600c:20d:: with SMTP id 13mr22033537wmi.174.1623751220239; Tue, 15 Jun 2021 03:00:20 -0700 (PDT)
Received: from [10.0.0.6] (113.87.75.194.dyn.plus.net. [194.75.87.113]) by smtp.gmail.com with ESMTPSA id l9sm15156844wme.21.2021.06.15.03.00.19 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jun 2021 03:00:19 -0700 (PDT)
From: Neil Madden <neil.madden@forgerock.com>
Message-Id: <694D5C42-7360-4BED-8BD8-7ADF764354AB@forgerock.com>
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Date: Tue, 15 Jun 2021 11:00:19 +0100
In-Reply-To: <CA+k3eCS4yA6GmWi8s87oXTVz3DAhjdaMukO289nh8Dqk-NAHnw@mail.gmail.com>
Cc: Dmitry Telegin <dmitryt=40backbase.com@dmarc.ietf.org>, oauth <oauth@ietf.org>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
References: <CAOtx8D=mdXHAgaEFspp7qEam6qH70LNUBTW_UivGxwYih1GDbw@mail.gmail.com> <CA+k3eCS4yA6GmWi8s87oXTVz3DAhjdaMukO289nh8Dqk-NAHnw@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Content-Type: multipart/alternative; boundary="Apple-Mail=_61DCB9BB-B5F7-45C3-90C0-2120EC56132C"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/khvy3oXGd6yu-H5dFEvvSYzLgHw>
Subject: Re: [OAUTH-WG] DPoP key rotation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 10:00:29 -0000

On 11 Jun 2021, at 21:20, Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org> wrote:
> 
> Hi Dmitry, 
> 
> This ML is indeed the appropriate place for this kind of thing. You raise a legitimate question, however, the general rough consensus thinking has been that allowing for DPoP key rotation for refresh tokens and public clients (the only case where it's relevant) didn't add enough value to justify the added complexity. It doesn't help with the threat model for in-browser applications. And mobile applications have really good options for key storage - to the point that the kind of event that might compromise a DPoP key would involve a lot more than key rotation to cleanup from.  
> 


I think this is probably true for most current signature schemes [*], but does this assumption hold for post-quantum signature algorithms? e.g., I think for some hash-based signature schemes like SPHINCS there is a trade-off between number of signatures and signature size - so a key that can never be rotated may have to have larger signatures to compensate to avoid exceeding usage limits. I don’t know enough about the state of the art of post-quantum signatures to say if this is a real issue or if those schemes would be appropriate for DPoP in the first place, but perhaps we should get an opinion from CFRG before baking in this assumption?

[*] There are things like repeating or biased nonces in ECDSA that can leak the private key without the storage being compromised, but I think such bugs would also require more than key rotation to recover from.

— Neil
-- 
ForgeRock values your Privacy <https://www.forgerock.com/your-privacy>

v2.23.0 | Report a Bug | By Email