IETF Logo Mail Archive

Re: [OAUTH-WG] why are we signing?

Eran Hammer-Lahav <eran@hueniverse.com> Fri, 13 November 2009 20:25 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 088F63A67B3 for <oauth@core3.amsl.com>; Fri, 13 Nov 2009 12:25:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.555
X-Spam-Level:
X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PGQWicyGIT1I for <oauth@core3.amsl.com>; Fri, 13 Nov 2009 12:25:32 -0800 (PST)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id CDF833A6783 for <oauth@ietf.org>; Fri, 13 Nov 2009 12:25:31 -0800 (PST)
Received: (qmail 32342 invoked from network); 13 Nov 2009 20:26:01 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.21) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 13 Nov 2009 20:26:01 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT003.EX1.SECURESERVER.NET ([72.167.180.21]) with mapi; Fri, 13 Nov 2009 13:25:53 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: John Panzer <jpanzer@google.com>
Date: Fri, 13 Nov 2009 13:25:45 -0700
Thread-Topic: [OAUTH-WG] why are we signing?
Thread-Index: AcpkiXLJ/oaEDSemRbWEj0eX3+QUBAAFVi9A
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343785102FD8@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <daf5b9570911082102u215dcf22gf0aeb2f3578e5ea0@mail.gmail.com> <35D50F5C-3982-4298-A9E0-86A528F5C5D3@jkemp.net> <daf5b9570911092158k682aff63l959c423c399b2277@mail.gmail.com> <4A956CE47D1066408D5C7EB34368A5110551FFC1@S4DE8PSAAQC.mitte.t-com.de> <daf5b9570911111754u49f72a0aia59814b5da497a51@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E72343785102B49@P3PW5EX1MB01.EX1.SECURESERVER.NET> <cb5f7a380911120745w2f576d1ej300723581e50f03f@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E72343785102E58@P3PW5EX1MB01.EX1.SECURESERVER.NET> <cb5f7a380911130837q40d07388y1ae9b472be0ae57a@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E72343785102F1F@P3PW5EX1MB01.EX1.SECURESERVER.NET> <cb5f7a380911130947w7e6b34e7s9ecd55d940189620@mail.gmail.com>
In-Reply-To: <cb5f7a380911130947w7e6b34e7s9ecd55d940189620@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_90C41DD21FB7C64BB94121FBBC2E72343785102FD8P3PW5EX1MB01E_"
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] why are we signing?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2009 20:25:34 -0000

While my approach is slightly different (one of the very few benefits of being the editor), it is what the plan is. The authentication spec is going to offer two methods: Plain (bearer token with optional shared secret), and HMAC (a significantly simplified signature flow based on the HMAC one in 1.0 but with less flexibility for limited platforms). Instead of sacrificing security I have been trying to make the case we should just raise the bar for what an OAuth client should be able to do. Both will accomplish simplicity but at different costs. The Plain method will give the bearer-token+TLS crown everything they need out of that spec.

The delegation spec is where most of the work is needed, and where I would like to see us adopt much of the new and improved ideas from WRAP.

EHL



From: John Panzer [mailto:jpanzer@google.com]
Sent: Friday, November 13, 2009 9:48 AM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] why are we signing?

Replies inline (sorry for async postings):
On Fri, Nov 13, 2009 at 9:21 AM, Eran Hammer-Lahav <eran@hueniverse.com<mailto:eran@hueniverse.com>> wrote:


> -----Original Message-----
> From: John Panzer [mailto:jpanzer@google.com<mailto:jpanzer@google.com>]
> Sent: Friday, November 13, 2009 8:37 AM
> To: Eran Hammer-Lahav
> Cc: oauth@ietf.org<mailto:oauth@ietf.org>
> Subject: Re: [OAUTH-WG] why are we signing?
>
> The 90% is just MHO.
>
> I think we should be sure that using TLS for everything is unviable in
> 2010 before diving into complicated signing and binding.  For my use
> cases, non body signed requests are about equivalent to bearer token
> in terms of security; body signing is an interop pain point; absent a
> deus ex machina with a new, secure, simple, ip-free, interoperable
> algorithm for body signing I would personally use PLAINTEXT over TLS
> for resource access and move on to more important things.
>
> Note that nothing stops someone from defining a data protocol which
> supplies signatures and even binds to the important bits of the
> envelope.  And if you can get XML Dsig to work interoperably for your
> protocol, great!  But OAuth 2 could be defined to leave that to
> protocols and extensions.  In theory this would make things less
> interoperable, but in practice signatures are a huge interop pain
> point anyway (IMHO) so I do not believe there is a practical
> difference in the field.
That's half of what we are explicitly chartered to do. My point is that people should focus on the parts of the protocol they care about. I think such a reduction in functionality and scope would require a more explicit reconsideration of this entire WG.

If the WG needs to consider it, then I move that we do the first, PLAINTEXT, relying-on-TLS-when-necessary half (at least to the point of an I-D that people can go implement) before moving on to the far more complex world of new signature algorithms.

This doesn't mean having two specs, just stabilizing the bits nobody has serious arguments about so people who need the first half can move forward.  Obviously things can change in draft, etc., but we're all playing the odds here and actual running code is important to have.


I for one, see great value in offering some form of crypto-based security for cases where TLS is not suitable.

I am also not buying the argument that we should avoid crypto because it is hard. The same argument can be made about TLS (who really writes their own libraries for that?).

Nobody; we get them from Ben Laurie.  But they're already available everywhere, so nobody has to write them, while the OAuth 2 libraries, whatever they will be, are available nowhere right now.  So whatever OAuth comes up with has to be _significantly_ simpler and easier than using openssl.



EHL

> On Thursday, November 12, 2009, Eran Hammer-Lahav <eran@hueniverse.com<mailto:eran@hueniverse.com>>
> wrote:
> > Are you suggesting using TLS for every protected resource or just for
> obtaining the token and refreshing it?
> >
> > OAuth today already supports this via the PLAINTEXT method (though
> not very cleanly with all the other parameters still required even if
> useless).
> >
> > Also What use cases? And where is this 90% comes from?
> >
> > I for one have always rejected the argument that since cookies are
> already so broken, there was little point in trying to make API
> security better. When we originally worked on OAuth we explicitly
> looked to prevent replay attacks as well as intercepting and changing
> an authenticated request. We limited our scope to protecting the
> request URI and (some) parameters. That provided sufficient protection
> to the APIs people had in mind at the time which were mostly GET/POST
> requests with just a few parameters. The body hash extension then
> extended the usefulness of the protocol to other payloads.
> >
> > The delegation half of the protocol deals with exchanging passwords
> with tokens. Those who find bearer token sufficient without any
> additional crypto can simply focus their attention on that. On the
> authentication side, I would like to offer something other than "use
> TLS for everything" or risk attacks for ("only") 10 minutes.
> >
> > EHL
> >
> >> -----Original Message-----
> >> From: John Panzer [mailto:jpanzer@google.com<mailto:jpanzer@google.com>]
> >> Sent: Thursday, November 12, 2009 7:46 AM
> >> To: Eran Hammer-Lahav
> >> Cc: oauth@ietf.org<mailto:oauth@ietf.org>
> >> Subject: Re: [OAUTH-WG] why are we signing?
> >>
> >> I think that https plus bearer token is sufficient for 90% of use
> >> cases.  I haven't heard a first principles argument otherwise.  If
> for
> >> no other reason than the record, could the proponents of signing
> >> explain why bearer token over TLS will not meet their needs?
> >>
> >> On Thursday, November 12, 2009, Eran Hammer-Lahav
> <eran@hueniverse.com<mailto:eran@hueniverse.com>>
> >> wrote:
> >> > As a matter of process, I would suggest looking at what the 1.0
> HMAC-
> >> SHA1 method signs, and discuss if it is where we should be. We are
> >> working with an existing draft and should structure our discussions
> as
> >> feedback to that point of reference. This doesn't limit the
> conclusion
> >> in any way, and is how this WG has been chartered.
> >> >
> >> > EHL
> >> >
> >> >
> >> >> -----Original Message-----
> >> >> From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>] On
> >> Behalf
> >> >> Of Brian Eaton
> >> >> Sent: Wednesday, November 11, 2009 5:54 PM
> >> >> To: BeckW@telekom.de<mailto:BeckW@telekom.de>
> >> >> Cc: oauth@ietf.org<mailto:oauth@ietf.org>
> >> >> Subject: Re: [OAUTH-WG] why are we signing?
> >> >>
> >> >> So we've got at least five different use cases for signing
> requests
> >> >> with the oauth access token and token secret.
> >> >>
> >> >> Sweet.
> >> >>
> >> >> The downside to the use cases is that they all have incompatible
> >> >> signature base strings.  I'd like to see us come up with
> something
> >> so
> >> >> that we don't have to reinvent the base string again for every
> >> single
> >> >> use case.
> >> >>
> >> >> Cheers,
> >> >> Brian
> >> >>
> >> >> On Wed, Nov 11, 2009 at 5:49 PM,  <BeckW@telekom.de<mailto:BeckW@telekom.de>> wrote:
> >> >> >
> >> >> > On Mon, Nov 9, 2009 at 6:28 AM, John Kemp <john@jkemp.net<mailto:john@jkemp.net>>
> wrote:
> >> >> >> If we are only interested in i) [authenticating the entity]
> then
> >> >> > signing any piece of the message might
> >> >> >> be sufficient. If we are interested in ii) [binding the
> signature
> >> to
> >> >> > the message] (or some other security property)
> >> >> >> then we will need to identify which pieces of the message we
> want
> >> to
> >> >> > provide
> >> >> >> that, or other, security properties for.
> >> >> >
> >> >> >> Brian Eaton wrote:
> >> >> >> OK, let me try to summarize what I've heard on this thread
> about
> >> the
> >> >> >> different use-cases for message signing:
> >> >> >>
> >> >> >> - sign the HTTP request
> >> >> >>   Used to prevent MITM from replaying token to a different
> URL.
> >> >>  Also
> >> >> >> limits the replay attack window to minutes instead of hours.
> >> >> >>
> >> >> >> - sign various other parts of the message
> >> >> >>   DKIM: signs various message headers
> >> >> >>   SIP: unspecified, just says "relevant parts of SIP request"
> >> >> > Hannes Tschofenig suggested handle SIP messages the way
> described
> >> in
> >> >> RfC
> >> >> > 4474 (SIP identity). It lists the parts of a SIP messsage that
> >> need
> >> >> to
> >> >> > be protected.
> >> >> >
> >> >> > Wolfgang
> >> >> >
> >> >> _______________________________________________
> >> >> OAuth mailing list
> >> >> OAuth@ietf.org<mailto:OAuth@ietf.org>
> >> >> https://www.ietf.org/mailman/listinfo/oauth
> >> > _______________________________________________
> >> > OAuth mailing list
> >> >
>
> --
> --
> John Panzer / Google
> jpanzer@google.com<mailto:jpanzer@google.com> / abstractioneer.org<http://abstractioneer.org> / @jpanzer

v2.23.0 | Report a Bug | By Email