IETF Logo Mail Archive

Re: [OAUTH-WG] New Version Notification for draft-fett-oauth-dpop-03.txt

Neil Madden <neil.madden@forgerock.com> Fri, 22 November 2019 10:08 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6752A1202A0 for <oauth@ietfa.amsl.com>; Fri, 22 Nov 2019 02:08:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9YA6C791bpf6 for <oauth@ietfa.amsl.com>; Fri, 22 Nov 2019 02:08:38 -0800 (PST)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B904812080E for <oauth@ietf.org>; Fri, 22 Nov 2019 02:08:37 -0800 (PST)
Received: by mail-wr1-x434.google.com with SMTP id b18so7866423wrj.8 for <oauth@ietf.org>; Fri, 22 Nov 2019 02:08:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bNFJknvfw3j+SGS8ng96CeAuLNRm3AzqH4lZa1H9Log=; b=LpF+8YP41eJlRYRRObyboUWsnhRKVQsCjUbQ55xuqCsfBJ3BtkWKjcdW8nW1vlQHCg o7EEp7wcxpSWFqT9RdjvQ2wiLiSMIeVBXiCkGLUkh1wsDhFp3KTrtbwhoKj9nelA99kP bKIjMz6Spiqi6EVdIaO87u73PjOLqRuBQEEmM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bNFJknvfw3j+SGS8ng96CeAuLNRm3AzqH4lZa1H9Log=; b=cEFaVf3JNGTWQKDFBbbXHL+Pr5xncMaYCIIV824rtPz6t7thccjrONH1QY4tSYjz7n Y/IXkZDaxKa6alkh0M1LO4DfHhs2iHJMtclIjTYbq123f9A3uxYhawV4s9IRHzZ/WsRK QnYbvCaPE7fcTW7+ZJuQ5AGK9MoIvf6BEzz3GCikBDA3RIqfO7sENSlBRfbURhP/2yFS 7eIYc5ZqKT+VpSXwts4U9ALbrjyzRlth+oeE7v3ndFWI+F3Se9Xy2tGBfZD/RMJ6qdCk Z7XhmuB0/ollCn1/zHA1v6QIKJtEWMe86/N/8AlDye/fit18KCyrYDsP8BUHRZ4/GzD0 cqkw==
X-Gm-Message-State: APjAAAUsspXqDjz5d3vXVX8r0Q0yp5USRo7vtFndAPat0irnqcPfS4tk lhHrEB+GUB9W2+T/gKu9luJjDw==
X-Google-Smtp-Source: APXvYqy+cxCZp9KH6Ncm4YB0WZRhebw9hq+/LwXq6bXd5hXslzi0EiYJpbH9iVoiXejJvsjcFLhYZQ==
X-Received: by 2002:a5d:6a83:: with SMTP id s3mr16467945wru.159.1574417316076; Fri, 22 Nov 2019 02:08:36 -0800 (PST)
Received: from [192.168.1.64] (72.248.90.146.dyn.plus.net. [146.90.248.72]) by smtp.gmail.com with ESMTPSA id a17sm7068661wrs.33.2019.11.22.02.08.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Nov 2019 02:08:34 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\))
From: Neil Madden <neil.madden@forgerock.com>
In-Reply-To: <0235F8A2-83C4-4804-8805-F50305E263BB@lodderstedt.net>
Date: Fri, 22 Nov 2019 10:08:33 +0000
Cc: Justin Richer <jricher@mit.edu>, oauth <oauth@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D43D3929-F1B7-4A2C-ABEC-1326F3F0926C@forgerock.com>
References: <2EF412B8-AF8C-4642-9BE0-1B528B0C63D5@amazon.com> <288343F2-ACF0-43E0-8577-26AF45330E5C@forgerock.com> <CAD9ie-u_SM+1hRuBWR7zBGSi4Ex59Ht0SzoVTeFuWTRc3cFJXw@mail.gmail.com> <6DECA422-AACC-4DAA-8CD2-FF57CE02DE3E@mit.edu> <0235F8A2-83C4-4804-8805-F50305E263BB@lodderstedt.net>
To: Torsten Lodderstedt <torsten=40lodderstedt.net@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3601.0.10)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/qRL5llTZrWg-TXdwooD_9MCM-dQ>
Subject: Re: [OAUTH-WG] New Version Notification for draft-fett-oauth-dpop-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2019 10:08:39 -0000

On 22 Nov 2019, at 07:53, Torsten Lodderstedt <torsten=40lodderstedt.net@dmarc.ietf.org> wrote:
> 
> 
> 
>> On 22. Nov 2019, at 15:24, Justin Richer <jricher@mit.edu> wrote:
>> 
>> I’m going to +1 Dick and Annabelle’s question about the scope here. That was the one major thing that struck me during the DPoP discussions in Singapore yesterday: we don’t seem to agree on what DPoP is for. Some (including the authors, it seems) see it as a quick point-solution to a specific use case. Others see it as a general PoP mechanism. 
>> 
>> If it’s the former, then it should be explicitly tied to one specific set of things. If it’s the latter, then it needs to be expanded. 
> 
> as a co-author of the DPoP draft I state again what I said yesterday: DPoP is a mechanism for sender-constraining access tokens sent from SPAs only. The threat to be prevented is token replay.

I think the phrase "token replay" is ambiguous. Traditionally it refers to an attacker being able to capture a token (or whole requests) in use and then replay it against the same RS. This is already protected against by the use of normal TLS on the connection between the client and the RS. I think instead you are referring to a malicious/compromised RS replaying the token to a different RS - which has more of the flavour of a man in the middle attack (of the phishing kind).

But if that's the case then there are much simpler defences than those proposed in the current draft:

1. Get separate access tokens for each RS with correct audience and scopes. The consensus appears to be that this is hard to do in some cases, hence the draft.
2. Make the DPoP token be a simple JWT with an "iat" and the origin of the RS. This stops the token being reused elsewhere but the client can reuse it (replay it) for many requests.
3. Issue a macaroon-based access token and the client can add a correct audience and scope restrictions at the point of use.

Protecting against the first kind of replay attacks only becomes an issue if we assume the protections in TLS have failed. But if DPoP is only intended for cases where mTLS can't be used, it shouldn't have to protect against a stronger threat model in which we assume that TLS security has been lost.

-- Neil

v2.23.0 | Report a Bug | By Email