IETF Logo Mail Archive

Re: [OAUTH-WG] Fwd: New Version Notification for draft-sakimura-oauth-tcse-00.txt

Nat Sakimura <sakimura@gmail.com> Wed, 04 September 2013 06:04 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D74521E808D for <oauth@ietfa.amsl.com>; Tue, 3 Sep 2013 23:04:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HrDi6K82mcGQ for <oauth@ietfa.amsl.com>; Tue, 3 Sep 2013 23:04:17 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 147B921E8056 for <oauth@ietf.org>; Tue, 3 Sep 2013 23:04:16 -0700 (PDT)
Received: by mail-la0-f50.google.com with SMTP id es20so5479897lab.37 for <oauth@ietf.org>; Tue, 03 Sep 2013 23:04:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fxpQJwwA9c5v6SM0lNAXgbojrKPaJHdgesxRyQsqK3E=; b=Ncfzi7Z0rzznXplCrq66RYjrMvZ9JM7p8R3SFPFepaXGoSvKrK5so4rPoyiHENBv0d ijD7Hgwd2t4w/JU2GeMAQnVvTPkUx7o7kyzXTrfbCMozD0ZxrN9Nu2e6l65dOWieoSKt vunt8alCE3+JMQ2k7Oe9nefqlETqBV9tOyQTNIxkPx1QVGMJpg/+HSu6elGV1787W/XS 4LfgGsiHREO3jYC2DyukCrf6CjsP6dDYJWVIpkRiZbvLiLBhu8WjpyLgeERYQvrY7dd4 /hpKnIZRzA4pYq3qfEtgZjuoNRNviPxRRzu767NVf8UzFs24y91WZ40SgxGztFdpmr89 we8A==
MIME-Version: 1.0
X-Received: by 10.112.167.230 with SMTP id zr6mr381920lbb.35.1378274655937; Tue, 03 Sep 2013 23:04:15 -0700 (PDT)
Received: by 10.112.11.37 with HTTP; Tue, 3 Sep 2013 23:04:15 -0700 (PDT)
In-Reply-To: <CFE83FF8-8846-4BF0-A19E-EE8C589CEB80@ve7jtb.com>
References: <20130730095129.29309.12243.idtracker@ietfa.amsl.com> <CABzCy2CC3Oi2J7GZJVBa07=xtjMXvy9ah_h_ZwwZQXDd4qtSzw@mail.gmail.com> <5224FFBB.9050400@oracle.com> <84562CC3-8456-4FF4-8EEB-53DEE0246CCD@ve7jtb.com> <B47E1AF5-BD4E-4FBF-A107-193FD5A69EC9@oracle.com> <CFE83FF8-8846-4BF0-A19E-EE8C589CEB80@ve7jtb.com>
Date: Wed, 04 Sep 2013 15:04:15 +0900
Message-ID: <CABzCy2Cw+MVfYdiEyBhciR4Ho0cS1mmnBq5AeWmszjUDZdu-yA@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="001a11c342ec452ab504e5889368"
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-sakimura-oauth-tcse-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2013 06:04:19 -0000

>From the security PoV, I prefer HMAC as well.
If implementers supports the idea, I would change it to HMAC in the next
rev.
I am also open to changing the param names. As I was writing them, I was
reading JWx specs and got influenced by their short names apparently. I
have no strong preference.

I agree with John that we may want to avoid the name that is a variation on
client secret as it would confuse people.




2013/9/3 John Bradley <ve7jtb@ve7jtb.com>

> Yes Phil it is the same sort of idea that you proposed in 2011.
>
> In this proposal it is limited to preventing an attacker who intercepts
> code from being able to use it even if it knows the client_id and secret of
> the requester as is likely in a native app without dynamic registration
> case.
>
> I think of this as a symmetric proof of possession for code rather than a
> authentication mechanism for the client.  Looking at the old thread I don't
> think that was clear to people.
>
> I also don't think the problem with native apps custom redirect schemes
> being hijacked was apparent to people.
>
> Sending the password itself in the authorization request works assuming
> the attacker can't see the request as is the case in native environments
> currently.
> We changed it to sending a hash of the secret in the request as sending
> passwords in the clear just seems like it will eventually bite us in the
> ass.
>
> I personally think making it a hmac is something people are more likely to
> have the correct code for than a truncated hash, but this is a first draft.
>
> John B.
>
>
> On 2013-09-02, at 4:34 PM, Phil Hunt <phil.hunt@oracle.com> wrote:
>
> FWIW, this was raised before in 2011.
>
> http://www.ietf.org/mail-archive/web/oauth/current/msg06073.html
> http://www.ietf.org/mail-archive/web/oauth/current/msg06079.html
>
> Phil
>
> @independentid
> www.independentid.com
> phil.hunt@oracle.com
>
>
>
>
>
>
>
> On 2013-09-02, at 3:44 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:
>
> AS that don't maintain state would need to encode everything into code.
> I have seen a couple of implementations  do that.  The encoding tends to be
> custom for size reasons.
> Many AS maintain server state for code as it also has grants,
> redirect_uri, client_id, subject etc that need to be tracked.
>
> The point being that the value of "tcsh" not be made available to someone
> who intercepts code on the return.
>
> This method is being used without hashing, and just sending "tcs" however
> that clearly has no resistance if the authorization request can somehow be
> intercepted by an attacker as well.
>
> In order to stick to well understood crypto I argued that "tcsh" be a hmac
> of the client_id using tcs as the key.    I also think calling it a client
> secret is misleading as it is a proof for the code requester not the client.
>
> This is intended as a early draft to document the security problem on iOS
> and one possible mitigation that people are using.
>
> While interoperable OAuth clients like Connect may be a edge case to some,
> it is desirable to have a solution to this that can work with multiple AS
> rather than the client requiring custom code to talk to every AS.
>
> John B.
>
>
> On 2013-09-02, at 2:14 PM, Prateek Mishra <prateek.mishra@oracle.com>
> wrote:
>
>  Nat - is there cryptanalysis of the proposed model available anyplace?
>
> Extending protocols by throwing in a smidgen of hashing and a tablespoon
> of encryption is often a bad idea. One of the strengths of *RFC* 6749 is
> that it avoids stuff like that.
>
> What do you mean when you say -
>
> [quote]
> The server MUST NOT include the "tcsh" value in the form that any entity
> but itself can extract it.
> [\quote]
>
> Is this even theoretically achievable without a stateful server that
> maintains a table of [code x tcsh] pairs?
>
> If not, how should the server embed tcsh in "code" and what constructions
> are recommended?
>
> - prateek
>
>  As some of you know, passing the authorization code securely to a native
> app on iOS platform is next to impossible. Malicious application may
> register the same custom scheme as the victim application and hope to
> obtain the code, whose success rate is rather high.
>
>  We have discussed about it during the OpenID Conenct Meeting at IETF 87
> on Sunday, and over a lengthy thread on the OpenID AB/Connect work group
> list. I have captured the discussion in the form of I-D. It is pretty short
> and hopefully easy to read.
>
>  IMHO, although it came up as an issue in OpenID Connect, this is a quite
> useful extension to OAuth 2.0 in general.
>
>  Best,
>
>  Nat Sakimura
>
> ---------- Forwarded message ----------
> From: <internet-drafts@ietf.org>
> Date: 2013/7/30
> Subject: New Version Notification for draft-sakimura-oauth-tcse-00.txt
> To: Nat Sakimura <sakimura@gmail.com>, John Bradley <
> jbradley@pingidentity.com>, Naveen Agarwal <naa@google.com>
>
>
>
> A new version of I-D, draft-sakimura-oauth-tcse-00.txt
> has been successfully submitted by Nat Sakimura and posted to the
> IETF repository.
>
> Filename:        draft-sakimura-oauth-tcse
> Revision:        00
> Title:           OAuth Transient Client Secret Extension for Public Clients
> Creation date:   2013-07-29
> Group:           Individual Submission
> Number of pages: 7
> URL:
> http://www.ietf.org/internet-drafts/draft-sakimura-oauth-tcse-00.txt
> Status:          http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse
> Htmlized:        http://tools.ietf.org/html/draft-sakimura-oauth-tcse-00
>
>
> Abstract:
>    The OAuth 2.0 public client utilizing code flow is susceptible to the
>    code interception attack.  This specification describe a mechanism
>    that acts as a control against this threat.
>
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
>
>
>  --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
>
>  _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en

v2.29.0 | Report a Bug | By Email | System Status