[OAUTH-WG] draft-ietf-oauth-proof-of-possession-06 Glitches
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 16 November 2015 14:56 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C24BA1B307A for <oauth@ietfa.amsl.com>; Mon, 16 Nov 2015 06:56:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.485
X-Spam-Level:
X-Spam-Status: No, score=-0.485 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ipcz0MdtsrER for <oauth@ietfa.amsl.com>; Mon, 16 Nov 2015 06:56:25 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B1051B3078 for <oauth@ietf.org>; Mon, 16 Nov 2015 06:56:25 -0800 (PST)
Received: from [192.168.10.140] ([80.92.121.34]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MEXHd-1a92aP19s9-00Fgsm for <oauth@ietf.org>; Mon, 16 Nov 2015 15:56:23 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
To: "oauth@ietf.org" <oauth@ietf.org>
Message-ID: <5649EE61.8060803@gmx.net>
Date: Mon, 16 Nov 2015 15:55:29 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="LLcCluxa4VWwsX9P8L9QqmHupJIGGjDA3"
X-Provags-ID: V03:K0:wHVCpoQCzSbajMJWnm82i1R30Z3Gg1KnubtxZadz7irlIlm1QNL iWTyZOkw2mqYCzdeMXzLef8VuHM6wbAEoCsnWzWetvMQY9Hs0WgV5r/JOLI2fIZfYN4zsjp GL8ryignd2hrhlh4vl/4/1d+JsXfyvHq4ZP5jzu5iSLPctcoSJs//f0VETNKKnavATyfMvp IrMB3uMkPgNjEtdc6zsug==
X-UI-Out-Filterresults: notjunk:1;V01:K0:QvHppJRO02g=:VaiQYxax4+TxmSD2omHBe5 p2ZMK1wSq2o98+g7KQRvO1kxDPHxPfebQs1f3Xw8enZ4p2JG2vCQGTKLpNAaD2KxnbX7q75Bk Qsl0dyQ04zsvgbBbp985ZH//q7v1VXaX/IHvKZ4buK/yX2XrKEl52NLitJCUnps7S6foXldsh eT9naCNzWuAEDvjTc66JEd42Wp5cMXRY0Zpw5CpCXQJqIQ1uJcnCu2lq9ic3Bh+ghcL/sTWZZ ehyoY1d/W3ciwQt79VsATvMd3/0/Z8N3FfSL2DuQ6HZzRVvXjyHUNlqDNonHl47Sr433fM7jh pQDQANpiFuph7jOW6Qhob4EZzp/eMFn0h7Ma/CX7gihoW4VRgeO92IbOnLvk9VFxpo98gna0O swpQ4tJmpFQA6A1j/eRymA8rfa/wE+/OsiKKM/KlNzsZ6bUnEhuWMPB/8OIvnXuq3ijMGXdg3 KXf/gfIt8kQUb50afYeFX0AvP553VU+jy7pRm8KjlQzt8Bi8d8ordVI2vrfEd/UKAjbsNQPWF 1WKKo4LQ8nctJ7TSjkbMX2NU2QU+xoA7Q5g30FHybTdks4R6a6bPSD/yk9UoosKQY1TpN//aT Wxck9rxN9y7dnbqk0OqzxR5axpy3sMxISAYtmGJpE8DPy+Gfw2wp592e7nlQd7kzh0wlb3Kj4 YguZnL6rmejb+S0r0dOKdRq5pUgMlxdvrqHzD8RJ+OJbcNyDYAc0AECyavrDooFEFjWC5X0DV EE7Xp7I7TDjjdbqIzHNbNW9jWP1GdVDg5YXrbbVfobIcMBMaJydauRBjCqU=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/rQb4wXWMOqrQeQn9nEpq8pPsjd0>
Subject: [OAUTH-WG] draft-ietf-oauth-proof-of-possession-06 Glitches
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2015 14:56:27 -0000
Hi all,
I noticed a few glitches with the most recent version of the
draft-ietf-oauth-proof-of-possession document.
** PoP Figure (Symmetric Key)
FROM:
+--------------+
| | +--------------+
| |--(4) Presentation of -->| |
| | JWT w/ Encrypted | |
| Presenter | PoP Key | |
| | | |
| |<-(5) Communication ---->| |
| | Authenticated by | |
+--------------+ PoP Key | |
| ^ | |
| | | |
(1) Sym. (3) JWT w/ | Recipient |
| PoP | Encrypted | |
| Key | PoP Key | |
v | | |
+--------------+ | |
| | | |
| | | |
| |<-(2) Key Exchange for ->| |
| Issuer | Key Encryption Key | |
| | | |
| | | |
| | +--------------+
+--------------+
Figure 1: Proof-of-Possession with a Symmetric Key
TO:
+--------------+
| | +--------------+
| |--(3) Presentation of -->| |
| | JWT w/ Encrypted | |
| Presenter | PoP Key | |
| | | |
| |<-(4) Communication ---->| |
| | Authenticated by | |
+--------------+ PoP Key | |
| ^ | |
| | | |
(1) Sym. (2) JWT w/ | Recipient |
| PoP | Encrypted | |
| Key | PoP Key | |
v | | |
+--------------+ | |
| | | |
| | | |
| |<=======================>| |
| Issuer | Key Exchange for | |
| | Key Encryption Key | |
| | | |
| | +--------------+
+--------------+
Figure 1: Proof-of-Possession with a Symmetric Key
The reason for this change is that the figure currently included
in the document gives the impression that the key used to protect
the PoP token is actually dynamically exchanged in step (2), which
isn't the case.
While text says that it is dynamically established if it does not exist
there is nothing in this or any document that provides this functionality.
Hence, I am also suggesting to change the text accordingly:
FROM:
This symmetric key is encrypted with a key known only to the issuer and
the recipient, which is established in step (2), if it doesn't already
exist.
TO:
This symmetric key is encrypted with a key known only to the issuer and
the recipient.
The problem with dynamically establishing keys is that we are then
requiring yet another key to be in place to allow this procedure to
happen securely. Without anything in place we are quickly vulnerable to
various attacks.
FROM:
In the case illustrated in Figure 1, the presenter generates a symmetric
key and (1) privately sends it to the issuer.
TO:
In the case illustrated in Figure 1, the presenter generates a symmetric
key and in (1) sends it to the issuer. The key transport is
confidentiality protected.
** CNF Claim
I also have a question regarding this paragraph from Section 3.1. What
does it mean to have other members of the "cnf" claim?
What is the semantic of these two examples:
{
"iss": "https://server.example.com",
"aud": "https://client.example.org",
"exp": "1361398824",
"cnf":{
"jwk":{...},
"jwk":{...}
}
}
{
"iss": "https://server.example.com",
"aud": "https://client.example.org",
"exp": "1361398824",
"cnf":{
"jwk":{...},
"jwe":{...},
"kid":"..."
}
}
Here is the relevant text:
"
3.1. Confirmation Claim
The "cnf" (confirmation) claim is used in the JWT to contain members
used to identify the proof-of-possession key. Other members of the
"cnf" object may be defined because a proof-of-possession key may not
be the only means of confirming the authenticity of the token. This
is analogous to the SAML 2.0 [OASIS.saml-core-2.0-os]
SubjectConfirmation element, in which a number of different subject
confirmation methods can be included, including proof-of-possession
key information. When a recipient receives a "cnf" claim with a
member that it does not understand, it MUST ignore that member.
...
Note that if an application needs to represent multiple proof-of-
possession keys in the same JWT, one way for it to achieve this is to
use other claim names, in addition to "cnf", to hold the additional
proof-of-possession key information. These claims could use the same
syntax and semantics as the "cnf" claim.
"
** Key ID
Lack of interoperability for the Key ID functionality described in
Section 3.4.
The text says that
"The content of the "kid" value is application specific. For
instance, some applications may choose to use a JWK Thumbprint
[JWK.Thumbprint] value as the "kid" value."
I think we should settle for something and then allow other key id types
to be used
as well.
** Nonce Claim
This example in Section 3.3 uses a claim type, namely nonce, which has
not been defined yet. I therefore suggest to remove it from this example
since it does not fulfil a purpose.
Here is the example:
{
"iss": "https://server.example.com",
"sub": "24400320",
"aud": "s6BhdRkqt3",
"nonce": "n-0S6_WzA2Mj",
"exp": 1311281970,
"iat": 1311280970,
"cnf":{
"jwe":
"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhDQkMtSFMyNTYifQ.
(remainder of JWE omitted for brevity)"
}
}
Ciao
Hannes
- [OAUTH-WG] draft-ietf-oauth-proof-of-possession-0… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-proof-of-possessi… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-proof-of-possessi… Mike Jones