IETF Logo Mail Archive

[OAUTH-WG] Re: We cannot trust Issuers

Nat Sakimura <sakimura@gmail.com> Tue, 23 July 2024 08:06 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9659C15108F for <oauth@ietfa.amsl.com>; Tue, 23 Jul 2024 01:06:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qr9oJtME6Lzb for <oauth@ietfa.amsl.com>; Tue, 23 Jul 2024 01:06:03 -0700 (PDT)
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DE9AC151097 for <oauth@ietf.org>; Tue, 23 Jul 2024 01:06:03 -0700 (PDT)
Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-2cb6662ba3aso3116574a91.1 for <oauth@ietf.org>; Tue, 23 Jul 2024 01:06:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721721962; x=1722326762; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Ej2y+Z8Kpd+3caV9/Ss8N+Rd1tbR+jAw/nu0wvoIPKE=; b=f3ztsTT15EDNnrsMSUEZte9Jx5x7yCxxFOg5UP8gB2hh/05YFx6NzrZmlf5/XGSzWy wtAifzIyqa1atnxfZYNwSDMDAto8O+l9S5Aj4cOqMHN8kP9ktSsJ93sFAb57RBMld5Sg XFsJZzaU9lh+k060tf/+NnWrxRt5I8KBmBiDhFD3kgOFLqECBgh/0PP++MxJpxN7oG1N N5ea1GHxtZnP57zgNf35SrRuY5a+5u1/F8X2/A3w690o/JO167D5TyaQKJl81qfwdczm L+q2wA+v/aeCapjPesaTnyGeaHyz5fhHoSAM7bkJhZ2nihV5TH8Psv9FMq5Ws2sWuNBP P0gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721721962; x=1722326762; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Ej2y+Z8Kpd+3caV9/Ss8N+Rd1tbR+jAw/nu0wvoIPKE=; b=wnB1Cg0/ywXT0L2sMy+6BaxmKwYmEjBMfteHlyBO5FHZ2vOas3Eh4SgRP6xt1wOq3/ EalaPS2YUO/nPt3w82UG4Z2UsVS8thmHstb9t0US2OzbNhcghN4fxiWwGkzFNWwNJ+EX yFLOw9oaU+u5qvipVnALxRs4DqzQbGczn+819pW8p+4VMoBTxJi6n60h8Zw85DpaJ7us spwNak/robVikirWV5N2ecTl0az0gaqww3hg6vezSlDhHRamw91TpG+Gs0+WJEYIsR+F 754djjY8x7rFjBX7tJRFfltjHj5tDbWaR+85EYV2R0sPfCZrSMLdaEG4HyRF5NJKkcp7 /k7A==
X-Forwarded-Encrypted: i=1; AJvYcCVYFTvtfl74WbqJf/7/k8JRunjFcVjR5jeotHOg//5mbYWHyTCNcyBjdC+/WVlvcwS6sEp9Vn2q3Y3rAFUalg==
X-Gm-Message-State: AOJu0YzDAqhOgYYRbpLq3mVAoHqP2ow/Q8hyIk+TGS323Zy+Q0TpupmM sIsTHJYqauOnxfnRZh1P2cBdHH3CWV8JVCI+qLh9LXpzElIwB2OchJRhk314YrcSqVpzRTrJukA z1oqwseL7d6BdztA46a1jx6HJHrI=
X-Google-Smtp-Source: AGHT+IEiawgjrk0Mpj1OXNfHT67Des9NmePL+2/y3XLiMNVsnNebBabAeU+uecAeJBdDWIHcOS7515wLm3IgZxh7r6M=
X-Received: by 2002:a17:90a:5d0f:b0:2c9:6188:f3e with SMTP id 98e67ed59e1d1-2cd8d0e1ca3mr2280356a91.16.1721721962205; Tue, 23 Jul 2024 01:06:02 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cmy03viT6wboUZeVu_8Yf-m7As0rxcjpda2W_Xw6ohKNg@mail.gmail.com> <CAANoGhLsm1yqJvKuPEH_is-ep60EVNfLfi17T9M17KJFfAFiNQ@mail.gmail.com> <CACsn0ckXZVPznV8cq4sMm1axCzMfd_M8FQ9BnMa5TTvPgZ8emg@mail.gmail.com> <CAFTzAXgcfeE84xq=G_+jpLt8Co8BasOan0t84QJyTsufhmLWsw@mail.gmail.com> <CACsn0cmUa6xZGmJkKOoO+W_rCgNLYsGsd+xDtB=hTd7=Rqn2kg@mail.gmail.com> <CAFTzAXi1qZ7npqKmaSkt_QiE3bUmGkhSuE38OO+c2PxB2YSo4A@mail.gmail.com>
In-Reply-To: <CAFTzAXi1qZ7npqKmaSkt_QiE3bUmGkhSuE38OO+c2PxB2YSo4A@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Tue, 23 Jul 2024 17:05:52 +0900
Message-ID: <CABzCy2Cx6v5L6TVLaepEum_2u6R4n9LDyu2CBKiSmK6AyC6xHw@mail.gmail.com>
To: Wayne Chang <wayne@spruceid.com>
Content-Type: multipart/alternative; boundary="000000000000f59ac2061de5a17a"
Message-ID-Hash: FWSIFMQFF6DGJQSMQG2Q4UP4RLWRXNQE
X-Message-ID-Hash: FWSIFMQFF6DGJQSMQG2Q4UP4RLWRXNQE
X-MailFrom: sakimura@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: We cannot trust Issuers
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/s-7tUOFOD4O3SO7krbfuOsoklfo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

IMHO, it is just a matter of setting the reader's expectations right
through adequate privacy considerations. When it comes to collusion
attacks, we can think not only of issuer-verifier but other varieties as
well. We should perhaps list those scenarios. In ISO/IEC 27551 that only
deals with the model without holder, it still lists 8 varieties of
unlinkability. We will have many more in the issuer-holder-verifier model.
We should  be aware that there is an operator behind the holder, which can
turn hostile.

Best,

Nat Sakimura

2024年7月23日(火) 13:35 Wayne Chang <wayne@spruceid.com>:

> Yep, TEEs definitely have limitations that should be managed via
> defense-in-depth to prevent things like side channel attacks.
>
> It’s also true that such identity systems based on transmission of raw
> digital signatures have been deployed in production today and continue to
> gain momentum.
>
> It’s important that we balance the various approaches to privacy, as not
> to let perfect be the enemy of the good, while also paving a path to the
> ideal.
>
> Best,
> - Wayne
>
> On Mon, Jul 22, 2024 at 20:33 Watson Ladd <watsonbladd@gmail.com> wrote:
>
>> And the draft doesn't have a sufficiently strong statement saying this
>> tech (which has significant limitations: every TEE has fallen due to side
>> channels) is needed for relevant application scenarios.
>>
>> I'm not saying this work shouldn't continue: I'm saying that we need to
>> ensure we get the privacy and security considerations right, and make clear
>> the limitations and that users shouldn't be mislead about the degree of
>> anonymity they have. The applications being envisioned are dangerous.
>>
>> Sincerely,
>> Watson Ladd
>>
>> On Mon, Jul 22, 2024, 6:51 PM Wayne Chang <wayne@spruceid.com> wrote:
>>
>>> Hi Watson,
>>>
>>> Here’s an approach based on TEEs that can in theory create unlinkability
>>> for things like mdocs and SD-JWTs while also conforming to FIPS 140-2/-3.
>>> No new crypto, and PQC-friendly.
>>>
>>>
>>> https://blog.spruceid.com/provably-forgotten-signatures-adding-privacy-to-digital-identity/
>>>
>>> Best,
>>> - Wayne
>>>
>>> On Mon, Jul 22, 2024 at 16:26 Watson Ladd <watsonbladd@gmail.com> wrote:
>>>
>>>>
>>>>
>>>> On Mon, Jul 22, 2024, 3:30 PM John Bradley <ve7jtb@ve7jtb.com> wrote:
>>>>
>>>>> I agree that single-use proof keys and batch issuance are a must.
>>>>>
>>>>> Issuer verifier collusion is admittedly a problem.   To address that
>>>>> we do need different cryptographic methods.
>>>>>
>>>>> MDOC also has the same issue.
>>>>>
>>>>> We should document the risk, but short of stopping EUID and mobile
>>>>> driver's license deployment, we have limited options.
>>>>>
>>>>
>>>> The problem only appears when the drivers license or EUID is used in a
>>>> way that makes the user think their data is private. You don't have to
>>>> support UX that lies to the user.
>>>>
>>>>
>>>>> Hopefully, we can make quick progress on JWP.
>>>>>
>>>>> John B.
>>>>>
>>>>> On Mon, Jul 22, 2024 at 2:14 PM Watson Ladd <watsonbladd@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Dear Oauth,
>>>>>>
>>>>>> I'm disappointed to see SD-JWT work continue with inadequate privacy
>>>>>> considerations. The fact is an Issuer can link any showings to
>>>>>> issuance of the credential. This is not foregrounded sufficiently in
>>>>>> privacy considerations, nor do we discuss how to ensure users are
>>>>>> aware. We really need to use more RFC 2119 language and highlight
>>>>>> these issues. Section 11.1 about local storage which has never been an
>>>>>> IETF concern before is far more prescriptive than 11.4, and that's not
>>>>>> a good thing. To be clear, the threat model must include an issuer
>>>>>> that is a government issuing credentials that if used to verify age on
>>>>>> certain websites or via a digital wallet on site, and learned about by
>>>>>> the issuer who may have access to data from the site, will result in
>>>>>> imprisonment or execution. This is not a hypothetical scenario.
>>>>>>
>>>>>> Users and UX designers will have intuitions that do not match the
>>>>>> reality and that result in bad decisions being made. That's on us. A
>>>>>> driver's license doesn't leave a trace of where you showed it, but the
>>>>>> SD-JWT does.
>>>>>>
>>>>>> At a minimum I think we mandate batch issuance and one time usage
>>>>>> using RFC 2119 language. We need to say in clear, unambiguous English
>>>>>> that this mechanism enables an issuer to connect every presentation of
>>>>>> a credential to the issuance.
>>>>>>
>>>>>> Sincerely,
>>>>>> Watson Ladd
>>>>>>
>>>>>> --
>>>>>> Astra mortemque praestare gradatim
>>>>>>
>>>>>> _______________________________________________
>>>>>> OAuth mailing list -- oauth@ietf.org
>>>>>> To unsubscribe send an email to oauth-leave@ietf.org
>>>>>>
>>>>> _______________________________________________
>>>> OAuth mailing list -- oauth@ietf.org
>>>> To unsubscribe send an email to oauth-leave@ietf.org
>>>>
>>> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>

v2.35.0 | Report a Bug | By Email | System Status