Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 04 February 2016 14:31 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A3901B304B; Thu, 4 Feb 2016 06:31:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWFwVt_9H9wj; Thu, 4 Feb 2016 06:31:45 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9B211B304F; Thu, 4 Feb 2016 06:31:44 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A1DA82009E; Thu, 4 Feb 2016 09:40:38 -0500 (EST)
Received: from obiwan.sandelman.ca (ip6-localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4544363751; Thu, 4 Feb 2016 09:31:43 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Ludwig Seitz <ludwig@sics.se>
In-Reply-To: <56B31FEB.4010204@sics.se>
References: <56B31FEB.4010204@sics.se>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Thu, 04 Feb 2016 09:31:43 -0500
Message-ID: <16330.1454596303@obiwan.sandelman.ca>
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/sAigsojpekor8gxuFrTw6sTtogQ>
X-Mailman-Approved-At: Thu, 04 Feb 2016 06:41:31 -0800
Cc: oauth@ietf.org, ace@ietf.org
Subject: Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 14:31:48 -0000
Ludwig Seitz <ludwig@sics.se> wrote: > Assuming we are using (D)TLS to secure the connection between C and RS, > assuming further that we are using proof-of-possession tokens [2], > i.e. tokens linked to a key, of which the client needs to prove possession in > order for the RS to accept the token. > Do we need to support cases, where the type of key used with DTLS does not > match the type of key in the PoP-token? > Example: > The client uses its raw public key as proof of possession, but the DTLS > connection C - RS is secured with a pre-shared symmetric key. > Is that a realistic use case? Before I agree that it's unrealistic, I think it's worth going out of charter scope and ask how much these two credentials were created/distributed. I think that in this case, the pre-shared symmetric key is initialized through some out-of-band (perhaps human mediated?) process, while the raw public key did not need any other pre-arrangement. So my question is then: could the out-of-band process have pre-exchanged the raw public key (and the RS's key/certificate!) as well? > It would simplify the DTLS cases a lot, if I could just require the token and > the DTLS session to use the same type of key. For starters we could use DTLS > handshake to perform the proof-of-possession. I agree, that it would be better. (I'm also concerned that we not fail into where IKEv1 did: with weak PSK being the only interoperable mechanism...) > Would there be any security issues with using the PoP key in the DTLS > handshake? > I'm thinking of using pre-shared symmetric PoP keys as PSK as in RFC4279 and > raw public PoP keys as client-authentication key as in > RFC7250. Just because I had to look it up... 4279 - Pre-Shared Key Ciphersuites for Transport Layer Security 7250 - Using Raw Public Keys in Transport Layer Security I thought perhaps it was some more specific mechanism... -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… John Bradley
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Ludwig Seitz
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Ludwig Seitz
- [OAUTH-WG] Questions about OAuth and DTLS Ludwig Seitz
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Michael Richardson
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Ludwig Seitz
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… John Bradley
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Ludwig Seitz
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Phil Hunt (IDM)
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Michael Richardson
- Re: [OAUTH-WG] [Ace] Questions about OAuth and DT… Samuel Erdtman