Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS

Ludwig Seitz <> Mon, 08 February 2016 08:02 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id DC1671ACD2F for <>; Mon, 8 Feb 2016 00:02:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, J_BACKHAIR_12=1, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vV_NRtnl5QnC for <>; Mon, 8 Feb 2016 00:02:20 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4010:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E67AC1ACD2E for <>; Mon, 8 Feb 2016 00:02:18 -0800 (PST)
Received: by with SMTP id dx2so78335980lbd.3 for <>; Mon, 08 Feb 2016 00:02:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=gSCW56JM2ZTxu55fAbcxYWCl6QLjvgBMGemICuLbQjM=; b=waea6suI+J923M+A/bE3wTYKNphRSLncQZpc80qUU39Wl3aWR8uG60sPCRb8h7M+RF ClGw/NoeKn0UOM/L6iFgqmi/QLkTJHvmP0OZl2GKABgW9Z6h4qoD4pCP7Wkv/08Nk8Uf hc/gGJARU/YlPgbiUnbLrStqijT/8U9m+zZQaGZ8FOlljNwHmHkr6r+2sRKZmI93WZH4 V8NKN3b4rCwRwvGQMP8tSt6VYwPh3ml0o8wbB9Z7Lidg+Ypiyol6qSl2F42VDS1Fn5G5 4QyCTKXklFydDPg0uT+GFmSL3cnYQ/XgpR2kEuBK6EAkNkE/AhmyABw+Ks7rmf2EbSC+ 15tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type; bh=gSCW56JM2ZTxu55fAbcxYWCl6QLjvgBMGemICuLbQjM=; b=CQ4t+EHouzbezaMdwgpQ0SkxUAuYJVf48wonrC40EpStN/DEJKqV3jcf1t4gSPtNjb 0RkeahwaRhIxxSOXvlOqt2hA2iO4Wcso7V6mKZYcjPv6pPTNyqEjMQx/678GpeRF4VpZ cIzu0JYfCn1XRYFJi8zVe6KYBLgR9nVUFIubhKHt3qDv4B8V6xILR/zX2gu1VNj0IaAP lVH4u9XN7VZ+ss0WybKYrndCtzs2cf/ZroFHBlSWKPVcXeLAo9sCWNChleQwzOE7R/1S 0ubWvx7UHvr/1udDEr1Lq0NB5V1JjSHVmJ441DZlxf2u1xZogF3k7Uwulvq4xsjA3awE uEog==
X-Gm-Message-State: AG10YOSeW2tcLVVE7/plaa9I1B9FCYfHTzanHi6MyrfYZQG5zboesAw5LTCtpx2ustbHFtKS
X-Received: by with SMTP id ac10mr10766551lbc.123.1454918537172; Mon, 08 Feb 2016 00:02:17 -0800 (PST)
Received: from Hyperion.suse ([]) by with ESMTPSA id o9sm3841239lfe.15.2016. (version=TLSv1/SSLv3 cipher=OTHER); Mon, 08 Feb 2016 00:02:16 -0800 (PST)
To: Michael Richardson <>
References: <> <> <> <>
From: Ludwig Seitz <>
Message-ID: <>
Date: Mon, 08 Feb 2016 09:02:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms080100030303010201040300"
Archived-At: <>
Subject: Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Feb 2016 08:02:22 -0000


thank you for answering, this is getting very interesting.
Comments inline.


On 02/05/2016 04:26 PM, Michael Richardson wrote:

> First, let me say that I confused RS and RO/AS in my mind when reading before.
> Starting again, I think that any PSK for authentication between C<->RS is
> unrealistic.

Actually I don't want to authenticate the client, I just want do a 
proof-of-possession for the (symmetric) key that is bound to the token. 
Wouldn't the DTLS-PSK handshake provide that proof?

Detailed scenario (skip if the above makes sense):
Client has a PoP token with a symmetric PoP key. Client wants to use 
DTLS-PSK towards the RS with the symmetric PoP key as PSK to get a.) A 
secure connection and b.) do the proof-of-possession towards the RS.

>      >> So my question is then: could the out-of-band process have
>      >> pre-exchanged the raw public key (and the RS's key/certificate!) as
>      >> well?
>      > Short answer: Yes but only to the AS not to the client(s).
>      > Long answer: I am laboring under the assumption that the AS not only
>      > provides the OAuth token and the corresponding PoP key to the client,
>      > but also some information on the communication security protocols that
>      > the RS supports. Furthermore the AS facilitates the establishment of a
>      > security context between client and RS by providing things such as a
>      > (D)TLS-PSK or the RS's raw public key, depending on the (D)TLS mode
>      > that the RS is going to support. Thus individual clients would not,
>      > a-priori, know the raw public key of a RS, but would be able to get
>      > that information from the AS.
> That seems entirely reasonable.  Would the OAuth token not also be bound to
> the Raw RSA key of C?    So RS would never need to be told about C's key,
> because the AS would have told it "key XYZ can access resource ABC" in the
> OAuth token.
Yes if the PoP token uses a public key as PoP key. C could even generate 
an ephemeral key-pair just for this token (and the DTLS-RPK handshake).

Ludwig Seitz, PhD
Ideon Science Park
Building Beta 2
Scheelevägen 17
SE-223 70 Lund

Phone +46(0)70 349 9251