Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS

Ludwig Seitz <ludwig@sics.se> Mon, 08 February 2016 08:02 UTC

Return-Path: <ludwig@sics.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC1671ACD2F for <oauth@ietfa.amsl.com>; Mon, 8 Feb 2016 00:02:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, J_BACKHAIR_12=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vV_NRtnl5QnC for <oauth@ietfa.amsl.com>; Mon, 8 Feb 2016 00:02:20 -0800 (PST)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E67AC1ACD2E for <oauth@ietf.org>; Mon, 8 Feb 2016 00:02:18 -0800 (PST)
Received: by mail-lb0-x230.google.com with SMTP id dx2so78335980lbd.3 for <oauth@ietf.org>; Mon, 08 Feb 2016 00:02:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sics-se.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=gSCW56JM2ZTxu55fAbcxYWCl6QLjvgBMGemICuLbQjM=; b=waea6suI+J923M+A/bE3wTYKNphRSLncQZpc80qUU39Wl3aWR8uG60sPCRb8h7M+RF ClGw/NoeKn0UOM/L6iFgqmi/QLkTJHvmP0OZl2GKABgW9Z6h4qoD4pCP7Wkv/08Nk8Uf hc/gGJARU/YlPgbiUnbLrStqijT/8U9m+zZQaGZ8FOlljNwHmHkr6r+2sRKZmI93WZH4 V8NKN3b4rCwRwvGQMP8tSt6VYwPh3ml0o8wbB9Z7Lidg+Ypiyol6qSl2F42VDS1Fn5G5 4QyCTKXklFydDPg0uT+GFmSL3cnYQ/XgpR2kEuBK6EAkNkE/AhmyABw+Ks7rmf2EbSC+ 15tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type; bh=gSCW56JM2ZTxu55fAbcxYWCl6QLjvgBMGemICuLbQjM=; b=CQ4t+EHouzbezaMdwgpQ0SkxUAuYJVf48wonrC40EpStN/DEJKqV3jcf1t4gSPtNjb 0RkeahwaRhIxxSOXvlOqt2hA2iO4Wcso7V6mKZYcjPv6pPTNyqEjMQx/678GpeRF4VpZ cIzu0JYfCn1XRYFJi8zVe6KYBLgR9nVUFIubhKHt3qDv4B8V6xILR/zX2gu1VNj0IaAP lVH4u9XN7VZ+ss0WybKYrndCtzs2cf/ZroFHBlSWKPVcXeLAo9sCWNChleQwzOE7R/1S 0ubWvx7UHvr/1udDEr1Lq0NB5V1JjSHVmJ441DZlxf2u1xZogF3k7Uwulvq4xsjA3awE uEog==
X-Gm-Message-State: AG10YOSeW2tcLVVE7/plaa9I1B9FCYfHTzanHi6MyrfYZQG5zboesAw5LTCtpx2ustbHFtKS
X-Received: by 10.112.169.74 with SMTP id ac10mr10766551lbc.123.1454918537172; Mon, 08 Feb 2016 00:02:17 -0800 (PST)
Received: from Hyperion.suse ([85.235.10.186]) by smtp.gmail.com with ESMTPSA id o9sm3841239lfe.15.2016.02.08.00.02.16 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 08 Feb 2016 00:02:16 -0800 (PST)
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <56B31FEB.4010204@sics.se> <16330.1454596303@obiwan.sandelman.ca> <56B36703.8060305@sics.se> <21409.1454685967@obiwan.sandelman.ca>
From: Ludwig Seitz <ludwig@sics.se>
Message-ID: <56B84B87.2070205@sics.se>
Date: Mon, 8 Feb 2016 09:02:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <21409.1454685967@obiwan.sandelman.ca>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms080100030303010201040300"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/wyC2vsC1nfuR6EIulF0Ea9tcB4s>
Cc: oauth@ietf.org, ace@ietf.org
Subject: Re: [OAUTH-WG] [Ace] Questions about OAuth and DTLS
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 08:02:22 -0000

Michael,

thank you for answering, this is getting very interesting.
Comments inline.

/Ludwig


On 02/05/2016 04:26 PM, Michael Richardson wrote:

> First, let me say that I confused RS and RO/AS in my mind when reading before.
>
> Starting again, I think that any PSK for authentication between C<->RS is
> unrealistic.
>

Actually I don't want to authenticate the client, I just want do a 
proof-of-possession for the (symmetric) key that is bound to the token. 
Wouldn't the DTLS-PSK handshake provide that proof?

Detailed scenario (skip if the above makes sense):
Client has a PoP token with a symmetric PoP key. Client wants to use 
DTLS-PSK towards the RS with the symmetric PoP key as PSK to get a.) A 
secure connection and b.) do the proof-of-possession towards the RS.


>      >> So my question is then: could the out-of-band process have
>      >> pre-exchanged the raw public key (and the RS's key/certificate!) as
>      >> well?
>
>      > Short answer: Yes but only to the AS not to the client(s).
>
>      > Long answer: I am laboring under the assumption that the AS not only
>      > provides the OAuth token and the corresponding PoP key to the client,
>      > but also some information on the communication security protocols that
>      > the RS supports. Furthermore the AS facilitates the establishment of a
>      > security context between client and RS by providing things such as a
>      > (D)TLS-PSK or the RS's raw public key, depending on the (D)TLS mode
>      > that the RS is going to support. Thus individual clients would not,
>      > a-priori, know the raw public key of a RS, but would be able to get
>      > that information from the AS.
>
> That seems entirely reasonable.  Would the OAuth token not also be bound to
> the Raw RSA key of C?    So RS would never need to be told about C's key,
> because the AS would have told it "key XYZ can access resource ABC" in the
> OAuth token.
>
Yes if the PoP token uses a public key as PoP key. C could even generate 
an ephemeral key-pair just for this token (and the DTLS-RPK handshake).



-- 
Ludwig Seitz, PhD
SICS Swedish ICT AB
Ideon Science Park
Building Beta 2
Scheelevägen 17
SE-223 70 Lund

Phone +46(0)70 349 9251
http://www.sics.se