[OAUTH-WG] Second AD Review: draft-ietf-oauth-jwt-bcp-05

Roman Danyliw <rdd@cert.org> Mon, 03 June 2019 16:11 UTC

Return-Path: <rdd@cert.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BA7412006B for <oauth@ietfa.amsl.com>; Mon, 3 Jun 2019 09:11:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BuD-p79HLvQ6 for <oauth@ietfa.amsl.com>; Mon, 3 Jun 2019 09:11:49 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A88AE120241 for <oauth@ietf.org>; Mon, 3 Jun 2019 09:11:46 -0700 (PDT)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x53GBjbR001180 for <oauth@ietf.org>; Mon, 3 Jun 2019 12:11:45 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu x53GBjbR001180
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1559578305; bh=Z0S8sWK7zt2aWnmvPrCxkqWvPRdGrSz9pU5Ve03huHk=; h=From:To:Subject:Date:From; b=mXxw/VD18v/DYbbE9Bih0IE9TXjc7178MF0HXgphCnGsv4wkCGBbrBXAvf7wxGK9x XN6aUTHbEkOfYOs4XyMAejFXnr3Br0tAEg5i1aiXBV00obtFZSuu4TOqpobec/Vx20 AMmtIwFqFb2Dl54n7HfIunjgFT5nAfPbZ6cEb+Yc=
Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x53GBfZE006475 for <oauth@ietf.org>; Mon, 3 Jun 2019 12:11:41 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0439.000; Mon, 3 Jun 2019 12:11:40 -0400
From: Roman Danyliw <rdd@cert.org>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Second AD Review: draft-ietf-oauth-jwt-bcp-05
Thread-Index: AdUaJgtVO/GFpDkjR521ne31wNVvSw==
Date: Mon, 3 Jun 2019 16:11:40 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B338252D@marathon>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/yI4GA6ZoKfOop8uwz_ERHYuNQzk>
Subject: [OAUTH-WG] Second AD Review: draft-ietf-oauth-jwt-bcp-05
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2019 16:11:51 -0000

Hi!

As a document I inherited in the "IESG:: Waiting for Writeup Internet-Drafts" , I conducted a second AD review.  I have the following feedback:

(1) Add additional references to the text

(a) Section 2.1, bullet #2
   -  An "RS256" (RSA, 2048 bit) parameter value can be changed into
      "HS256" (HMAC, SHA-256), and some libraries would try to validate
      the signature using HMAC-SHA256 and using the RSA public key as
      the HMAC shared secret.

Since this text seems to refer to a vulnerability in a real library.  Can a citation (CVE?) be provided?  

(b) Section 2.3 
  This is not
  the case anymore, with the latest standard  only allowing UTF-8.

Add a reference to this "latest JSON format" -- [RFC8259]

(c) Section 3.2
   -  Avoid all RSA-PKCS1 v1.5 encryption algorithms, preferring RSA-
      OAEP .

Provide reference for "RSA-PKCS1 v1.5" (RFC 2313) and for "RSA OAEP" (Section 7.1 of RFC8017)

(d) Section 3.2
ECDSA  signatures require a unique random value for every message
that is signed.  

Provide a reference for ECDSA -- [X9.62] American National Standards Institute, "Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)", ANSI X9.62-2005, November 2005.

(2) The symmetric between the threat being described in Section 2 and the corresponding mitigation in Section 3 is helpful.  However, Sections 3.6 and 3.10 are listed as mitigations but have no corresponding motivating threats for their usage in Section 2.  The text in Section 3.6 explains part of the threat with references but for symmetry this should have been in Section 2.

Regards,
Roman