IETF Logo Mail Archive

[scim] SCIM Events Pull Request #20 - Unsecured Tokens

Phillip Hunt <phil.hunt@independentid.com> Sun, 10 December 2023 19:13 UTC

Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2ABAC14F5F8 for <scim@ietfa.amsl.com>; Sun, 10 Dec 2023 11:13:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bnywr_vDa9Gh for <scim@ietfa.amsl.com>; Sun, 10 Dec 2023 11:13:14 -0800 (PST)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37669C14F5F5 for <scim@ietf.org>; Sun, 10 Dec 2023 11:13:13 -0800 (PST)
Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-2868605fa4aso2837521a91.0 for <scim@ietf.org>; Sun, 10 Dec 2023 11:13:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20230601.gappssmtp.com; s=20230601; t=1702235592; x=1702840392; darn=ietf.org; h=to:date:message-id:subject:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=3WkKdg1O2mQFFYa4iXWF91Mu0cFCNh14/XwK81pgP08=; b=vmJeiZegQDEK3OgxuSuwqxFd3qOljjn9EJk3ns4Bnx0srXnDrNe+DnwxKeEoMyn/XC TLXk1rZAOxsj3lU8XGdU8MDv4Ub9sYMTWRVzD4Mb+VtfWuP3oTVAlRO9v4jWvNoCJuHs 6usXbyIufLYSaU4MbvaNZykO4R9pgUlTyscNLDXKwZcgD8wxns1wmU5g8PrH6AyD2FkO rru1zbXmurZY8R7pl4kc6vYTi1Yr0wKO9992JcdmkNgdzhpdfoKBAaLytKgKwGcVhdcN chBuVRNrXLbAaOojBW0tdJBVnyJsTjp/awFuCuRMKq1wq/JtjKf+IJTj+oDqmFzPVS/7 qkqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702235592; x=1702840392; h=to:date:message-id:subject:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=3WkKdg1O2mQFFYa4iXWF91Mu0cFCNh14/XwK81pgP08=; b=pfsn65zHLTuI8I8TdpJdBhBSvWPLW2lcVidG2ZOIUWzkKQesoNC9VYmpKjwz/0TyNl qIJkxYLmVACgi7BMnr0eBoz/mUH1zU5hi5aAPm4ZK1yIpXyOznFieXGGhsQyefKCpheO naSs6jQpe3uv83scdoNTVSQV1+NjRU+Idh7Qzmod0Or/I4F4VZRze0LOc8kmaG2V6Zf3 Im5VuLCyXdnKiTWHTEDhAjoy7Ed9NCqFP9A4tc0QYQnUYUttMiynlQ8mbIg7/TAzk/9B k1mYk5CAq3ux8lDSLGBfDP1mIwZy9C+4nsP3UuUW/oMSQK9I3y+MPDliiqRvnRyhNfem DjIQ==
X-Gm-Message-State: AOJu0YxjZQu12wR9UlJnlsFHSiThf/u9Kwf1BNnmebk0VL9AtePDinf0 +qRIg/5Um8pq5Y8xKZpRedygU000y9cOoGPojow=
X-Google-Smtp-Source: AGHT+IGBD1YMd5ahfiq2TrCCBz5MXc8S9xF3nrxKyora6bsaNEUvP4RffCZD1qiZ4WlYWIvbLdzQsg==
X-Received: by 2002:a05:6a21:9989:b0:190:85d9:9d4b with SMTP id ve9-20020a056a21998900b0019085d99d4bmr700394pzb.95.1702235592142; Sun, 10 Dec 2023 11:13:12 -0800 (PST)
Received: from smtpclient.apple ([2001:569:7a98:e700:5919:80c9:48a2:3253]) by smtp.gmail.com with ESMTPSA id gc4-20020a17090b310400b00288622137dfsm6771916pjb.5.2023.12.10.11.13.11 for <scim@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 10 Dec 2023 11:13:11 -0800 (PST)
From: Phillip Hunt <phil.hunt@independentid.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4BEB5586-91D5-4809-B101-10B37FC8EE37"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
Message-Id: <F303DFCB-0AB8-4823-948C-6B1C232D4F9C@independentid.com>
Date: Sun, 10 Dec 2023 11:13:00 -0800
To: SCIM WG <scim@ietf.org>
X-Mailer: Apple Mail (2.3774.200.91.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/9WGqC6BZvESpgymIf2owGeTESIc>
Subject: [scim] SCIM Events Pull Request #20 - Unsecured Tokens
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Dec 2023 19:13:18 -0000

I am just bringing to the group an issue that Dean raised in PR #20 (https://github.com/ietf-scim-wg/draft-ietf-scim-events/pull/20) on the SCIM Events Github site.

This change occures in Section 3.1 which provides advice on use of encryption and signing (original below).  Any new proposals from the group that address both Dean and my concerns would be greatly appreciated.  Please reply to this email thread so we can record the decision.

Dean’s request is to change the paragraph under “Unsecured" to:
> Unsecured tokens SHALL NOT be used. 

The justification in the PR was:
> Updated language to prevent the use of unencrypted, unsigned tokens in this profile. The concept of "inside" and "outside" networks is no longer sufficient to consider whether transmitting over a TLS-only protocol is sufficient for securing such information.
> 
> Supporting such tokens is likely to lead to implementations that leak sensitive information and / or man in the middle interception/modification of SETs.


Based on this assumption (that TLS is unsuffient) we would have to also disallow the use of “signed” tokens as JWS does not provide confidentiality. Note that in many cases because SETs may be processed through gateways (e.g. aggregating events from a cluster), using JWE may become challenging as the iss and aud values would not be accessible.  Using JWE effectively forces point-to-point use only which again may cause the receiver to have to forward the unencrypted token on to its own internal endpoints. 

It’s my belief that TLS is sufficient in most cases. MITM is not a threat except if administrative systems are compromised or faulty. To the contrary, RFC8935/8936 talks about exchanging events through fixed endpoints. I believe editorially it would be out of scope for this spec to imagine the number of subsequent poorly security or designed systems that might lead to a mis-configuration.

AFAIK, most OpenID Security Signals Framework implementations currently do not support signed or encrypted SETs (though i2gosignals does). These unencrypted systems are running in production now.

While I do generally agree using unencrypted tokens is a bad practice, saying SHALL NOT will likely be ignored. Editorially my goal is to give guidance that in the absence of SET signatures, what the alternative requirements should be.

I am proposing the following revised text for the “Unsecured Token” section:
> Per Section 6 <xref target="RFC7519"/>, tokens MAY be generated with <tt>{"alg":"none"}</tt>.
> This mode potentially speeds up processing by avoiding what would be redundant cryptographic
> processing. An example would be replication scenarios within a cluster (e.g. Kubernetes).
> Unencrypted tokens MUST be transferred over mutually-authenticated TLS layer encryption and
> SHOULD only be used in restricted network environments.


Cheers,

Phil
phil.hunt@independentid.com

Original text:
> 3.1.  Security Event Token Signing and Encryption
> 
>    This specification uses Security Event Tokens as the message format
>    for SCIM Events.  As SETs are based on JWT tokens [RFC7519], they can
>    be transmitted insecurely, signed, or encrypted.  For more
>    information see the JWT Cookbook specification [RFC7520] for
>    examples.  The decision on whether to use JWS and JWE depends on
>    operational considerations.  For each SCIM Feed relationship, it is
>    up to deployers to decide on signing, encryption and algorithm
>    requirements.  Deployers SHOULD be aware that too much emphasis on
>    turning on every possible encryption feature may cause operational
>    performance to suffer.  Deployers MUST weigh the security trade-offs
>    of up-to-date SCIM services, vs. the potential information loss of an
>    event.
> 
>    Unsecured
>       Per Section 6 [RFC7519], tokens MAY be generated with
>       {"alg":"none"}.  This mode speeds up processing and is best used
>       in DBR scenarios.  Unencrypted tokens MUST be transferred over
>       authenticated TLS layer encryption and SHOULD only be used in a
>       restricted network environment.
> 
>    Signed
>       JWS ([RFC7515]) signed SETs are useful when it is important to be
>       able to verify the issuer of a SET as valid.  In addition, some
> 
> 
> 
> Hunt, et al.               Expires 24 May 2024                 [Page 27]
> 
> Internet-Draft           draft-ietf-scim-events            November 2023
> 
> 
>       systems MAY wish to validate the authenticity of the event in a
>       review process which may occur at a later date.  While the content
>       can be validated as originating from the correct issuer and is
>       unmodified, the message contents remain unsecure.  Signed SETs
>       MUST be transferred over encrypted transport.
> 
>    Encrypted
>       JWE ([RFC7516]) are encrypted SETs and are useful when the
>       transport mechanism is not fully secured (e.g. messages carried by
>       a third party).  The use of JWEs ensures only the designated
>       receiver can read the event and provides mutual authentication
>       within the SET message itself.

v2.23.0 | Report a Bug | By Email