IETF Logo Mail Archive

Re: [secdir] review of draft-ietf-kitten-sasl-openid-06

Simon Josefsson <simon@josefsson.org> Tue, 01 November 2011 14:20 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AFDE21F9089 for <secdir@ietfa.amsl.com>; Tue, 1 Nov 2011 07:20:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bahAptsxXo7G for <secdir@ietfa.amsl.com>; Tue, 1 Nov 2011 07:20:53 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [213.115.69.139]) by ietfa.amsl.com (Postfix) with ESMTP id 6D82821F908E for <secdir@ietf.org>; Tue, 1 Nov 2011 07:20:51 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id pA1EJjGD022428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 1 Nov 2011 15:19:47 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Stephen Kent <kent@bbn.com>
References: <p06240801cad599b16640@[128.89.89.129]>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:111101:kent@bbn.com::Z20sJ1xeGKDFFwlB:4cgG
X-Hashcash: 1:22:111101:shawn.emery@oracle.com::/VNv+hqICRYMr8ni:3y68
X-Hashcash: 1:22:111101:hmauldin@cisco.com::lxg92h5rIVKvil1K:AmbB
X-Hashcash: 1:22:111101:secdir@ietf.org::cyG16F1OjZVm7ey8:FFat
X-Hashcash: 1:22:111101:hannes.tschofenig@gmx.net::dHzTW7Jad4cpgeTs:7a0Y
X-Hashcash: 1:22:111101:lear@cisco.com::ouPH3yqvhGRN1woW:Dgig
X-Hashcash: 1:22:111101:tlyu@mit.edu::+TD/cIK5s6y99M+1:EppD
X-Hashcash: 1:22:111101:alexey.melnikov@isode.com::Kimc2I02XID+p/XV:B0bN
X-Hashcash: 1:22:111101:stephen.farrell@cs.tcd.ie::66FKT9auMKTwE7km:VTAl
Date: Tue, 01 Nov 2011 15:19:45 +0100
In-Reply-To: <p06240801cad599b16640@[128.89.89.129]> (Stephen Kent's message of "Tue\, 1 Nov 2011 08\:46\:08 -0400")
Message-ID: <871utr53i6.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.2 at yxa-v
X-Virus-Status: Clean
Cc: lear@cisco.com, secdir@ietf.org, hmauldin@cisco.com
Subject: Re: [secdir] review of draft-ietf-kitten-sasl-openid-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2011 14:20:53 -0000

Stephen,

Thanks for your review.  I'm addressing some issues, leaving the rest
for Eliot and others.

Stephen Kent <kent@bbn.com> writes:

> In examining the processing steps described in Section 2, I was
> confused by step 4, on page 6. The text says:
>
> 4.   The Relying Party and the OP optionally establish an association
> -- a shared secret established using Diffie-Hellman Key Exchange. The
> OP uses an association to sign subsequent messages and the Relying
> Party to verify those messages; this removes the need for subsequent
> direct requests to verify the signature after each authentication
> request/response.
>
> A Diffie-Hellman exchange yields a shared secret value that typically
> is used to encrypt traffic, using a symmetric algorithm. But, the text
> says that the association created using Diffie-Hellman is used to
> "sign subsequent messages." I don't see how this occurs.  Perhaps the
> authors meant to say that traffic sent via this connection will be
> integrity protected (not signed), but there is no mention here of the
> integrity mechanism that would be employed with the shared secret from
> the Diffie-Hellman exchange. Also, this step is cited as optional. If
> the option is not elected, what are the security implications for the
> remaining steps (5-11) of the protocol? This text needs to be modified
> to address these problems and questions.

Isn't all that specified by the OpenID protocol?

> In 3.1, the document says "The GS2 header carries the optional
> authorization identity." It is not clear if this implies that the
> header MUST carry the auth identity, even though it is optional in the
> more general case, or if carriage of this identity is a
> MAY. Subsequent text does not clarify this ambiguity, e.g., "The
> "gs2-authzid" carries the optional authorization identity."

The situation is a bit more complicated than a simple MUST/MAY, but I
believe everything is clear from the base SASL specification:

https://tools.ietf.org/html/rfc4422#section-3.4.1

Authorization identities are always optional, but mechanisms are
required to be able to transfer them if they are used by the
application.

If you review the base SASL specification about authorization identity,
do you still believe this document needs to say more than it does here?

> In Section 5, the term "OpenID Consumer" is used for the first
> time. It is not defined anywhere in the document. Is "OpenID Consumer"
> the relying party?

Yes.  "Consumer" is OpenID 1.x terminology, this should be fixed.

/Simon

v2.23.0 | Report a Bug | By Email