IETF Logo Mail Archive

Re: [secdir] [OAUTH-WG] Secdir last call review of draft-ietf-oauth-jwsreq-30

Takahiko Kawasaki <taka@authlete.com> Sat, 26 September 2020 12:46 UTC

Return-Path: <taka@authlete.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22CCE3A082F for <secdir@ietfa.amsl.com>; Sat, 26 Sep 2020 05:46:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=authlete-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GT2JWtRaKt6Q for <secdir@ietfa.amsl.com>; Sat, 26 Sep 2020 05:46:09 -0700 (PDT)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C7AC3A0844 for <secdir@ietf.org>; Sat, 26 Sep 2020 05:46:09 -0700 (PDT)
Received: by mail-wr1-x435.google.com with SMTP id z1so6857151wrt.3 for <secdir@ietf.org>; Sat, 26 Sep 2020 05:46:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=authlete-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WfkduaNsMGbCxYWrUS6vkQnPxC8dGW9h6dSEihomNcs=; b=NfPC86AUWNdZDItubJhoglZitu2uUdS+RGliwAJARDkSgicBCaIOp7auceFsrhbVTq hs8P4AP/CIC63ZTAIWYTu7JJZxg4+B/nFLA9vTE0zJcpLsYdWkI4JFMyDSyukknzmG8y rKIWnVDh5wwKclc8PL08qfkx3DGAVYCCCjH1d4qiAfR/0TLa7Ijhs0LBAkOh4EYZUkyv IjEdN3bQ7zgWucC4KTiFly6P+b0/BuMn8ALBMN7FyZUwmiUOMrcae7+2mVyuhI6ShPIG 2ffaIhs9oeNm3lEgA08ZDfqkgkmjgN809QumJIvOKjr62qL2IfoMWc8xf9NCUNGSinyK hhow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WfkduaNsMGbCxYWrUS6vkQnPxC8dGW9h6dSEihomNcs=; b=ukGrZGnlZEFduZiaLYba1UCeedy98g2MMratOZ7KuipEBHjj191RUKqULC6sQHsDsk bHfMTAOndOifRp/yi9Z4rH9vMU9qzwIorstlmfS4uaLoXQxEEARHpdCPxfBCE4i15Yua jqUhzCw3rwSjiPQY+G+/61EQzXhcpnaWa0MMviyAvPGjP2J5le0Pe4DVyzEAJ1IFd8q8 e+PvkZolqmMSWc6NMKOVqPxwHCryE57YmRE0fejJFFuxM4Uj1pdkgY9g2WkkQq5msglp LFxTS7lbaQIryL4ws7JqDvxXGA4Md4eLH3ngLk7rcbfjTR4sCIlm2M+ov++UVEI8hYsP fUeg==
X-Gm-Message-State: AOAM533nUO7b5Z3bbePoilLP5ZB95gjh2x9gQLCpJy3U6lSlt/PZuTi9 icyO2+Snj6C4yk8ZgkNaH2Dse45VT4SExDdDh1t8aA==
X-Google-Smtp-Source: ABdhPJxg54/w8MuF4dB9o7+ZKCsSI+VVXcRLsjMUebLZuqeghr/iT8cx1QjmMt2KHzXabZFMnbb1PEQiBRLkTRvt7CA=
X-Received: by 2002:a5d:660f:: with SMTP id n15mr10073860wru.103.1601124367455; Sat, 26 Sep 2020 05:46:07 -0700 (PDT)
MIME-Version: 1.0
References: <160108120392.5893.18114957198518376382@ietfa.amsl.com>
In-Reply-To: <160108120392.5893.18114957198518376382@ietfa.amsl.com>
From: Takahiko Kawasaki <taka@authlete.com>
Date: Sat, 26 Sep 2020 21:45:56 +0900
Message-ID: <CAHdPCmMHaSt+FTiFcEu9cS65NNk-5eo-_=a3OdXXqwNy_UC6YA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: secdir@ietf.org, last-call@ietf.org, oauth <oauth@ietf.org>, draft-ietf-oauth-jwsreq.all@ietf.org
Content-Type: multipart/alternative; boundary="00000000000029f12905b036d10f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/5KxLyfvWu6gf8dteP3HCDiMlPyI>
Subject: Re: [secdir] [OAUTH-WG] Secdir last call review of draft-ietf-oauth-jwsreq-30
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2020 12:46:12 -0000

>And now for the thorny isssues with this draft. Signatures and encryption
are different. And encrypting a signed blob doesn't mean the signer
encrypted it.

Who encrypts data doesn't matter. Especially, when the encryption algorithm
is asymmetric, anyone who has a "public" key, which anyone can get, can
encrypt data. What matters is who can decrypt the encrypted data. It is
only the party who has the corresponding "private" key that can decrypt the
encrypted data.

Best Regards,
Takahiko Kawasaki

On Sat, Sep 26, 2020 at 9:47 AM Watson Ladd via Datatracker <
noreply@ietf.org> wrote:

> Reviewer: Watson Ladd
> Review result: Serious Issues
>
> I generated this review of this document as part of the security
> directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These
> comments were written with the intent of improving security requirements
> and
> considerations in IETF drafts.  Comments not addressed in last call may be
> included in AD reviews during the IESG review.  Document editors and WG
> chairs
> should treat these comments just like any other last call comments.
>
> Two minor issues: On page 4, "This offers an additional degree of privacy
> protection." should be reworded. I don't think it makes sense in context,
> where
> authenticity was discussed.
>
> It took me a while to understand what the by reference method is: maybe the
> intro should say via URL instead of by reference.
>
> And now for the thorny isssues with this draft. Signatures and encryption
> are
> different. And encrypting a signed blob doesn't mean the signer encrypted
> it.
> Then there are a plethora of methods specified in the draft  to
> authenticate
> the blob, which will give different results in maliciously constructed
> examples. The security considerations section should discuss what the
> encrypted
> vs signed choices give in the way of security, and it doesn't. This makes
> me
> worry.
>
> Looking at the cited reference for attacks, I see the fix is to include
> information about which IPD was used by the RP. But the draft before us
> doesn't
> mandate that. It's not clear than how the cited attack is prevented by the
> draft. Saying that the communication through the user-agent is subject to
> manipulation, and this prevents it, ignores that the attacker in that
> position
> sees a lot more. The user-agent as resource owner modifying the requested
> resources is a very funny sort of attack: can't they do what they want
> with the
> resources since they control the access?
>
> Key management is ignored. This is a very important issue, especially
> considering the potential problems with the reuse of JWT. I'd like to see a
> recommendation that keys be separated by intended uses, rather than
> limiting
> particular fields in an ad-hoc manner.
>
> Then we have section 11. What section 11 introduces is an entire new
> dramatis
> personae, the Trust Framework Provider, with no prior discussion of what
> it is
> or a reference to where it is defined and a good number of statements
> about how
> it works that aren't really  clear what they mean from the document to me.
>
> My biggest concern is that these issues are signs that the problem this
> draft
> is trying to solve and the mechanisms to solve it haven't been analyzed as
> thoroughly as they should have been. Without that sort of thorough analysis
> it's not certain that the mechanisms actually solve the problem and it's
> not
> clear what the recommendations to implementors have to be to preserve those
> properties.
>
> Obviously this draft has had a long and tortured history with multiple
> reviews,
>  and what I'm suggesting needs to happen is a lot of work. But it's
> essential
> in any security protocol to do this analysis and be clear about what is,
> and
> what is not, protected by the protocol.
>
> Sincerely,
> Watson Ladd
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email