IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-oauth-spop-11

Ben Laurie <benl@google.com> Fri, 05 June 2015 14:56 UTC

Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A4331B306C for <secdir@ietfa.amsl.com>; Fri, 5 Jun 2015 07:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lycPC6tmHqQf for <secdir@ietfa.amsl.com>; Fri, 5 Jun 2015 07:56:21 -0700 (PDT)
Received: from mail-vn0-x22f.google.com (mail-vn0-x22f.google.com [IPv6:2607:f8b0:400c:c0f::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC85D1B3067 for <secdir@ietf.org>; Fri, 5 Jun 2015 07:56:20 -0700 (PDT)
Received: by vnbg190 with SMTP id g190so5330427vnb.8 for <secdir@ietf.org>; Fri, 05 Jun 2015 07:56:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=MldGqQBUY79CyXPR7q+BMm4ipcrC5uf9HqbR+JUdnfg=; b=Xfo7BHh63BZqM+ZfPYGC/Itr8auO/LwdOrkFq9dCxPptDj/+ZXBTkv5wAS4ouYy5Nc CFJz+gLQ1r2uDHM9xiAMgfHo32YH6KR7ZWgSj3GDEeyAk6RquHiYwtnMWjzVgsAE67qv hJV6Zsqf3oDTj1pFOzBYddcVkCweJVDC9fZfLDyAjqy1NN2JoaYCGOizE3ta1xexdMo9 uD8hCTcS6GiS02tjnzITotHPR77cWVeogsRjnw8SichaiT1XPtQ/u5RPQkSjnlwExhsU gBOSoMZgFYpKvOc3CbDkisNZRzh85N8wCyC9rGtTTAHJ4GgcD8PPdEIBG8xMWQ4kRuSY 8xWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=MldGqQBUY79CyXPR7q+BMm4ipcrC5uf9HqbR+JUdnfg=; b=Hcyob5GQfz3p1efAYxJfvBQRyOZ73SsEm/ebKjIck1gugsPxki7p4cFd6gewn+N+PA Os+xloV66syRYbpB9leJ19cUTZp9FH4eIQPPSTKjBpcNzRq3fusSwFIc45+RuMRZnLLK AkZ4fUxe5Dn2aEpFrA8VK/l59mAg1095eD0KSwZbDF9Tu/NKwhlakc77Zv4PIthuAp5k I0mRXGg7ZU2pebK+Dd9+s+doJRLgZK7tChtQ2gC4kMer/1/NhbdWydGywNkue5Jk6TEF zudb5WRxNCdfVkMmRaxIPOVVrxjHGrT56tP/iBs0M0OYrWeF7xSP0wwNFxFj1acIEYeN C15A==
X-Gm-Message-State: ALoCoQmGL6uWURwPF5Ckh9t612rLjiCzWEdGkdZ9LozP82JWc+dQUKnQS4KGTUqXUA8b6G5YM9hv
MIME-Version: 1.0
X-Received: by 10.52.139.168 with SMTP id qz8mr6815964vdb.82.1433516179822; Fri, 05 Jun 2015 07:56:19 -0700 (PDT)
Received: by 10.52.76.6 with HTTP; Fri, 5 Jun 2015 07:56:19 -0700 (PDT)
In-Reply-To: <A52DB2EA-4969-408A-81C8-36DB2988E938@ve7jtb.com>
References: <CABrd9SQ68C1j3sax73mEmkZCgxgQZtB6=L8m6aDR-fj9yF1kyw@mail.gmail.com> <A52DB2EA-4969-408A-81C8-36DB2988E938@ve7jtb.com>
Date: Fri, 05 Jun 2015 15:56:19 +0100
Message-ID: <CABrd9STRbh4OFtSKcrgjpUJWBFkkstYqqqmiFCNbtkKqCxJ3tA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/6zwbqgKV0y4wY1eP83C-r9JwNoA>
Cc: draft-ietf-oauth-spop.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-oauth-spop-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2015 14:56:22 -0000

On 5 June 2015 at 14:54, John Bradley <ve7jtb@ve7jtb.com> wrote:
> Thanks for the review Ben.
>
> The security issue is well known to Apple and the subject of debate for some time.
>
> OAuth states native applications SHOULD use the system browser to train users not to expose credentials to applications.
>
> Apples approach to this point has been to recommend application developers use web views to get around the feature/security issue of insecure inter application communications.
>
> This is documenting the work around that Google , Ping, T-Mobile and others have in production to work around the issue of multiple applications being allowed to register the same custom scheme and not prompting the user about what app to return to.
>
> Prompting the user as on Android is only a partial solution as users are not perfect.  So doing a proof for code is not a bad thing, and may prevent new attacks on public clients.
>
> The OIDF NAPPS working group is working with MDM vendors, Google, Microsoft (for there apps on other platforms), to develop a better identity API approach for native apps.
> We are hoping that can provide a better long term solution for platforms.
>
> I will also note that custom per IdP API solutions have not always worked.  Facebook has recently abandoned the custom solution apple provided them with in iOS as apple was not able to keep up with changes on the Facebook side.
>
> From a protocol point of view this was the best we could come up with to deal with the issue now.
>
> Inline.
>> On Jun 5, 2015, at 9:44 AM, Ben Laurie <benl@google.com> wrote:
>>
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the
>> IESG.  These comments were written primarily for the benefit of the
>> security area directors.  Document editors and WG chairs should treat
>> these comments just like any other last call comments.
>>
>> Status: ready with issues.
>>
>> It is disappointing that such a protocol must be introduced to work
>> around security deficiencies in application platforms - have these
>> security issues been reported to vendors?
>>
>> Anyway, issues:
>>
>> 1. Security consideration says: "Concatenating a publicly known value
>> to a code_challenge
>>   (with 256 bits of entropy) and then hashing it with SHA256 would
>>   actually reduce the entropy in the resulting code_verifier making it
>>   easier for an attacker to brute force." This makes no sense. A
>> brute force attack would still require iteration of 2^256 inputs. How
>> is that easier?
>>
> I can try an make it clearer that the 256 bits being referred to is the total size of salt + secret.
>
> The point we were trying to make is that if the salt is included in the 256 bit input then the attack space is reduced by the size of the nonce.
> If you make the hash bigger then you are still better off making all the entropy secret.
>
> An example would be having a 128 bit salt that is known and a 128 bit secret.  A brute force attack would require 2^128 inputs rather than 2^256 inputs if it were all secret.
>
> This came from a request to explain why we don’t have a salt to protect against rainbow table lookup, like passwords.

Ah, I see. Though you then have to explain why you are constraining to
256 bits...

>> 2. The introduction says "No client secret is used (since public
>> clients cannot keep their secrets confidential.)". However, a client
>> secret is used. I suspect I know what is intended, but this should be
>> clarified.
>>
>
> How about?
>
> 3) The attacker has access to the client id and client secret (if provisioned).  All native app client-
>       instances use the same client id, and client secret.  Secrets provisioned in client binaries cannot be considered confidential.

I think the issue is that "client secret" has meaning independent of
OAuth, but you are using it in the sense that the OAuth standards use
it - perhaps "OAuth client secret" would make this clearer?

>
> John B.
>
>
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>

v2.23.0 | Report a Bug | By Email