IETF Logo Mail Archive

Re: [secdir] Security review of draft-ietf-oauth-dyn-reg-management-12

Justin Richer <jricher@MIT.EDU> Fri, 03 April 2015 16:57 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBBDE1ACD96; Fri, 3 Apr 2015 09:57:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0wgaArHc38f; Fri, 3 Apr 2015 09:57:35 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E6921ACD93; Fri, 3 Apr 2015 09:57:33 -0700 (PDT)
X-AuditID: 1209190d-f79676d000000da0-ca-551ec67cb6e6
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 9C.35.03488.C76CE155; Fri, 3 Apr 2015 12:57:32 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t33GvViT015669; Fri, 3 Apr 2015 12:57:32 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t33GvTED007163 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 3 Apr 2015 12:57:30 -0400
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_4D063B0C-4C82-498E-8D78-F2A3092CF7B4"; protocol="application/pgp-signature"; micalg="pgp-sha256"
X-Pgp-Agent: GPGMail 2.5b6
From: Justin Richer <jricher@MIT.EDU>
In-Reply-To: <CABrd9STmvLWy_Bz7e+pN_0vANxajtD+fMzVM+trwn6+k50Mifw@mail.gmail.com>
Date: Fri, 03 Apr 2015 12:57:28 -0400
Message-Id: <118C77E9-FAD2-48C1-A6E1-4D20D219449F@mit.edu>
References: <CABrd9STmvLWy_Bz7e+pN_0vANxajtD+fMzVM+trwn6+k50Mifw@mail.gmail.com>
To: Ben Laurie <benl@google.com>
X-Mailer: Apple Mail (2.2070.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrAKsWRmVeSWpSXmKPExsUixG6nrltzTC7UYNlkNYsNn6+xWZzr62K2 mPFnIrPFh4UPWRxYPBZsKvVYsuQnk8eXy5/ZApijuGxSUnMyy1KL9O0SuDKunbnDVrDNsOLn /mUsDYzXNLoYOTkkBEwkdhxawA5hi0lcuLeeDcQWEljMJHHmKWcXIxeQvYFR4nj3bmYI5wGT RNPVv6wgVcICbhIbW5aBdfMKGEjMPfWFCaSIWWAKo8T/NY/YIMZKSTS9PsYIYrMJqErMX3mL CcTmFAiU6L+6C8xmEVCRODRjMhtEcxOjxOzFVxghplpJnH/YzgJxU4DE2UtnwWwRAQWJq/96 gGwOoAXyEj2b0icwCs5CcscsZHeAJJgFtCWWLXzNDGFrSuzvXs4CYctLbH87BypuKbF45g2o uK3Erb4FTBC2ncSjaYtYFzByrGKUTcmt0s1NzMwpTk3WLU5OzMtLLdI10svNLNFLTSndxAiK LE5J3h2M7w4qHWIU4GBU4uF9ECgXKsSaWFZcmXuIUZKDSUmUd8kRoBBfUn5KZUZicUZ8UWlO avEhRhWgXY82rL7AKMWSl5+XqiTCy3wYqI43JbGyKrUoH6ZMmoNFSZx30w++ECGB9MSS1OzU 1ILUIpisDAeHkgTvUZAFgkWp6akVaZk5JQhpJg7OQ4wSHDxAw7+A1PAWFyTmFmemQ+RPMSpK ifO+B0kIgCQySvPgemEJ8RWjONBbwrzMR4GqeIDJFK77FdBgJqDBDvOkQQaXJCKkpBoY/exj d2gzCMQZZDo/+6pSbMi8PjDRX+acdGPMj0//53zMvG5idCLyy6WXZgvilIylvs9MfX1acee0 x8oX3x4z2Zhg6zw9vSuZpbQ/+XjbB+OTZ8J2H5ZlVLpttePV/p5Zuk7P55/cNcmEM9hOWd7X bHJP8ekz1z8FXdljoSu/bFkFs9fKwnXLlViKMxINtZiLihMB9cx/VWMDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/B2bCa-uIzpm5jSI-EwOLeQAS-sI>
X-Mailman-Approved-At: Fri, 03 Apr 2015 11:10:13 -0700
Cc: draft-ietf-oauth-dyn-reg-management.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Security review of draft-ietf-oauth-dyn-reg-management-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 16:57:37 -0000

Ben, thanks for the review. Responses to particular points inline.

> On Apr 1, 2015, at 8:29 AM, Ben Laurie <benl@google.com> wrote:
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> Summary: ready with issues.
> 
> Nit: the Security Consideration section contains normative
> requirements. I don't know if this is strictly wrong, but it is
> unusual. The style I am used to has the normative requirements in the
> main body of the I-D, with Security Considerations confining itself to
> explaining what is going on security-wise.

I’ve seen both styles, and we can easily switch to having no normative text in this section if that is preferable to the AD and others here.

> 
> Issue: "Note that the authorization server decides the frequency of the
>   credential rotation and not the client.  Methods by which the client
>   can request credential rotation are outside the scope of this
>   document."
> 
> Clients are presumably as likely as servers to cause credential
> compromise, hence a mechanism by which a client can request a new
> credential seems wise.
> 

Client rotation of secrets was considered and discussed by the working group, but ultimately dropped from this (experimental) version of the spec and deferred to a future extension or update of this spec. There are a lot of considerations on how to do that properly, and nobody has (to my knowledge) implemented a client-driven secret rotation yet.

> Of course, this could be used by an attacker to lock a client out, so
> more thought required.

That’s only a concern if the attacker also gains the registration access token, which would presumably protect the credential rotation call as well. Since the registration access token is the mechanism by which a client is authorized by at the client configuration endpoint.

> 
> Issue: size limits.
> 
> There don't appear to be any limits (minimum server must accept, max
> client must send) for client data. Not necessarily a security issue,
> but seems likely to cause interop problems.

I don’t see a good way to have a reasonable size recommendation across different platforms and deployments. The server is free to reject any metadata values that it doesn’t like, including those that are too long. The server chooses the client_id and client_secret, so those aren’t an issue on the server side, but a client will need to be able to deal with “a JSON string” value for each of these for widest interoperability. If you have suggested text for size restrictions that would be reasonable across platforms, please send it along.

> 
> Issue: "Configuration Endpoint" (not a security issue)
> 
> It looks like the definition of this is deferred to
> draft-ietf-oauth-dyn-reg, but I couldn't find it there either.

I’m confused by this issue: “Client Configuration Endpoint” is defined as a term in §1.2 and its function and use are defined in §2, which is the majority of the spec’s content. I see no use of “configuration endpoint” apart from the full term of “client configuration endpoint” in the current document version.

> 
> Issue: "The server MUST support TLS 1.2" - it seems unwise to mandate
> a particular version of TLS - work on TLS 1.3 is already under way,
> and TLS 1.2 is not (it seems) that far off deprecation!
> 

The current text is at the request of the AD (Kathleen) and it’s meant to point to the best practice at the time of spec publication. My goal here is just to get people to use TLS and use it properly to protect the endpoints in question, but there’s not a good official way to say “just use TLS and don’t be stupid" in the IETF yet. This, you’ll note, is the topic of the thread resulting from this original email. I’ll defer to the outcome of that thread on this point and change the draft’s text if required.

> Issue: " Since the client configuration endpoint is an OAuth 2.0 protected
>   resource, it SHOULD have some rate limiting on failures to prevent
>   the registration access token from being disclosed though repeated
>   access attempts."
> 
> I am not sure what this is getting at. Limits on key re-use? Some kind
> of BEAST defence? Something else?
> 
> Without some quantification of the threat, it seems hard to act on
> this requirement.

The rate limiting is going to take a number of different forms depending on the platform and deployment characteristics of the authorization server, so we don’t recommend any particular approach. This is also something that’s going to be changing quickly over the years, and instead of prescribing a specific solution we thought it better to describe the problem here and say that it must be mitigated.


Thanks again for your review,
 — Justin

v2.23.0 | Report a Bug | By Email