IETF Logo Mail Archive

Re: [secdir] Security review of draft-ietf-oauth-dyn-reg-management-12

Justin Richer <jricher@mit.edu> Fri, 03 April 2015 19:03 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14B001AD060; Fri, 3 Apr 2015 12:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hrm4Iu5elnP5; Fri, 3 Apr 2015 12:03:03 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38E1F1AD05C; Fri, 3 Apr 2015 12:03:03 -0700 (PDT)
X-AuditID: 1209190e-f79a76d000000d1b-82-551ee3e5df5b
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id C0.9A.03355.5E3EE155; Fri, 3 Apr 2015 15:03:02 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id t33J31tJ029739; Fri, 3 Apr 2015 15:03:01 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t33J2waM020027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 3 Apr 2015 15:02:59 -0400
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_21DD25AF-3046-451C-A5DB-534A12413E6A"; protocol="application/pgp-signature"; micalg="pgp-sha256"
X-Pgp-Agent: GPGMail 2.5b6
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <CABrd9SSp3eqH1KB-rHCVtiQ8_m4O_pF4GAB7Pagv24uMPxW=0A@mail.gmail.com>
Date: Fri, 03 Apr 2015 15:02:58 -0400
Message-Id: <4DE7AD5F-A14A-4255-A78C-0F6DCBECE735@mit.edu>
References: <CABrd9STmvLWy_Bz7e+pN_0vANxajtD+fMzVM+trwn6+k50Mifw@mail.gmail.com> <118C77E9-FAD2-48C1-A6E1-4D20D219449F@mit.edu> <CABrd9SRVeW5ieSyZSZ3ykT2taZAfKnC7nhnRAf=+BSUKnT-L5A@mail.gmail.com> <951E5D91-BC5D-48CC-8B9C-D88804FB5B87@mit.edu> <CABrd9SSp3eqH1KB-rHCVtiQ8_m4O_pF4GAB7Pagv24uMPxW=0A@mail.gmail.com>
To: Ben Laurie <benl@google.com>
X-Mailer: Apple Mail (2.2070.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA01SSUwTYRTOPzMt04apQ9l+ilCseAAConJAIgQuyBES8OAFRjq0xXYgnYKA HAAxRiDgFhAEbGUxoAL2ACQetEVRGqLIFmMMYjGgIGU1cQF0hmG7fe99y3t//oej8lGRAtcx JtrIUHqVWIrJJd5Hw2dnAtMiJ2pAdM/apDj6bXUFGn134yYavWz5gsVjSWZrXlJr628kaX1s TZyMnpeeUdN6XT5tPB6XIdV2bdWJcpv8C4balkQlYNOnAkhwSEZB19f3mIB94MhUt7gCSHE5 2YLAcdcgEIoeAD93je4U0whcbbMhvMWTTIRPy9vdeEyQkbDJsY7wIpS8A+D1uRUg5Cpg2cLg NhaTx2Dd4/Jts4RMgc23JrfNGBkMLaP3xYK5DMB7LeNASI2By7eXUGF0PwK/DzSKecKLDIIT W1Xc5jg3QQmrrJobwKPhwCINBxfhCZQMg+2WBVTAIfB55UNMwErYt9i40z8NW+o/7PRj4cdq MyLgOOisfSAyA7wTBKgNReEGSqdn6cxwNpNiGNoYfirCoDNF0Oo8K9j+Lj9ZP/hpU9kBiQOV OzGdEpgmF1H5bKHBDvxwROVNhHziWrILOepCLcVq0415epq1g2BulrPn0QhQYEwOQ6u8CM0w pyPUVGERbczZlfnjmMqXsP6SpcpJDWWiL9J0Lm3cZQ/juAoSM07O6GGkNXRBlk5v2qcRXGIH EHfnwp/xGoLNpQysTiPwDnBE4Uu84wmSJ7R5zJ539xTngS/3LE9ikVe5c4e6557nghEuOL7Z nw82UfuUogRc6lBeKx4OQofaEvs6CqomG2TFpdTJmhEieW3hVQbl0iXP4puOUrfOit5Ay9U/ WU7tkzdh/8pX5semfiRcybJl9VrnvC+Htvfa5F2ygRjJqHLVlpAtPytN/xZ1KDWmd1p6zlk5 9iJeme2iYl/WmwdtGxNMbYC1+69M4ehIeK3CWC11IhQ1stR/p26inmUDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/VVfiETj9Qlbc-WL2LmFaXZpWwwA>
Cc: draft-ietf-oauth-dyn-reg-management.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Security review of draft-ietf-oauth-dyn-reg-management-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 19:03:05 -0000

On Apr 3, 2015, at 1:26 PM, Ben Laurie <benl@google.com> wrote:
> 
> On 3 April 2015 at 18:22, Justin Richer <jricher@mit.edu> wrote:
>>> 
>>>>> Issue: " Since the client configuration endpoint is an OAuth 2.0 protected
>>>>> resource, it SHOULD have some rate limiting on failures to prevent
>>>>> the registration access token from being disclosed though repeated
>>>>> access attempts."
>>>>> 
>>>>> I am not sure what this is getting at. Limits on key re-use? Some kind
>>>>> of BEAST defence? Something else?
>>>>> 
>>>>> Without some quantification of the threat, it seems hard to act on
>>>>> this requirement.
>>>> 
>>>> The rate limiting is going to take a number of different forms depending on the platform and deployment characteristics of the authorization server, so we don’t recommend any particular approach. This is also something that’s going to be changing quickly over the years, and instead of prescribing a specific solution we thought it better to describe the problem here and say that it must be mitigated.
>>> 
>>> Solution to what? This is precisely my issue - you haven't described
>>> the problem, you've described a solution to some problem I'm finding
>>> hard to guess.
>>> 
>>> In other words: how could the registration access token be disclosed
>>> through repeated access attempts?
>> 
>> An attacker could keep poking at a client configuration endpoint with random self-generated tokens until it finds one that works. There’s no oracle attack or other portion that lets the attacker know they’re getting closer to a good token, just a basic repeated hammering of a protected resource This problem is mitigated by having a sufficiently random token (as recommended in RFC6750 and RFC6819) as well as rate-limiting the connections to the endpoint (also suggested by RFC6819). This is fairly common advice for any endpoint protected by a secret (in this case, an OAuth token). Is there a better way to state this so that it’s more clear to developers what they should look out for?
> 
> How about making it a non-problem by requiring sufficiently strong
> tokens that there is no possibility of brute force?
> 
> Mildly astonished that this attack is even considered feasible.

I’m fine with that resolution, or with just deferring to the appropriate sections of 6750 and 6819 here, if the AD’s are amenable to that change.

 — Justin

v2.23.0 | Report a Bug | By Email