IETF Logo Mail Archive

Re: [stir] New Version Notification for draft-ietf-stir-enhance-rfc8226-01.txt

Chris Wendt <chris-ietf@chriswendt.net> Mon, 29 March 2021 19:21 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E04F3A15EF for <stir@ietfa.amsl.com>; Mon, 29 Mar 2021 12:21:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ypio_v0pqHw for <stir@ietfa.amsl.com>; Mon, 29 Mar 2021 12:21:09 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D66D73A0BF0 for <stir@ietf.org>; Mon, 29 Mar 2021 12:21:08 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id g15so13544974qkl.4 for <stir@ietf.org>; Mon, 29 Mar 2021 12:21:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8mkiB83OYCGjZWCrsHDuZTnOX7LZ1D/zIFd/CnW33qI=; b=wAkOa5ylUJZgfYXdWqhtLcAlhuYnJy/+9izHVQuGiIB4ssT4T8k1W/gMsgpGwfbM5Q DMIeTDl+GMbwTb4munBKzzqipSlUpIrXGVuh131OCbIy5IrvbQUpud0DMiFwJqKfnCvx jcCmzICbwnQ/fvomqP1eG9n4cQDL583ydi4y+YPiS7u6Hg0uWMt2o60RN0CvD5WADdyg AOQ6DoQrPy/ucJTfh5kytCB/TT8sKjkXMPyclr9my2zHXmnezZIOufaQPwNyxvJKp1qA E9u/HB4/pVUbfIyWsNuzRmVNMl+LUzEv3YMwNaIJbRyJ1OsPsXDm1F7ccm48dnOs+3so TQww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8mkiB83OYCGjZWCrsHDuZTnOX7LZ1D/zIFd/CnW33qI=; b=SVd/4FX8rkyzmc/GU0Mx90HInbeLSE1k0/PeW+j2/cZcWKQ86YwXNTy8stlPM9SGCC I88MhlMaA6fvCucpjH+aytCyx7lUp+2Jnt/LhWis5wM9N5QlTCnU+QmfSEBSbgsZEkuw rBXhKcQFvnXmioz6gv+p8NoUG7T0Dwcv9bvPSuQ2DQr15uJ+nKUF/6xowPc9oYMen+6D x3zECBhbqlvnd4a0GCkWHcDgXlxeB+5+Epa6F7sluwfAlq2Qc9itip7Ucn7WoZYlFn3f mjjTgSoCO2hB9aGvrzcIbBFxYxip6oc8HXd5wO/qspfrMRy6jlntI13DXWSLFezawTYh YSbw==
X-Gm-Message-State: AOAM532i5ZfjCh5jJuvVezdp0oExVZu7/IBV2rjRDQzp8naqj2rCUnqu tg5QSVVU5NID2eaH87ysJkYRDg==
X-Google-Smtp-Source: ABdhPJxHXIkpKgJM7bHpILaNpLRxTJnFmE+l+RWJdVK1DbnPuTU8B95xz/H/wp8dsbcgPd1sfM/blw==
X-Received: by 2002:a37:dcb:: with SMTP id 194mr27782471qkn.4.1617045666212; Mon, 29 Mar 2021 12:21:06 -0700 (PDT)
Received: from ?IPv6:2607:fb90:62bb:36e0:e933:34be:1094:ce34? ([2607:fb90:62bb:36e0:e933:34be:1094:ce34]) by smtp.gmail.com with ESMTPSA id 131sm14899282qkl.74.2021.03.29.12.21.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Mar 2021 12:21:05 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <2B6B882E-89AC-4D5E-B0FA-B0EF3FFB09BF@nostrum.com>
Date: Mon, 29 Mar 2021 15:21:04 -0400
Cc: Richard Shockey <richard@shockey.us>, Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1AAA1628-A2CF-47BC-8E4D-745ED980A7EA@chriswendt.net>
References: <161659636453.2114.15175107388994818901@ietfa.amsl.com> <F4F9D652-8A6B-4AD7-B9D9-FA7AEAC08866@vigilsec.com> <130D436A-BABE-4ECC-8940-DBBC9D961F7C@nostrum.com> <FFA105EB-B1AF-43B1-8002-BFE1B8C69C92@vigilsec.com> <86E5E595-328B-430E-BB11-58475AFF852C@nostrum.com> <3A1072FB-4750-4935-AD27-F700B00D474F@vigilsec.com> <529010F6-6319-4B64-91D2-473DC0F1BF2F@shockey.us> <DF9C13EE-8979-47C7-8ECF-113B9FF8B9C8@chriswendt.net> <90AF19BD-3F68-4369-A63E-24761C388317@chriswendt.net> <2B6B882E-89AC-4D5E-B0FA-B0EF3FFB09BF@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/M1LrVkgrVQbbhFqxIbomHCUrCVc>
Subject: Re: [stir] New Version Notification for draft-ietf-stir-enhance-rfc8226-01.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Mar 2021 19:21:14 -0000

Hi Ben,

I think excluding claims use-case is the primary case where you simply don’t want people adding, for example, rph to an rcd passport because they could and it would look legit without the exclusion capability.  I think we added excludeValue because we thought it made sense to have it, however, i maybe don’t see as much of a use-case for that at present, however doesn’t mean that a use-case doesn’t exist.  Perhaps what you are asking Ben, is excludeValue may not be worth including and may be a security risk.  I would need to noodle on that a bit more, but it might be worth considering before we finalize the enhance-8226 document.

-Chris


> On Mar 29, 2021, at 1:12 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> My original point was that (maybe) the value should be canonicalized in the JWTContraints, and that the claim values should be canonicalized when comparing against the constraints. And I meant that more as a question than an assertion :-)
> 
> But on reflection, the issue may be that I don’t really understand how we plan to use excludedValues. (Apologies if this has already been discussed and I either missed it or just forgot)
> 
> For the case of includedValues, one assumes that whoever builds the PASSporT is aware of the JWTConstraints in their certificate, and will put rcd/rcdi values that match. Maybe some guidance on not screwing that up would be helpful, but implementors will (eventually) figure it out. It is in their interests to get it right, else their calls will fail verification.
> 
> But in the case of excludedValues,  IIUC we are saying “you can’t put in an rcd claim that looks _exactly_ like this.”  What behavior are we trying to prevent? Is it in some senders' interests to circumvent the protection? It seems trivial to construct an RCD claim that is not identical to the prohibited value but close enough to confuse a recipient. Canonicalization might help prevent errors but probably won’t prevent intentional attempts to bypass the protection.

> Thanks!
> 
> Ben.
> 
>> On Mar 29, 2021, at 11:55 AM, Chris Wendt <chris-ietf@chriswendt.net> wrote:
>> 
>> Maybe i’m seeing the point actually, are you saying we should be explicit that the permitted or excludedValues are canonicalized (i.e. white space removal) before being encoded into cert.  This was my assumption, but would need to look if we have anything to say that explicitly.  My assumption was that the values when compared between the signed PASSporT and the certificate permited/excludedValues would not require any canonicalization procedures.
>> 
>> -Chris
>> 
>>> On Mar 29, 2021, at 12:47 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote:
>>> 
>>> Relative to order what Jon and I did for integrity was to include the base /rcd as part of the required part of the “rcdi” integrity, so because the digest is based on the JSON in a particular order, also required to make sure the JSON pointer points to the correct URI, that takes care of the array order of the jCard in particular.
>>> 
>>> But I think to Ben’s original point, I’m confused how you could "sneak anything by" with white space, or unicode swaps.  excludedValues is at the claim level, so it seems to me to be either correct or not correct in terms of the entire “rcd” or “rcdi” claims.  It’s not that you are going in and interpreting values or anything.  But maybe i missed the point.
>>> 
>>> -Chris
>>> 
>>>> On Mar 29, 2021, at 12:31 PM, Richard Shockey <richard@shockey.us> wrote:
>>>> 
>>>> 
>>>> But maybe it should.  One of the biggest interoperablity concerns with STIR/SHAKEN in general is the lack of, or improper canonicalization.
>>>> 
>>>> 
>>>> On 3/29/21, 11:46 AM, "stir on behalf of Russ Housley" <stir-bounces@ietf.org on behalf of housley@vigilsec.com> wrote:
>>>> 
>>>> Ben:
>>>> 
>>>> The JWT specification (RFC 7519) does not require canonicalization.
>>>> 
>>>> JSON allows these types:
>>>>  -   a string
>>>>  -   a number
>>>>  -   a JSON object
>>>>  -   an array
>>>>  -   a boolean
>>>>  -   null
>>>> 
>>>> Only the array and JSON object can be a concern.
>>>> 
>>>> For an array, the ordering could be important, so the only thing we can do is remove all of the whitespace between array elements.
>>>> 
>>>> For a JSON Object, again we can remove whitespace outside of quotes, but we could require a sort order the elements of the object.
>>>> 
>>>> Looking at the example in passport-rcd:
>>>> 
>>>>    {
>>>>      "orig": { "tn": "12025551000"},
>>>>      "dest": { "tn": ["12155551001"]},
>>>>      "iat": 1443208345,
>>>>      "rcd": {
>>>>        "nam": "Q Branch Spy Gadgets",
>>>>        "jcd": ["vcard",
>>>>        [ ["version",{},"text","4.0"],
>>>>          ["fn",{},"text","Q Branch"],
>>>>          ["org",{},"text","MI6;Q Branch Spy Gadgets"],
>>>>          ["photo",{},"uri","https://example.com/photos/q-256x256.png"],
>>>>          ["logo",{},"uri","https://example.com/logos/mi6-256x256.jpg"],
>>>>          ["logo",{},"uri","https://example.com/logos/mi6-64x64.jpg"]
>>>>        ] ]
>>>>      },
>>>>      "crn": "Rendezvous for Little Nellie",
>>>>      "rcdi": {
>>>>        "/nam": "sha256-918VNJD12938SNCJ",
>>>>        "/jcd": "sha256-VNJDSNCJ12938918",
>>>>        "/jcd/1/3/3": "sha256-12938918VNJDSNCJ",
>>>>        "/jcd/1/4/3": "sha256-VNJDSNCJ12938918",
>>>>        "/jcd/1/5/3": "sha256-4049852730SFLGHL"
>>>>      }
>>>>    }
>>>> 
>>>> Would a sort order be helpful?
>>>> 
>>>> Russ
>>>> 
>>>>> On Mar 28, 2021, at 2:11 PM, Ben Campbell <ben@nostrum.com> wrote:
>>>>> 
>>>>> Another thought just occurred to me, related to the previous conversation about non-string JSON types, although it probably matters for strings as well.
>>>>> 
>>>>> Does the addition of “excludedValues” suggest a need for canonicalization of the values? If not, it seems like a bad actor could sneak things past the verifier by varying white space usage, element order, etc.
>>>>> 
>>>>> This might also be useful for “permittedValues”, but in that case it might be more to help prevent errors.
>>>>> 
>>>>> As I think about this, I wonder if we should have a security consideration pointing out that the excludeValues mechanism cannot defend against more sophisticated bad actions such as confusable unicode strings. Unless we want to suggest that the issuer include every conceivable variation of the prohibited values, which seems a bit extreme.
>>>>> 
>>>>> Thanks!
>>>>> 
>>>>> Ben.
>>>>> 
>>>>>> On Mar 24, 2021, at 11:04 AM, Russ Housley <housley@vigilsec.com> wrote:
>>>>>> 
>>>>>> Ben:
>>>>>> 
>>>>>> I agree that something about the constraints belongs in the RCD document, but I do not think a heads up in this document is bad.
>>>>>> 
>>>>>> Russ
>>>>>> 
>>>>>> 
>>>>>>> On Mar 24, 2021, at 11:57 AM, Ben Campbell <ben@nostrum.com> wrote:
>>>>>>> 
>>>>>>> This version addresses all of my comments.
>>>>>>> 
>>>>>>> I wonder if the new security consideration for rcdi might be better placed in the RCD spec? (No strong feelings—I’m okay leaving it here.)
>>>>>>> 
>>>>>>> Thanks!
>>>>>>> 
>>>>>>> Ben.
>>>>>>> 
>>>>>>>> On Mar 24, 2021, at 9:37 AM, Russ Housley <housley@vigilsec.com> wrote:
>>>>>>>> 
>>>>>>>> This revision addresses the WG Last Call comments from Ben Campbell.  It also adds a security consideration regarding the "rcdi" claim defined in draft-ietf-stir-passport-rcd.  In addition, I thought of an additional security consideration regarding certificate renewal.  Finally, the reference to RFC 5912 is now normative.
>>>>>>>> 
>>>>>>>> Russ
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> A new version of I-D, draft-ietf-stir-enhance-rfc8226-01.txt
>>>>>>>>> has been successfully submitted by Russ Housley and posted to the
>>>>>>>>> IETF repository.
>>>>>>>>> 
>>>>>>>>> Name:		draft-ietf-stir-enhance-rfc8226
>>>>>>>>> Revision:	01
>>>>>>>>> Title:		Enhanced JWT Claim Constraints for STIR Certificates
>>>>>>>>> Document date:	2021-03-23
>>>>>>>>> Group:		stir
>>>>>>>>> Pages:		11
>>>>>>>>> URL:            https://www.ietf.org/archive/id/draft-ietf-stir-enhance-rfc8226-01.txt
>>>>>>>>> Status:         https://datatracker.ietf.org/doc/draft-ietf-stir-enhance-rfc8226/
>>>>>>>>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-stir-enhance-rfc8226
>>>>>>>>> Htmlized:       https://tools.ietf.org/html/draft-ietf-stir-enhance-rfc8226-01
>>>>>>>>> Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-stir-enhance-rfc8226-01
>>>>>>>>> 
>>>>>>>>> Abstract:
>>>>>>>>> RFC 8226 provides a certificate extension to constrain the JWT claims
>>>>>>>>> that can be included in the PASSporT as defined in RFC 8225.  If the
>>>>>>>>> signer includes a JWT claim outside the constraint boundaries, then
>>>>>>>>> the recipient will reject the entire PASSporT.  This document defines
>>>>>>>>> additional ways that the JWT claims can be constrained.
>>>>>>>>> 
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> stir mailing list
>>>>>>>> stir@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/stir
>>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> stir mailing list
>>>>>> stir@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/stir
>>>>> 
>>>>> _______________________________________________
>>>>> stir mailing list
>>>>> stir@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/stir
>>>> 
>>>> _______________________________________________
>>>> stir mailing list
>>>> stir@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/stir
>>>> 
>>>> 
>>>> _______________________________________________
>>>> stir mailing list
>>>> stir@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/stir
>>> 
>> 
>

v2.23.0 | Report a Bug | By Email