Re: [GNAP] RS validation of access tokens
Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 23 August 2023 11:28 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4344EC1519A7 for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 04:28:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FV4c5UiQoaWK for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 04:28:53 -0700 (PDT)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CCA0C14CE2F for <txauth@ietf.org>; Wed, 23 Aug 2023 04:28:53 -0700 (PDT)
Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-3feff2362fbso9102835e9.3 for <txauth@ietf.org>; Wed, 23 Aug 2023 04:28:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692790131; x=1693394931; h=mime-version:in-reply-to:references:thread-topic:message-id:to:from :subject:date:user-agent:from:to:cc:subject:date:message-id:reply-to; bh=ac/MpnC9Bv5NwUhvdCejB5412YRQUbX1vRgRppfaWKI=; b=B8PRKO9bsnalUN0UA2ypWeQ1hpSg3qhQ6TWUDhRCPf0BYpbR+MOr33pPz9k2Fc9yzy cCoEaJaOuqzHmpo1kQ9zypN6+F7G3VMX/PEot/dFj0xJEi815QIonzl+BEqgyL6ypIYK 9k6+20+qzIpikcqtMMZN6IWRencMHPrIpq3L891U7cIybtsM0OYDWQ3Lm8kmkG+pEua7 g1t7LIqwQJ0uFF8THrnRTDPiYxzBYL+ImapBZ9A16E24WWGCoxAe5B2lXxkRZvyxuAvz 2TpuK+Ryly0lqgPOGFrkQSaaMaapVZLS4CPCzd6+WN65ssL7StRKfkvvDFxEYAtfzJL7 S+Qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692790131; x=1693394931; h=mime-version:in-reply-to:references:thread-topic:message-id:to:from :subject:date:user-agent:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ac/MpnC9Bv5NwUhvdCejB5412YRQUbX1vRgRppfaWKI=; b=EujJCZ0E8J9TSSZT/BgQGpGlPFLjzLcCXamaGvcC2zAUo0Arxvaz2gUsg6alHHELWa C4kvvyCm+7eyp46oMq2VsmROsDVZRbwJUTyN+Sa8h+omr79sGW1K0hlHMXvOElu9sNtB 5HJvDev40xnEYWg/K5pygr2x6ZCiOMCqXTDx0nPxQvPHW72sA45khjjDZeOE5j8QYzl2 /Biv7HpRjpIvOoJTFf8O8VSJZoLxin9Eo8f4DgnnDu9NZa7Q2P34VEtBnZVezmnRdKdM 8sP9C6XhxToQdwPG6hhBprzTwHR7h5P3CXxAZC4ZQBoACHfD8XLWsw1DpaHyg8GAzavU lzUg==
X-Gm-Message-State: AOJu0Yyez84XTO5+1mW+MUP8XT9wPHMM7Wj3pxgF84utmD9qy+vCMcJ4 VtqtK7yKancqZhF8/XMpRgMq60BGO6DNdg==
X-Google-Smtp-Source: AGHT+IEy5qaamtUy8s0F6vHONZbUBJE0XjijcGlqb8ZDZdhcA2YT9y6QiB0izFnBy9POGLKq6GK2Pg==
X-Received: by 2002:a05:600c:2307:b0:3fb:e189:3532 with SMTP id 7-20020a05600c230700b003fbe1893532mr9433078wmo.20.1692790131358; Wed, 23 Aug 2023 04:28:51 -0700 (PDT)
Received: from [172.28.128.202] (pub-corp-42-8.intuit.com. [91.102.42.8]) by smtp.gmail.com with ESMTPSA id q1-20020a1cf301000000b003feea62440bsm11892127wmq.43.2023.08.23.04.28.50 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Aug 2023 04:28:50 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.76.23081101
Date: Wed, 23 Aug 2023 14:28:49 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Justin Richer <jricher@mit.edu>, GNAP Mailing List <txauth@ietf.org>
Message-ID: <D7234AF5-B9A9-4562-96A1-990CE953B609@gmail.com>
Thread-Topic: [GNAP] RS validation of access tokens
References: <42276B6A-3792-44FD-97A5-A75F6280831A@mit.edu> <5BFDBC7F-C24D-474D-A699-BEA7DE333831@mit.edu>
In-Reply-To: <5BFDBC7F-C24D-474D-A699-BEA7DE333831@mit.edu>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3775645730_1839861816"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/26DYwfqB-xE_bkGqS3i9aMjaBoQ>
Subject: Re: [GNAP] RS validation of access tokens
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 11:28:57 -0000
Hi Justin, Thank you for clarifying this attack with the researchers. Regarding your first bullet, I went back to the core protocol and I’m wondering why we allow a key to be included in the Grant Response. The document does not shed any light on use cases for this feature. If this is only useful for symmetric keys (is it?), we could restrict it explicitly to this particular case in order to reduce the attack surface. It is not too late to tweak the protocol if this would improve its security. Thanks, Yaron From: TXAuth <txauth-bounces@ietf.org> on behalf of Justin Richer <jricher@mit.edu> Date: Tuesday, 22 August 2023 at 17:49 To: GNAP Mailing List <txauth@ietf.org> Subject: Re: [GNAP] RS validation of access tokens This issue was discussed today at the OAuth Security Workshop, I was in attendance along with three of the researchers who had proposed the issue into GitHub. Fundamentally, we came to the understanding that the security property being modeled under attack was not fundamental to GNAP, but it does warrant a reasonable set of warnings for implementors to avoid accidentally stumbling into it. The proposed outcome is to write or clarify three main points: - Call out more clearly that a token with an AS-provided key has some of the same attack surfaces as a bearer token. While such a token could not be used directly by the RS, it can be captured and replayed to an unwitting client application by an attacker, with the key intact. Warnings against using and accepting AS-provided keys will be written up. Currently the feature will remain in the core specification with these warnings in the RS draft, though this may warrant a specific cross reference added to core. - As proposed in the issue below by Yaron, a new section will be written in the RS draft describing the importance of AS choice for token validation and acceptance. - A new security consideration section in the RS draft that discusses the token substitution attack, the circumstances under which it can occur, and the tradeoffs for those circumstances. If you have input into any of these items, please suggest text that might help. Thank you, — Justin On Jul 29, 2023, at 5:54 AM, Justin Richer <jricher@mit.edu> wrote: As discussed in the meeting today, the following issue raises a question on the security properties of the RS processing tokens during a specific kind of attack: https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/56 While the editors believe that this can be addressed sufficiently with a security consideration, the conversation in the room indicated that there is further discussion that needs to be had first. The editors and chairs are planning to reach out to the research team that filed the issue for clarification. With the OAuth Security Workshop coming up, this might prove a good opportunity to discuss the issue with the security and research community. The editors will bring the results of those discussions back to the list. If you have something to add to the attack and model as described, please add to the discussion on the GitHub issue. — Justin -- TXAuth mailing list TXAuth@ietf.org https://www.ietf.org/mailman/listinfo/txauth -- TXAuth mailing list TXAuth@ietf.org https://www.ietf.org/mailman/listinfo/txauth
- [GNAP] RS validation of access tokens Justin Richer
- Re: [GNAP] RS validation of access tokens Justin Richer
- Re: [GNAP] RS validation of access tokens Yaron Sheffer
- Re: [GNAP] RS validation of access tokens Justin Richer
- Re: [GNAP] RS validation of access tokens Adrian Gropper
- Re: [GNAP] RS validation of access tokens Justin Richer