Re: [GNAP] Key Rotation
Fabien Imbault <fabien.imbault@gmail.com> Wed, 21 July 2021 15:09 UTC
Return-Path: <fabien.imbault@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12B803A1B38 for <txauth@ietfa.amsl.com>; Wed, 21 Jul 2021 08:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUzoscLmh-3Z for <txauth@ietfa.amsl.com>; Wed, 21 Jul 2021 08:08:58 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D17D3A1B37 for <txauth@ietf.org>; Wed, 21 Jul 2021 08:08:58 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id r18so2721571iot.4 for <txauth@ietf.org>; Wed, 21 Jul 2021 08:08:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1QYlo13S+ux4+khJINld8EIQ8mw0Vioq7dav5Jh0Km4=; b=H9NMJmIe77ksp73A2SqH/HkMosR/+Q60nRYgPFAoIo9Vm4MhhX+lANf7QIYFxM0/6q EpNG+zIE4414dRHAN2NJbOgfDk3CAvnZ9o3uIhmC0cT1oGetuwLajaKCcbQ0tyzAc+Y5 In1Y5W/KpIj0kYb1Ei5LafX1hTYpMBknrHw2S6Zeq68x7RvvFmUFidOfb2HFwkXJbR0U 6Ou9t0RLO42WYJYgry+HLft1jAEspr045m+Vloe3/jkpDQJsYyxDl9IsNYgRj34JLeXA nJMjzaoaEXbiFRFPtqU1iYb5GX2qKaV7TwaLtI651xWar6N3l9qhhGMdpPfbH2hpWZd/ TCqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1QYlo13S+ux4+khJINld8EIQ8mw0Vioq7dav5Jh0Km4=; b=M7PlbNnNbbRltKeWsgR1wkNBpEOXVn3z0jpX3uwFr/aomVVwjbCWEjnBvLPpL8KMmN rrL3fvPoPR5mMYzIxFYaW7Y/cDQRAfXZ+8bzewVgaWrfH8P9B5yNCOOYZDuveTeu4h0P yS8wiignTADCG30X2p409MjoxIMjGOlSQo2Lbt9luU1/DxJpYwPMRxS2AgkiyPFHhjHG rBSUJjN0Be4I+vrd6nSfPlgBSzT9GuyOqE6EbCzwFS/8/KTCfBL7a+L4HWbQ3uI3c/x4 h9P9V/rSMRp5AoglXPXpmYKSe4rwJkqT7RK+6mduSRCKsudrPlE+4yu6Gb/e08oV2zdy mRmA==
X-Gm-Message-State: AOAM533PQI55C0Xly9nXEX6zbSaBLuu3JgOfR/21BqKgvjaP2IDwa5aE ptghabbQkCJpr8I7WWx8GPAL9H7S1QcL3tE4RSM=
X-Google-Smtp-Source: ABdhPJw+H0HMvOG2GY/I7OGGi5cYDg/depA/PkV0zX/qCOrHLMdVyFeczdZWvqrttoCEkszM3WgDZLNCsJAVUFOIOCc=
X-Received: by 2002:a02:a38f:: with SMTP id y15mr32013439jak.108.1626880135558; Wed, 21 Jul 2021 08:08:55 -0700 (PDT)
MIME-Version: 1.0
References: <B72A80C0-0579-43F8-9B83-0932C98EB314@mit.edu> <CAGBSGjpzW01d9ym+r6oeSZUd9YjZsg_vmyME+ffJNd8rPaZANw@mail.gmail.com> <CAM8feuTUDpEUkKkN9DQC6doqeqKKOpaS1KS3+PUF99R1MzGUZw@mail.gmail.com> <32D204BA-990A-4E91-B0D2-28D3A8AD8474@mit.edu> <afa1c58b9a05488a9b0e466568ca1c77@oc11expo23.exchange.mit.edu> <CAM8feuSv=pAr5benHjJm7HRO5+svFvNKWZzYK3a6ZqOHAzsZ4A@mail.gmail.com> <CANYRo8hsymxR9L64g_zyvuCjpMyb9WarRi3ptp7M5qVOv3_dEA@mail.gmail.com> <D5D1275D-757B-44C6-ACA4-439ECD66FCAF@gmail.com> <CALkShcuxDU4tiJfYzXEMG5Wj14NOJgNkJjcuDvzAcKmsyooERQ@mail.gmail.com> <c07273ae6c714858b2102c70df1d81d9@oc11expo23.exchange.mit.edu>
In-Reply-To: <c07273ae6c714858b2102c70df1d81d9@oc11expo23.exchange.mit.edu>
From: Fabien Imbault <fabien.imbault@gmail.com>
Date: Wed, 21 Jul 2021 17:08:44 +0200
Message-ID: <CAM8feuTOqagmrAuS5+18CuihAbo9ePN9cgA1=RmSqc4HiRXPyg@mail.gmail.com>
To: Thomas Hardjono <hardjono@mit.edu>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, GNAP Mailing List <txauth@ietf.org>, Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000927b0405c7a38c49"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/3fuFlo8d_EnHY883FuvfQqr8nso>
Subject: Re: [GNAP] Key Rotation
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2021 15:09:04 -0000
Hi Thomas, We already identify keys in the protocol, cf 7.1.1 key references. In that same section, we are quite open to any mechanism ("The means of dereferencing this value are out of scope for this specification"). Does that cover your concerns? Cheers Fabien Le mar. 20 juil. 2021 à 00:06, Thomas Hardjono <hardjono@mit.edu> a écrit : > > Hi Yaron, > > >>> To me key rotation simply means a way to identify keys (a key ID) and > >>> the expectation that protocol parties should manage more than one key > at a time: > >>> the current key and potentially older keys, up to some validity period. > > So perhaps we need to use tighter words or definitions, specially if the > goal is for GNAP to have wide adoption and co-exist with existing infra. > > I think a Key-ID makes sense because that's how many systems today > identify keys in their key-database (e.g. SA database in IPsec). > > The question becomes *what* exactly is a Key-ID in the context of GNAP. > > Is it an Octet string of a given length (i.e. with length less than or > equal the key-length in bits)? > > > > >>> I don’t think we should assume an external key management service. > > Wanting a KeyID to identify crypto keys is different from wanting a key > management protocol that implements a key lifecycle (e.g. that includes > key-gen, key rotation, key deletion, key archiving, etc. etc.). > > > > Best > > --thomas > > > > ________________________________________ > > On Mon, Jul 12, 2021 at 10:51 AM Yaron Sheffer <yaronf.ietf@gmail.com > <mailto:yaronf.ietf@gmail.com>> wrote: > > We absolutely need to support key rotation, and I don’t think we should > assume an external key management service. > > To me key rotation simply means a way to identify keys (a key ID) and the > expectation that protocol parties should manage more than one key at a > time: the current key and potentially older keys, up to some validity > period. > > If access tokens are bound to long-lived keys, we might need to add an > explicit, non-opaque, key ID to access tokens. > > Thanks, > Yaron > > From: TXAuth <txauth-bounces@ietf.org<mailto:txauth-bounces@ietf.org>> on > behalf of Adrian Gropper <agropper@healthurl.com<mailto: > agropper@healthurl.com>> > Date: Wednesday, July 7, 2021 at 18:28 > To: Fabien Imbault <fabien.imbault@gmail.com<mailto: > fabien.imbault@gmail.com>> > Cc: Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>>, Thomas > Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>>, GNAP Mailing List < > txauth@ietf.org<mailto:txauth@ietf.org>>, Aaron Parecki <aaron@parecki.com > <mailto:aaron@parecki.com>> > Subject: Re: [GNAP] Key Rotation > > Whatever we do in terms of scope, GNAP should not ignore this key rotation > issue. > > Regardless of what happened in the era of TLS and IPsec, today we're > seeing the limits of federated security architectures and everyone needs > help in the transition to zero-trust architectures. As I understand it, > we're seeing part of this as the difference between OAuth2 client > credentials and GNAP. > > If GNAP can do or say something useful about key rotation and client > credentials, then I hope we do. > > - Adrian > > On Wed, Jul 7, 2021 at 10:40 AM Fabien Imbault <fabien.imbault@gmail.com > <mailto:fabien.imbault@gmail.com>> wrote: > That's a valid point (i.e. you might use whatever system you want, as long > as you make sure your keys are managed) although one could argue we should > at the very minimum provide practical methods to ensure sufficient > security. Which means we could still provide a way native to GNAP, in case > people don't have their preferred method already? > > Le mer. 7 juil. 2021 à 16:14, Thomas Hardjono <hardjono@mit.edu<mailto: > hardjono@mit.edu>> a écrit : > > As much as I like the direction of GNAP, is key-rotation (i.e. key > management) even part of the GNAP charter? > > Key-rotation is a common problem for everyone, starting from the early > days of IPsec/IKE. > > Best > > --thomas > > > ________________________________________ > From: TXAuth [txauth-bounces@ietf.org<mailto:txauth-bounces@ietf.org>] on > behalf of Justin Richer [jricher@mit.edu<mailto:jricher@mit.edu>] > Sent: Wednesday, July 7, 2021 9:57 AM > To: Fabien Imbault > Cc: GNAP Mailing List; Aaron Parecki > Subject: Re: [GNAP] Key Rotation > > Aaron, that’s a great point about static registration. That leaves > ephemeral or otherwise runtime keys, which might be good enough to just > start a new request when needed? > > Ben had previously posited a functional approach like sign(k2, sign(k1, > (k2))): you use the old key (k1) to sign the new key (k2), then use the new > key to sign that signature and present it. The thing that I get hung up on > is having a way to do the key proofing for a new key that works > consistently for all the different key types in use. The outer signature, > signing with the new key, is easy: that’s the GNAP key proofing mechanism. > The trick is carrying a signed object with the key material internally > somehow — is there a way to handle that consistently across different > proofing types? > > There are a bunch of ways that it could be done with different proofing > mechanisms and that might be the right approach. HTTP Message Signatures > can attach multiple signatures. JWK-based-keys could use JWS to wrap the > key content as part of the payload (so you’d get something like a nested > JWT). MTLS is a strange one, but if you’re in certificate space you have > other options like CA’s and OCSP to help manage your keys at a different > level. So maybe GNAP just specifies the functional requirement at a high > level and each proofing mechanism or deployment has to fill that somehow in > its definition? > > Still, something in me says that we should be able to do this in one > consistent pattern, and I’d love to hear more ideas on how that could be > handled. If we can crack that, then it becomes a matter of applying that to > a bunch of different requests: grant update, token rotation, initial > request, etc. This piece, at least, I believe can be applied pretty > generically. > > — Justin > > On Jul 6, 2021, at 6:30 PM, Fabien Imbault <fabien.imbault@gmail.com > <mailto:fabien.imbault@gmail.com><mailto:fabien.imbault@gmail.com<mailto: > fabien.imbault@gmail.com>>> wrote: > > Hi there, > > As far as I know, key rotation remains a cumbersome process in most cases, > to say the least. It's quite impressive how often that breaks (usually when > a certificate expires somewhere). > > The exception is caddy server, that does it really well. Works fine in > production. > > And then, as a proof of concept, there's DIF Keri that embeds key rotation > as a primary requirement. > > Fabien > > > > > Le mar. 6 juil. 2021 à 23:29, Aaron Parecki <aaron@parecki.com<mailto: > aaron@parecki.com><mailto:aaron@parecki.com<mailto:aaron@parecki.com>>> a > écrit : > I do think it's important that a client instance should be able to rotate > its keys, as this is a pretty common practice in other related specs. > > You mentioned pre-registered clients which I think is an interesting case. > I would expect in those cases the client instance wouldn't actually be > rotating its keys on its own, instead the developer/administrator would go > into the management console to rotate the keys there, and deploy the new > keys to the client instance, more like how typical OAuth clients work today. > > Coming up with the actual rotation method is definitely an interesting > challenge, but there must be some prior art to draw from here. Wouldn't > existing specs like Mutual TLS or even PGP have some mechanism that could > be reused? > > Aaron > > > On Tue, Jun 15, 2021 at 10:52 AM Justin Richer <jricher@mit.edu<mailto: > jricher@mit.edu><mailto:jricher@mit.edu<mailto:jricher@mit.edu>>> wrote: > In the GNAP protocol, most requests are bound to a key. There are pretty > solid mechanisms for establishing those keys as part of the request, both > dynamically and as part of some pre-registration step. > > However, over time those keys could be rotated out by the parties that > control them, and GNAP needs to be able to handle this. > > • Access tokens are bound to keys > • We allow rotation of the token value at client instance > request... > • Should we allow rotation of the key also? > • Grant transactions are also bound to keys > • Specifically: the continuation access token is bound to > a key > • The key is initially the client instance’s key > • Should the client be able to rotate this key separately? > • Some client instances have registered keys > • What happens when a client’s registered key rotates? > > > Secure rotation of a key would require some way for the presenter to prove > possession of both the old and new keys simultaneously. It could be a > matter of signing the request with the new key and include some artifact > signed by the old key in the request, or the inverse of that. There are > likely other methods out there, but this seems simplest. > > What situations are people looking at for handling key rotation? > > — Justin > -- > TXAuth mailing list > TXAuth@ietf.org<mailto:TXAuth@ietf.org><mailto:TXAuth@ietf.org<mailto: > TXAuth@ietf.org>> > https://www.ietf.org/mailman/listinfo/txauth > -- > TXAuth mailing list > TXAuth@ietf.org<mailto:TXAuth@ietf.org><mailto:TXAuth@ietf.org<mailto: > TXAuth@ietf.org>> > https://www.ietf.org/mailman/listinfo/txauth > -- > TXAuth mailing list > TXAuth@ietf.org<mailto:TXAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/txauth > -- TXAuth mailing list TXAuth@ietf.org<mailto:TXAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/txauth > -- > TXAuth mailing list > TXAuth@ietf.org<mailto:TXAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/txauth > > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth >
- [GNAP] Key Rotation Justin Richer
- Re: [GNAP] Key Rotation Aaron Parecki
- Re: [GNAP] Key Rotation Fabien Imbault
- Re: [GNAP] Key Rotation Justin Richer
- Re: [GNAP] Key Rotation Fabien Imbault
- Re: [GNAP] Key Rotation Thomas Hardjono
- Re: [GNAP] Key Rotation Justin Richer
- Re: [GNAP] Key Rotation Justin Richer
- Re: [GNAP] Key Rotation Thomas Hardjono
- Re: [GNAP] Key Rotation Fabien Imbault
- Re: [GNAP] Key Rotation Adrian Gropper
- Re: [GNAP] Key Rotation Yaron Sheffer
- Re: [GNAP] Key Rotation Thomas Hardjono
- Re: [GNAP] Key Rotation Andrii Deinega
- Re: [GNAP] Key Rotation Fabien Imbault
- Re: [GNAP] Key Rotation Thomas Hardjono