Re: [GNAP] RS validation of access tokens
Adrian Gropper <agropper@healthurl.com> Wed, 23 August 2023 16:47 UTC
Return-Path: <agropper@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AD2BC14CF05 for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 09:47:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.406
X-Spam-Level:
X-Spam-Status: No, score=-1.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QRiGeh9RwUFL for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 09:47:58 -0700 (PDT)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 041E9C151524 for <txauth@ietf.org>; Wed, 23 Aug 2023 09:47:57 -0700 (PDT)
Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-3fee5ddc23eso43233725e9.1 for <txauth@ietf.org>; Wed, 23 Aug 2023 09:47:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692809276; x=1693414076; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ehGln4gLvIJ9RcEIU4uUiXQH7ruX5oM+M3u9WZsYafc=; b=AkpalLldCBEtS7fyyWmGiKZQOGOKW9Lw/QWxcJSgnEQdMOQu7o8p9dzRU+pDK8g8Go WDN3lFPKY6/kG1Z8RxXY4xpndykGN3VEcfRWo5rGqJXUJ0qEhOFgFfTHNfovgy+raXHA lTXF+GO967hKaiXc3ac9fCfHlBUJ3Fxw8TVYH+FxdiPEAx4wC8+rH0QrhToJLvuDJIET +Fc2nfkacl8wY4uwbOoiDI1t/Q1EAuHHuXIwHoqKKlp4+Vgwk3hts2gtvFm70FnRIUpc T715NokFeIgG2DgKWs6GkF1qLtkuAYV5hPkPGs9+2x1oq5SE+v9IzasGRk2Krde56MHz uQ3g==
X-Gm-Message-State: AOJu0Yzn5v8yFVzQddHzFtMddZeJCNtlHPDIM9E5dmXn/37owwnozrNT s8eba+0EgKr0PV2/R8MQZOV7tclIO+L//kUpF5M=
X-Google-Smtp-Source: AGHT+IEOPaAhRYQdqa/RmY6wS7RZHWGhMqhUDsZYnTNLdfBMzJZPz37C4C/QTrr6ntlBrAwiLlPz+SmqcwXlAtGZbOY=
X-Received: by 2002:adf:e886:0:b0:313:ea84:147a with SMTP id d6-20020adfe886000000b00313ea84147amr9504261wrm.64.1692809275934; Wed, 23 Aug 2023 09:47:55 -0700 (PDT)
MIME-Version: 1.0
References: <42276B6A-3792-44FD-97A5-A75F6280831A@mit.edu> <5BFDBC7F-C24D-474D-A699-BEA7DE333831@mit.edu> <D7234AF5-B9A9-4562-96A1-990CE953B609@gmail.com> <E81DA216-9E50-406B-8F51-454FF12695C9@mit.edu>
In-Reply-To: <E81DA216-9E50-406B-8F51-454FF12695C9@mit.edu>
From: Adrian Gropper <agropper@healthurl.com>
Date: Wed, 23 Aug 2023 12:47:42 -0400
Message-ID: <CANYRo8j6YU2p6WdqoVyNXrjWsiP8Zc9h=wRt-=PTZnQvHh-QTw@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009090a3060399dffd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/e2JDNsLffLMQ2MbIRnZX47iqQ28>
Subject: Re: [GNAP] RS validation of access tokens
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 16:47:59 -0000
Apologies for not completely understanding the issue and this may be a dumb question. In our use-case, the resource is typically encrypted at rest. Whatever interaction there is between the CI and AS, does GNAP specifiy how the AS can provide a key to the CI? Thanks, Adrian On Wed, Aug 23, 2023 at 10:19 AM Justin Richer <jricher@mit.edu> wrote: > I had a similar conversation with the researchers. The feature is there > largely for symmetric keys, but it’s possible that the AS could provide a > key pair back to the client in this field to use asymmetric crypto. > > My personal take, as an implementor, is that we can address this with > warnings about its intended use, and with a full discussion about the > tradeoffs and increased attack surfaces it’s not really relevant whether > it’s a symmetric key or an asymmetric one. > > Another possible response is to remove the AS-provided key feature > entirely and relegate it to an extension. That’s a more drastic change at > this stage, of course. I don’t have a good insight into how much this > particular feature is used in the wild. > > — Justin > > On Aug 23, 2023, at 12:28 PM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote: > > Hi Justin, > > Thank you for clarifying this attack with the researchers. > > Regarding your first bullet, I went back to the core protocol and I’m > wondering why we allow a key to be included in the Grant Response. The > document does not shed any light on use cases for this feature. If this is > only useful for symmetric keys (is it?), we could restrict it explicitly to > this particular case in order to reduce the attack surface. It is not too > late to tweak the protocol if this would improve its security. > > Thanks, > Yaron > > *From: *TXAuth <txauth-bounces@ietf.org> on behalf of Justin Richer < > jricher@mit.edu> > *Date: *Tuesday, 22 August 2023 at 17:49 > *To: *GNAP Mailing List <txauth@ietf.org> > *Subject: *Re: [GNAP] RS validation of access tokens > > This issue was discussed today at the OAuth Security Workshop, I was in > attendance along with three of the researchers who had proposed the issue > into GitHub. Fundamentally, we came to the understanding that the security > property being modeled under attack was not fundamental to GNAP, but it > does warrant a reasonable set of warnings for implementors to avoid > accidentally stumbling into it. > > The proposed outcome is to write or clarify three main points: > > - Call out more clearly that a token with an AS-provided key has some of > the same attack surfaces as a bearer token. While such a token could not be > used directly by the RS, it can be captured and replayed to an unwitting > client application by an attacker, with the key intact. Warnings against > using and accepting AS-provided keys will be written up. Currently the > feature will remain in the core specification with these warnings in the RS > draft, though this may warrant a specific cross reference added to core. > > - As proposed in the issue below by Yaron, a new section will be written > in the RS draft describing the importance of AS choice for token validation > and acceptance. > > - A new security consideration section in the RS draft that discusses the > token substitution attack, the circumstances under which it can occur, and > the tradeoffs for those circumstances. > > > If you have input into any of these items, please suggest text that might > help. > > Thank you, > — Justin > > > > > On Jul 29, 2023, at 5:54 AM, Justin Richer <jricher@mit.edu> wrote: > > As discussed in the meeting today, the following issue raises a question > on the security properties of the RS processing tokens during a specific > kind of attack: > > https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/56 > > While the editors believe that this can be addressed sufficiently with a > security consideration, the conversation in the room indicated that there > is further discussion that needs to be had first. The editors and chairs > are planning to reach out to the research team that filed the issue for > clarification. With the OAuth Security Workshop coming up, this might prove > a good opportunity to discuss the issue with the security and research > community. The editors will bring the results of those discussions back to > the list. > > If you have something to add to the attack and model as described, please > add to the discussion on the GitHub issue. > > — Justin > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth > > > -- TXAuth mailing list TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth > > > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth >
- [GNAP] RS validation of access tokens Justin Richer
- Re: [GNAP] RS validation of access tokens Justin Richer
- Re: [GNAP] RS validation of access tokens Yaron Sheffer
- Re: [GNAP] RS validation of access tokens Justin Richer
- Re: [GNAP] RS validation of access tokens Adrian Gropper
- Re: [GNAP] RS validation of access tokens Justin Richer