Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp

Brian Campbell <bcampbell@pingidentity.com> Tue, 18 September 2018 15:18 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD618130E21 for <unbearable@ietfa.amsl.com>; Tue, 18 Sep 2018 08:18:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.868
X-Spam-Level:
X-Spam-Status: No, score=-0.868 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTKSSz77rnxq for <unbearable@ietfa.amsl.com>; Tue, 18 Sep 2018 08:18:17 -0700 (PDT)
Received: from mail-it0-x242.google.com (mail-it0-x242.google.com [IPv6:2607:f8b0:4001:c0b::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A217127332 for <unbearable@ietf.org>; Tue, 18 Sep 2018 08:18:17 -0700 (PDT)
Received: by mail-it0-x242.google.com with SMTP id e14-v6so3760060itf.1 for <unbearable@ietf.org>; Tue, 18 Sep 2018 08:18:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CQbkOhLJtTKV1JBZmogbVK0AdC7mDEmstGCgLNLZOQk=; b=NdNl+EvE+yzhQQX5Iw70bwIhjVps9CWxiOZeFcbGuq/DI3BsxcG3B+nc4H0p03Dr4j /E5NToUZoFWYvDdA3Wa8RjLaCVXLHF2eyjynyiuWqJ2VRkVoRJPZ3ISAD1vwn5Ce5VOV rfQ5P1zUXFZyOu2JvqSWBInOTUpdS2gWhapYU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CQbkOhLJtTKV1JBZmogbVK0AdC7mDEmstGCgLNLZOQk=; b=eu7pzSBOWjHAq7TX/vgVN2+fJRWbOCxWSto0oDpuC3WoxCqqt6Z6ND9WZhbNyLIKuP Z3lG24kqNDFcyqSKH2dA+tNg5pejbOlgctigVlvQYnseyeJgP07w+oYOU9cX2BmqzV1s ibSx2a7juAP2tz++wGBYz7c83C9gCZ7iTGjgh2z4RojAnFzuDf9lCm4bScNG/Gb9HSSq OvMLxuBr4C6syIPQV/f2Q1JJWPNC0dUfDd3NHNFxkfJuQg5WjZiwUDrs7wGp5Ds26T04 m9ktKp08V/12aRTb3GYHeS9yJKcjtlkbAXdthusUDhomgGhwZmSsJs70Cut0n038h5nW hJlA==
X-Gm-Message-State: APzg51DmEvQDY+aKl5eqrFlE7Y7TpG1UX1QOwCLBQyp9lWT8/73o5KnZ AqFUuUfq41EBZrBVRSHI43HuRN4WnrkQLv7W9DLKQmT0BUG1qURWclD9MgtmfL0kSwm3pP8tKHj HvOcsJ9Yy28byNB5GvdPT/5wjkA==
X-Google-Smtp-Source: ANB0VdZSy2AJ2eW8sMVvhO/h1WxJ3fbZbeyAHK9xmzLqrZPLCsgK/Kn4NoNwiQmDuYZrz27DRLAwQSJqyqwAckIu4II=
X-Received: by 2002:a24:e4ca:: with SMTP id o193-v6mr17234254ith.132.1537283896649; Tue, 18 Sep 2018 08:18:16 -0700 (PDT)
MIME-Version: 1.0
References: <bba419c9-103b-5cb0-4267-c5cec9c7b3dd@sunet.se> <6bea7c7b-80ec-9637-324e-730998c461ad@free.fr> <CA+iA6uh5rjoU-AUdOzt-kJkgo3MshZndu7RL59M-kWjx-ckzbw@mail.gmail.com> <93c77c77-9dfe-fe0b-4b3a-319c9dc7ec8e@free.fr> <CY4PR21MB0774438584D60A8033A94EF18C1E0@CY4PR21MB0774.namprd21.prod.outlook.com> <3f7c20ed-26c1-3070-207b-54e97b1dc516@free.fr> <CY4PR21MB0774AB20D798821A35FF19828C1E0@CY4PR21MB0774.namprd21.prod.outlook.com>
In-Reply-To: <CY4PR21MB0774AB20D798821A35FF19828C1E0@CY4PR21MB0774.namprd21.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 18 Sep 2018 09:17:49 -0600
Message-ID: <CA+k3eCQf9s4+PEvFKXwrP0nn0aUqUrN_-ju8EnLgg9h_0Y=3hw@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: Denis <denis.ietf@free.fr>, IETF Tokbind WG <unbearable@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000944bb8057626cc8e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/IWBXOrOLb8nxUtKFJiDoYzzfNq4>
Subject: Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Sep 2018 15:18:20 -0000

Agreed that the reference to TBPROTO, which already has security
considerations about it, is more than sufficient.  The security
considerations in TTRP are only about the issues relating specifically to
that deployment model.

On Mon, Sep 17, 2018 at 12:36 PM Andrei Popov <Andrei.Popov@microsoft.com>
wrote:

> Yes, but arguably, since TTRP references TBPROTO, it does not have to copy
> all of the security considerations from the base protocol document.
> Otherwise, any Internet-Draft would have to contain a superset of the
> security considerations from all referenced documents…
>
>
>
> *From:* Unbearable <unbearable-bounces@ietf.org> *On Behalf Of *Denis
> *Sent:* Monday, September 17, 2018 11:23 AM
> *To:* Tokbind WG <unbearable@ietf.org>
> *Subject:* Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
>
>
>
> Hi Andrei,
>
> Such a sentence is present in draft-ietf-tokbind-protocol-19 (The Token
> Binding Protocol Version 1.0), but not
> in draft-ietf-tokbind-ttrp-06: HTTPS Token Binding with TLS Terminating
> Reverse Proxies.
>
> Denis
>
> Hi Denis,
>
>
>
> IMHO this is already addressed in the security considerations:
>
>
>
> “The Token Binding protocol does not prevent cooperating clients from
>
>    sharing a bound token.  A client could intentionally export a bound
>
>    token with the corresponding Token Binding private key, or perform
>
>    signatures using this key on behalf of another client.”
>
>
>
> Cheers,
>
>
>
> Andrei
>
>
>
> *From:* Unbearable <unbearable-bounces@ietf.org>
> <unbearable-bounces@ietf.org> * On Behalf Of *Denis
> *Sent:* Monday, September 17, 2018 3:43 AM
> *To:* Hans Zandbelt <hans.zandbelt@zmartzone.eu>
> <hans.zandbelt@zmartzone.eu>
> *Cc:* Tokbind WG <unbearable@ietf.org> <unbearable@ietf.org>
> *Subject:* Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
>
>
>
> Hans,
>
> This has nothing to do with "private key sharing". Private keys are
> usually protected by some hardware device which does not allow to export
> these keys.
> However, a legitimate user can *use* his hardware device which means that
> he can ask to his device to perform some cryptographic computation with the
> private keys
> that are stored in it.
>
> In the past, when doing a threat analysis, only external attackers were
> being considered. Collaborative attacks is a different kind of threat that
> should also be considered.
> However, it only applies to some specific contexts:
>
> If the security token contains a sufficient number of attributes that
> allows to fully identify the bearer, the bearer will probably refuse to
> collaborate with anybody else,
> because that other body could fully impersonate him.
>
> If the security token contains one or more attributes that do not allow to
> fully identify the bearer, the bearer may accept to collaborate with
> somebody else, because
> he cannot be identified. Typical examples of such an attribute are: "over
> 18" or "resident of Florida". Such attributes may allow to access to a
> service.
>
> Any solution using software only is unable to counter collaborative
> attacks. Any solution using hardware devices that are only protecting the
> private keys, *but not their usage*,
> are also unable to counter collaborative attacks. The topic has nothing to
> do with generic PKI principles and guidelines. However, adding some
> additional explanations into
> the security considerations section along those provided above could be
> useful.
>
> Denis
>
> Can we please stop adding text that says "don't share your private key
> with others" to IETF drafts? That is an inherent part of PKI and does not
> need to be repeated everywhere IMO, just like text about how verifying TLS
> server certificate should work is not repeated in drafts where TLS is a
> requirement. Perhaps a reference to generic PKI principles and guidelines
> may be included?
>
>
>
> Hans.
>
>
>
> On Mon, Sep 17, 2018 at 11:32 AM Denis <denis.ietf@free.fr> wrote:
>
> Comments on draft-ietf-tokbind-ttrp-06: HTTPS Token Binding with TLS
> Terminating Reverse Proxies
>
> The introduction states:
>
> An HTTP server issuing cookies or other security tokens can associate them
> with the Token Binding ID, which ensures those tokens
> cannot be used successfully over a different TLS connection or by a
> different client than the one to which they were issued.
>
> When there are only external attackers, the sentence is correct but is
> incorrect when there is a collusion between a legitimate client and another
> client.
> The sentence should be corrected. Here is a proposal:
>
> An HTTP server issuing cookies or other security tokens can associate them
> with the Token Binding ID, which ensures those tokens
> cannot be used successfully over a different TLS connection or by a
> different client than the one to which they were issued, as long as
> there is no collusion between the legitimate client and another client.
>
> In the "Security Considerations" section (section 4), some explanations
> should be added. Here is a proposal:
>
> The token binding mechanism is efficient against external attackers, but,
> in case a legitimate client collaborates with another client,
> the mechanism can be defeated since the legitimate client, using the
> private key which proves possession of the security token, can perform
> all the cryptographic computations that the other client needs to
> demonstrate the possession of that security token.
>
> Denis
>
> This message marks the start of a 2 week WGLC on
>
> draft-ietf-tokbind-ttrp-06 as agreed in Montreal but only now effected
>
> by your chair.
>
>
>
> Please provide your final comments, voices of support or objections
>
> by COB Fri 28 Sept in any TZ.
>
>
>
>  Best R
>
>  Leif
>
>
>
> _______________________________________________
>
> Unbearable mailing list
>
> Unbearable@ietf.org
>
> https://www.ietf.org/mailman/listinfo/unbearable <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Funbearable&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cab8af6eb738948ea918908d61ccaa431%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636728054009097353&sdata=nAYXebh8MnuGb4AqFSnfgn7w03gTobnP5pHjPfRB%2FR4%3D&reserved=0>
>
>
>
> _______________________________________________
> Unbearable mailing list
> Unbearable@ietf.org
> https://www.ietf.org/mailman/listinfo/unbearable
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Funbearable&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cab8af6eb738948ea918908d61ccaa431%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636728054009097353&sdata=nAYXebh8MnuGb4AqFSnfgn7w03gTobnP5pHjPfRB%2FR4%3D&reserved=0>
>
>
>
>
> --
>
> hans.zandbelt@zmartzone.eu
>
> ZmartZone IAM - www.zmartzone.eu
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zmartzone.eu&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cab8af6eb738948ea918908d61ccaa431%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636728054009097353&sdata=qCQp1us41uMQ3TXbXjN7rzY0ZXIwFJNa3v40dfVvaeQ%3D&reserved=0>
>
>
>
>
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._