Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
Andrei Popov <Andrei.Popov@microsoft.com> Mon, 17 September 2018 17:57 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4BA81200D7 for <unbearable@ietfa.amsl.com>; Mon, 17 Sep 2018 10:57:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.112
X-Spam-Level: *
X-Spam-Status: No, score=1.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdhMInwod9j9 for <unbearable@ietfa.amsl.com>; Mon, 17 Sep 2018 10:57:26 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0139.outbound.protection.outlook.com [104.47.38.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A2121274D0 for <unbearable@ietf.org>; Mon, 17 Sep 2018 10:57:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EgViC/lo4HfrpETfna+GWmcVmva5Jf8JTpBBoMPg4N4=; b=a2bpeZoNGe+Y2Blr8iYsWHNhbhqcfvB0V8+IsyHnVVYU88/e8SS4DlLCpFsAJc08FU1Sm/J5gPJA2NTzIhBOE5Jrs9ziL5LKr6vfMyDL0FfiURAk/5x+zUDGixTmqpkd/er4BP1ofmtsiD640oXKFbNwEgo3jBOtWmcfJ0RoaR8=
Received: from CY4PR21MB0774.namprd21.prod.outlook.com (10.173.192.20) by CY4PR21MB0168.namprd21.prod.outlook.com (10.173.192.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1185.6; Mon, 17 Sep 2018 17:57:23 +0000
Received: from CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::290d:3ed5:7a6b:e1cc]) by CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::290d:3ed5:7a6b:e1cc%2]) with mapi id 15.20.1185.003; Mon, 17 Sep 2018 17:57:23 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Denis <denis.ietf@free.fr>, Hans Zandbelt <hans.zandbelt@zmartzone.eu>
CC: Tokbind WG <unbearable@ietf.org>
Thread-Topic: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
Thread-Index: AQHUS64L+Ni1zKXorUWBMu/ZxHbtwqT0O2GAgAAF2wCAAA3vgIAAePjg
Date: Mon, 17 Sep 2018 17:57:23 +0000
Message-ID: <CY4PR21MB0774438584D60A8033A94EF18C1E0@CY4PR21MB0774.namprd21.prod.outlook.com>
References: <bba419c9-103b-5cb0-4267-c5cec9c7b3dd@sunet.se> <6bea7c7b-80ec-9637-324e-730998c461ad@free.fr> <CA+iA6uh5rjoU-AUdOzt-kJkgo3MshZndu7RL59M-kWjx-ckzbw@mail.gmail.com> <93c77c77-9dfe-fe0b-4b3a-319c9dc7ec8e@free.fr>
In-Reply-To: <93c77c77-9dfe-fe0b-4b3a-319c9dc7ec8e@free.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:b:28b2:a023:971b:e42c]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0168; 6:1LC/FZT1Vki8t84KLbO3eAb3Lp7t/FiClGvYpWrC6oOA6CGeDPA7rP3gLI9P0TsTEG2yXvfw5sLtOWTzGbMcd2wJIkycusFhaqW5yMbokCveutHxv5DuEWib4fOEz3WQ5kas4oJZwVsuZoNenKbdBeMNoygkPo5MBUORo3mmiysGmUx7Poq4uX2DwC7tXVQ67p85/PKZ9I/0RGaIoZtb+qkpwkiR0C7V0r9QcgQmtehCBA1cnx9FyaB+1RDWF8ZEk/qLMDfucETwuIpjgG/LGeOhlSq+VbfryEJYhQeIsgE9vxwHJb26RPUEgER5drIag/e02ZlJGxspG9BTBnPaLtdkvzKAhV0Z6wmM9mjPIRqw5J5eFSKFsQjdtTCRJf60Wjw/Dv6JsRwstLdUXQVaun6DNghMLY8UCbLqSSklsu8wPIQl2JbhN3gBTZ6qW5eJ8SHEJSyqv2pgXjc02W2Eww==; 5:5OwGwNm1L4/pUCwD92llg7RZde5j4UT/7mrD7mS082GdOFYGaBI+a4UePKjSts/yNhJkOGWNfyaMx5PJrhkpxm1WOSUh9otA1HtkMvHNFer7Bia/UcEphMCsf65f9pMAoAFG2pXAsNYWJkBDL5PRHtZC55vq1pZ95/QN4ZrDuew=; 7:Ph/lfvEospz6XC2wcxkqOZg15mR2ygp/DoLnFf5ORDffSVHcuAYzNFKJgs2zniBLFoLobpEP32PpSFYq4rWOgqGRow5EIiznhzkuLnicWLTo7CZaSrsZuWVLy5w+r/evrNsfyjLh3PTurAiKZ0fDXry7kud6gJjbjUft2qGdUq1Lst6mfJ4gAxQ0kgyzJnO+te6QEaDxcu506LWzzlsf3k4dxcMMqkTk+Mjr8oQRhagZkI8ZFVTlsEN7YPrtdw20
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 83726541-1004-4205-126b-08d61cc70594
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:CY4PR21MB0168;
x-ms-traffictypediagnostic: CY4PR21MB0168:
x-microsoft-antispam-prvs: <CY4PR21MB0168106F931707F55D9A354C8C1E0@CY4PR21MB0168.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(158342451672863)(191636701735510)(21748063052155)(28532068793085)(219752817060721)(189930954265078);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231355)(944501410)(52105095)(2018427008)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123564045)(201708071742011)(7699050)(76991041); SRVR:CY4PR21MB0168; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0168;
x-forefront-prvs: 0798146F16
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(366004)(39860400002)(376002)(136003)(396003)(189003)(199004)(316002)(22452003)(53546011)(54896002)(6306002)(97736004)(93886005)(9686003)(2906002)(236005)(606006)(33656002)(9326002)(53936002)(6506007)(68736007)(25786009)(105586002)(7696005)(106356001)(790700001)(6116002)(76176011)(81156014)(81166006)(8676002)(8990500004)(8936002)(561944003)(74316002)(10290500003)(6246003)(99286004)(7736002)(478600001)(2900100001)(14454004)(5250100002)(11346002)(110136005)(446003)(14444005)(186003)(86362001)(486006)(229853002)(256004)(102836004)(10090500001)(966005)(4326008)(5660300001)(6436002)(6346003)(72206003)(55016002)(86612001)(4000630100001)(476003)(46003)(15866825006); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0168; H:CY4PR21MB0774.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-message-info: OM+l2XdK1EgAX18tvJw0tueqEOMsOzH7UsKErngEtPkfSMki+a3vDs/usrq+2kHrqsDTnU7N/fVujkHf5y1CA7HDofVX1/wHVGZ/UwMyiOEHrdMzlzgHlCJ9Y88ZoyzdFC3FHiR0QcQxNpNTe5cTiE2Vfs/X9Ccoj+lGpm2aYcVAX+uMHh0aG0wCGxuyjkeNdbOQGW2KPcUD4Drpzgv2NvuGZLHaxlfS8pym+SLffZE6n+IMwJlGXX34XBCU6+KgI6T8rw8c9vIqp/V69Re+0EnsOfsqzGffrKma9EfwNv9h/SZa+sLZH6i9z+jdR3s2z6uY3Jnd4za/ODkgsPws/GFp0iXGIhZMlOEZ/aAisAg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0774438584D60A8033A94EF18C1E0CY4PR21MB0774namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 83726541-1004-4205-126b-08d61cc70594
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2018 17:57:23.6513 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0168
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/j8XR0wNehyYSGZn-xnJqFPswY1Q>
Subject: Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Sep 2018 17:57:29 -0000
Hi Denis, IMHO this is already addressed in the security considerations: “The Token Binding protocol does not prevent cooperating clients from sharing a bound token. A client could intentionally export a bound token with the corresponding Token Binding private key, or perform signatures using this key on behalf of another client.” Cheers, Andrei From: Unbearable <unbearable-bounces@ietf.org> On Behalf Of Denis Sent: Monday, September 17, 2018 3:43 AM To: Hans Zandbelt <hans.zandbelt@zmartzone.eu> Cc: Tokbind WG <unbearable@ietf.org> Subject: Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp Hans, This has nothing to do with "private key sharing". Private keys are usually protected by some hardware device which does not allow to export these keys. However, a legitimate user can use his hardware device which means that he can ask to his device to perform some cryptographic computation with the private keys that are stored in it. In the past, when doing a threat analysis, only external attackers were being considered. Collaborative attacks is a different kind of threat that should also be considered. However, it only applies to some specific contexts: If the security token contains a sufficient number of attributes that allows to fully identify the bearer, the bearer will probably refuse to collaborate with anybody else, because that other body could fully impersonate him. If the security token contains one or more attributes that do not allow to fully identify the bearer, the bearer may accept to collaborate with somebody else, because he cannot be identified. Typical examples of such an attribute are: "over 18" or "resident of Florida". Such attributes may allow to access to a service. Any solution using software only is unable to counter collaborative attacks. Any solution using hardware devices that are only protecting the private keys, but not their usage, are also unable to counter collaborative attacks. The topic has nothing to do with generic PKI principles and guidelines. However, adding some additional explanations into the security considerations section along those provided above could be useful. Denis Can we please stop adding text that says "don't share your private key with others" to IETF drafts? That is an inherent part of PKI and does not need to be repeated everywhere IMO, just like text about how verifying TLS server certificate should work is not repeated in drafts where TLS is a requirement. Perhaps a reference to generic PKI principles and guidelines may be included? Hans. On Mon, Sep 17, 2018 at 11:32 AM Denis <denis.ietf@free.fr<mailto:denis.ietf@free.fr>> wrote: Comments on draft-ietf-tokbind-ttrp-06: HTTPS Token Binding with TLS Terminating Reverse Proxies The introduction states: An HTTP server issuing cookies or other security tokens can associate them with the Token Binding ID, which ensures those tokens cannot be used successfully over a different TLS connection or by a different client than the one to which they were issued. When there are only external attackers, the sentence is correct but is incorrect when there is a collusion between a legitimate client and another client. The sentence should be corrected. Here is a proposal: An HTTP server issuing cookies or other security tokens can associate them with the Token Binding ID, which ensures those tokens cannot be used successfully over a different TLS connection or by a different client than the one to which they were issued, as long as there is no collusion between the legitimate client and another client. In the "Security Considerations" section (section 4), some explanations should be added. Here is a proposal: The token binding mechanism is efficient against external attackers, but, in case a legitimate client collaborates with another client, the mechanism can be defeated since the legitimate client, using the private key which proves possession of the security token, can perform all the cryptographic computations that the other client needs to demonstrate the possession of that security token. Denis This message marks the start of a 2 week WGLC on draft-ietf-tokbind-ttrp-06 as agreed in Montreal but only now effected by your chair. Please provide your final comments, voices of support or objections by COB Fri 28 Sept in any TZ. Best R Leif _______________________________________________ Unbearable mailing list Unbearable@ietf.org<mailto:Unbearable@ietf.org> https://www.ietf.org/mailman/listinfo/unbearable<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Funbearable&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C0f190bc7a19c4c92014f08d61c8a6cdd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636727778196060990&sdata=wp0JA58IzQoYFIB0QVMNtyWSjiAhAJr8EHGvXs1fwLc%3D&reserved=0> _______________________________________________ Unbearable mailing list Unbearable@ietf.org<mailto:Unbearable@ietf.org> https://www.ietf.org/mailman/listinfo/unbearable<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Funbearable&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C0f190bc7a19c4c92014f08d61c8a6cdd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636727778196071002&sdata=CFnNEkHXp9X1RnN9HJij32YLB3IS3NQJ%2FJveXArXOp4%3D&reserved=0> -- hans.zandbelt@zmartzone.eu<mailto:hans.zandbelt@zmartzone.eu> ZmartZone IAM - www.zmartzone.eu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zmartzone.eu&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C0f190bc7a19c4c92014f08d61c8a6cdd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636727778196081011&sdata=30pxo8BATC47jY8%2FM6%2FIK4J84FKsoGYGv776w%2FKboJ0%3D&reserved=0>
- [Unbearable] (belated) WGLC draft-ietf-tokbind-tt… Leif Johansson
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Denis
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Hans Zandbelt
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Denis
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Andrei Popov
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Denis
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Andrei Popov
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Hans Zandbelt
- Re: [Unbearable] (belated) WGLC draft-ietf-tokbin… Brian Campbell