IETF Logo Mail Archive

Re: [Unbearable] ramifications of longer EKMs

Anthony Nadalin <tonynad@microsoft.com> Thu, 23 February 2017 17:53 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78F94129A6E for <unbearable@ietfa.amsl.com>; Thu, 23 Feb 2017 09:53:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DPlLzZk784Q for <unbearable@ietfa.amsl.com>; Thu, 23 Feb 2017 09:53:50 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0116.outbound.protection.outlook.com [104.47.32.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9590C12A21D for <unbearable@ietf.org>; Thu, 23 Feb 2017 09:53:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IlaCcXIbNkjAqu5yPPLhMNqkkTA/u+PeG3OU45nqoqY=; b=n03RLmc6Ct1I6Qk3PzgagM8pnpN2Q/zw9aBEAvvUAH7LGctgvpM2Ec2QF4yKpIWfkBzCeSB9EHJvx7OigTYkjrKbubIOK8iIKoj0LBKP6M427KwiKZWEc39KUXaKxWEN2I16dRTqjiXesc0DzszqnCBq5lmygQJjMjK7NjR9an4=
Received: from SN1PR0301MB2029.namprd03.prod.outlook.com (10.163.226.27) by CY1PR0301MB0841.namprd03.prod.outlook.com (10.160.163.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.919.13; Thu, 23 Feb 2017 17:53:46 +0000
Received: from SN1PR0301MB2029.namprd03.prod.outlook.com ([10.163.226.27]) by SN1PR0301MB2029.namprd03.prod.outlook.com ([10.163.226.27]) with mapi id 15.01.0933.011; Thu, 23 Feb 2017 17:53:46 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>, Andrei Popov <Andrei.Popov@microsoft.com>
Thread-Topic: [Unbearable] ramifications of longer EKMs
Thread-Index: AQHSjVYe/iOyf5L8EU+ZQVupoEDxs6F1rSmAgAAKOICAAAhuAIAABvKAgADNHgCAAEwncA==
Date: Thu, 23 Feb 2017 17:53:46 +0000
Message-ID: <SN1PR0301MB2029AD297BE87DE6330FFBE6A6530@SN1PR0301MB2029.namprd03.prod.outlook.com>
References: <CA+k3eCTRAdwW9xj2JRcs7LwgXJtWj=zDFrZVGJVLmV-vHuYstw@mail.gmail.com> <CY1PR0301MB0842D765811AA4C37AE332938C500@CY1PR0301MB0842.namprd03.prod.outlook.com> <CA+k3eCQw4KErXHrQWx=uEmf6OKvp9nGQYiC2nWk4+exorxjDCg@mail.gmail.com> <CY1PR0301MB0842C76A829D345AAC18FB988C530@CY1PR0301MB0842.namprd03.prod.outlook.com> <CY1PR0301MB0842026E974F75CE28AA264C8C530@CY1PR0301MB0842.namprd03.prod.outlook.com> <CA+k3eCQZKAf7BOWKBDQqBDR63OBKOogyuDT+j1JCqSDU3EUuQg@mail.gmail.com>
In-Reply-To: <CA+k3eCQZKAf7BOWKBDQqBDR63OBKOogyuDT+j1JCqSDU3EUuQg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tonynad@microsoft.com;
x-originating-ip: [2001:4898:80e8:5::29d]
x-ms-office365-filtering-correlation-id: 54e49b8f-2f94-4630-061a-08d45c14ea2d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY1PR0301MB0841;
x-microsoft-exchange-diagnostics: 1; CY1PR0301MB0841; 7:y+OravF7zf7+Rvivpic/7v5BwW0HrGABrjmd5aoy7NCDxNWD60bFkzbd+2egU3Un9PAj7aEeR8WD3zuAhZq7df8v+uNiUzVuVWnM/QFkbw9Fz8YnGsLhWOYG/a5xGY3inuDWC5bOYFw12t31p0EZovzNjOiUhGns8JzYBSw33oStaJMjhs4U1di9il+wrfphQyxRjQE5ck47uaAVobnJAu1l3bgNQPQ2oqU0y4iaJD2H4nFdAcyOqS5dpytPjUznoSGGLNxb19jjDPgH6EZAdGQZ+f4JDoZJQJJKfsvMKZrkSa3MHJcTdLS9WZQmbiOwgq98QW3h0TeMFcnjeAyiwqpcA5h9SMikxUhVa5b3TlA=
x-microsoft-antispam-prvs: <CY1PR0301MB08413E9CDEB6F51D01C7327CA6530@CY1PR0301MB0841.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123558025)(20161123560025)(20161123564025)(20161123562025)(20161123555025)(6072148); SRVR:CY1PR0301MB0841; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0841;
x-forefront-prvs: 02272225C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39410400002)(39450400003)(39840400002)(39860400002)(39850400002)(189002)(377454003)(24454002)(199003)(54356999)(4326007)(50986999)(122556002)(2906002)(25786008)(102836003)(68736007)(3280700002)(5660300001)(77096006)(3660700001)(229853002)(790700001)(86362001)(19609705001)(92566002)(6506006)(54896002)(53936002)(99286003)(9686003)(86612001)(76176999)(55016002)(6306002)(236005)(1511001)(74316002)(105586002)(2561002)(8936002)(81166006)(93886004)(106116001)(106356001)(6246003)(189998001)(8676002)(53546006)(101416001)(81156014)(5005710100001)(10090500001)(2900100001)(2421001)(6116002)(6636002)(10290500002)(8990500004)(38730400002)(6436002)(2950100002)(97736004)(33656002)(7736002)(7696004)(148743002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0841; H:SN1PR0301MB2029.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN1PR0301MB2029AD297BE87DE6330FFBE6A6530SN1PR0301MB2029_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2017 17:53:46.2128 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0841
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/Q4HUQcerzKjzVQgBibWKHQHk6e0>
Cc: IETF Tokbind WG <unbearable@ietf.org>
Subject: Re: [Unbearable] ramifications of longer EKMs
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2017 17:53:51 -0000

I’m not sure the value of standardizing the tokbind-tls-term, not sure how much interoperability requirements there are here, maybe this should be an experimental until we figure out if there is a need and if so what are the requirements

From: Unbearable [mailto:unbearable-bounces@ietf.org] On Behalf Of Brian Campbell
Sent: Thursday, February 23, 2017 5:18 AM
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: IETF Tokbind WG <unbearable@ietf.org>
Subject: Re: [Unbearable] ramifications of longer EKMs

Sure, this design would work. My point is that the tokbind-tls-term document cannot require one particular model of TB processing, because if this one model does not meet a data center’s requirements/architecture, the document is easily ignored. And it would be particularly undesirable to lose the “dumb/slim” TTRP model.

Are you suggesting that tokbind-tls-term should have more than one model? Or that the “dumb/slim” TTRP model is most likely to be the desired model?
Backend could pass the TB key parameters to the TTRP, or these could be part of the TTRP configuration. All the “dumb/slim” TTRP needs to know is TB protocol version and a prioritized list of TB key parameter IDs.
Sure, that prioritized list of TB key parameter IDs is still the TTRP 'supporting' them in that it will use them in negotiation.
The TB key parameter IDs the TTRP is willing/able to use will need to be the intersection of the supported TB key parameters of each of the backends. This might be cumbersome in some cases but is just the way it has to be for the “dumb/slim” TTRP model.

Let’s say a client negotiates signature scheme A with the RP, and signature scheme A calls for a 64-byte EKM. Then the client negotiates a signature scheme B with the IDP, and signature scheme B calls for a 32-byte EKM. The client sends Provided and Referred bindings to this IDP, and the Referred binding uses signature scheme A in combination with an EKM length 32 (which does not agree with the signature scheme definition). Is this what you’re proposing as option 4), or did I get it wrong?
Yes, that's an accurate description of what I'd proposed as option 4)


On Wed, Feb 22, 2017 at 6:03 PM, Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>> wrote:
Correction inline☺.

From: Unbearable [mailto:unbearable-bounces@ietf.org<mailto:unbearable-bounces@ietf.org>] On Behalf Of Andrei Popov
Sent: Wednesday, February 22, 2017 4:39 PM
To: Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Cc: IETF Tokbind WG <unbearable@ietf.org<mailto:unbearable@ietf.org>>
Subject: Re: [Unbearable] ramifications of longer EKMs


>  I'm not sure I follow this?

>  I'd think, if this kind of model was used, a TTRP could do all the TB validation work and just expose the TB ID(s) to the backend where they can bind to whatever tokens/cookies they are issuing.
Sure, this design would work. My point is that the tokbind-tls-term document cannot require one particular model of TB processing, because if this one model does not meet a data center’s requirements/architecture, the document is easily ignored. And it would be particularly undesirable to lose the “dumb/slim” TTRP model.

>  The backend apps would only be able to use TB key parameters that the TTRP supports but that's pretty much true of the other model too - the TTRP still is the one negotiating.
Backend could pass the TB key parameters to the TTRP, or these could be part of the TTRP configuration. All the “dumb/slim” TTRP needs to know is TB protocol version and a prioritized list of TB key parameter IDs.

>  It only defeats the purpose of having per-signature-scheme EKM lengths in the case of a refereed TB using a longer EKM than the provided.
Let’s say a client negotiates signature scheme A with the RP, and signature scheme A calls for a 64-byte EKM. Then the client negotiates a signature scheme B with the IDP, and signature scheme B calls for a 32-byte EKM. The client sends Provided and Referred bindings to this IDP, and the Referred binding uses signature scheme A in combination with an EKM length 32 (which does not agree with the signature scheme definition). Is this what you’re proposing as option 4), or did I get it wrong?

v2.30.2 | Report a Bug | By Email | System Status