IETF Logo Mail Archive

Re: [Unbearable] WGLC 3 on core documents

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 02 March 2017 01:42 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D406129629 for <unbearable@ietfa.amsl.com>; Wed, 1 Mar 2017 17:42:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yoChEh4zuIE3 for <unbearable@ietfa.amsl.com>; Wed, 1 Mar 2017 17:42:16 -0800 (PST)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0133.outbound.protection.outlook.com [104.47.33.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7446A1295B7 for <unbearable@ietf.org>; Wed, 1 Mar 2017 17:42:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=n7Gll9seoB7nW/asdQCOSY4Yo9ik6/lpaaAm8La/jxU=; b=JVZZpgD3WmS/2VkWt0JJc6HXJyDPX+yaGZPFPu3fmPT3P2R+QgsKMEM25Ec5ubLMcIibM8hLjjs7qNYSZALSP03aTvzjLzR0KyO2W6bbN49LdVrL0kVmu2mZtXHN9u9gRmnMQH36P7PwGiGlVj1hs7L33eFMW1eUInlYRN3fE3E=
Received: from DM2PR21MB0091.namprd21.prod.outlook.com (10.161.141.14) by DM2PR21MB0089.namprd21.prod.outlook.com (10.161.141.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.3; Thu, 2 Mar 2017 01:41:34 +0000
Received: from DM2PR21MB0091.namprd21.prod.outlook.com ([10.161.141.14]) by DM2PR21MB0091.namprd21.prod.outlook.com ([10.161.141.14]) with mapi id 15.01.0961.004; Thu, 2 Mar 2017 01:41:34 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Nick Harper <nharper@google.com>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [Unbearable] WGLC 3 on core documents
Thread-Index: AQHSiK9hN2Zs7g7owEimaRJSUV1QM6F/jmIAgAEu9ACAABQN0A==
Date: Thu, 02 Mar 2017 01:41:34 +0000
Message-ID: <DM2PR21MB00913546EC3A8E0C931F3CB38C280@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <90198679-4549-2893-6d91-f4415df217ad@sunet.se> <CABkgnnUPNRS1AUaVZy-Hkk6TD_yxLT8d_fG6LyFbPaJAJg4_cg@mail.gmail.com> <CACdeXiKD_cOnFqfKFa1o6n6VzrtrBbN0pfH4DBe7g2TKbMiRLw@mail.gmail.com>
In-Reply-To: <CACdeXiKD_cOnFqfKFa1o6n6VzrtrBbN0pfH4DBe7g2TKbMiRLw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8:8::1d2]
x-microsoft-exchange-diagnostics: 1; DM2PR21MB0089; 7:s3mypg2j8+/ry+TnsuwOU6ZGhWNfyILD7ZuxPT1/mrv1yk7EgJYvYorpXXELdL2PAPgosf3KTp/OeN/00xmJh8BdGtHh/ABpNcenwPyT7E46dapRBPTy5fvaL0eC6Z96iwGDeI7iGgpIZUSo8fZyI1UDwssrdOTNo7zVwP+z4R4iLtvB+2cSi/E6cwBrYLIMTvzvZjwlVkM/7fm9U+bUT/CI3dOUmuREPYThdEkRLLwz8tB68STQUjExQ5tbUPpl/VZXMM/DSibRjDGpMwYnU5KtiTcKr42B48djELp1EBikFYyY4NF7wb11S8jkRoaqEeQ1RviLisJ9JCp6cW837TKt926T2GNsQ3jjeqEYsYk=
x-ms-office365-filtering-correlation-id: ae7c041a-8ec3-44d5-5534-08d4610d42b9
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM2PR21MB0089;
x-microsoft-antispam-prvs: <DM2PR21MB0089B52851B9FE86CE0806F98C280@DM2PR21MB0089.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123558025)(20161123560025)(20161123564025)(20161123562025)(20161123555025)(6072148); SRVR:DM2PR21MB0089; BCL:0; PCL:0; RULEID:; SRVR:DM2PR21MB0089;
x-forefront-prvs: 023495660C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39860400002)(39850400002)(39840400002)(39450400003)(39410400002)(51444003)(7696004)(2950100002)(81166006)(2906002)(8936002)(38730400002)(4326008)(122556002)(102836003)(6116002)(2900100001)(9686003)(5660300001)(106116001)(189998001)(33656002)(6436002)(86362001)(74316002)(92566002)(39060400002)(99286003)(305945005)(229853002)(3280700002)(10290500002)(7736002)(6506006)(10090500001)(54356999)(53936002)(86612001)(76176999)(25786008)(6246003)(8990500004)(3660700001)(77096006)(8676002)(97736004)(5005710100001)(50986999)(55016002)(54906002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR21MB0089; H:DM2PR21MB0091.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2017 01:41:34.6431 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR21MB0089
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/QueP-50wq9MftInVETLl5sKT-2M>
Cc: "unbearable@ietf.org" <unbearable@ietf.org>, Leif Johansson <leifj@sunet.se>
Subject: Re: [Unbearable] WGLC 3 on core documents
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 01:42:18 -0000

> If the protocol is structured in a way that this list of (or single) referred TBID(s) is only included upon a signal like the "Include-Referred-Token-Binding-ID" 
> (and it is up to the client to determine what that referred TBID is, instead of the referrer saying "please include TBID X"), 
> I think the server can assume that the client would only include a TBID as a referred TBID if it is one that belongs to that client.

A few issues with this:
1. There are multiple ways federation may work, and only some of them have the above properties.
2. The specific federation mechanisms are beyond the scope of TBPROTO, and it is this way because different application protocols have different federation mechanisms. At the same time, I would like the base protocol to retain its security properties, regardless of the federation mechanism.
3. If we include referred TB IDs only, the Token Issuer/IDP has no way to cryptographically verify that the client controls the corresponding private key.

I think that eliminating the signature on the referred bindings makes the protocol less secure and potentially narrows the range of scenarios where it can be used.

v2.30.2 | Report a Bug | By Email | System Status