Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 17 September 2018 18:36 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4DBD130E80 for <unbearable@ietfa.amsl.com>; Mon, 17 Sep 2018 11:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.112
X-Spam-Level: *
X-Spam-Status: No, score=1.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LET2IqxvVIPD for <unbearable@ietfa.amsl.com>; Mon, 17 Sep 2018 11:36:32 -0700 (PDT)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690095.outbound.protection.outlook.com [40.107.69.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3D73127148 for <unbearable@ietf.org>; Mon, 17 Sep 2018 11:36:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BpJsYmB9z8galH2LikdS3f9RFLrV6eNY4BtjdhKKQC4=; b=dR6jjvtIWMhbCbQlUHDpfqe3gqES6xz6f36X7lG619adFlohy5o1bFd8+KjAXzZMwrn0TrMoepOE5+FcRdhWCJPoknpJdheA3wsLoYVXXh7Zt+HPBC39XmliE9ieJJRj9Tbx5viEZXca4At81J0+jdUOtVDgeXmq2gjNPMCmEAU=
Received: from CY4PR21MB0774.namprd21.prod.outlook.com (10.173.192.20) by CY4PR21MB0470.namprd21.prod.outlook.com (10.172.121.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1164.12; Mon, 17 Sep 2018 18:36:30 +0000
Received: from CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::290d:3ed5:7a6b:e1cc]) by CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::290d:3ed5:7a6b:e1cc%2]) with mapi id 15.20.1185.003; Mon, 17 Sep 2018 18:36:30 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Denis <denis.ietf@free.fr>, Tokbind WG <unbearable@ietf.org>, 'Brian Campbell' <bcampbell@pingidentity.com>
Thread-Topic: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
Thread-Index: AQHUS64L+Ni1zKXorUWBMu/ZxHbtwqT0O2GAgAAF2wCAAA3vgIAAePjggAAHdoCAAAGdIA==
Date: Mon, 17 Sep 2018 18:36:30 +0000
Message-ID: <CY4PR21MB0774AB20D798821A35FF19828C1E0@CY4PR21MB0774.namprd21.prod.outlook.com>
References: <bba419c9-103b-5cb0-4267-c5cec9c7b3dd@sunet.se> <6bea7c7b-80ec-9637-324e-730998c461ad@free.fr> <CA+iA6uh5rjoU-AUdOzt-kJkgo3MshZndu7RL59M-kWjx-ckzbw@mail.gmail.com> <93c77c77-9dfe-fe0b-4b3a-319c9dc7ec8e@free.fr> <CY4PR21MB0774438584D60A8033A94EF18C1E0@CY4PR21MB0774.namprd21.prod.outlook.com> <3f7c20ed-26c1-3070-207b-54e97b1dc516@free.fr>
In-Reply-To: <3f7c20ed-26c1-3070-207b-54e97b1dc516@free.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:b:28b2:a023:971b:e42c]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0470; 6:9McVG2v7bBs/IdIFi2qQ5LgINIuRxm5Dur9Qq0x2T77fMEX+I0MgBR2UsGpcT7+qY/EYE6FRH0bKwzTezaI/XjRA9prwZU3PhsAlxGgOn9j1Uaor2OShbHdal8OrMvJBoK1gCD+D3MFq6Iigd7gLHPjMvGwHZGROkK6opzqcixuQnUzKyRiZppeIUEPKKVIcdbYSg/fGHW1alO1EaAKRGRhCMemJBw9U+yOxVcmK0aOsdjTHqL2vq5wsZYo1kpoxptZGqhgBM6JKHEEFvLjEe5zGO5uphfF3jQxZyVdxz8E0W/DmrOB0Q3ZZJN94bRpK65geNBaJNpLZ6asQ61fp9k7cGCseOzF+zCPIA2Pg+KnvGaG1Bb6y2Nun/mUqbKUU9WK7vC2aSNsYQdncSVwx0nLa/aIo72RIj8Q70FTVr8nio+d+N+orC02XHUSnnrRc1S/HTUCdX9rRvEQNw/YU6w==; 5:LKTSyUyEVgKWCNJwTah4VZQTY1VV4KtHsDNfeiXv1IvLqS4HDcIYj4ODAJwoQcV8Y4lUTWEqVvkUbtomwX4tqsarCmz67EIuPlQVHMkWe8NkYtNQtvMrMplJQyMcC3LsDkv2vlMd64HcjXhERJ1HAAon1Ke79KqIT5f4uodkhf4=; 7:Q2+kYGTjRM++JbKCuYV/+by9Q9LhUBRX0bJvgyfMhUllxOVacZpd+IXnQhRBaDtleaxQDiU8gAKHQ6YbtCvulXjH1TqRk/govrJpixxHshBSL8iKLbpv2Vpit1uWoDQKBpm9QD440E+jvXaKQaB4z5Xzpl75Cok6qEEaekggDWBQCVCMgr21qNpDSlSmELyliY5PoCNc2OwsKBh2iLMbbSoFgUWnVdKeEXuoUsjlIKv5mn5epsSCHhfCSG9s1U/Q
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 28677ef2-0422-4fc0-32e6-08d61ccc7c8b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:CY4PR21MB0470;
x-ms-traffictypediagnostic: CY4PR21MB0470:
x-microsoft-antispam-prvs: <CY4PR21MB0470DF4FE254BDFCA8A106198C1E0@CY4PR21MB0470.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(158342451672863)(191636701735510)(21748063052155)(28532068793085)(219752817060721)(189930954265078);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231355)(944501410)(52105095)(2018427008)(93006095)(93001095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123564045)(20161123562045)(201708071742011)(7699050)(76991041); SRVR:CY4PR21MB0470; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0470;
x-forefront-prvs: 0798146F16
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(396003)(39860400002)(136003)(366004)(189003)(199004)(25786009)(6246003)(5660300001)(790700001)(6116002)(110136005)(93886005)(7736002)(76176011)(86612001)(236005)(53936002)(9686003)(68736007)(86362001)(2900100001)(74316002)(53546011)(256004)(316002)(22452003)(8936002)(446003)(229853002)(11346002)(10290500003)(486006)(8990500004)(7696005)(55016002)(14454004)(81156014)(33656002)(606006)(6506007)(99286004)(2906002)(46003)(10090500001)(478600001)(72206003)(966005)(14444005)(54896002)(6306002)(105586002)(4000630100001)(6436002)(8676002)(186003)(476003)(81166006)(102836004)(106356001)(6346003)(561944003)(5250100002)(97736004)(15866825006); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0470; H:CY4PR21MB0774.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-message-info: xnEf+qtiLHkY93dh46VeBcepKWWfta65LxBa2LhbFPOGyzHCdfp6W6AXfLB78IqYPAddzKJZoMJ6J9uIynoa0V33/8jymi4GWD1Ro6RqlT42Dq4wqmoaOk7dOq+A4hKbLxyvdDznC+z1P3CApuFo5L0gAQjExUip6sFkNQhHiAWe4QlqbprKUfvbGsBl806KFjBiIhIR1A8XhpyAYSHXfyXYwnBlyUtf5i56K+gLrN6IyaMOBwbL8KfkLmUDNKsemMCJLb/nmj4jvKRKIyYuVAmE+Nx2TfQRJRnUjrtOCxTJNpb+xt3kqRENboiISoAKrq5kuKw5Qieqimb8vVpw1EFpqyWhArGyJ47M/QTx71c=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0774AB20D798821A35FF19828C1E0CY4PR21MB0774namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 28677ef2-0422-4fc0-32e6-08d61ccc7c8b
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2018 18:36:30.7146 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0470
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/UqD-8HM5cStqK5RUL_pZK4xKVwE>
Subject: Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Sep 2018 18:36:35 -0000

Yes, but arguably, since TTRP references TBPROTO, it does not have to copy all of the security considerations from the base protocol document. Otherwise, any Internet-Draft would have to contain a superset of the security considerations from all referenced documents…

From: Unbearable <unbearable-bounces@ietf.org> On Behalf Of Denis
Sent: Monday, September 17, 2018 11:23 AM
To: Tokbind WG <unbearable@ietf.org>
Subject: Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp

Hi Andrei,

Such a sentence is present in draft-ietf-tokbind-protocol-19 (The Token Binding Protocol Version 1.0), but not
in draft-ietf-tokbind-ttrp-06: HTTPS Token Binding with TLS Terminating Reverse Proxies.

Denis
Hi Denis,

IMHO this is already addressed in the security considerations:


“The Token Binding protocol does not prevent cooperating clients from
   sharing a bound token.  A client could intentionally export a bound
   token with the corresponding Token Binding private key, or perform
   signatures using this key on behalf of another client.”

Cheers,

Andrei

From: Unbearable <unbearable-bounces@ietf.org><mailto:unbearable-bounces@ietf.org> On Behalf Of Denis
Sent: Monday, September 17, 2018 3:43 AM
To: Hans Zandbelt <hans.zandbelt@zmartzone.eu><mailto:hans.zandbelt@zmartzone.eu>
Cc: Tokbind WG <unbearable@ietf.org><mailto:unbearable@ietf.org>
Subject: Re: [Unbearable] (belated) WGLC draft-ietf-tokbind-ttrp

Hans,

This has nothing to do with "private key sharing". Private keys are usually protected by some hardware device which does not allow to export these keys.
However, a legitimate user can use his hardware device which means that he can ask to his device to perform some cryptographic computation with the private keys
that are stored in it.

In the past, when doing a threat analysis, only external attackers were being considered. Collaborative attacks is a different kind of threat that should also be considered.
However, it only applies to some specific contexts:
If the security token contains a sufficient number of attributes that allows to fully identify the bearer, the bearer will probably refuse to collaborate with anybody else,
because that other body could fully impersonate him.

If the security token contains one or more attributes that do not allow to fully identify the bearer, the bearer may accept to collaborate with somebody else, because
he cannot be identified. Typical examples of such an attribute are: "over 18" or "resident of Florida". Such attributes may allow to access to a service.
Any solution using software only is unable to counter collaborative attacks. Any solution using hardware devices that are only protecting the private keys, but not their usage,
are also unable to counter collaborative attacks. The topic has nothing to do with generic PKI principles and guidelines. However, adding some additional explanations into
the security considerations section along those provided above could be useful.

Denis
Can we please stop adding text that says "don't share your private key with others" to IETF drafts? That is an inherent part of PKI and does not need to be repeated everywhere IMO, just like text about how verifying TLS server certificate should work is not repeated in drafts where TLS is a requirement. Perhaps a reference to generic PKI principles and guidelines may be included?

Hans.

On Mon, Sep 17, 2018 at 11:32 AM Denis <denis.ietf@free.fr<mailto:denis.ietf@free.fr>> wrote:
Comments on draft-ietf-tokbind-ttrp-06: HTTPS Token Binding with TLS Terminating Reverse Proxies

The introduction states:
An HTTP server issuing cookies or other security tokens can associate them with the Token Binding ID, which ensures those tokens
cannot be used successfully over a different TLS connection or by a different client than the one to which they were issued.
When there are only external attackers, the sentence is correct but is incorrect when there is a collusion between a legitimate client and another client.
The sentence should be corrected. Here is a proposal:
An HTTP server issuing cookies or other security tokens can associate them with the Token Binding ID, which ensures those tokens
cannot be used successfully over a different TLS connection or by a different client than the one to which they were issued, as long as
there is no collusion between the legitimate client and another client.
In the "Security Considerations" section (section 4), some explanations should be added. Here is a proposal:
The token binding mechanism is efficient against external attackers, but, in case a legitimate client collaborates with another client,
the mechanism can be defeated since the legitimate client, using the private key which proves possession of the security token, can perform
all the cryptographic computations that the other client needs to demonstrate the possession of that security token.
Denis

This message marks the start of a 2 week WGLC on

draft-ietf-tokbind-ttrp-06 as agreed in Montreal but only now effected

by your chair.



Please provide your final comments, voices of support or objections

by COB Fri 28 Sept in any TZ.



 Best R

 Leif



_______________________________________________

Unbearable mailing list

Unbearable@ietf.org<mailto:Unbearable@ietf.org>

https://www.ietf.org/mailman/listinfo/unbearable<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Funbearable&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cab8af6eb738948ea918908d61ccaa431%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636728054009097353&sdata=nAYXebh8MnuGb4AqFSnfgn7w03gTobnP5pHjPfRB%2FR4%3D&reserved=0>


_______________________________________________
Unbearable mailing list
Unbearable@ietf.org<mailto:Unbearable@ietf.org>
https://www.ietf.org/mailman/listinfo/unbearable<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Funbearable&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cab8af6eb738948ea918908d61ccaa431%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636728054009097353&sdata=nAYXebh8MnuGb4AqFSnfgn7w03gTobnP5pHjPfRB%2FR4%3D&reserved=0>


--
hans.zandbelt@zmartzone.eu<mailto:hans.zandbelt@zmartzone.eu>
ZmartZone IAM - www.zmartzone.eu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zmartzone.eu&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cab8af6eb738948ea918908d61ccaa431%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636728054009097353&sdata=qCQp1us41uMQ3TXbXjN7rzY0ZXIwFJNa3v40dfVvaeQ%3D&reserved=0>