Re: [Unbearable] WGLC 3 on core documents
Andrei Popov <Andrei.Popov@microsoft.com> Thu, 02 March 2017 21:52 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 530EE129535 for <unbearable@ietfa.amsl.com>; Thu, 2 Mar 2017 13:52:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wnZM5HrF5rhZ for <unbearable@ietfa.amsl.com>; Thu, 2 Mar 2017 13:52:23 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0139.outbound.protection.outlook.com [104.47.40.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A75AD126BF7 for <unbearable@ietf.org>; Thu, 2 Mar 2017 13:52:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=PpZI7SU2VjHcjomrQo1HQreECu7Kw5Yrd4Rce0dwekI=; b=GsH9A3Q+yCXlT6+lCwwvydWk/SIw4caqb7TgmsuZwRIQFAR4+P6E8AxQpbcMzx/MFpqcxZP63JYA4PCcHeKmT6cG1Ees2QlIvFq2UfQpw7vGuek4kou5CNJntAgnrjcMWNp7cMmTgkZ99ejfyYFkAXK5WK+c/LL4mHGn2e16+hA=
Received: from DM2PR21MB0091.namprd21.prod.outlook.com (10.161.141.14) by DM2PR21MB0090.namprd21.prod.outlook.com (10.161.141.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.3; Thu, 2 Mar 2017 21:52:21 +0000
Received: from DM2PR21MB0091.namprd21.prod.outlook.com ([10.161.141.14]) by DM2PR21MB0091.namprd21.prod.outlook.com ([10.161.141.14]) with mapi id 15.01.0961.008; Thu, 2 Mar 2017 21:52:21 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [Unbearable] WGLC 3 on core documents
Thread-Index: AQHSiK9hN2Zs7g7owEimaRJSUV1QM6F/jmIAgAEu9ACAABQN0IAAITCAgAE3kvA=
Date: Thu, 02 Mar 2017 21:52:21 +0000
Message-ID: <DM2PR21MB00915A38ADE98B60918FFF818C280@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <90198679-4549-2893-6d91-f4415df217ad@sunet.se> <CABkgnnUPNRS1AUaVZy-Hkk6TD_yxLT8d_fG6LyFbPaJAJg4_cg@mail.gmail.com> <CACdeXiKD_cOnFqfKFa1o6n6VzrtrBbN0pfH4DBe7g2TKbMiRLw@mail.gmail.com> <DM2PR21MB00913546EC3A8E0C931F3CB38C280@DM2PR21MB0091.namprd21.prod.outlook.com> <CABkgnnVhwrnLBKugkc-PtKDzroH3DcdEhmFT+7FDT9-6cU46aw@mail.gmail.com>
In-Reply-To: <CABkgnnVhwrnLBKugkc-PtKDzroH3DcdEhmFT+7FDT9-6cU46aw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8::1d2]
x-microsoft-exchange-diagnostics: 1; DM2PR21MB0090; 7:T6/bT2p0RBkjrz1Pyp6WQaXL4a6xX6WF88iWqlQP+rExLH0vrhdYBVkCZ3L3oFTte/n5A/uZoqR1Evy6Y8zl7l/bBRfGPKgKwYiBfZK7GzJuJT4OtvZExCKYN/Pq5Y1APAm6I4UMCiifDHEUuS6wq6yTm53V9kOFBXDDnj+Eqol5VCVtgW0ps622CozAT0X+SZxCrt14pUV1v2Pzqs+H4eh0nsYoT21S8gC5fOZA7INjAv7DVtbobGz1MoESTeJHvFpfiAHOq+TlFnf1tdLj/W10CSoVCCJcEdA3Xe/9r27S5+Zi6UUAZ3HTN7tT8wyZ7+dkq/C2ZvMM0JVaBP719/cmZvNm0FU67SZCe0KxymM=
x-ms-office365-filtering-correlation-id: 7190f0c3-eb74-42c0-c43d-08d461b667a2
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM2PR21MB0090;
x-microsoft-antispam-prvs: <DM2PR21MB00908CC15EFEEF441BD47EB78C280@DM2PR21MB0090.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(211936372134217)(69029272430364);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123562025)(20161123558025)(20161123560025)(20161123555025)(6072148)(6042181); SRVR:DM2PR21MB0090; BCL:0; PCL:0; RULEID:; SRVR:DM2PR21MB0090;
x-forefront-prvs: 023495660C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(377454003)(51444003)(13464003)(24454002)(8936002)(8676002)(99286003)(9686003)(6506006)(54906002)(102836003)(55016002)(81166006)(6116002)(229853002)(25786008)(77096006)(189998001)(2900100001)(106116001)(6436002)(76176999)(50986999)(54356999)(92566002)(10090500001)(6916009)(86362001)(53546006)(3280700002)(93886004)(38730400002)(53936002)(33656002)(86612001)(110136004)(39060400002)(6246003)(305945005)(7696004)(2950100002)(5660300001)(4326008)(122556002)(5005710100001)(3660700001)(10290500002)(74316002)(8990500004)(7736002)(2906002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR21MB0090; H:DM2PR21MB0091.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2017 21:52:21.4244 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR21MB0090
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/rXFpMXB7VcBCx2Noh6MqnwSkTb4>
Cc: "unbearable@ietf.org" <unbearable@ietf.org>, Leif Johansson <leifj@sunet.se>, Nick Harper <nharper@google.com>
Subject: Re: [Unbearable] WGLC 3 on core documents
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 21:52:25 -0000
> If we had more formal analysis of the protocol, we might be able to have these discussions without resorting to "I think" statements. Having a formal analysis would have been wonderful. My conclusion was derived from the 3 points listed right above the conclusion:) > If your claim is that a client might, under different circumstances, be coerced into making a claim that it controlled a key that it did not in fact control, that's an extraordinary claim requiring extraordinary evidence. A TB library sitting on a server has no knowledge of exactly how federation happens to be arranged, and what guarantees the federation mechanism provides. With the current design, the TB library does not need to know these things. It can simply make sure the client is in control of the TB private keys by verifying signatures. Cheers, Andrei -----Original Message----- From: Martin Thomson [mailto:martin.thomson@gmail.com] Sent: Wednesday, March 1, 2017 7:06 PM To: Andrei Popov <Andrei.Popov@microsoft.com> Cc: Nick Harper <nharper@google.com>; unbearable@ietf.org; Leif Johansson <leifj@sunet.se> Subject: Re: [Unbearable] WGLC 3 on core documents On 2 March 2017 at 12:41, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > I think that eliminating the signature on the referred bindings makes the protocol less secure and potentially narrows the range of scenarios where it can be used. If we had more formal analysis of the protocol, we might be able to have these discussions without resorting to "I think" statements. If your claim is that a client might, under different circumstances, be coerced into making a claim that it controlled a key that it did not in fact control, that's an extraordinary claim requiring extraordinary evidence. I totally see how a client might be tricked into using the wrong key in some different protocol - even in HTTP if there truly is a MitM - but that doesn't provide anything other than a denial of service. The MitM is more than capable of causing that to happen without resorting to trickery though.
- [Unbearable] WGLC 3 on core documents Leif Johansson
- Re: [Unbearable] WGLC 3 on core documents Denis
- Re: [Unbearable] WGLC 3 on core documents Nick Harper
- Re: [Unbearable] WGLC 3 on core documents Denis
- Re: [Unbearable] WGLC 3 on core documents Leif Johansson
- Re: [Unbearable] WGLC 3 on core documents Martin Thomson
- Re: [Unbearable] WGLC 3 on core documents Andrei Popov
- Re: [Unbearable] WGLC 3 on core documents Brian Campbell
- Re: [Unbearable] WGLC 3 on core documents Martin Thomson
- Re: [Unbearable] WGLC 3 on core documents Nick Harper
- Re: [Unbearable] WGLC 3 on core documents Martin Thomson
- Re: [Unbearable] WGLC 3 on core documents Martin Thomson
- Re: [Unbearable] WGLC 3 on core documents Martin Thomson
- Re: [Unbearable] WGLC 3 on core documents Nick Harper
- Re: [Unbearable] WGLC 3 on core documents Andrei Popov
- Re: [Unbearable] WGLC 3 on core documents Martin Thomson
- Re: [Unbearable] WGLC 3 on core documents Andrei Popov
- Re: [Unbearable] WGLC 3 on core documents Martin Thomson
- Re: [Unbearable] WGLC 3 on core documents Brian Campbell
- Re: [Unbearable] WGLC 3 on core documents Andrei Popov
- Re: [Unbearable] WGLC 3 on core documents Brian Campbell
- Re: [Unbearable] WGLC 3 on core documents Andrei Popov