Re: [Unbearable] draft-campbell-tokbind-tls-term architecture.
Brian Campbell <bcampbell@pingidentity.com> Mon, 20 March 2017 14:09 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05119129498 for <unbearable@ietfa.amsl.com>; Mon, 20 Mar 2017 07:09:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01bF71pHOC0a for <unbearable@ietfa.amsl.com>; Mon, 20 Mar 2017 07:09:20 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D167F126579 for <unbearable@ietf.org>; Mon, 20 Mar 2017 07:09:20 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id n190so78049211pga.0 for <unbearable@ietf.org>; Mon, 20 Mar 2017 07:09:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=DH8RYmdgRRD1Yit6TmtW7jt2uL4djecKjYZoWVJDT2o=; b=SudnOY2j7S3Vm5Mg/91mSuOFlsLkis6dubRTHudKs4WRI8xYErrlKm2Pe7eEZLAyWE IZCts1h4Exu7jnD+CGW5L3B7nAv22GF9XzhSp4YpAupTblQ0E2OVE2rheKV1qOlGWVNw muQCU04acYlKVDloKAizPlac7hqj0IO2Vf0Xg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=DH8RYmdgRRD1Yit6TmtW7jt2uL4djecKjYZoWVJDT2o=; b=ojTQqrI5AXwkiD9tBSmAjh+JQQrtZ7lyWAdmD6b0oskXu8Z2WK9fwZ4JeMeRVw4b5W qT3ZsshNVy76MAn7S2oird4JvZb5Vyf1vfTv5WLxYS12QhQ+k6orl5SawkNpkgfu54vv RtbDCHs6WrvW2cocvKKudVIsSJO2TS3TFDmIPtFjpHD8Gengy//CLPHX9QzILtebakMJ qohwTaQjNIkA3YhUZAbzgBharfkk/Izb7/gqltPtkyfFMC3FOWOfXm2wMqfchfYVZ6aL qJgxqT/Dz2zzNaWecpJBxcDHlTdjkCVa/5VeMcL5qVPTPtND3w+TzP+D++7n3aDZw+ZL 2VSQ==
X-Gm-Message-State: AFeK/H29KW4/fcZpr7OcxYuk81FRCs4n0zfg5HlYKX1MpdHRuk+KsxMb2V475Kb7Y8Ugyhq0OuaJEzcwoLCvzGj+
X-Received: by 10.84.209.194 with SMTP id y60mr40367394plh.44.1490018960362; Mon, 20 Mar 2017 07:09:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.170.138 with HTTP; Mon, 20 Mar 2017 07:08:49 -0700 (PDT)
In-Reply-To: <CABcZeBOaX8W6XSekcn4Cth1ofZxxe6Dg6Pmrj6nrAwN2BneC1Q@mail.gmail.com>
References: <CABcZeBOaX8W6XSekcn4Cth1ofZxxe6Dg6Pmrj6nrAwN2BneC1Q@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 20 Mar 2017 08:08:49 -0600
Message-ID: <CA+k3eCR6zVSUK0CP6yvkA3300SU5rCQM0cj03VE70rLyaewrmQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: IETF Tokbind WG <unbearable@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c03a94ad76cec054b2a12e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/zGlw4iZsZgNWaFkkUpiFEsYVq7Q>
Subject: Re: [Unbearable] draft-campbell-tokbind-tls-term architecture.
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 14:09:23 -0000
Thanks for the read, Eric. Thoughts/replies are inline below. On Sun, Mar 19, 2017 at 11:12 AM, Eric Rescorla <ekr@rtfm.com> wrote: > I have read this document. Comments below. > > OVERALL > In S 2 you say: > > Reverse proxies MUST only add the "Token-Binding-Context" header when > explicitly configured to do so and MUST only dispatch requests > containing it to trusted backend servers. Any occurrence of the > "Token-Binding-Context" header in the request from the client MUST be > removed or overwritten before forwarding the request. Backend > servers MUST only accept the "Token-Binding-Context" header when > explicitly configured to do so and only from trusted reverse proxies. > > As well as/instead of requiring proxies to sanitize, why not make it > not possible for the client to construct a valid header. One way to > do this would be to require that the header be MACed with a shared > key between the proxy and the server. > My thinking here was that there will typically be some kind of trust relationship (implicit or explicit or a bit of both) in the set up of the reverse proxy and the server - private network, mutual TLS, some other authentication, etc., - and one that might already be doing some header sanitation by the proxy. Having the proxy sanitize this new TB context header seemed like the lightest weight approach to locking this new functionality down sufficiently. And keeping the work incumbent on the proxy as lightweight as possible/reasonable has generally been a recurring goal. MACing the header would also accomplish the same general security goals as requiring proxies to sanitize. And is probably less prone to deployment or implementation errors that inadvertently allow for abuse of the header. But it is less lightweight and adds new cryptographic processing requirements on the reverse proxy as well as the backend server and some more bytes to each request. It also would bring the need for this draft to consider algorithm agility and MTI, which can be done of course but is something I am pretty happy to avoid. That's my reasoning behind the current approach in the draft anyway. But if there's some preference and/or rough consensus toward a MAC of the header, that's certainly a viable approach the draft could take. Assuming it moves forward as a WG item. Also, I think some analysis of why this header doesn't need to be > in Sec-* would be valable. I am assuming your argument is going > to be that it's always stripped by proxies? > I suppose that would be my argument, yes. But I don't know that I'm really inclined to argue about it. Do you see some value in having the header be Sec- prefixed? If there's good reason to do that, I'd certainly be open to it. This thing is just a -00 individual draft at this point. S 1. > Nit: > standardized approach, different implementations will will address it > > Duplicate will > Fixed in my local copy. Thanks for catching that. > > -Ekr > > >
- [Unbearable] draft-campbell-tokbind-tls-term arch… Eric Rescorla
- Re: [Unbearable] draft-campbell-tokbind-tls-term … Brian Campbell