IETF Logo Mail Archive

[VoT] Missing RP / IdP authentication entirely

Chris Drake <cnd@geek.net.au> Tue, 28 November 2017 01:47 UTC

Return-Path: <cnd@geek.net.au>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB9181200C1 for <vot@ietfa.amsl.com>; Mon, 27 Nov 2017 17:47:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.592
X-Spam-Level:
X-Spam-Status: No, score=-4.592 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_IADB_DK=-0.095, RCVD_IN_IADB_LISTED=-0.001, RCVD_IN_IADB_RDNS=-0.235, RCVD_IN_IADB_SENDERID=-0.001, RCVD_IN_IADB_SPF=-0.059, RCVD_IN_IADB_UT_CPR_MAT=-0.001, RCVD_IN_IADB_VOUCHED=-2.2, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=geek.net.au
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IOVYaz2U3un for <vot@ietfa.amsl.com>; Mon, 27 Nov 2017 17:47:16 -0800 (PST)
Received: from srve.com (srve.com [208.69.183.6]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19E98126DCA for <vot@ietf.org>; Mon, 27 Nov 2017 17:47:15 -0800 (PST)
Received: from activate.adobe.com ([139.130.201.235]) (authenticated bits=0) by srve.com (8.13.8/8.13.8/CWT/DCE) with ESMTP id vAS1krYn032704 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Tue, 28 Nov 2017 01:46:55 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=geek.net.au; s=20131023; t=1511833618; bh=9ucakw6Ufc6YjzAlX28wAX4lm7m9t/H/ppZmqgFiOzs=; h=Date:From:To:CC:Subject:In-Reply-To:References; b=yb5xGB69+LiRoEAT5ZNvhYNCKyWKgy21JcZ5HWu/cQzi6k1QSZG2ThEuZ4IeXmrOZ J7nFg8uFbO3LjpnNh4K6e6sZqXhvZS++xI/v7swfAw5jOCsOxxDuMQzK5dSjb0DkNQ ETSFsmO+AStLqD14LxBY1P6J2s7OwQfSUuzjaiASswmxSOM9ey2SjRaLO64AgVjs4W U56nUT3hhkLl9NwNYBOja+B1B4pvrGAwLE02/kusdlkP0c7RxqFKPQvrdCx4LSywX2 YzSNdc9RXn1WWxJOgRgEJzxuPfC/4ocH7tM/e6FsMKEvsdcCg8sQqZraHa1AeQZQiv 4BzzbRQUFHOCg==
Date: Tue, 28 Nov 2017 11:46:53 +1000
From: Chris Drake <cnd@geek.net.au>
Message-ID: <122798356.20171128114653@CryptoPhoto.com>
To: Jim Fenton <fenton@bluepopcorn.net>, "Grassi, Paul A. (Fed)" <paul.grassi@nist.gov>
CC: "vot@ietf.org" <vot@ietf.org>, Justin Richer <jricher@mit.edu>, John Bradley <ve7jtb@ve7jtb.com>, Leif Johansson <leifj@sunet.se>, Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <C06C6AF4-4633-4389-A1A2-68B9BA766B39@bluepopcorn.net>
References: <CAANoGh+hGmwOufaX1gik4zD50auT37pUKjcApuyNbmbBjrssfg@mail.gmail.com> <CAANoGh+r4LaunjnR_8W3wHJaAt7Thv8v0QH4Gxy0s05d0Qb13g@mail.gmail.com> <CAANoGhJMyfGNBNa_XFnt2zMsNLfC7s6V3=LJHTyKChjd7m0ovA@mail.gmail.com> <CAANoGh+vTWSKh75Kr91=LUvXn_O4p4MaAq9jM93GGo0U092ETA@mail.gmail.com> <34a6e930-5d60-6b64-5d6e-49e062628a74@sunet.se> <07DB5C07-2DE0-4DD2-B63B-02343499E546@oracle.com> <71FA2939-36BF-4B1F-98BE-619421293143@nist.gov> <1273163981.20171124134926@CryptoPhoto.com> <30FC6686-4AFC-44B0-82D1-027CE3DDC3D5@nist.gov> <CAANoGhJyOCgDk8Fax0Jg10qgH972Kdzv522xj9unHTpLUJsbhQ@mail.gmail.com> <C4AA7E13-9287-4813-BF28-7B8A81B196A3@nist.gov> <C06C6AF4-4633-4389-A1A2-68B9BA766B39@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------1061B70312C00A192"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrILMWRWlGSWpSXmKPExsXS3XTytW73QZkog81HBSxOr97NbPGtcxaz xYZrL1ktFvRuZbZY3i9nsWB+I7vF6rt/2Swafj5gdeDweLrqFZPHkiU/mTyazhxl9rh28i+r x8ent1g8dt14zOKxd1Mfu8ft2xtZAjiiBCN0wzMyS1JzMotLrBRCgkJdEwQzdr6byFzwXaii Z/Uz1gbGw/xdjBwcQgJJEjMO13YxcnGwCKxjkVjxcy5LFyMnkKMqcX7/WTCbTUBZ4s+bCcwg Nq+AmUT/nFmMILaQgJLE3d4N7CC2iECkxJrTp1lBBjELrGaUuHvgNhPIAmEBc4nLZ0JATE4B Z4mfLbYgJUICF1glviz5xgYxU1Di5MwnYLuYBXwkTi//zDqBkXcWktQsJKkFjEyrGAWLc9OL C/SKCxJzqxIL9JLzczcxAgO2noGBcQdjU1vYIUYBDkYlHl4LJ5koIdbEsuLK3EOMTByclxjN OFiE+Isri+MTc3Lyy+NTcxMzc4RY8vLzUqWEeRkZGBiEeApSi3IzS+KLSnNSi2HRJdXA6HhV caP3Vy25hsZ4uSP1D6xevWK5URujec7uOYv4lR33W7ofc59z+3yVpXhhj0CWmHZYxlz3bbce vuypMioqb+leWX84M1g24FncI82fp29fcLT7w8H2N0XWY+fRCcurrzRwMOW2Kvz1eJp3wlTp ad+73T8vZl5ikgpcJvyK2XFty4MNK3f4KLEUZyQaajEXFScCAOPaKX5UAgAA
X-Whitelist: TRUE
Archived-At: <https://mailarchive.ietf.org/arch/msg/vot/4W8qi9bHySd1BAmN_UShvOFU_ko>
Subject: [VoT] Missing RP / IdP authentication entirely
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 01:47:18 -0000

Hi All,

Completely missing from the standard are any "two directional" vectors:

100% of the work here is user-focussed, with no attention on RP / IdP legitimacy - a huge mistake, since 91% of successful attacks against authentication take advantage of the completely-missing "machine to user" authentication step (e.g. NIST "Verifier Impersonation Resistance").

I can't decide if this needs to be a new set of vectors, or if it makes sense to incorporate into one of the existing ones:

*. Who is the RP, and how certain is the User/IdP that the RP is legitimate ?
*. Who is the IdP, and how certain is the RP/User that the IdP is legitimate ?
*. What steps has the IdP taken to ensure the users and RPs are not duped ?

What I am certain about, is that it needs to be in the standard.  It makes NO SENSE to put all this effort into something that addresses only 9% of the problem.  NIST recently fixed this, so should we.

Kind Regards,
Chris Drake

v2.23.0 | Report a Bug | By Email