Re: [VoT] Missing RP / IdP authentication entirely

Justin Richer <> Tue, 28 November 2017 02:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6AE8812706D for <>; Mon, 27 Nov 2017 18:26:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id V2xyIhrRUJFh for <>; Mon, 27 Nov 2017 18:26:24 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1445F124207 for <>; Mon, 27 Nov 2017 18:26:23 -0800 (PST)
X-AuditID: 1209190c-eedff70000007c38-8a-5a1cc94efe6e
Received: from ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 9F.8D.31800.E49CC1A5; Mon, 27 Nov 2017 21:26:23 -0500 (EST)
Received: from (OUTGOING-AUTH-1.MIT.EDU []) by (8.13.8/8.9.2) with ESMTP id vAS2QLFO010206; Mon, 27 Nov 2017 21:26:21 -0500
Received: from [] ( []) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by (8.13.8/8.12.4) with ESMTP id vAS2QFAF012604 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 27 Nov 2017 21:26:18 -0500
Message-Id: <>
Date: Tue, 28 Nov 2017 03:26:12 +0100
Importance: normal
From: Justin Richer <>
To: Chris Drake <>, Jim Fenton <>, "Grassi, Paul A. (Fed)" <>
Cc: "" <>, John Bradley <>, Leif Johansson <>, Phil Hunt <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=""
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKKsWRmVeSWpSXmKPExsUixCmqrOt/UibK4PlaRouVn74zWnzrnMVs saB3K7PF8n45iwXzG9ktVt/9y2bR8PMBqwO7x9NVr5g8Lm2bwOyxZMlPJo9rJ/+yenx8eovF Y++mPnaP27c3sgSwR3HZpKTmZJalFunbJXBldHYeYCl4a1vxvOseUwNjp00XIyeHhICJxOP9 T9i6GLk4hAQWM0mcO7uYEcLZyChx+9ZvZpAqIYFbTBLHJmuA2LwCVhIt25tYQGxhAXmJlr4T YDUsAqoST9/0sEHErSWmHtnC3sXIwcEpICTRtUsCJMwGVDJ9TQsTiC0iUC8x40UfI4jNLDCR UeLyW2eI8YISJ2c+YYGIx0j07nvCPIGRbxaS1CwkKQhbXeLPvEtQtqLElO6H7LOANjMLqEks a1VCFl7AyLaKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI11AvN7NELzWldBMjOD4keXYwnnnjdYhR gINRiYd3gotMlBBrYllxZe4hRkkOJiVR3gXZUlFCfEn5KZUZicUZ8UWlOanFhxglOJiVRHhl H0pHCfGmJFZWpRblw6SkOViUxHm3Be2KFBJITyxJzU5NLUgtgsnKcHAoSfB+Pg60R7AoNT21 Ii0zpwQhzcTBCTKcB2i43wmgGt7igsTc4sx0iPwpRnuODTfv/mHi2Acmn1yb95eJ49nM1w3M Qix5+XmpUuK8JSCjBUDaMkrz4CaDUl+UxHKFV4ziQI8K8waADOcBpk242a+A1jIBrb25H+Sn 4pJEhJRUA2MNe1jZtnMczoqNwdWrlrsusXTsz7WLdHb29Zr8VnyyUmdH1PSCZUVrTgdlB+vu vzzL6u4ZZbvnSh0BJ1wkK7R5L7xQUMlQsbE4yzblhrwK59WuDRWP4vo3cAjftQ1z5uwJi68J mlz7+McUR22B/PTzu+f+/+B2SmnV2YRrq+5Ht3fpbF5yWYmlOCPRUIu5qDgRAHjX5ANYAwAA
Archived-At: <>
Subject: Re: [VoT] Missing RP / IdP authentication entirely
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Vectors of Trust discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 Nov 2017 02:26:28 -0000

This spec isn't about solving primary authentication to the idp, it's about communication the state of the transaction from the idp to the rp. As you observed, this is very explicitly and deliberately about the user, not about the systems. We considered adding that kind of information in early on, but it was decided that such issues are better solved by discovery and registration protocols. VoT isn't the right tool for that, and any complete solution is going to have multiple tools working together. It should be in a standard but not here, working at a different level. This is about users, not machines. 
Verifier impersonation resistance can be communicated here already as the vector's C value can describe that the user underwent an authentication process that meets that standard. NIST's implementation of VoT under 800-63 does exactly that. VoT doesn't say how to meet that, that's what the rest of 800-63 is for, on the NIST side. Other trust frameworks will have their own anchors. 
 Sent from my phone
-------- Original message --------From: Chris Drake <> Date: 11/28/17  2:46 AM  (GMT+01:00) To: Jim Fenton <>et>, "Grassi, Paul A. (Fed)" <> Cc:, Justin Richer <>du>, John Bradley <>om>, Leif Johansson <>se>, Phil Hunt <> Subject: [VoT] Missing RP / IdP authentication entirely 

Hi All,

Completely missing from the standard are any "two directional" vectors:

100% of the work here is user-focussed, with no attention on RP / IdP legitimacy - a huge mistake, since 91% of successful attacks against authentication take advantage of the completely-missing "machine to user" authentication step (e.g. NIST "Verifier Impersonation Resistance").

I can't decide if this needs to be a new set of vectors, or if it makes sense to incorporate into one of the existing ones:

*. Who is the RP, and how certain is the User/IdP that the RP is legitimate ?

*. Who is the IdP, and how certain is the RP/User that the IdP is legitimate ?

*. What steps has the IdP taken to ensure the users and RPs are not duped ?

What I am certain about, is that it needs to be in the standard.  It makes NO SENSE to put all this effort into something that addresses only 9% of the problem.  NIST recently fixed this, so should we.

Kind Regards,

Chris Drake