> -----Original Message-----
> From: Benjamin Kaduk <ka...@mit.edu>
> Sent: Friday, June 22, 2018 10:44 PM
> To: Hannes Tschofenig <hannes.tschofe...@arm.com>
> Cc: Jim Schaad <i...@augustcellars.com>; 'Mike Jones'
> <michael.jo...@microsoft.com>; draft-ietf-ace-cwt-proof-of-
> possess...@ietf.org; ace@ietf.org
> Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
> On Fri, Jun 22, 2018 at 01:36:16PM +0000, Hannes Tschofenig wrote:
> > Hi Jim,
> >
> >
> > > My problem is that if there are two different people with the same
> > > Key ID,
> > either intentionally or unintentionally, then using the key ID to
> > identify the key may allow the other person to masquerade as the first
> > person. I am unworried about the instance of a failure to get a key
based
> on a key id.
> > That is not the problem you are proposing to address.
> >
> > -----
> >
> > I think we should document this issue. Here is some text proposal that
> > could go into a separate operational consideration section (or into the
> security consideration section instead).
> >
> > "
> > - Operational Considerations
> >
> > The use of CWTs with proof-of-possession keys requires additional
> > information to be shared between the involved parties in order to
> > ensure correct processing. The recipient needs to be able to use
> > credentials to verify the authenticity, integrity and potentially the
> confidentiality of the CWT and its content. This requires the recipient to
> know information about the issuer.
> > Like-wise there needs to be an upfront agreement between the issuer
> > and the recipient about the claims that need to be present and what
> degree of trust can be put into those.
> >
> > When an issuer creates a CWT containing a key id claim, it needs to
> > make sure that it does not issue another CWT containing the same key
> > id with a different content, or for a different subject, within the
> > lifetime of the CWTs, unless intentionally desired. Failure to do so may
> allow one party to impersonate another party with the potential to gain
> additional privileges.
> > "
>
> When would this be "intentionally desired"? It seems like there would be
> better ways to share authorization between parties than to issue such
> duplicate CWTs.
One case where this is desired is if you issue a second CWT with additional
permissions for a client and you want to tie it to the same key. You could
either duplicate the key or just reference it by ID.
Jim
>
> -Ben
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
