Re: [Ace] Security of the Communication Between C and RS

Hi Steffi, >> I also think that the client must be able to assume that RS' RPK that C >> receives from AS is also valid as long as the token, unless C has additional >> information. > > I would think that it is rather unlikely that the RS will change its > public/private key pair so quickly.

Re: [Ace] Security of the Communication Between C and RS

Hi Steffi, > In OAuth, the expires_in field is usually used to inform the client how long > the access token is valid. If the client uses the access token in a request > after the token expired, the RS will reject the request, which usually is not > a big problem for the client. > In ACE, AS

Re: [Ace] Token (In)Security

Hi Hannes, I think the text is much better now. Protecting the integrity of self-contained tokens is not sufficient, however. The RS must not only ascertain that the token is integrity-protected but also validate its authenticity, i.e., that it stems from an authorized AS. Viele Grüße Steffi

Re: [Ace] Security of the Communication Between C and RS

Hi Hannes, On 12/15/2018 04:04 PM, Hannes Tschofenig wrote: > Hi Steffi, > > ~snip~ > > >> I also think that the client must be able to assume that RS' RPK that C >> receives from AS is also valid as long as the token, unless C has additional >> information. > > I would think that it is

Re: [Ace] Security of the Communication Between C and RS

Hi Hannes, On 12/18/2018 02:51 PM, Hannes Tschofenig wrote: > ~snip~ > > > Now that I got a response from the OAuth working group (in the sense that I > was thinking about the claims in the access token rather than the parameters > in the response from the AS) I think checking the expires_in

Re: [Ace] Security of the Communication Between C and RS

On 18/12/2018 14:51, Hannes Tschofenig wrote: Hi Steffi, Hi Ludwig, ~snip~ The access information optionally can contain an expires_in field. It would help to prevent security breaches under the following conditions: 1. the keying material is valid as long as the ticket, 2. the expires_in

Re: [Ace] Security of the Communication Between C and RS

Hi Steffi, Hi Ludwig, ~snip~ >> The access information optionally can contain an expires_in field. >> It would help to prevent security breaches under the following >> conditions: > 1. the keying material is valid as long as the ticket, 2. the > expires_in field is present in the access

Re: [Ace] Security of the Communication Between C and RS

Hi Ludwig, A few remarks inline: -Original Message- From: Ludwig Seitz Sent: Dienstag, 18. Dezember 2018 09:27 To: Hannes Tschofenig ; Stefanie Gerdes ; Jim Schaad ; ace@ietf.org Subject: Re: [Ace] Security of the Communication Between C and RS On 15/12/2018 16:04, Hannes Tschofenig

Re: [Ace] Security of the Communication Between C and RS

On 15/12/2018 16:04, Hannes Tschofenig wrote: Hi Steffi, ~snip~ I really think you should point out that symmetric keying material that the AS provides to the client is valid as long as the token. I think that's a useful recommendation. I do, however, believe that we are not making the same

Re: [Ace] Token (In)Security

On 15/12/2018 15:58, Hannes Tschofenig wrote: Hi Steffi I checked the text and the text is indeed confusing. I have made an attempt to update it to address your comment. Here is the pull request: https://github.com/ace-wg/ace-oauth/pull/168 Let me know if you think I captured everything