OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

imi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Hopefully last change to the IMI spec before producing a CommitteeDraft

In reviewing the IMI spec draft, one of our security experts identified a non-protocol security issue in the present draft that I believe we should address.  Fortunately, it’s a very simple and, I suspect, non-controversial change to fix.

 

The proposed change in Section 3.3.4 (Client Pseudonym) is to change the sentence:

The IP/STS SHOULD combine this Client Pseudonym value with constant information known to the IP/STS and pass the combination through a cryptographically non-invertible function, such as a cryptographic hash function, to generate the PPID claim value sent in the token.

to:

The IP/STS SHOULD combine this Client Pseudonym value with user-specific information and constant information known to the IP/STS and pass the combination through a cryptographically non-invertible function, such as a cryptographic hash function, to generate the PPID claim value sent in the token.

 

Here’s an explanation of why this change is a good idea…

 

IMIv1 (and similarly, in ISIP) specify in section 3.3.4 that, when generating a PPID value from Client Pseudonym: "The IP/STS SHOULD combine this Client Pseudonym value with constant information known to the IP/STS and pass the combination through a cryptographically non-invertible function, such as a cryptographic hash function, to generate the PPID claim value sent in the token."

 

This could lead to a security vulnerability if the IP/STS uses the Client Pseudonym value "as-is", or if only a constant is used as input to the function. Indeed, if malicious Bob learns Alice's ClientPseudonym value for a RP, it can authenticate as Bob to the IP/STS and requests Alice's PPID value. This would not be detected by the IP/STS because the spec states that the IP/STS MUST NOT record the received Client Pseudonyms and the generated PPID values (and therefore can’t verify that it issues consistent PPID values per user).

 

For these reasons, the text above should be modified as follows:

 

 "The IP/STS ***MUST NOT use the value as-is, it*** SHOULD combine this Client Pseudonym value with constant information known to the IP/STS ***and a unique user identifier*** and pass the combination through a cryptographically non-invertible function, such as a cryptographic hash function, to generate the PPID claim value sent in the token."

 

I’ve also discussed this change with John Bradley, who was the one who pointed out that it was a bad idea to use the Client Pseudonym value verbatim in the first place, and he agrees with this additional to our guidance to Identity Providers.

 

Talk to all of you in the morning!

 

                                                                -- Mike

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]