[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [imi] Hopefully last change to the IMI spec before producing aCommittee Draft
--Apple-Mail-188--946211190 Content-Type: multipart/alternative; boundary=Apple-Mail-187--946211586 --Apple-Mail-187--946211586 Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable I considered using the cardID and a per issuer secret. I agree that works equally well given sufficiently strong hash =20 functions. In my conversations with a m-card deployer I found that the concept of =20= per user entropy was slightly easier to explain. Effectively the logical equivalent of the card "master key" but kept =20 by the IdP for computing the PPID. The wording we had left the details of entropy source, hash algorithm =20= etc to the deployer. My major concern was removing the text indicating that it was OK to =20 return the client pseudonym as the PPID value. That got changed in the previous draft. I am cautious of going into too much detail here. I think it is better to cover this issue in the implementation =20 guidelines/security considerations guide. A reference to that additional documentation would be good. I am =20 also OK with increasing the strength of the recommendation. This is an important thing for IdPs to get right, however this is not =20= the place in the spec to get into all the possible implementation =20 alternatives. John B. On 19-Feb-09, at 12:24 AM, Mike Jones wrote: > Actually, the per-user information can even be public information =20 > provided that it=92s different for different users and *a secret =20 > value* is included as an input to the computation. For instance, if =20= > the computation was the following: > PPID =3D CryptographicHash(ClientPseudonym + PerUserInfo + = Secret); > even if the secret was the same for all users, provided it was known =20= > only to the IdP and never disclosed, the PPID would still have all =20 > the security properties we want it to have. > > -- =20 > Mike > > From: John Bradley [mailto:jbradley@mac.com] > Sent: Wednesday, February 18, 2009 7:18 PM > To: Michael McIntosh > Cc: Anthony Nadalin; imi@lists.oasis-open.org; Mike Jones > Subject: Re: [imi] Hopefully last change to the IMI spec before =20 > producing a Committee Draft > > Yes, Not disclosed to RPs, Cardholders or anyone else. > > The question is how much detail we need in the spec itself for a =20 > SHOULD. > > As long as the spec is clear I am OK with the long form of the =20 > explanation of this being in the accompanying document. > > John B. > > On 18-Feb-09, at 11:07 PM, Michael McIntosh wrote: > > > John Bradley <jbradley@mac.com> wrote on 02/18/2009 08:51:08 PM: > > > The important points are that it is card specific entropy stored by > > the IdP and never disclosed to RPs in any way. > > Actually, this entropy needs to be treated as a secret and it should =20= > be [pseudo]random. The danger is not from RPs but from other =20 > cardholders from the same IdP. > > Regards, > Mike > > --Apple-Mail-187--946211586 Content-Type: text/html; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable <html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space; ">I considered using = the cardID and a per issuer secret.<div><br></div><div>I agree that = works equally well given sufficiently strong hash = functions.</div><div><br></div><div>In my conversations with a = m-card deployer I found that the concept of per user entropy was = slightly easier to explain.</div><div>Effectively the = logical equivalent of the card "master key" but kept by the = IdP for computing the PPID.</div><div><br></div><div>The wording we had = left the details of entropy source, hash algorithm etc to the = deployer.</div><div>My major concern was removing the text indicating = that it was OK to return the client pseudonym as the PPID = value.</div><div>That got changed in the previous = draft.</div><div><br></div><div>I am cautious of going into too much = detail here. </div><div><br></div><div>I think it is better = to cover this issue in the implementation guidelines/security = considerations guide.</div><div><br></div><div>A reference to = that additional documentation would be good. I am also = OK with increasing the strength of = the recommendation.</div><div><br></div><div>This is an important = thing for IdPs to get right, however this is not the place in the = spec to get into all the possible implementation = alternatives.</div><div><br></div><div>John = B.</div><div><br></div><div><div><div>On 19-Feb-09, at 12:24 AM, Mike = Jones wrote:</div><br class=3D"Apple-interchange-newline"><blockquote = type=3D"cite"><span class=3D"Apple-style-span" style=3D"border-collapse: = separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; = font-style: normal; font-variant: normal; font-weight: normal; = letter-spacing: normal; line-height: normal; orphans: 2; text-align: = auto; text-indent: 0px; text-transform: none; white-space: normal; = widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; = -webkit-border-vertical-spacing: 0px; = -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: = auto; -webkit-text-stroke-width: 0; "><div lang=3D"EN-US" link=3D"blue" = vlink=3D"purple" style=3D"word-wrap: break-word; -webkit-nbsp-mode: = space; -webkit-line-break: after-white-space; "><div = class=3D"Section1"><div style=3D"margin-top: 0in; margin-right: 0in; = margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: = 'Times New Roman', serif; "><span style=3D"font-size: 11pt; font-family: = Calibri, sans-serif; color: rgb(31, 73, 125); ">Actually, the per-user = information can even be public information provided that it=92s = different for different users and *<b>a secret value</b>* is included as = an input to the computation. For instance, if the computation was = the following:<o:p></o:p></span></div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: = 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); = "> PPID =3D CryptographicHash(ClientPseudonym + = PerUserInfo + Secret);<o:p></o:p></span></div><div style=3D"margin-top: = 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; = font-size: 12pt; font-family: 'Times New Roman', serif; "><span = style=3D"font-size: 11pt; font-family: Calibri, sans-serif; color: = rgb(31, 73, 125); ">even if the secret was the same for all users, = provided it was known only to the IdP and never disclosed, the PPID = would still have all the security properties we want it to = have.<o:p></o:p></span></div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: = 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); = "><o:p> </o:p></span></div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: = 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); = "> = &n= bsp; &nbs= p; = &n= bsp; -- Mike<o:p></o:p></span></div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: = 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); = "><o:p> </o:p></span></div><div><div style=3D"border-right-style: = none; border-bottom-style: none; border-left-style: none; border-width: = initial; border-color: initial; border-top-style: solid; = border-top-color: rgb(181, 196, 223); border-top-width: 1pt; = padding-top: 3pt; padding-right: 0in; padding-bottom: 0in; padding-left: = 0in; "><div style=3D"margin-top: 0in; margin-right: 0in; margin-left: = 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New = Roman', serif; "><b><span style=3D"font-size: 10pt; font-family: Tahoma, = sans-serif; ">From:</span></b><span style=3D"font-size: 10pt; = font-family: Tahoma, sans-serif; "><span = class=3D"Apple-converted-space"> </span>John Bradley [<a = href=3D"mailto:jbradley@mac.com"; style=3D"color: blue; text-decoration: = underline; ">mailto:jbradley@mac.com</a>]<span = class=3D"Apple-converted-space"> </span><br><b>Sent:</b><span = class=3D"Apple-converted-space"> </span>Wednesday, February 18, = 2009 7:18 PM<br><b>To:</b><span = class=3D"Apple-converted-space"> </span>Michael = McIntosh<br><b>Cc:</b><span = class=3D"Apple-converted-space"> </span>Anthony Nadalin;<span = class=3D"Apple-converted-space"> </span><a = href=3D"mailto:imi@lists.oasis-open.org"; style=3D"color: blue; = text-decoration: underline; ">imi@lists.oasis-open.org</a>; Mike = Jones<br><b>Subject:</b><span = class=3D"Apple-converted-space"> </span>Re: [imi] Hopefully last = change to the IMI spec before producing a Committee = Draft<o:p></o:p></span></div></div></div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; = "><o:p> </o:p></div><div style=3D"margin-top: 0in; margin-right: = 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; = font-family: 'Times New Roman', serif; ">Yes, Not disclosed to RPs, = Cardholders or anyone else.<o:p></o:p></div><div><div style=3D"margin-top:= 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; = font-size: 12pt; font-family: 'Times New Roman', serif; = "><o:p> </o:p></div></div><div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; ">The question is how much = detail we need in the spec itself for a = SHOULD.<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; = "><o:p> </o:p></div></div><div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; ">As long as the spec is = clear I am OK with the long form of the explanation = of this being in the accompanying = document.<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; = "><o:p> </o:p></div></div><div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; ">John = B.<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; = "><o:p> </o:p></div><div><div><div style=3D"margin-top: 0in; = margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: = 12pt; font-family: 'Times New Roman', serif; ">On 18-Feb-09, at 11:07 = PM, Michael McIntosh wrote:<o:p></o:p></div></div><div = style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; = margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New = Roman', serif; "><br><br><o:p></o:p></div><div><p style=3D"margin-right: = 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', = serif; "><tt style=3D"font-family: 'Courier New'; "><span = style=3D"font-size: 10pt; ">John Bradley <<a = href=3D"mailto:jbradley@mac.com"; style=3D"color: blue; text-decoration: = underline; ">jbradley@mac.com</a>> wrote on 02/18/2009 08:51:08 = PM:</span></tt><span style=3D"font-size: 10pt; font-family: 'Courier = New'; "><br><br><tt style=3D"font-family: 'Courier New'; ">> The = important points are that it is card specific entropy stored by<span = class=3D"Apple-converted-space"> </span></tt><br><tt = style=3D"font-family: 'Courier New'; ">> the IdP and never disclosed to = RPs in any way.</tt></span><br><br><tt style=3D"font-family: 'Courier = New'; "><span style=3D"font-size: 10pt; ">Actually, this entropy needs = to be treated as a secret and it should be [pseudo]random. The danger is = not from RPs but from other cardholders from the same = IdP.</span></tt><br><br><tt style=3D"font-family: 'Courier New'; "><span = style=3D"font-size: 10pt; ">Regards,</span></tt><br><tt = style=3D"font-family: 'Courier New'; "><span style=3D"font-size: 10pt; = ">Mike</span></tt><o:p></o:p></p></div></div><div style=3D"margin-top: = 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; = font-size: 12pt; font-family: 'Times New Roman', serif; = "><o:p> </o:p></div></div></div></div></span></blockquote></div><br><= /div></body></html>= --Apple-Mail-187--946211586-- --Apple-Mail-188--946211190 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGrzCCAz8w ggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcx KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0 ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpB MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA xKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/ p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDow OKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgw DQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A 9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYI Tq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8wggNoMIIC0aADAgECAhAd94+bIYviuSaQ w/qU/yWPMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNz dWluZyBDQTAeFw0wODEyMTIwMTU0MzFaFw0wOTEyMTIwMTU0MzFaMIGfMR8wHQYDVQQDExZUaGF3 dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBqYnJhZGxleUBtYWMuY29tMR4wHAYJ KoZIhvcNAQkBFg9qYnJhZGxleUBtZS5jb20xHTAbBgkqhkiG9w0BCQEWDnZlN2p0YkBtYWMuY29t MRwwGgYJKoZIhvcNAQkBFg12ZTdqdGJAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAxB2GGbZ5p8mVtg16CSDXeF8F3D+5sbs8L4b/YrHt/BvtQdE8GY202cUko/b/rXTUA0JC XZRDrOiH7ZxcqI4alJNel9AcSLepcdHN4+t2zhvWilm+YF0/r6m/1PikkVT9TWic61IZMpNWIUkk A+MWzEjChYPefdSMhxikhhMFZ0sv2qPE9pmdaPtD2uF4MwKnIzdZYo+X7rWoaXHIdsZwZDU3HdR5 rVuK5s9xvRED7TZgwE1/yHzHnTbedUWPdNNUlL24Jp3iiVzjZan8zOCn6x4b8O1QPN5b/FOZrerq FDZ2zhIBsWEcKdIxqIqPdVkrYvEfGBLMe1QIORu0J56L/QIDAQABo10wWzBLBgNVHREERDBCgRBq YnJhZGxleUBtYWMuY29tgQ9qYnJhZGxleUBtZS5jb22BDnZlN2p0YkBtYWMuY29tgQ12ZTdqdGJA bWUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEADhjvX5w/BXN7OL5y1ZfydfmJ RKezNqugUDf8XbKmmMR/o+vjx395pBpO9QF8hQwtKNDuvoxLTNDMWdcCNbvaEpqREXc7liV9FfA5 ndAB1VgDqYDjY9M9LU54LH8uqEx7+pX6qa6KoR8eRHby9zi+iuSkJ4GLI59RBnVI54x4/acxggMQ MIIDDAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQHfeP myGL4rkmkMP6lP8ljzAJBgUrDgMCGgUAoIIBbzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG CSqGSIb3DQEJBTEPFw0wOTAyMTkxNTU3MDZaMCMGCSqGSIb3DQEJBDEWBBRNwEejcA5ejzRpFwC9 0vD8rADGBzCBhQYJKwYBBAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls IElzc3VpbmcgQ0ECEB33j5shi+K5JpDD+pT/JY8wgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMj VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEB33j5shi+K5JpDD+pT/JY8wDQYJ KoZIhvcNAQEBBQAEggEAfooq4J9CHPrKETJKkigMN6kWah00kBfpp7QsBFFPD6BeYnLEyqIRg8/B FJ7xZfWv32tOfxaP0MxTQl0DzMDpsOCrIs8F/K74IsD5dI4ItV9HDgXOmQin+C1qjd+AeVGFbEYL UKTgACMTtm6hXl6DEcUe7Le2HygMIoGX/0pa+SxvwWeth1m0kw+A+H2FupMhs6+uqMgGrTUF61Mz sKpLY7TvkIk4IHTPyDsaeqld2JTfbKAFtUlj8AUnYt7p4CjKQGJs4FKnn7qAVLr2eGJXVg6djJbl J3Pz0PeF2gaYevgm9eedeSoJjPBRmUfKghlVotPI4qoxJ0rUD4soL830VgAAAAAAAA== --Apple-Mail-188--946211190--
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]