Hi Jim, I would like to comment on this issue.
----- > > 14. I have real problems w/ the use of a KID for POP identification. It may > identify the wrong key or, if used for granting access, may have problems w/ > identity collisions. These need to be spelt out someplace to help people > tracking down questions of why can't I verify w/ this CWT, I know it's right. > > The Key ID is a hint to help identify which PoP key to use. Yes, if a Key ID is > sent that doesn't correspond to the right PoP key, failures may occur. I view > that as usage bug - not a protocol problem. If keys aren't consistently known > and identified by both parties, there are lots of things that can go wrong, and > this is only one such instance. That said, I can try to say something about the > need for keys to be consistently and known by both parties, if you think that > would help. > My problem is that if there are two different people with the same Key ID, either intentionally or unintentionally, then using the key ID to identify the key may allow the other person to masquerade as the first person. I am unworried about the instance of a failure to get a key based on a key id. That is not the problem you are proposing to address. ----- I think we should document this issue. Here is some text proposal that could go into a separate operational consideration section (or into the security consideration section instead). " - Operational Considerations The use of CWTs with proof-of-possession keys requires additional information to be shared between the involved parties in order to ensure correct processing. The recipient needs to be able to use credentials to verify the authenticity, integrity and potentially the confidentiality of the CWT and its content. This requires the recipient to know information about the issuer. Like-wise there needs to be an upfront agreement between the issuer and the recipient about the claims that need to be present and what degree of trust can be put into those. When an issuer creates a CWT containing a key id claim, it needs to make sure that it does not issue another CWT containing the same key id with a different content, or for a different subject, within the lifetime of the CWTs, unless intentionally desired. Failure to do so may allow one party to impersonate another party with the potential to gain additional privileges. " Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
