On Fri, Jun 22, 2018 at 01:36:16PM +0000, Hannes Tschofenig wrote: > Hi Jim, > > > > My problem is that if there are two different people with the same Key ID, > either intentionally or unintentionally, then using the key ID to identify > the key may allow the other person to masquerade as the first person. I am > unworried about the instance of a failure to get a key based on a key id. > That is not the problem you are proposing to address. > > ----- > > I think we should document this issue. Here is some text proposal that could > go into a > separate operational consideration section (or into the security > consideration section instead). > > " > - Operational Considerations > > The use of CWTs with proof-of-possession keys requires additional information > to be shared > between the involved parties in order to ensure correct processing. The > recipient needs to be > able to use credentials to verify the authenticity, integrity and potentially > the confidentiality of > the CWT and its content. This requires the recipient to know information > about the issuer. > Like-wise there needs to be an upfront agreement between the issuer and the > recipient about > the claims that need to be present and what degree of trust can be put into > those. > > When an issuer creates a CWT containing a key id claim, it needs to make sure > that it does not > issue another CWT containing the same key id with a different content, or for > a different subject, > within the lifetime of the CWTs, unless intentionally desired. Failure to do > so may allow one party > to impersonate another party with the potential to gain additional privileges. > "
When would this be "intentionally desired"? It seems like there would be better ways to share authorization between parties than to issue such duplicate CWTs. -Ben _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
