>> When using secure elements with specific properties, it is possible to
>> counter the Alice & Bob Collusion attack.
You don’t just need the Secure Element’s properties (key-pair generated on SE;
non-exportable private key; high-entropy key-id generated on SE; conformance
cert; special APDUs)
Hi Daniel,
OK. The good news is that the BCP document will now address this issue.
Let us wait to see which text you will propose.
Yesterday, I wrote: "Since OAuth 2.0 does not mandate the use of
cryptographic devices, this kind of attack cannot be countered in the
general case".
James Man
Thanks Neil, this very much sums up my thoughts on this topic.
Since this has been mentioned in yesterday's call, I'll be happy to
clarify in the attacker model that web attackers can collaborate to
reach a common goal. I think we can also mention that
sender-constraining does not prevent collabor
@James
> While this text from Seán may be true, it is bad advice. It implies we
> should make access tokens as dangerous as possible (conveying all a
> person’s authority) just to discourage sharing.
>
Is this implied because storing IDs with access logs means that ATs
necessarily carry user ID
It sounds like we’re trying to redefine cooperation/delegation as an “attack”.
People delegate and you can’t generally prevent it without incarceration.
Anything Bob could do with Alice’s access token he could also do by asking
Alice to do it on his behalf. In other words, any credential/token s
It is worth mentioning “client collaborative attacks” or “authorization sharing
attacks” because OAuth can make them easier (by packaging authority into an
access token), compared to the alternative of user’s signing-in to an RS
directly. But it is tricky to describe; none of the suggestions are
Thank you Seán, this is an excellent analysis and makes this attack much
easier to understand. I completely agree with your rewritten text, both
that it better describes the situation as well as the conclusion that it
ends up being a bit too general for the BCP.
---
Aaron Parecki
https://aaronpare
I hadn't come across this idea before, it's an interesting angle and for me
it's a nice new example to help highlight the difference between authZ and
authN. It reminds me of sharing access cards to get into computer labs in
college. Some thoughts:
- It took me a while to figure out the agent,
Hi Daniel,
Following the conversation we had today, hereafter is a proposal for
addressing client collaborative attacks.
I propose to add a new section 4.16.
4.16 Client collaborative attacks
Two clients may agree to collaborate. In such a situation, one client
transmits to another client a
