- From: Denis Pinkas <denis.w3c@free.fr>
- Date: Tue, 26 Sep 2017 18:14:23 +0200
- To: public-webauthn@w3.org
- Message-ID: <8bc4265e-db74-8657-9910-3cfa8eb23735@free.fr>
Hi all, *A) **Privacy across Relying Parties* The introduction states: Additionally, privacy across Relying Parties is maintained; Relying Parties are not able to detect any properties, or even the existence, of credentials scoped to other Relying Parties. Well, this is not really true for three reasons: the presence of the signature counter, the structure of the Key Handle and the use of attestation certificates. These three reasons are detailed hereafter.* * *1) Signature counter* The document is using the wording "signature counter" which is undefined in section 3, but which is being used in section 5.1. (Authenticator data). From the discussion on the list, it appears that the intent is not to have one signature counter for each RP, but a single one, hence this parameter will be leaking information. Worse, the controls defined in section 6.2. "Verifying an authentication assertion" do not mention what to do with the "signature counter". So the benefits, if any, of having such a parameter are not understandable. From the discussion on the list, some people wanted to have it optional. I would think that it should be possible to have it set to zero and not incrementing. Nevertheless, for those who would like it to be maintained in some contexts, its usefulness, if any, should be explained. In any case, the text should be amended. *2) Key Handle* The document is using the wording "Key Handle" which is undefined in section 3. Key Handle is simply an identifier of a particular key on the U2F device. The text refers to [FIDO-U2F-Message-Formats] section 4.3. There is no definition section is this document, hence "Key Handle" is not formally defined in this document. The only explanations are the following in section 5.1 A *key handle* [length specified in previous field]. This a handle that allows the U2F token to identify the generated key pair. This means that the length is specific to the U2F token. As a consequence, a RP might be able to know which users are using a specific type of authenticator provided by some manufacturer or some software provider. But from a security point of view there is worse: the entropy of this parameter is left unspecified and thus collisions between key handles issued by different authenticators are in theory possible. Since it is too late to change the format of the "Authentication Request Message - U2F_AUTHENTICATE", the text should recommend the use of a fixed length and mandate to have a pseudo random number in this field whatever kind of generation scheme will be supported by the hardware or software authenticator. This would solve this privacy concern. *3) Attestation certificates* Section 5.3.5.1. (Privacy) recognizes that attestation keys may be used to track users or link various online identities of the same user together. The indications about how this may be mitigated is not convincing and there is a much simpler alternative which should be considered, as it will be explained below. Four kinds of attestation types are being considered: Basic Attestation, Self Attestation, Privacy CA and Elliptic Curve based Direct Anonymous Attestation/(/ECDAA/)./ This kind of approach is likely to be a nightmare for interoperability considerations. A RP should not be required to support all options, in particular not ECDAA. Privacy CA is a "school case" which would be very costly to implement. Let us consider two cases only that should be mandatory to support both by Authenticators and RPs: Basic Attestations and Self Attestations. Self-attestations have a merit since they do not allow to track the users. Currently it is assumed that hardware authenticators always use Basic Attestations while software authenticators always use Self Attestations. Let us change this assumption. Hardware authenticators should be to use, */upon the request from the caller/* of the API, *either* Basic Attestations *or* Self Attestations. In the real world, there are two kinds of RPs: IdPs and SPs (Service Providers). It is useful to use Basic Attestations when talking to an IdP (which knows the identity of its user /anyway/). However, it is sufficient in most cases to use Self Attestations when talking to a SP. In the second case, the SP does not need to learn anything about the client and cannot learn anything when Self Attestations are being used. This approach would be a much easier way to mitigate the risk than any of the methods that are currently included in the last draft in section 5.3.5.1. Furthermore, it does not change the bits on the wires. Either this should be supported by making a change in the APIs or by supporting two "logical authenticators" behind each hardware authenticator when using the discovery mechanism to know which are the available platform authenticators: - one would be supporting Basic Attestations, while - another one would be supporting Self-attestations. Going one step further, *when Basic Attestations are being used*, it should be noticed that*the current specification does not meet the requirements from NIST SP 800-63 A*. FIDO hardware authenticators are in the category of "Multi-Factor Cryptographic Device Authenticators which should follow the requirements from section 5.1.9.1 of NISP SP 800-63A which states: 5.1.9.1 Multi-Factor Cryptographic Device Authenticators Multi-factor cryptographic device authenticators use tamper-resistant hardware to encapsulate a secret key that is unique to the authenticator. It is possible to address this issue by making a difference between the enrollment to a CSP and the enrollment to a SP. It makes sense to demonstrate possession of a unique private key when talking to a CSP, but to address a privacy issue, this shall not be done when talking to SPs. So there should be two variants of the registration protocol : -for CSPs, using an attestation certificate that is *unique to the hardware authenticator*, and -for SPs, using self-assertions. Making these two variants would also allow to address *a **requirement from NISP SP 800-63B, _that is currently not met_*: 5.2.1 Physical Authenticators CSPs SHALL provide subscriber instructions on how to appropriately protect the authenticator against theft or loss. The CSP SHALL provide a mechanism to revoke or suspend the authenticator immediately upon notification from subscriber that loss or theft of the authenticator is suspected. In the same way, it would solve "the risk of not being able to revoke a particular attestation key" as mentioned in section 5.3.5.1, since this is currently impossible using either Basic Attestations or Self Attestations. *Let us make FIDO hardware authenticators compliant with **NISP SP 800-63 !* *B) Public Key Credential* The text is confusing when defining the term "Public Key Credential" in section 3. Clarifications are required. Public Key Credential Generically, a /credential/ is *data one entity presents to another* in order to /authenticate/ the former to the latter [RFC4949] <https://w3c.github.io/webauthn/#biblio-rfc4949>. A WebAuthn /public key credential <https://w3c.github.io/webauthn/#public-key-credential>/ is a |{ identifier, type }|pair identifying authentication informationestablished by the authenticator <https://w3c.github.io/webauthn/#authenticator> and the Relying Party <https://w3c.github.io/webauthn/#relying-party>, together, at registration <https://w3c.github.io/webauthn/#registration> time. The authentication information consists of an asymmetric key pair, where the public key portion <https://w3c.github.io/webauthn/#credential-public-key> is returned to the Relying Party <https://w3c.github.io/webauthn/#relying-party>, who then stores it in conjunction with the present user’s account. The following questions arise: 1. what is "identifying authentication information" ? This term is not being used elsewhere. 2. if a /credential/ is truly "data one entity presents to another", it is clear that the private key which is one element of the Public Key Credential/ /is not */presented/* to the RP, but only the result of some computation made upon some data using the private key. So the sentence is incorrect. The easiest solution to solve the problem would be to delete it. 3. is only the credential private keystored in the authenticator or are both the credential private keyand the credential public keystored in the authenticator ? This is unclear since the (non normative) text from the introduction states: " A *public key credential is* created and*stored by an authenticator* at the behest of a Relying Party, subject to user consent". 4. is the Key Handle part of the authentication information ? 5. is the RP ID part of the authentication information ? Section 6 (Relying Party Operations) states: Upon successful execution of create() or get(), the Relying Party's script receives a PublicKeyCredential containing an AuthenticatorAttestationResponse or AuthenticatorAssertionResponse structure, respectively, from the client. The Relying Party's script receives anAuthenticatorAttestationResponse or anAuthenticatorAssertionResponse but not a PublicKeyCredential. The sentence should be corrected. It is proposed to revisit the definition of the term "Public Key Credential" in section 3 to clarify its concept and its elements. *C) Token binding* The draft should make clear upfront that the APIs allow to support of TSL Token Binding but does not mandates its support. There is currently no such information. The text does not mandate it for the client : 4.7.1. Client data used in WebAuthn signatures (dictionary CollectedClientData) The tokenBindingId member contains the base64url encoding of the Token Binding ID that this client uses for the Token Binding protocol when communicating with the Relying Party. This can be omitted if no Token Binding has been negotiated between the client and the Relying Party. Unfortunately, it seems to mandate it for the RP. 6.1. Registering a new credential When registering a new credential, represented by a AuthenticatorAttestationResponse structure, as part of a registration ceremony, a Relying Party MUST proceed as follows: (...) 4. Verify that the tokenBindingId in C matches the Token Binding ID for the TLS connection over which the attestation was obtained. Item 4 should be corrected, e.g. saying : 4. when Token Binding has been negotiated between the client and the Relying Party, verify that the tokenBindingId in C matches the Token Binding ID for the TLS connection over which the attestation was obtained. For the above reasons, I believe that the last draft should not be considered to be mature enough. *D)* *U**sability * The document should also indicate that usability is currently not supported using the described APIs : the user has currently no way to delete a subset of the oldest entries, since no date/time is being currently associated with aPublic Key Credential//. Denis > I agree. The core functionality is close enough that we can get > inter-operable implementations, and announcing a movement CR is > important to get RPs to start their adoption. > > To me, WD-08 appears to be a perfect goal to announce as a Candidate > Recommendation. > > Cheers, > J.C. > > On Sun, Sep 24, 2017 at 10:43 PM, Alexei Czeskis <aczeskis@google.com > <mailto:aczeskis@google.com>> wrote: > > Hi all, > > From my point of view, the spec is pretty much feature complete as > we finish of WD-07. > > I propose making WD-08 only about clean-up (no renaming APIs or > variables -- just clarifying wording, etc). Let's make WD-08 the > final draft that we then propose to go to CR. > > What do you all think? > > Thanks! > -Alexei > > **____****_****__****_****_****_****_****_****_****_****_****_** > > . Alexei Czeskis .:. Securineer . > >
Received on Tuesday, 26 September 2017 16:14:49 UTC