<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1168210723;
mso-list-template-ids:1605686652;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1717730044;
mso-list-template-ids:-1083436346;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hans-<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Let me chime in here too since I’ve
been concerned about the lack of a stated trust model from day one – I assumed
that these issues would be raised at some point – I’m glad you’ve
raised them earlier rather than later. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I’d note that OpenID auth is *<b><span
style='font-weight:bold'>very</span></b>* similar to 3-D Secure, the protocol
behind Verified by Visa and Mastercard’s SecureCode. Unfortunately, the
specification is not published publicly without accepting a license so I can’t
make references to it except from my relatively in-depth hands on experience
with it while I was at Visa – suffice it to say that many of the same security
issues that are dealt with in 3-D Secure appear here as well. Some of my
feedback is guided by that experience.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=3 width="100%" align=center tabindex=-1>
</span></font></div>
</div>
<div>
<div id=idOWAReplyText2091>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'>This can be solved by specify Open
ID 2.0 protocol "security profiles" and how to discover and negotiate
these. </span></font><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
</div>
</div>
</div>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Yikes – the concept of profiles that
get negotiated at runtime scares me. I suppose we could just cast this in terms
of multiple service types… <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<p><font size=2 color=black face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:black'>Some other considerations include </span></font><o:p></o:p></p>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo1'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:black'>how to deal
with a malicious rp redirecting the User-Agent to a
malicious idp for purposes of learning passwords, etc.</span></font><o:p></o:p></li>
</ul>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Is this something that OpenID the wire
protocol has to deal with, or the IdP? That is, isn’t this just a form of
phishing issue that IdP’s have to deal *<b><span style='font-weight:bold'>in
any case</span></b>*? I’m not saying OpenID has to ignore the issue, but
I do wonder if OpenID can propose the solution. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I honestly don’t remember how (or
if) 3-D Seure/VbV addressed this phishing issue. Its basically the same
phishing issue that occurs for home banking – a site that looks like your
bank asks you for some credentials and you use your best judgement to determine
whether handing over your credentials to that site (an IdP) is a good idea.
There are some methods on the server side (and increasingly on the client side
built into browsers) to mitigate these phishing attacks these days… but
the problem is obviously still unsolved. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo1'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:black'>having the rp
incorporate randomness into the MAC key</span></font><o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo1'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:black'>cryptographically
link and sequence each authentication request-response pair with a MAC on
the request, as a better replay protection mechanism</span></font><o:p></o:p></li>
<li class=MsoNormal style='color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l1 level1 lfo1'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial'>eliminating ability of an IdP
to downgrade to a clear-text association session or to a stateless mode
process.<o:p></o:p></span></font></li>
</ul>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I must say that I agree with this. If don’t
think clear-text anything should be “negotiatable” – I think
it should be advertised explicitly as a separate service endpoint with a
separate service type. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'>To think about: <o:p></o:p></span></font></p>
</div>
<div>
<ul type=disc>
<li class=MsoNormal style='color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level1 lfo2'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Are security profiles a
usable concept? <o:p></o:p></span></font></li>
</ul>
</div>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Personally, the farthest I’d like to
see OpenID auth go in this direction is the advertisement of different service types,
e.g. “insecure” and “secure” (or maybe 3 levels –
but no more). <o:p></o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<ul type=disc>
<li class=MsoNormal style='color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level1 lfo2'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial'>How important is the
protocol's capability to self-handle such security profiles'
negotiation (think TLS cipher suite negotiation)? <o:p></o:p></span></font></li>
</ul>
</div>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>TLS negotiation is great and we should
rely on it as much as is possible – but I would really like to avoid the
complexity of that sort of negotiation at the OpenID level – otherwise,
we are getting away from one of the driving architectural principles of OpenID –
simplicity! I’d also note that by saying “TLS” and not
discussing anything about CA and PKI hierarchies, we are relying on the default
installed trusted CA roots out there – which some users may or may not
trust for certain purposes (again, Visa background speaking here). <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<ul type=disc>
<li class=MsoNormal style='color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level1 lfo2'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Can the protocol "just
die" if idp/rp have a profile mismatch? <o:p></o:p></span></font></li>
</ul>
</div>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I’d rather it die than operate
insecurely, unless the user, idp, and rp *<b><span style='font-weight:bold'>all</span></b>*
really want to act in an insecure manner. <o:p></o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<ul type=disc>
<li class=MsoNormal style='color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level1 lfo2'><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Once a profile is decided
between user/rp/idp (implicit or explicit) how should the protocolt
gracefully handle (intentional or not) missteps? <o:p></o:p></span></font></li>
</ul>
</div>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I think the only graceful failure should
be to “fail up” to a stronger security profile/service. I’d
rather it fail all together if the security intentions of the 3 parties aren’t
achievable. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'>Let's see if we can work through some of
these concerns. Obviously, the less disruptive changes to existing code-bases
the better!<o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Yes, though, OpenID 2.0 is going to imply
quite a number of changes anyway. The thing *<b><span style='font-weight:bold'>I</span></b>*
would personally like to see unchanged (as much as possible) is the message
flow and the trust relationships between the parties (though again I’m
not sure I’ve seen that explicitly described anywhere and may in fact be
leading to some confusion on the part of newcomers). <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> -Gabe<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'>Thanks,<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'>Hans Granqvist<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black'> <o:p></o:p></span></font></p>
</div>
</div>
</div>
</body>
</html>