ietf
[Top] [All Lists]

Re: [kitten] [OAUTH-WG] ** OAuth Tutorial & OAuth Security Session **

2010-11-10 20:45:55
[That is some cc list!  Do you really need a cc list that large for this
thread?  I've set the reply-to to just oauth(_at_)ietf(_dot_)org (note: I'm NOT
subscribed to that list).  Please honor the reply-to header.  It's a
good idea to set reply-to when making announcements, so that replies
don't flood people who are almost certainly not interested.]

On Tue, Nov 09, 2010 at 08:07:56AM +0000, torsten(_at_)lodderstedt(_dot_)net 
wrote:
We think the security considerations should be based on a threat model
of OAuth. But a complete threat model would blow up the spec.

Really?  I would think that a threat model for OAuth could be described
fairly briefly.  What is the typical value of resources protected by
OAuth?  What kinds of attackers (active, passive, ...) does OAuth aim to
defeat, and under what assumptions (end-points are secure, trusted third
parties are trustworthy, certain cryptographic algorithms are not broken
with parameters in certain ranges, smartcards are secure, ...)?  Which
kinds of attacks does OAuth explicitly not protect against (e.g., DoS)?
What resources do you expect attackers to apply to compromising
resources protected by OAuth?

A few pages should do for the threat model.  An abstract of the OAuth
threat model should also be possible to write.

We therefore aim to produce a separate security document
(informational I-D/RFC) covering threat model as well as security
design and considerations. The security considerations section of the
core spec can then be distilled from this document.

Sure.  Procedurally speaking, that works.

Nico
-- 
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf