New text:
The probability of an attacker guessing generated tokens (and other
credentials not
intended for handling by end-users) MUST be less than or equal to
2^(-128) and SHOULD be
less than or equal to 2^(-160).
Removed reference to RFC 1750.
EH
-----Original Message-----
From: John Bradley [mailto:ve7jtb(_at_)ve7jtb(_dot_)com]
Sent: Monday, February 06, 2012 5:07 PM
To: Eran Hammer
Cc: Julian Reschke; ietf(_at_)ietf(_dot_)org; The IESG;
oauth(_at_)ietf(_dot_)org
Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The
OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
RE new text in Draft 23
http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-10.10
Generated tokens and other credentials not intended for handling by
end-users MUST be constructed from a cryptographically strong random
or pseudo-random number sequence ([RFC1750]) generated by the
authorization server.
Given that many implementations may elect to use signed tokens, such as
SAML or JWT (JOSE) this should not be a MUST.
Giving people sensible defaults such as the probability of an attacker
guessing a valid access token for the protected resource should be less than
2^(-128).
The probability of generating hash colisions randomly is a odd metric, 2^(-
128) for a SHA256 as I recall.
Many factors play into what is secure, token lifetime etc.
I don't mind some reasonable defaults but adding a requirement for
unstructured tokens is a bit much.
Regards
John B.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf