<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Helvetica Neue";
panose-1:2 0 5 3 0 0 0 2 0 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Jordan, I like your suggestions, specifically about not sending the credential, but metadata and then having a separate, privacy-preserving exchange. The only downside I see of this approach is the second exchange, which will need to be
standardized.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m currently working on an updated version of the use case.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>Question to the group:</b> What do you think about having a second exchange using a privacy-preserving method? If you’re okay with that, I can amend the use case in a way to factor it.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Stan<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Jordan Wright <jwright@duo.com><br>
<b>Date: </b>Sunday, February 9, 2020 at 6:36 PM<br>
<b>To: </b>Stan <stanb@vericlouds.com><br>
<b>Cc: </b>Openid-specs-risc <openid-specs-risc@lists.openid.net><br>
<b>Subject: </b>Re: [Openid-specs-risc] "Compromised credential" event - background information<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks for sending this over! I had to miss the last meeting, but I have some thoughts about this one.<br>
<br>
As Marius alluded to, I can see a few use cases where this would be applicable.<br>
<br>
The first is when the IDP discovers a compromised credential for an RP. In this case, I think it should just reset the credential and send an "Account Credential Change Required" event. As an aside, looking through the event types, I noticed there wasn't a
"reason" field for this. Perhaps there might be a case for having a "<span style="font-family:"Courier New"">credential_compromised</span>" reason?<br>
<br>
The second use case is when a Compromised Credential Data Broker (CCDB) discovers a compromised credential for an IDP or RP. This case is trickier.<br>
<br>
First, I don't think the CCDB should ever send a plaintext credential to the receiver. This, however, introduces a minor problem.<br>
<br>
Let's say the CCDB sends the SHA256 hash to the receiver. The problem is that the receiver can't do much with this immediately, since they almost certainly (or should!) only have a hashed credential on their end. So they'd have to cache the received hash, wait
for the user to login, then check if the provided password matches the SHA256 hash.<br>
<br>
While we have a bit of prior art with the OAuth event types that suggests we can send over a hashed credential, I don't think that quite applies here. A common scenario is that some third-party website,
<a href="http://example.com">example.com</a>, is compromised and this database becomes public. In this case, the CCDB would tell the RP for
<a href="http://foo.com">foo.com</a> that the subject <a href="mailto:johndoe@example.com">
johndoe@example.com</a> had a credential compromised in a breach since <a href="mailto:johndoe@example.com">
johndoe@example.com</a> has an account on <a href="http://foo.com">foo.com</a>. However, there's no guarantee that the same credential was used, so sending the hash may reveal information that doesn't belong to
<a href="http://foo.com">foo.com</a>.<br>
<br>
To that end, I'd propose that the CCDB not send a credential to the receiver at all. Instead, the CCDB
<i>could</i> send some kind of metadata about the credential, such as if it was a "third party" breach, or if there was information to suggest the credential was 100% tied to the RP (e.g. recovered from password-stealing malware).<br>
<br>
When the IDP/RP receives this event, they would know <span style="background:yellow;mso-highlight:yellow">
to then check-in with the CCDB when the user logs in to do some kind of privacy-preserving exchange to determine if this particular credential were the one compromised</span>. Google has been doing
<a href="https://www.usenix.org/system/files/sec19-thomas.pdf">some excellent work</a> in this space that I'm hoping gets adopted by other parties really soon (and I encourage y'all to check out!)<br>
<br>
If in this scenario it was the IDP that received the event and they verified the credential was indeed compromised, they could then send an "Account Credential Change Required" downstream.<br>
<br>
This flow places the burden of verification on the CCDB and receiver, but doesn't seem to be any less actionable than sharing the hash directly along with the potential upside of allowing a privacy-preserving verification.<br>
<br>
Thanks again for sending this over! Very exciting stuff.<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Tue, Feb 4, 2020 at 5:27 PM Stan Bounev via Openid-specs-risc <<a href="mailto:openid-specs-risc@lists.openid.net">openid-specs-risc@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hello everyone,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I want to share with you the background information we had so far about this event. See attached a high-level use case. Below I’ve added some points Annabelle raised below in the
past, plus a sample event code Marius suggested.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt">Feedback from Annabelle:<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:27.0pt;vertical-align:middle">
<span style="font-size:10.0pt;font-family:Symbol;color:black">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span style="color:black">A hash of a partial password is not really useful on its own. There are ways to make it useful, but a lot of them are likely to decrease overall security of the recipient system in non-obvious ways. The safer ways to use this
information aren’t obvious and are harder to implement. We need to be careful that we do not inadvertently promote anti-patterns. I’m not saying we that can’t define this event, we have to be careful about it, and make sure we provide the right guidance.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:27.0pt;vertical-align:middle">
<span style="font-size:10.0pt;font-family:Symbol;color:black">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span style="color:black">Are you thinking at all about “batch” cases, e.g., a big password file gets dumped on pastebin?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:27.0pt;vertical-align:middle">
<span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span>We need to be very careful if we’re going to include credentials or artifacts derived from credentials in events. A plain hash of the password is vulnerable to rainbow tables and cracking rigs. A hash of a PIN is especially vulnerable, given the reduced
search space.<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-family:"Times New Roman",serif;color:black">On Dec 20, 2019, at 8:13 PM, Marius Scurtescu via Openid-specs-risc <</span><span style="font-family:"Times New Roman",serif"><a href="mailto:openid-specs-risc@lists.openid.net" target="_blank">openid-specs-risc@lists.openid.net</a><span style="color:black">>
wrote:</span></span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt">A new RISC event type came up while looking at clearing house use cases, see meeting notes for December 10.<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> Event Type URI:<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <a href="https://schemas.openid.net/secevent/risc/event-type/credential-compromised" target="_blank">https://schemas.openid.net/secevent/risc/event-type/credential-compromised</a><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> Credential Compromised signals that a given credential for the account identified<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> by the subject was compromised. If the exact same credential is used by the same<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> account then the Receiver should take action.<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> Attributes:<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - credential-type:<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - password<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - PIN<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - ...<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - credential-hash<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - hash-method:<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - SHA-256<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> - ...<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> {<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "iss": "<a href="https://idp.example.com/" target="_blank">https://idp.example.com/</a>",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "jti": "756E69717565206964656E746966696572",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "iat": 1508184845,<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "aud": "636C69656E745F6964",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "events": {<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "<a href="https://schemas.openid.net/secevent/risc/event-type/credential-compromised" target="_blank">https://schemas.openid.net/secevent/risc/event-type/credential-compromised</a>": {<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "subject": {<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "subject_type": "iss-sub",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "iss": "<a href="https://idp.example.com/" target="_blank">https://idp.example.com/</a>",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "sub": "7375626A656374",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> },<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "credential-type": "password",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "credential-hash": "41ef4bb0b23661e66301aac36066912dac037827b4ae63a7b1165a5aa93ed4eb",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> "hash-method": "SHA-256",<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> }<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> }<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> }<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"> <o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt">Keep in mind that an event like this is useful not only for a clearing house use case but for all implicit and pseudo implicit use cases, see sections 3.3, 3.4 and 3.5:<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><a href="https://tools.ietf.org/html/draft-scurtescu-secevent-risc-use-cases" target="_blank">https://tools.ietf.org/html/draft-scurtescu-secevent-risc-use-cases</a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Openid-specs-risc mailing list<br>
<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank">Openid-specs-risc@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-risc" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-risc</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse;border-spacing:0px;max-width:100%">
<tbody>
<tr>
<td width="50" style="width:37.5pt;padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica Neue";color:#333333;border:solid windowtext 1.0pt;padding:0in"><img border="0" width="50" height="50" style="width:.5208in;height:.5208in" id="_x0000_i1027" src="cid:~WRD0002.jpg" alt="Image removed by sender."></span><span style="font-size:9.0pt;font-family:"Helvetica Neue";color:#333333"><o:p></o:p></span></p>
</td>
<td width="10" style="width:7.5pt;padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica Neue";color:#333333;border:solid windowtext 1.0pt;padding:0in"><img border="0" width="10" height="50" style="width:.1041in;height:.5208in" id="_x0000_i1026" src="cid:~WRD0002.jpg" alt="Image removed by sender."></span><span style="font-size:9.0pt;font-family:"Helvetica Neue";color:#333333"><o:p></o:p></span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<div>
<p class="MsoNormal"><strong><span style="font-size:9.0pt;font-family:Helvetica;color:#333333">Jordan Wright</span></strong><span style="font-size:9.0pt;font-family:Helvetica;color:#333333">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica;color:#999999">/</span><span style="font-size:9.0pt;font-family:Helvetica;color:#333333"> Principal R&D Engineer<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica;color:#333333">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica;color:#333333"><br>
<a href="mailto:jwright@duo.com" target="_blank"><span style="color:#63B246;text-decoration:none">jwright@duo.com</span></a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica;color:#333333">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica;color:#333333"><br>
<a href="https://duo.com/" target="_blank"><span style="color:#63B246;text-decoration:none">Duo.com</span></a><o:p></o:p></span></p>
</div>
</div>
</td>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica Neue";color:#333333;border:solid windowtext 1.0pt;padding:0in"><img border="0" width="1" height="50" style="width:.0104in;height:.5208in" id="_x0000_i1025" src="cid:~WRD0002.jpg" alt="Image removed by sender."></span><span style="font-size:9.0pt;font-family:"Helvetica Neue";color:#333333"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td colspan="4" style="padding:0in 0in 0in 0in">
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica Neue";color:#333333"><br>
----------<br>
The Most Loved Company in Security<o:p></o:p></span></p>
</div>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>