Explicit protocol version identification etc.
Issue #1424
open
For an authentication protocol, it is known to be a good practice to have a way for a message receiver to find out the protocol versions and message position in the sequence so that it can find out if the message is legitimate.
Following is the advice given in the BCM paper (see reference below)
P1 Positional tagging. Cryptographic message components should contain information that uniquely identities their origin. In particular, the information should identify the protocol, the protocol variant, the message number, and the particular position within the message, from which the component was sent.
P2 Inclusion of identities and their roles. Each cryptographic message component should include information about the identities of all the agents involved in the protocol run and their roles, unless there is a compelling reason to do otherwise.
Not that I can come up with an attack right now, since this is a new protocol, it might be a good idea to follow the practice.
Reference:
Basin, D., Cremers, C., Meier, S.: Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication. Journal of Computer Security - Security and Trust Principles Archive Volume 21 Issue 6, 817-846 (2013)
Comments (3)
-
-
- changed component to All
-
- changed status to open
We discussed this during the 26-Sep-22 working group call.
I noted that the problem with version numbers is that we're often adding features in parallel - not in a linear manner. For instance, prompt=create and unmet_authentication_requirements are parallel additions. There's not an obvious versioning strategy that would accommodate them.
I remarked that we do have spec versions (most of which are 1.0). Vittorio said that we should increase the version number when we have breaking changes.
Vittorio said that we signal that OPs support new features by adding metadata values. This fills the role of versioning.
Vittorio would like to better understand the message number suggestion.
- Log in to comment
OIDC4VP is built on the foundations of OIDC which does not have that capability. I think we should add this capability to OIDC first.