SPIFFE JWT token security when talking to public Fulcio directly about fulcio HOT 8 CLOSED

How would the x509 SVIDs work here? I get the concern with replay attacks, but I think that's partially mitigated by using a custom audience field and the short expiration time.

from fulcio.

See here for the audience field: https://github.com/spiffe/spiffe/blob/main/standards/JWT-SVID.md#32-audience

from fulcio.

Audience would work but only if you get a fulcio-specific token which I think is not how SPIFFE works. I think it issues SVID documents (JWT/X509) periodically to the workload/VM/... but not on demand scoped to some specific use case. So, you get a SVID that's scoped to all the systems you need to access. Please correct me if that's wrong, I'm not fully sure.

X509 SVIDs act as mutual TLS auth certs where the fulcio service would look at the cert instead of a token. Since you can't re-use a TLS session against another service it's safer than a token.

from fulcio.

Audience would work but only if you get a fulcio-specific token which I think is not how SPIFFE works. I think it issues SVID documents (JWT/X509) periodically to the workload/VM/... but not on demand scoped to some specific use case

I don't think that's correct. See here for how to pass in an audience to the workloadAPI FetchJWTSVID call:
https://pkg.go.dev/github.com/spiffe/go-spiffe/v2/workloadapi#FetchJWTSVID

from fulcio.

You're right, makes sense. In that case it's "just" the replayability. If fulcio accepts TLS connections directly (not via an L7 load balancer) then it shouldn't be too hard to switch to X509 SVIDs.

from fulcio.

We currently terminate ssl at the load balancer level.

What's the exact threat model? The requests are over TLS so I'm not sure I understand the MITM concern for stealing a SVID.

We could always work around replay concerns some other way with an in memory cache or a 1-1 relationship between SVIDs and issued certificates.

from fulcio.

The attack could be done by someone with access to the platforms where the load balancer or Fulcio is running. So either an inside attack or an outside hack. But given that monitors/auditors currently can't validate Fulcio's honest operation (Fulcio has to be trusted to only issue certs if an authentication took place, see also #80), fixing this particular replay problem wouldn't help much anyway. I'm happy to close this particular SPIFFE issue as solving it doesn't improve general security by much I think.

from fulcio.

Thanks - I think you're correct overall, and this is eventually the role of the CT log Fulcio issues certs to. All Fulcio behavior should be auditable using these logs, so any misbehavior could be detected.

Combined with the Rekor log, you can actually trace any Fulcio misbehavior all the way from a mis-issued certificate to the artifacts that were signed, allowing for very fine-grained revocation.

from fulcio.