Timing attack on refresh/re-issuance

Question

Timing attack on refresh/re-issuance

martinthomson opened this issue a year ago · 2 comments

If an origin requests a token and enables refresh, then - when there are no tokens available from that issuer - this will leak information to the issuer. These requests are rate-limited to two every 48 hours, but this is not an effective protection. Time-based correlation creates a high entropy signal that can be used to pass a signal from the origin to the issuer.

Answer 1 · 2023-04-12T16:36:59.000Z

Can you clarify what enables the correlation here? If a site redeems a token and there aren't any, that origin will learn that there isn't a token/redemption record available, but the issuer won't learn anything unless the origin sends a separate out-of-band request to the issuer to note that the client is out of tokens, and the issuer doesn't learn anything about the client's issuance context (they only learn whatever information is available on the site redeeming tokens).

Answer 2 · 2023-04-12T23:46:05.000Z

This is probably my mistake. My interpretation of the algorithm was that the token refresh policy of "refresh" involved a fetch, but it doesn't seem to.