IETF Logo Mail Archive

Re: [Ace] EST over CoAP: Randomness

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Wed, 15 May 2019 16:46 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2833120105 for <ace@ietfa.amsl.com>; Wed, 15 May 2019 09:46:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Vo5mb9eR; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=vm/fsEEa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2X6YrLnEEA8 for <ace@ietfa.amsl.com>; Wed, 15 May 2019 09:46:39 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31079120090 for <ace@ietf.org>; Wed, 15 May 2019 09:46:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=30684; q=dns/txt; s=iport; t=1557938799; x=1559148399; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=igqotUYhp3T5r3ujLzQfU68uqIQF9BTt8QbpCwSDu2w=; b=Vo5mb9eRnPlypSmydaXsOVBZLXxlfO40hZYE8CYekLo6rhcTPsuv6U6h 3f+780mOb8dCszzpHwfz1+JnuD+vVtXd0lHhJkB+4s1SRopoF+PfXQJrc nEwDGaHbKMJ6Pktcl3UNZDcm5X/46mbLz7RYhoRtKexLZXigCeipvs8px Y=;
IronPort-PHdr: 9a23:Q/rZ/h9xSZ1uWP9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVdaGAEjjJfjjRyc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BPAQCKQdxc/51dJa1bCRwBAQEEAQEHBAEBgVQEAQELAYEOLyknA2lVIAQLKAqEB4NHA45ySoINlyWBQoEQA1QJAQEBDAEBIwoCAQGEQAIXghQjNwYOAQMBAQQBAQIBBG0cDIVKAQEBBBIRChMBAS4KDwIBCBEEAQEhBwMCAgIwFAkIAgQBEggagwGBHU0DHQEOoSwCgTWIX3GBL4J5AQEFgTYCg0sYgg8DBoEzAYowgR4XgUA/JmtGgkw+gmEBAQIBgSsBCAoBCRgMCRYJAoJSMoImiwkIAoJNhFOIEIw1ZQkCggmGIYN4hCSEPIIULoYejQ6MNIZYjjICBAIEBQIOAQEFgWUiZnFwFYMngRd4gSQBAoJIhRSFP3KBKY0DgSIBgSABAQ
X-IronPort-AV: E=Sophos;i="5.60,473,1549929600"; d="scan'208,217";a="560146565"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 May 2019 16:46:37 +0000
Received: from XCH-ALN-016.cisco.com (xch-aln-016.cisco.com [173.36.7.26]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x4FGkbP5014576 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 15 May 2019 16:46:37 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-016.cisco.com (173.36.7.26) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 May 2019 11:46:36 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 May 2019 11:46:35 -0500
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 15 May 2019 11:46:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=igqotUYhp3T5r3ujLzQfU68uqIQF9BTt8QbpCwSDu2w=; b=vm/fsEEado9gR6NdRW64H8lrW90BkCrYNfFcaN/bhFeC/nuYhl3JcuqUKmfaP6Q7URpCtNiimQSB5CYv7OBd16qQivqKMbGFp8PoMP7ecO+rLH1WUs69bxw1cB9YBWeixEbQmeNTnVqaFIM3KtYWjfE5sjKtwgWOuXWNSFaFosM=
Received: from MWHPR11MB1838.namprd11.prod.outlook.com (10.175.53.141) by MWHPR11MB1743.namprd11.prod.outlook.com (10.175.52.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.16; Wed, 15 May 2019 16:46:34 +0000
Received: from MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::4964:5495:9121:8f12]) by MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::4964:5495:9121:8f12%7]) with mapi id 15.20.1900.010; Wed, 15 May 2019 16:46:34 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Esko Dijk <esko.dijk@iotconsultancy.nl>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] EST over CoAP: Randomness
Thread-Index: AdUGcOnxX76zbRm2S2qe/nEWIh3V6AAamrQAAAw3WYAACv9EMAAPxWTgACLZPZAAoLfO4AABXdqQACx6ioA=
Date: Wed, 15 May 2019 16:46:34 +0000
Message-ID: <MWHPR11MB18381E4C7F7D6F95233B57D5C9090@MWHPR11MB1838.namprd11.prod.outlook.com>
References: <DBBPR08MB45393CDF71E7DB02F6C6938CFA330@DBBPR08MB4539.eurprd08.prod.outlook.com> <MWHPR11MB18386309CD27A19485A6B204C90C0@MWHPR11MB1838.namprd11.prod.outlook.com> <DBBPR08MB4539CB2F66FB6DB66E30776FFA0C0@DBBPR08MB4539.eurprd08.prod.outlook.com> <MWHPR11MB18389FB713EB9DEDDC75BA99C90C0@MWHPR11MB1838.namprd11.prod.outlook.com> <DB6P190MB0054CCBC63956CBDFF8E0F37FD0C0@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM> <DBBPR08MB45396D216551692BCE594780FA080@DBBPR08MB4539.eurprd08.prod.outlook.com> <DB6P190MB0054FE4F99040ACB0CEF267DFD080@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM> <DBBPR08MB45392D26EC53653EF833437FFA080@DBBPR08MB4539.eurprd08.prod.outlook.com>
In-Reply-To: <DBBPR08MB45392D26EC53653EF833437FFA080@DBBPR08MB4539.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [173.38.117.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ce6f7015-9c6a-4915-97dc-08d6d954e3d2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:MWHPR11MB1743;
x-ms-traffictypediagnostic: MWHPR11MB1743:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <MWHPR11MB1743AF5F115FAEE65400F1B1C9090@MWHPR11MB1743.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0038DE95A2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(39860400002)(136003)(396003)(366004)(15404003)(189003)(199004)(40434004)(76176011)(486006)(7696005)(236005)(316002)(25786009)(446003)(5024004)(14444005)(102836004)(476003)(33656002)(54896002)(8936002)(256004)(11346002)(7736002)(6306002)(66066001)(81156014)(81166006)(8676002)(71190400001)(110136005)(71200400001)(26005)(6506007)(53546011)(790700001)(186003)(76116006)(73956011)(478600001)(55016002)(53936002)(86362001)(14454004)(6436002)(229853002)(5660300002)(2501003)(2906002)(52536014)(99286004)(9686003)(6116002)(3846002)(68736007)(6246003)(606006)(66556008)(66446008)(64756008)(66476007)(74316002)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1743; H:MWHPR11MB1838.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: VvAS6pBka611eTDEGADmAe4CWcFEWk7T98pB1O0Qnmo717BP3Vtd1VXT291D0Si2pIEfXcDXM82sJnKB6/3dQBMQwOHMRmDkFsParui/+fBA+0WOSnBSXq/WL8GOR59dg2Ir5TU2Q4RWEPoNTeWDSi4I+Gr5Beezd2iXHY7fgbrIUdHuOxH06LSIkUOP7mfba/x+W471JoyVECJeLyU1XLpBBMFXYSeK6kJtEj5nKoqXtIRJd9EUsSc3DtwsJmGH/hDC+hzD0H3d8YzUfOy3vmMJoPwIl5XvnbjK/w3BZ8owr9YY7qja3g090izNZIBrvVykTktvoBh6VQ7rArRSbOBekKz3xYbJLX1v56IZSnQGLbzzCOfFbS/mtTXJRKXzWYEQLLvODqaZzRXGv3ucOtv2YJOcjH9djZi0qkQZn1I=
Content-Type: multipart/alternative; boundary="_000_MWHPR11MB18381E4C7F7D6F95233B57D5C9090MWHPR11MB1838namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ce6f7015-9c6a-4915-97dc-08d6d954e3d2
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2019 16:46:34.0552 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1743
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.26, xch-aln-016.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/9QPBHppdVkXHbhGtOvUoeP8xLrI>
Subject: Re: [Ace] EST over CoAP: Randomness
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 16:46:43 -0000

Agreed Hannes and Esko.

For completeness, here is how the updated text looks like. It should cover what we discussed in this thread.

~~~~~~~~~
5.8. Server-side Key Generation

In scenarios where it is desirable that the server generates the private key, server-side key generation should be used. Such scenarios could be when it is considered more secure to generate at the server the long-lived random private key that identifies the client, or when the resources spent to generate a random private key at the client are considered scarce, or when the security policy requires that the certificate public and corresponding private key are centrally generated and controlled. Of course, that does not eliminate the need for proper random numbers for various protocols like (D)TLS (Section 10.1).
[ … ]

10.1. EST server considerations
[ … ]
Modern security protocols require random numbers to be available during the protocol run, for example for nonces, ephemeral EC Diffie-Hellman key generation. This capability to generate random numbers is also needed when the constrained device generates the private key (that corresponds to the public key enrolled in the CSR). When server-side key generation is used, the constrained device depends on the server to generate the private key randomly, but it still needs locally generated random numbers for use in security protocols, as explained in Section 12 of [RFC7925]. Additionally, the transport of keys generated at the server is inherently risky. Analysis SHOULD be done to establish whether server-side key generation enhances or decreases the probability of identity stealing.

It is important to note that sources contributing to the randomness pool used to generate random numbers on laptops or desktop PCs are not available on many constrained devices, such as mouse movement, timing of keystrokes, air turbulence on the movement of hard drive heads, as pointed out in [PsQs]. Other sources have to be used or dedicated hardware has to be added. Selecting hardware for an IoT device that is capable of producing high-quality random numbers is therefore important.
[ … ]
~~~~~~~~~

I am planning to reupload by the end of the week.

Rgs,
Panos


From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Sent: Tuesday, May 14, 2019 3:28 PM
To: Esko Dijk <esko.dijk@iotconsultancy.nl>; Panos Kampanakis (pkampana) <pkampana@cisco.com>; ace@ietf.org
Subject: RE: [Ace] EST over CoAP: Randomness

Esko,

your line of thought makes sense to me. I leave it to Panos to enhance the text.

Ciao
Hannes

From: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Sent: Dienstag, 14. Mai 2019 11:57
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>; Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>>; ace@ietf.org<mailto:ace@ietf.org>
Subject: RE: [Ace] EST over CoAP: Randomness

Hi Hannes,

Agree. The draft is already referencing RFC 7925, so it could additionally reference Section 12 (https://tools.ietf.org/html/rfc7925#section-12) which explains that randomness is also needed for all DTLS handshakes. What I mention about “being able to trust the randomness level” is then maybe a more psychological requirement rather than technical. A powerful server with RTC just sounds more capable to do private key generation than an IoT device, which is why server-side keygen may be preferred ;)

Esko

From: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Sent: Tuesday, May 14, 2019 18:46
To: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>; Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>>; ace@ietf.org<mailto:ace@ietf.org>
Subject: RE: [Ace] EST over CoAP: Randomness

Hi Esko,

good to hear from you.


  *   Another reason for server-side keygen can be that an IT department/manager wants it that way. There could be a policy that the keypairs for all domain certificates must be created by the systems under direct control of the IT department. (E.g. to comply with other policies or to be able to trust the randomness level. Or just because that was the way it always has been when PCs were provisioned with certificates.)  This could be listed as an additional reason.

For readers interested in making informed decisions I believe it is worthwhile to point out that they need random number generation capabilities on IoT devices – not just for the private key generation in context of the EST exchange. I fear that some people, including IT managers, just glance over the details and focus on isolated aspects. I am sure you agree with me that this would be a too simplistic view.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email