Re: [Anima] cBRSKI
Christian Amsüss <christian@amsuess.com> Sun, 30 April 2023 22:17 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63013C14CE40 for <anima@ietfa.amsl.com>; Sun, 30 Apr 2023 15:17:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ecR2WRlEQUpq for <anima@ietfa.amsl.com>; Sun, 30 Apr 2023 15:17:51 -0700 (PDT)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30C84C14CF09 for <anima@ietf.org>; Sun, 30 Apr 2023 15:17:48 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com ([IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by smtp.akis.at (8.17.1/8.17.1) with ESMTPS id 33UMHk7p063743 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 1 May 2023 00:17:46 +0200 (CEST) (envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd] claimed to be poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 763A81FBE0; Mon, 1 May 2023 00:17:45 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.lan [IPv6:2a02:b18:c13b:8010::d5b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 1817521FEA; Mon, 1 May 2023 00:17:45 +0200 (CEST)
Received: (nullmailer pid 22051 invoked by uid 1000); Sun, 30 Apr 2023 22:17:44 -0000
Date: Mon, 01 May 2023 00:17:44 +0200
From: Christian Amsüss <christian@amsuess.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: anima@ietf.org
Message-ID: <ZE7pCI1yiQ/200I+@hephaistos.amsuess.com>
References: <15797.1682880092@localhost>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="DnoAPTAIFBOEr12P"
Content-Disposition: inline
In-Reply-To: <15797.1682880092@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/166ea8ZEcFV9_ywTW79kACLeC9M>
Subject: Re: [Anima] cBRSKI
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Apr 2023 22:17:53 -0000
Hello Michael, thanks for the answers and the suggestion to move this onto the list. Follow-up questions: * On devices where the IDevID can be kept safe from owners, can't the device keep a log locally to the same effect as a MASA log on whether that device has been owned before? It'd appear that tamper-proofness would be the only difference to a logged voucher. (Then again, the MASA might also tamper). > > If an owner can take complete control over a device (like, switch over the > > firmware, as you can do with a PC or a device that contains GPL-3 > > software), would the issuer of such a new firmware also need to provision > > the device with a new IDevID? > > Maybe. Probably be a good idea. The MASA URL would be wrong in the existing > IDevID. RFC8995 provides for the Registrar to have the ability to override > that URL under operator control. That would apply to all devices from that > manufacturer, probably, so it's a big hammer. Replacing the IDevID would be > simpler. > > [...] An owner might be permitted to load whatever code they want, > and depending upon many concerns, that might include getting access to > the IDevID private key, if it is stored on an fTPM or not secured at > all. * If the device can do a full firmware replacement (including the bootloader), even if the IDevID's private key is kept in a secure element, the new firmware could be used to sign[^1] with the IDevID in some scenarios. I think it'd be prudent for such upgrades to remove that IDevID. As IDevIDs are supposed to be immutable (if I read 802.1AR correctly -- probably makes sense for the devices IEEE is considering): Is there a generalization of the IEEE identifiers that also makes sense for constrained but more general-purpose-oriented devices, for which the ANIMA products can still be used? [^1]: Or use the key in any other limited way. * Is there any document that describes (or has an example of) how ANIMA onboarding interacts with ACE's AS? My current -- maybe naive -- assumption is that a voucher in this countext would contain a pinned-domain-pubk which is the public key the AS will use to sign ACE tokens, and the est-domain would indicate the AS URI, but with the pinned-domain-pubk being described in TLS terms (whereas an ACE AS uses COSE keys), this may be skipping a step. BR c -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
- [Anima] cBRSKI Michael Richardson
- Re: [Anima] cBRSKI Christian Amsüss
- Re: [Anima] cBRSKI Michael Richardson
- [Anima] ANIMA and ACE, IDevID terminology (was: R… Christian Amsüss
- Re: [Anima] [Ace] ANIMA and ACE, IDevID terminolo… Benjamin Kaduk
- Re: [Anima] [Ace] ANIMA and ACE, IDevID terminolo… Christian Amsüss
- Re: [Anima] [Ace] ANIMA and ACE, IDevID terminolo… Michael Richardson
- Re: [Anima] [Ace] ANIMA and ACE, IDevID terminolo… Michael Richardson
- Re: [Anima] [Ace] ANIMA and ACE, IDevID terminolo… Russ Housley
- Re: [Anima] [Ace] ANIMA and ACE, IDevID terminolo… Michael Richardson