IETF Logo Mail Archive

Re: [Anima] IDevID and TPM devices and draft-richardson-anima-masa-considerations-02

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 10 March 2020 20:31 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E8B13A0CBC for <anima@ietfa.amsl.com>; Tue, 10 Mar 2020 13:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uW04nxcWwQ00 for <anima@ietfa.amsl.com>; Tue, 10 Mar 2020 13:31:08 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D8903A0CB4 for <anima@ietf.org>; Tue, 10 Mar 2020 13:31:07 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id D27BD38985; Tue, 10 Mar 2020 16:29:50 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0C7D3825; Tue, 10 Mar 2020 16:31:03 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Laurence Lundblade <lgl@island-resort.com>
cc: anima@ietf.org
In-Reply-To: <242E6E9A-2A6B-4C77-850B-1A69814792F4@island-resort.com>
References: <10130.1583246743@localhost> <18696.1583274800@localhost> <5412.1583703075@localhost> <242E6E9A-2A6B-4C77-850B-1A69814792F4@island-resort.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 10 Mar 2020 16:31:03 -0400
Message-ID: <30797.1583872263@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/Xu4QcHpQ5kH2b4hOUY1OeEJVSJw>
Subject: Re: [Anima] IDevID and TPM devices and draft-richardson-anima-masa-considerations-02
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 20:31:22 -0000

Laurence Lundblade <lgl@island-resort.com> wrote:
    > I assume you are referring to slide titled "ECDSA key setup based on
    > 256-bit secret seed”, the first of the three.

Yes, I want to discuss that, as well as the other two slides.

    > I think it is possible to have this partly done by the chip vendor and
    > partly by the board vendor, but that’s not what I’d envision. It seems
    > more complex and a lot less secure because of the transfer of the
    > millions of secret keys from the chip vendor to the board vendor. I
    > think there are business reasons too. I don’t know that chip vendors
    > would share the private keys like this.

Then, what's the point of your slide?
Are CHIP vendors going to run a database of IDevID certificates for each of
their OEMs?  How will they know what serial numbers and what extensions to
put into the certificates?

    > In such a document as this, I’d just describe it as if the board vendor
    > did it all, or the chip vendor did it all to be simpler.

I don't really want to simplify the process, I want to point to real
instances of the process being used by real people.

    > Note that some chips have extra fuses that the board vendor can use to
    > put keys into. Or, they might just put the keys in a TEE app. That will
    > be secure enough for many use cases. The TEE app has to use the key
    > anyway to signing tokens or such.

That still seems to skip a major step: how does the OEM get the TEE app
loaded?   If this can only be done by $1B/year OEMs, then we are doomed.

    > With ECDSA you don’t use a PRNG. The secret seed is just the point on
    > the curve that is the private key. There is no computation.

That's not the case.
The point on the curve is a secret, and it needs to be a random point.
To say that there is no computation is inaccurate:  true, with RSA you have to
test if the key is prime, but once you have it, you have it.
Making it (an RSA private key) deterministically found from a secret seed
takes a bit of care to get all the tests in the right order, etc. but it can
be done.

    > I doubt any of this works for a TPM and you probably don’t even want to
    > to it because a TPM already has an attestation key. That’s part of what
    > you pay so much for.

I thought the TPM had an attestation key, but none of them that I have
purchased seem to.   The OEM has to configure/generate them.  It is this
process that I care about, because the IDevID also needs to be built at that
point.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email