IETF Logo Mail Archive

Re: [Anima] RFC 8995, Voucher Signing, MASA Certificate Chain provisioning

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 16 March 2024 00:35 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98ED4C14F6A5 for <anima@ietfa.amsl.com>; Fri, 15 Mar 2024 17:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WeWt66K5BGma for <anima@ietfa.amsl.com>; Fri, 15 Mar 2024 17:35:13 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10359C14F6A9 for <anima@ietf.org>; Fri, 15 Mar 2024 17:35:12 -0700 (PDT)
Received: from dyas.sandelman.ca (unknown [IPv6:2001:67c:370:128:87bc:eabe:dcde:5644]) by relay.sandelman.ca (Postfix) with ESMTPS id 943BB1F449; Sat, 16 Mar 2024 00:35:10 +0000 (UTC)
Authentication-Results: relay.sandelman.ca; dkim=pass (2048-bit key; secure) header.d=sandelman.ca header.i=@sandelman.ca header.b="h3oNznQI"; dkim-atps=neutral
Received: by dyas.sandelman.ca (Postfix, from userid 1000) id 08E69A17B9; Sat, 16 Mar 2024 10:35:05 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sandelman.ca; s=dyas; t=1710549305; bh=r85ucl8cyIH1GlFB6z2XXFAEh2VVglJgfMD4L4nlU8U=; h=From:To:Subject:In-reply-to:References:Date:From; b=h3oNznQIdfqzUH9qKLwwatB/XbdpVaoAQH0lHP8hjmvAsOBmCLa/2m2KILhkgfycv wII3pL75aotyyn0dFod5VUx7rvEs6a8ihBHqB2XS3O1htFyHdCMvtYYdH7bAN4SRZb LjSVI9m/bXye4TuINcOqYu/nR+pywW2UXtR+pPXZPvO8G9DF0yB82sgx/uEWMd5Voh UQ4Zq9ORKvyTnrI033NOvEL0zzMQ1A+ZaJn5vFUZgXGJGwvlXFQ6Tg16y3I+9RSQmL ry5uWDOkQrUikOY8xLeu5BpC41PAhYwGDRfJWKkJs+sMlZwDtkCMS1yueHoHuDjTCK C6tVrcVVf1I8A==
Received: from dyas (localhost [127.0.0.1]) by dyas.sandelman.ca (Postfix) with ESMTP id 069FDA0A82; Sat, 16 Mar 2024 10:35:05 +1000 (AEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>, "Fries, Steffen" <steffen.fries=40siemens.com@dmarc.ietf.org>, "anima@ietf.org" <anima@ietf.org>
In-reply-to: <DU0P190MB197821318310FEF4AAEA6633FD272@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <DB9PR10MB6354C2A6F6C4D5B3E0CA5C8CF3212@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM> <DU0P190MB197821318310FEF4AAEA6633FD272@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Comments: In-reply-to Esko Dijk <esko.dijk@iotconsultancy.nl> message dated "Fri, 08 Mar 2024 11:40:49 +0000."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 16 Mar 2024 10:35:05 +1000
Message-ID: <19897.1710549305@dyas>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/_zQj5ZZuGRjbBMWFIsIMBXDghPc>
Subject: Re: [Anima] RFC 8995, Voucher Signing, MASA Certificate Chain provisioning
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2024 00:35:17 -0000

Esko Dijk <esko.dijk@iotconsultancy.nl> wrote:
    > The requirement for the Pledge in RFC 8995 is (5.6.1): The pledge MUST
    > verify the voucher signature using the manufacturer-installed trust
    > anchor(s) associated with the manufacturer's MASA

    > This leaves quite some vendor flexibility I think on how exactly to
    > verify: against 1 public key, against multiple public keys, against a
    > chain baked into the device, against a single root CA cert, against a
    > single root CA cert taken from the chain baked into the device, etc
    > etc.

Thank you for expounding on the variations.
We have the advantage that pledges are controlled by manufacturers and they
can decide how simple or complex they want to make their process.

The gotcha is registrars that want to verify the resulting voucher.
It's not entirely required by RFC8995, but maybe enouraged.
So I'd love to collect more of this kind of consideration in the
masa-considerations or the registrar-considerations.

    >> I would propose to also allow the submission of the certificate chain
    >> of the MASA signing certificate in the SignedData part of the CMS
    >> container of the voucher.

    > I expect this is already allowed by RFC 8995, given the text in 11.6:

Yes, it's not just allowed, but I would say, encouraged.
The question is how do we do it on a constrained voucher.
The cbrski document says some things already about this.

    > There are good cryptographic hygiene reasons why a manufacturer would
    > not want to maintain access to a private key for many decades. A
    > manufacturer in that situation can leverage a long-term CA anchor,
    > built-in to the pledge, and then a certificate chain may be
    > incorporated using the normal CMS certificate set. This may increase
    > the size of the voucher artifacts, but that is not a significant issue
    > in non-constrained
    > environments.¶<https://datatracker.ietf.org/doc/html/rfc8995#section-11.6-3>
    > So this effectively says a vendor may want to not use the "simplest
    > solution" for security reasons, and include a cert chain of the signer.

I think that we have not done enough interoperability testing lately.
Particularly between Registrar and MASA.
I'd like to change this, and I'm thinking that the Paris hackathon might be a
good target date.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email