Re: [Anima] [anima-wg/constrained-voucher] Unclear how MASA obtains Domain CA cert for pinning, in case of COSE-signed Voucher Request (#49)

Esko Dijk <esko.dijk@iotconsultancy.nl> Thu, 13 February 2020 10:37 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E60B1200EC for <anima@ietfa.amsl.com>; Thu, 13 Feb 2020 02:37:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancynl.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YrtYdcF7mLon for <anima@ietfa.amsl.com>; Thu, 13 Feb 2020 02:37:33 -0800 (PST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02on0701.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe07::701]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E87171200E6 for <anima@ietf.org>; Thu, 13 Feb 2020 02:37:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JJCNK9WG08S4En7fycAp7OLQdbKg154HrIn2w79sJ7Ly7OFyjFLuVeLC4uRQGmUPm/6wzjgiWO9coFybkEcA1pHVVrMsGB3okH9VCDJhaxdP5Ly8Repdsqao293CEAAvepD7vQyUtK/gnt4iea7he5FsgTl8A4KSrPt6X56SM3/NGzZ8zt3PixjCPI19/aNDAuOtxr0hgnaHgy7IFBkstBcgLPOiNK1Osrsa1puTvzVefajTJnBQlGApBQKPIvK+YYj2Ku9+YH+Xns/TFpoY3PBwKACv3IVeKm9EWF69MzzKA7JZNThkPsPmKoD27IyuZXTXRw1Qf4sV9/WPTW2TGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sWSoZOg+AtoeFOALymMDX2Q3k0f9mPqhWgRbkyYAevo=; b=gGZV6Pm0ZBvx8f+I85w5JY+eBj8JBhuAE4rBHBPmx7FDfG4m1xOugTvcLh9LJh0JKicPiNqevUYBFWzhTEf6mVbBWevUN4juIPKzepQHOhFnYscT0xOGugTsOjvag/EeDFLRYgJ8iYbLsDl9FTp00ZDzFJQNqDdBP0xoy5mYJlMOFHMUxmBU9ixeqi4XJ2Ptyv7URFd75MtKja2/Bw2843tIdO22qozdIe3ZMVZ6A3+Dxc/hkMil8DjAUAYclhTjr1K7l/aozEzHc9wlg87DsUAmkGI2lMKA+Xe9oGI6wM7hs2baaX3NH9U342JZnGvB6G6XbD6HYYJRxQbQ8cMJwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancynl.onmicrosoft.com; s=selector2-iotconsultancynl-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sWSoZOg+AtoeFOALymMDX2Q3k0f9mPqhWgRbkyYAevo=; b=QMut8CnROmnToNB2DHv39y4oogJrHKVC8O5qgxVrSo30l2JSCrfvXJ9ThIDUnKt14mM8/qhLoTglN96KoGAj0Yx38Eiz9syAEX6v+jRFpHwejSF6dJ2Aa4PZP7B9IlzspEEjYgKa1+MLBeKC8N8kQ6vqZLoUSIGZvAwhHrAiih4=
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM (10.161.62.28) by AM5P190MB0321.EURP190.PROD.OUTLOOK.COM (10.161.92.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.25; Thu, 13 Feb 2020 10:37:29 +0000
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::287f:e6f2:a17:a59f]) by AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::287f:e6f2:a17:a59f%7]) with mapi id 15.20.2729.025; Thu, 13 Feb 2020 10:37:29 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Anima] [anima-wg/constrained-voucher] Unclear how MASA obtains Domain CA cert for pinning, in case of COSE-signed Voucher Request (#49)
Thread-Index: AQHV4DtfaEigTItIrkaa5Oarwn0J06gXrSSggAFDguA=
Date: Thu, 13 Feb 2020 10:37:29 +0000
Message-ID: <AM5P190MB02759A538ABE4DF66384BD3DFD1A0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
References: <anima-wg/constrained-voucher/issues/49@github.com> <1272.1581357351@dooku> <AM5P190MB0275721064288A258434F38FFD1B0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
In-Reply-To: <AM5P190MB0275721064288A258434F38FFD1B0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
Accept-Language: en-US, nl-NL
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=esko.dijk@iotconsultancy.nl;
x-originating-ip: [2001:1c02:3103:6d00:7120:9727:b8d4:802a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ff7c9b17-10fd-4f1f-54cf-08d7b070b9b5
x-ms-traffictypediagnostic: AM5P190MB0321:
x-microsoft-antispam-prvs: <AM5P190MB03214FBEDA852A17CF4F4FACFD1A0@AM5P190MB0321.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 031257FE13
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(346002)(39830400003)(396003)(376002)(366004)(199004)(189003)(316002)(33656002)(66556008)(66446008)(7696005)(64756008)(110136005)(76116006)(66476007)(71200400001)(2906002)(8936002)(66946007)(52536014)(55016002)(44832011)(9686003)(86362001)(81166006)(81156014)(8676002)(6506007)(53546011)(5660300002)(966005)(186003)(508600001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5P190MB0321; H:AM5P190MB0275.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: iotconsultancy.nl does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: v+D+zSvxwWF1gu4AvIneP60sROBA+p8nGKvxDz13bp4gwAFD03rr33t3v+Nz5PzWqRvUJFeNu1RPgsAoc6pgCYL0sCorrjj4WrgQlGVp3avd+Pio/JfUklW83pxJWs/iXa249FeeneM6iDSDAYLHD+S48/iT5t4AOmnDlJg6rHslJ44NOIX45w2gJ0aZeP8tUAC3dkjILgXLoPvxNFk6NWBHdDsGkV1YflFPyE0gUX9S6aebR83st6YG5qJ6Cfp5Pefssuk3ufc4wfukEizdDDZRDX9HGl6pSuDR7xy7+tTx3OsvtoQRIP1gJpVUa43gv8Jh3U6zmAeRUaNSUEcdi3AaNXxKtlf+JCBSY3DRFg3v3OEdUw1y1uorwGApciO9I6OGGqySB9PfDSkdqOHCMYH1woOqOgCPgE7lWrddzzzY0vexjevTHSweKGSnybkuKG/Aejde/DaFZUF35iKlMk6A25STCJMUiaSXQEprtilwalUXyu+YKyzwHV8uXFPWgX8kKlzIjPI+09hFq466IA==
x-ms-exchange-antispam-messagedata: +C6XIpSgAhF05cNNBBI3RZ9qivu9vAc6pA4/Za5pwiA3PUyymbbRXf3zxtJkB+XTeL9ORnHMQzF+iZgssk35O2RRSXEmmo9ZgiFp7//ODvtCqBuFRXRQDXdc4Xo275NznNRejEY+uMTtvY5kgD1rtcxOBvPwJdxeiXHHS3Yx8IDtGq4VVqE5VDPBWjBlongHAVXjMTTPXoHIQnLpqN9DBA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: ff7c9b17-10fd-4f1f-54cf-08d7b070b9b5
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2020 10:37:29.3189 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YbaVtV9loowBitA8xfrzZkJQnTrOU1eNVfMsEP3HjcZ56qMnHUAniGjMWf5XsKqZmmcVs4gidy297oS6qD0ZZ7I5V7eI5OqjdwaMAef2PEk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0321
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/u-kf28m9oR_oScEyqIs1pFPTv_c>
Subject: Re: [Anima] [anima-wg/constrained-voucher] Unclear how MASA obtains Domain CA cert for pinning, in case of COSE-signed Voucher Request (#49)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 10:37:37 -0000

PS, a small additional remark to my below email question:

> BRSKI-35 requires MASA to pin the Domain CA cert; why would the MASA not do this?  
> What the Pledge saw during the DTLS handshake is the cert chain Registrar-cert -> Domain-CA-cert
> (typically 2 certs long). At the moment the Pledge receives the Voucher pinning the Domain CA cert 
> it knows it can trust the Registrar, trust the DTLS session, trust the Domain, and trust any EST certificate 
> that is issued in the next step - the EST-created operational (domain) certificates are not signed by 
> Registrar but by the EST CA == Domain CA.  So having Domain CA as trust anchor to validate your own 
> new certificate, and possibly also other device's certs in the same Domain, makes sense.   

What the Pledge saw during the DTLS handshake could also have been the Registrar-cert only (so, a chain of 2 with the self-signed root CA omitted - 1 cert sent over the wire).
When the Pledge then receives the Voucher pinning the Domain CA cert it takes the Domain CA cert and uses it to validate the Registrar cert, the DTLS session etc.  So it also works when the Domain CA cert is not sent during the DTLS handshake, which can be configured by the Registrar DTLS server if it would send it or not. Chains with intermediate certs are also possible but for constrained devices defining a (low) cert chain limit is useful, hence my examples with chains of 2.

Esko

-----Original Message-----
From: Anima <anima-bounces@ietf.org> On Behalf Of Esko Dijk
Sent: Wednesday, February 12, 2020 17:56
To: Michael Richardson <mcr+ietf@sandelman.ca>; anima@ietf.org
Subject: Re: [Anima] [anima-wg/constrained-voucher] Unclear how MASA obtains Domain CA cert for pinning, in case of COSE-signed Voucher Request (#49)

Thanks,
meanwhile I read BRSKI-35 5.4 / 5.4.1 better and I am reconsidering my proposal. These sections state that the Registrar's client authentication towards MASA may differ depending on business-process and security choices; independent from the Domain (CA) authentication. In BRSKI the Domain CA is "extracted from the signature method" (5.5.2), so from the Registrar's signed CMS structure; not from identities exchanged in the TLS handshake between Registrar/MASA. This sounds like an intentional design choice of BRSKI we should stick to.

When the Registrar uses CMS-signing, all the information required by MASA is in there.  When the Registrar uses COSE_Sign1, there is not enough information -- only a KID identifying the keypair of the signer. But not a certificate or cert chain, so the MASA would miss this information and cannot pin anything. So am I right in concluding that the Registrar *must* use CMS-signing in case the Pledge has identified itself by certificate in the DTLS handshake? This fits with constrained-voucher-07 section 4: "The use of CMS signatures implies the use of PKIX format certificates" . Then it is also the other way around, the use of PKIX certificates (by the Pledge) implies the use of CMS signatures by the Registrar. The Pledge should still be able to sign with COSE_Sign1 I think because of the small-size benefit. It can simply use the private key of its IDevID-cert to sign.

> In the more constrained cases, the Registrar is identified by a Raw Public
> Key. [This works in DTLS and will work in LAKE by design]

Agree that in the most constrained cases the Registrar is identified towards the Pledge by an RPK; and vice versa Pledge identifies towards Registrar with its RPK. I assume the Registrar may still identify differently towards the MASA depending on business-process taking into account the 5.4 / 5.4.1 text above. E.g., using a full certificate chain, possibly PKIX, with a completely different identity than the RPK it used towards the Pledge. But if this assumption is not right please let me know. 

> In the more constrained cases, the Registrar is identified by a Raw Public
> Key. [This works in DTLS and will work in LAKE by design]
> This is what should be pinned by the MASA, because that's what the pledge saw.

Agree for this case; the only thing that can sensibly be pinned is the Registrar's RPK. Question: Is it the intention of constrained-voucher-07 that the Registrar always uses COSE_Sign1 signed Voucher Request to MASA, in case the Pledge identified itself with RPK during the DTLS handshake? (Hinted at in constrained-voucher-07 section 4. But not fully clear.)

> If you are using a certificate chain for the Registrar end point, the MASA
> does not have to pin the Domain CA, it can instead pin the Registrar
> certificate, since again, that's what the pledge saw (and signed).

BRSKI-35 requires MASA to pin the Domain CA cert; why would the MASA not do this?  What the Pledge saw during the DTLS handshake is the cert chain Registrar-cert -> Domain-CA-cert (typically 2 certs long). At the moment the Pledge receives the Voucher pinning the Domain CA cert it knows it can trust the Registrar, trust the DTLS session, trust the Domain, and trust any EST certificate that is issued in the next step - the EST-created operational (domain) certificates are not signed by Registrar but by the EST CA == Domain CA.  So having Domain CA as trust anchor to validate your own new certificate, and possibly also other device's certs in the same Domain, makes sense.   

> If you want us to define a way to pin the domain CA, then I think that right
> answer is to pass that entire chain along to the Pledge in the BRSKI-EST
> channel in the DTLS header, and have the pledge sign that entire object.
> This wouldn't be very constrained, so I am not sure why one would do this
> rather than using TLS in that case.

I think this way to pin the Domain CA is already specified in BRSKI-35 and passes on quite naturally into constrained-BRSKI, and as long as the Registrar uses CMS signing in its Voucher Request towards MASA the initial problem statement is not so relevant. 
And it does not take a huge amount of resources (network/memory/code/time) on a Pledge.  The cert chains can be kept to a minimum (i.e. chain of 2). Of course working with certificates is always more resource-demanding than RPKs-only!

Best regards
Esko

IoTconsultancy.nl  |  Email/Skype: esko.dijk@iotconsultancy.nl 

-----Original Message-----
From: Anima <anima-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Monday, February 10, 2020 18:56
To: anima@ietf.org
Subject: Re: [Anima] [anima-wg/constrained-voucher] Unclear how MASA obtains Domain CA cert for pinning, in case of COSE-signed Voucher Request (#49)

In https://github.com/anima-wg/constrained-voucher/issues/49, Esko Dijk asks:

> In BRSKI (5.5.2  MASA pinning of registrar) it is clear how the MASA can
> get the complete cert chain of the Registrar from the CMS signature
> structure. The Registrar's Domain CA cert is included in there and is used
> as the pinned domain cert in the Voucher.  However, when we now use
> COSE-signed Voucher Request by the Registrar, the Registrar's Domain CA
> cert is not included in the COSE-sign structure so the MASA cannot
> "extract" it per BRSKI 5.5.2.

> It would be good to make more explicit how the MASA should extract the
> Registrar's Domain CA cert in this case (Note: the Domain CA could be the
> Registrar itself but not necessarily.)  The obvious candidate is to get it
> from the DTLS or TLS handshake that Registrar performs with MASA. This is
> already hinted at in the text in section 6.1.3 / 6.2.3 inside the YANG
> module description "... it is wasteful ... " but that is not quite
> clear. When Registrar is using COSE signing the MASA *has* to get the
> certificate from the handshake if the MASA wants to pin the entire
> certificate in the Voucher, there seems to be no other option. Section
> 6.3.2 now mentions "out of band" distribution but that's not very clever if
> you want automated bootstrapping - it needs to go all in-protocol /
> in-band.

> It should be noted also that this modifies the BRSKI requirement section
> 5.5.2 on how the pinned Domain CA cert is obtained.

In the more constrained cases, the Registrar is identified by a Raw Public
Key. [This works in DTLS and will work in LAKE by design]
This is what should be pinned by the MASA, because that's what the pledge saw.

If you are using a certificate chain for the Registrar end point, the MASA
does not have to pin the Domain CA, it can instead pin the Registrar
certificate, since again, that's what the pledge saw (and signed).

If you want us to define a way to pin the domain CA, then I think that right
answer is to pass that entire chain along to the Pledge in the BRSKI-EST
channel in the DTLS header, and have the pledge sign that entire object.
This wouldn't be very constrained, so I am not sure why one would do this
rather than using TLS in that case.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima