[Anima] BRSKI-AE#5 Trust relation between pledge(-callee) and registrar-agent

"Fries, Steffen" <steffen.fries@siemens.com> Fri, 12 March 2021 12:14 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 074523A19C6 for <anima@ietfa.amsl.com>; Fri, 12 Mar 2021 04:14:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id TmnVhZSoo36o for <anima@ietfa.amsl.com>; Fri, 12 Mar 2021 04:14:23 -0800 (PST)
Received: from gw-eagle2.siemens.com (gw-eagle2.siemens.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED8683A19C5 for <anima@ietf.org>; Fri, 12 Mar 2021 04:14:22 -0800 (PST)
Received: from mail1.dc4ca.siemens.de (mail1.dc4ca.siemens.de []) by gw-eagle2.siemens.com (Postfix) with ESMTPS id 4FA01468007 for <anima@ietf.org>; Fri, 12 Mar 2021 13:14:19 +0100 (CET)
Received: from DEMCHDC8A2A.ad011.siemens.net (demchdc8a2a.ad011.siemens.net []) by mail1.dc4ca.siemens.de (Postfix) with ESMTPS id 5130E18EC6C3E for <anima@ietf.org>; Fri, 12 Mar 2021 13:14:19 +0100 (CET)
Received: from DEMCHDC89YA.ad011.siemens.net ( by DEMCHDC8A2A.ad011.siemens.net ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 12 Mar 2021 13:14:19 +0100
Received: from DEMCHDC89YA.ad011.siemens.net ([]) by DEMCHDC89YA.ad011.siemens.net ([]) with mapi id 15.01.2176.009; Fri, 12 Mar 2021 13:14:19 +0100
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "anima@ietf.org" <anima@ietf.org>
Thread-Topic: BRSKI-AE#5 Trust relation between pledge(-callee) and registrar-agent
Thread-Index: AdcXOLIKD44XFHveQnWMod6YJ81xkQ==
Date: Fri, 12 Mar 2021 12:14:19 +0000
Message-ID: <4c3ad3f4b4154562bfb4118aa7808175@siemens.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-03-12T12:14:17Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=51c308d8-b442-4ca6-b0c2-9e35d76bb607; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
x-originating-ip: []
x-tm-snts-smtp: F14EA1676B0A70BF31AD0A388214B58EC7E19506689A57A226B23469159E76C22000:8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/zWqkwcZUcbmr5chf8lYs_NdPerE>
Subject: [Anima] BRSKI-AE#5 Trust relation between pledge(-callee) and registrar-agent
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 12:14:25 -0000


based on the discussion during the ANIMA session this week, we would like to discuss some open issues related to BRSKI-AE. 
They are also available under https://github.com/anima-wg/anima-brski-async-enroll/issues

Issue #5: Trust relation between pledge(-callee) and registrar-agent  (use case 2 in the draft)
The approach in draft -01 describes the trust between the pledge(-callee) and registrar-agent relation based on a PSK, which is used in a TLS connection establishment as kind of proximity assertion. The PSK may be provided using a QR code on the pledge(-callee). Intention was to address potential DoS attacks on the pledge.
After further discussion, the actual target for a potential DoS is most likely the registrar and not the pledge(-callee). The pledge is also assumed to be not in operation and providing services at this point in time.

As discussed in the ANIMA WG meeting, it is proposed now to use plain HTTP for communication between pledge(-callee) and registrar-agent. The registrar-agent can also provide data to the pledge(-callee) to be included in the pledge voucher-request, this can be verified by the registrar and by the MASA. The provided data relates to the registrar certificate, which may be included in the pledge voucher-request as new leaf "agent-provided-registrar-certificate".

The registrar-agent supplies the pledge voucher-request to the registrar. The registrar performs acceptance checks for pledge bootstrapping in its domain based on IDevID and maybe additional pledge voucher-request payload data as in BRSKI.
After registrar and MASA performed the verification of the voucher-request successfully, MASA creates a voucher to be returned to the pledge. If the pledge voucher-request contained a registrar certificate marked as "agent-provided-registrar-certificate", existing voucher assertions "verified" or "logged" could be used, but not "proximity".
May be a more direct indication of agent proximity would be to define a new assertion like "agent-proximity".

Any thoughts on the approach?

Best regards

Steffen Fries
Siemens AG

Steffen Fries
Siemens AG
Otto-Hahn-Ring 6
81739 Muenchen, Germany 
Tel.: +49 89 780-522928
Fax: +49 89 636-48000

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive Officer; Klaus Helmrich, Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322