Re: [CFRG] pq firmware signing question
"Dr. Pala" <director@openca.org> Sun, 17 March 2024 22:17 UTC
Return-Path: <director@openca.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDF2C14F60D for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 15:17:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r5S1cpaeFdFI for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 15:17:01 -0700 (PDT)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id EE99EC14F5F4 for <cfrg@irtf.org>; Sun, 17 Mar 2024 15:17:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 8AA58601 for <cfrg@irtf.org>; Sun, 17 Mar 2024 18:16:57 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.katezarealty.com 8AA58601
X-Virus-Scanned: amavisd-new at localhost
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLYXWJ4WX1LP for <cfrg@irtf.org>; Sun, 17 Mar 2024 18:16:56 -0400 (EDT)
Received: from [192.168.1.64] (c-76-25-82-103.hsd1.co.comcast.net [76.25.82.103]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id E801B535 for <cfrg@irtf.org>; Sun, 17 Mar 2024 18:16:55 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.katezarealty.com E801B535
Content-Type: multipart/alternative; boundary="------------M9hQWVmZ9dtvojHnA808ak0M"
Message-ID: <43914419-e8e9-408f-ba08-2e9226ae086f@openca.org>
Date: Sun, 17 Mar 2024 16:16:59 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: cfrg@irtf.org
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie>
Content-Language: en-US
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
In-Reply-To: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/VCqyOqJ1bYTipwNUJaYzsItgYuw>
Subject: Re: [CFRG] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 22:17:05 -0000
Dear Stephen, All,
I totally understand your initial point of view, however, in practice, I
think you might be underestimating a key point.
The root of trust is usually burned into hardware to prevent being able
to replace it, even over a long period of time. Think about many
different types of devices, TPMs included.
Because in many environments device credentials are very long lived, it
is very conceivable we might need to be a bit more cautious about the
consequences of bad planning than software-based environments. Although
technologies like TEEs are gaining traction, their use is still not
wide-spread not very easy to use/implement.
Ultimately, I think that */it all depends on what is the level of risk
you are willing to take and what are the consequences of having devices
in the future that might become de-facto "freely upgrade-able"/* because
of issues with the cryptography.
It is also important to consider your market. For example, if you work
with governments and/or public administrations, you should also consider
the implications of your choices and possible policy changes and impact.
Same applies if you are on the other side of the fence: the technology
decisions will deeply affect your organization(s), your citizens, and
your users/customers.
In summary, I think that:
* Many */Early Adopters want to be able to use combinations of
algorithms during the transitioning/*, whenever possible, to lower
risks associated with new crypto deployments. This is clearly stated
at every single quantum-related conferences, events, and papers.
Just take a look at the post-quantum workshop at MWC in Barcelona.
* Although we always say "plan for crypto-agility", the r*/eal-world
practice imposes a lot of limitations that might not make it
possible to field-upgrade/* your credentials and/or the root of trust.
* Hybrid technologies can help organizations leveraging the new
algorithms, while keeping their FIPS certifications (if needed) and
*/not having to update/modify standard (or legacy) protocols/* for
the optimized version with respect of the new cryptography.
As we discussed many times in LAMPS and other venues, I think that the
availability of standardized tools to ease migration from
quantum-vulnerable cryptography, */especially while we are figuring out
how to upgrade all our security protocols/*, can be really valuable for
early adopters such as the Financial sector, the Healthcare industry,
and Governmental Organizations.
*/The last consideration I want to add here is about legacy protocols./*
As many of us understand, the world is not perfect and we need to
address many corner cases. I expect that the /world-wide community will
do a great job upgrading the "latest and greatest" versions of the
protocols... but there are many instances where this will NOT be the
case/ and organizations will be left with very costly upgrades... maybe
having some tools to address these real-world use-cases could help
everybody and lower the cost of migration.
Whichever risk profile for your organization and your environments might
be, you might need different deployment strategies that can be updated
over time. Hybrids (whichever version) can help you getting there in a
cost-effective way.
Kind Regards,
Massimiliano
On 3/17/2024 3:41 PM, Stephen Farrell wrote:
>
> Hiya,
>
> A number of people have asserted that firmware signing implies
> distributing a public value now, (or soon) on which they may
> still have to rely after a CRQC might exist. The implication being
> that we should start to do this kind of thing now, based on some
> composite sig-alg, verification of which is assumed to be implemented
> below the crypto APIs used by relevant applications.
>
> I'd like to try tease bits of that apart to better understand
> what's required.
>
> ISTM that firmware signing entirely does allow one to update the
> signature keys/algs needed for the next signed firmware update and that
> there is no need, given ongoing updates, to continue to depend on
> the original key/alg for the public value with which a device was
> shipped. IOW, update N can update anything, including the sig
> alg required for update N+1.
>
> I don't understand what class of device might be able to load new
> firmware but not change the verification alg for sigs on subsequent
> updates. If there are such devices, can someone describe 'em?
>
> There does seem to be an exception - a factory-reset of a device
> would imply returning to depending on the original public value
> and alg. However, a factory reset also seems to imply that a human
> can "touch"/control a specific device at a specific point in time
> so is not an unattended upgrade. And if someone can touch the
> device, then in many cases it'd be cheaper to replace the whole
> thing than do a factory reset in the field.
>
> And then there's the issue of the specific signing key - it's hard
> to imagine a system where that can be changed but the verification
> alg cannot. Are there such systems?
>
> All in all, it seems like a lot of firmware signing deployments
> should be able to allow for the evolution of verification algs, and
> the set of devices where we now (or soon) need to embed a forever-fixed
> alg and key for sig verification has to be very small.
>
> What am I getting wrong there?
>
> Ta,
> S.
>
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg
--
Cheers,
Massimiliano
- [CFRG] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Mike Ounsworth
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] pq firmware signing question Dr. Pala
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Orie Steele
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Kris Kwiatkowski
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Falko Strenzke
- Re: [CFRG] [EXTERNAL] pq firmware signing question John Mattsson
- Re: [CFRG] [EXTERNAL] pq firmware signing question Ilari Liusvaara
- Re: [CFRG] [EXTERNAL] pq firmware signing question Sophie Schmieg
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Michael StJohns