Re: [COSE] Martin Duke's No Objection on draft-ietf-cose-x509-07: (with COMMENT)
Laurence Lundblade <lgl@island-resort.com> Mon, 19 October 2020 17:45 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 018843A0EC4 for <cose@ietfa.amsl.com>; Mon, 19 Oct 2020 10:45:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.006
X-Spam-Level:
X-Spam-Status: No, score=0.006 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQGBPPpXisyo for <cose@ietfa.amsl.com>; Mon, 19 Oct 2020 10:45:37 -0700 (PDT)
Received: from p3plsmtpa07-09.prod.phx3.secureserver.net (p3plsmtpa07-09.prod.phx3.secureserver.net [173.201.192.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43A023A0EC3 for <cose@ietf.org>; Mon, 19 Oct 2020 10:45:37 -0700 (PDT)
Received: from [192.168.1.81] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id UZDzkiBiOZigzUZDzkVseX; Mon, 19 Oct 2020 10:45:36 -0700
X-CMAE-Analysis: v=2.3 cv=IOt89TnG c=1 sm=1 tr=0 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=l70xHGcnAAAA:8 a=pGLkceISAAAA:8 a=48vgC7mUAAAA:8 a=CI9HjJ-QkOq-AAOFsxsA:9 a=DU5BY7Wam8pebX3E:21 a=2jmbSVgzKEt9oGN8:21 a=QEXdDO2ut3YA:10 a=2ggvodTJGCP04rzRnNgA:9 a=DVpTptuQkvggA9uB:21 a=9qX8XmUltI7ECh9-:21 a=fKoK4CbnZ2SET555:21 a=_W_S_7VecoQA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <0ABC7267-6534-44CD-9ACA-E4F568CD07AE@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_69183E4C-48FB-42D1-BE58-DAC10576EF9B"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Mon, 19 Oct 2020 10:45:35 -0700
In-Reply-To: <21362.1602538323@localhost>
Cc: Martin Duke <martin.h.duke@gmail.com>, cose <cose@ietf.org>, Cose Chairs Wg <cose-chairs@ietf.org>, draft-ietf-cose-x509@ietf.org, The IESG <iesg@ietf.org>, Ivaylo Petrov <ivaylo@ackl.io>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <160209160818.12838.15929178240331409569@ietfa.amsl.com> <CAJFkdRxP=53Yf9SuULc4ipEy-MX-1-VAn00o4farbiiTmSax1g@mail.gmail.com> <CAM4esxTMOZksvKgys2POYbPTit66ZHvMZFo9s_NkPyW3BvJKXg@mail.gmail.com> <21362.1602538323@localhost>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4wfNyQpAcP/+7Re262a0k0oZcnG9l374FZeeRsElXuT4iivPGN/RT29DHcbLbt9jZvMSNilDlKWHflrQB2wGZq3xlqG9kpSiUzmXSRohWCXEob57eRwK1O 2H7eIg0rFKjA6m71jRKtOj7hZ7/50sV32gzDnmmWPY4SObGWif76yv9vrWkfJu6w4/eh2RPt2JmKATonK784VaHXbYt6ZGJj0j5aGr0unbipDmic3X+SXbeW fVF1pHzYILaFY8Wqg2CDlErmuDdVDp1e75Ir75wQxm2nszPSPSdeGRRrGr+1LSepaHEcMo9mTIyunhf0DbYyZAMtUIHqkCBRIOtCwB1JAn3kZ6uCulsDCctl eA/LZCc9
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/WcfqhkS5Yia8PSoTEjmYrxjaeK0>
Subject: Re: [COSE] Martin Duke's No Objection on draft-ietf-cose-x509-07: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 17:45:39 -0000
This is true, right? The relying party (the receiver) always has to validate the certificate chain up to a trust anchor even if it is a constrained device. The sender only has to insert certificates into the header, not validate, even if it is a non-constrained device. This is true of CMS, TLS and so on. There is nothing new or unique here right? For example, if a constrained device is verifying code signatures, trusted boot chains or SUIT manifests, it has to fully validate the certificate chain up to a trust anchor. This paragraph is true for some use cases like CWT and Attestation, but not all use cases. It is not necessarily expected that constrained devices will fully support the evaluation and processing of X.509 certificates, it is perfectly reasonable for a certificate to be assigned to a device which it can then provide to a relying party along with a signature or encrypted message, the relying party not being a constrained device. It is the requirements and design of the end-end system that determines what the constrained device has to do or not do, not the design of these headers. Probably it is an overreach to discuss end-end system designs. Maybe it is just better to remove this paragraph? LL > On Oct 12, 2020, at 2:32 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > > Martin Duke <martin.h.duke@gmail.com> wrote: >> Your proposed sentence is an improvement, but I'm not sure how it combines >> with the earlier sentence "It is not necessarily expected that constrained >> devices themselves will evaluate and process of X.509 certificates". Is >> "evaluate and process" a different action than "validating" it? > > Validating is a well defined, complex process (RFC6125, etc.) involving path validation, etc. > Evaluate might mean something less, such as extracting the public key and > comparing against some known value. We don't expect any of that. > >> Or is the suggestion here that the constrained device is given a >> certificate to authenticate itself that it does not bother to verify, but >> hosts that connect to it *would* validate the certificate? > > Yes, generally, that is what a lot of us have in mind. > > The constrained device has a credential, if in the form of an IDevID or > LDevID certificate, then it would use this specification to places it into > the COSE object as a blob. > > It has the private key side in a format that is more convenient for > processing (perhaps even in a secure enclave of some kind) which it uses to > sign. > > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose
- [COSE] Martin Duke's No Objection on draft-ietf-c… Martin Duke via Datatracker
- Re: [COSE] Martin Duke's No Objection on draft-ie… Ivaylo Petrov
- Re: [COSE] Martin Duke's No Objection on draft-ie… Martin Duke
- Re: [COSE] Martin Duke's No Objection on draft-ie… Michael Richardson
- Re: [COSE] Martin Duke's No Objection on draft-ie… Ivaylo Petrov
- Re: [COSE] Martin Duke's No Objection on draft-ie… Laurence Lundblade
- Re: [COSE] Martin Duke's No Objection on draft-ie… Carsten Bormann
- Re: [COSE] Martin Duke's No Objection on draft-ie… Laurence Lundblade
- Re: [COSE] Martin Duke's No Objection on draft-ie… Martin Duke
- Re: [COSE] Martin Duke's No Objection on draft-ie… Carsten Bormann
- Re: [COSE] Martin Duke's No Objection on draft-ie… Ivaylo Petrov