[dtn] BPSec COSE Context and long-lived security
"Sipos, Brian J." <Brian.Sipos@jhuapl.edu> Wed, 27 March 2024 21:13 UTC
Return-Path: <Brian.Sipos@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF2DAC14F693 for <dtn@ietfa.amsl.com>; Wed, 27 Mar 2024 14:13:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LswpwmnEecPf for <dtn@ietfa.amsl.com>; Wed, 27 Mar 2024 14:13:13 -0700 (PDT)
Received: from aplegw02.jhuapl.edu (aplegw02.jhuapl.edu [128.244.251.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AECF0C15109E for <dtn@ietf.org>; Wed, 27 Mar 2024 14:13:13 -0700 (PDT)
Received: from pps.filterd (aplegw02.jhuapl.edu [127.0.0.1]) by aplegw02.jhuapl.edu (8.17.1.19/8.17.1.19) with ESMTP id 42RKefwb032279 for <dtn@ietf.org>; Wed, 27 Mar 2024 17:06:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : subject : date : message-id : content-type : mime-version; s=JHUAPLDec2018; bh=Yl3mxT91jpiNxAYN+9d12zc4IRdPQQ472acjLQaVLOc=; b=AvYCQez2gVXrDBHBGigU4ojpbQPWvP/S6H3UqrHkJIfq9p1vXnzfhvFtMEXpTFeCxNaE lMYv/rcK9aR7ODdlb79g1+SvJOXNO+TZ8NYf5wFFKBBnUNRB2zac5KI4oKjaS5PB0oKy nOWxWO0v4WxKr6PzBDM9keot1vYJ51vFCgrUeo0bAFtDsS+P+3IJpbK8qOYPcX+qHXtb ZaBrX+ONfi7WgBdFjLJW+B+CpTIg7CfIgryYPCtS/otK3rHEIN/8FO9xF4Ip4oE1YxrA Sii6iyYJduzWabz6KvfjaQU3KCokAa3GkeFtQHpWJGHdIKX9W/jUyiKJ4K4fIdi4RKXq 5g==
Received: from aplex27.dom1.jhuapl.edu (aplex27.dom1.jhuapl.edu [10.114.162.12]) by aplegw02.jhuapl.edu (PPS) with ESMTPS id 3x1ua1r9ah-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dtn@ietf.org>; Wed, 27 Mar 2024 17:06:06 -0400
Received: from APLEX21.dom1.jhuapl.edu (10.114.162.6) by APLEX27.dom1.jhuapl.edu (10.114.162.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Wed, 27 Mar 2024 17:06:06 -0400
Received: from APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2]) by APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2%5]) with mapi id 15.02.1544.004; Wed, 27 Mar 2024 17:06:06 -0400
From: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
To: "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: BPSec COSE Context and long-lived security
Thread-Index: Adp/iM5MaA/+O6kQT5uLto8jjGaEtg==
Date: Wed, 27 Mar 2024 21:06:05 +0000
Message-ID: <bb3012fc1227453892d5c279d1986066@jhuapl.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.162.19]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_01E7_01DA8069.0BE1A6B0"
MIME-Version: 1.0
X-CrossPremisesHeadersFilteredBySendConnector: APLEX27.dom1.jhuapl.edu
X-OrganizationHeadersPreserved: APLEX27.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-27_18,2024-03-27_01,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/XWV02TZmIOAUKxZVE-Bf3V8P8yc>
Subject: [dtn] BPSec COSE Context and long-lived security
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2024 21:13:17 -0000
All, While reasoning about some of the processing needed for BPSec COSE context [1] I ran into an interesting nuance caused by the long-lived and dynamic nature of BP and BPSec. The situation is this: 1. A bundle is created at some time, and it has an explicit source timestamp 2. Security blocks are added at some point later on 3. Even later, a verifier needs to check a BIB containing a signature using a public key contained in a certificate referenced by a thumbprint (meaning it identifies the actual cert not just the subject name). 4. Part of the verification is certificate path validation, with details below According to the procedure of Section 2.6.1.2. of [1] which defers to Section 6 of RFC 5280, which includes basic processing step [2] of: (a)(2) The certificate validity period includes the current time. For online protocols, using the current time as a verification point is sensible but for BPSec (as well as other store-and-forward like email) there is not really a bounded relationship between the creation time and the time of any other processing of the bundle (i.e. adding security blocks during its lifetime). I would love to say "take the same behavior as S/MIME verification" but although S/MIME does have the notion of a "signing time" [3] that spec is silent about how the time is supposed to be used. A new "security source time" parameter could be added to help verifiers to know what time should be checked for, but this time is informational and not really a trustworthy timestamp (not any more than the rest of the security source data) like [6]. It looks like some implementations allow overriding the verification time [4] but others do not [5], so maybe just mandating to not compare certificate validity time interval is the right way to handle it. COSE x509 parameters [7] are also silent about this aspect and I will write the COSE WG separately about this. Any thoughts, or references for similar handling in different situations? [1] https://www.ietf.org/archive/id/draft-ietf-dtn-bpsec-cose-03.html [2] https://www.rfc-editor.org/rfc/rfc5280#section-6.1.3 [3] https://datatracker.ietf.org/doc/html/rfc8551#section-2.5.1 [4] https://github.com/openssl/openssl/blob/master/crypto/x509/x509_local.h#L23 [5] https://github.com/Mbed-TLS/mbedtls/blob/development/library/x509_crt.c#L250 4 [6] https://www.ietf.org/id/draft-ietf-cose-tsa-tst-header-parameter-02.html [7] https://www.rfc-editor.org/rfc/rfc9360.html
- [dtn] BPSec COSE Context and long-lived security Sipos, Brian J.