Re: [icnrg] recursive key Lookup in CCNX

Marc Mosko <mmosko@parc.com> Fri, 01 May 2020 02:01 UTC

Return-Path: <mmosko@parc.com>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DB13A0896 for <icnrg@ietfa.amsl.com>; Thu, 30 Apr 2020 19:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=parc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m5FDpkmF33oP for <icnrg@ietfa.amsl.com>; Thu, 30 Apr 2020 19:01:26 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2081.outbound.protection.outlook.com [40.107.243.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E727B3A088F for <icnrg@irtf.org>; Thu, 30 Apr 2020 19:01:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V+qQY17+XGwlplCVG5orp3irASW3TkqEi3K61Gc/3aq7K+lxv5fhqpPfXrCA2SdkCkwgT4l0emP43wrMJSuwAylUYAnxmAL0t/PawTT0wfT7KEi2oZ8cO7S6KvSatOiKERptfLP5WRIZZGXimzl5A4lSBWhHOn8CjV4/eLST9anWMuLI/0ZLEbMKSS8zUWHmiIL6IAGViCI1PPurc9frNoxlQVukRJVgRxUYQnXc1v19V7+WKzTOhNyDfkr9b1R/zONYFDtEdzSMEQlDZLT7TldDNWx/ZAMrOcpul/EU6WFnhcIh9tQ+cJRd9bLFldh7gdKa7Com78Idfch31ryO6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JfB5Nycs6E8D72s247OA3dnul+Q1YVFJ+14zOvakH14=; b=UvRiYUEb9B50OF41tIGadcb6yp7KusyY6CEjRJ7icr4p4Zb0buaqLWGsqzFcOWewMQCkyDvOfEeaYOLkCtEnN/3/EGGlzkEXct+nGRh9WsdfljLzMyoP55bJWPy7WcaVOT+X0UO6FNA6xiwMSxeZRFfhyYzPRBU0yO/EIky07iVNyCGPB97yyiPszG5BUwTRz2vfG78KYtSk64zUiKfjGz0JjsfaWN+uI2q0Cv/McdY783d+LOON1Sr+TrlR56nN+NTBsvqTix5kCQNSWQhym60VsNeSFSahtojCR7oCaB24AeVI28K/9YcK5sFNaCFQeok2n4i0I8syg5pw6sHGOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=parc.com; dmarc=pass action=none header.from=parc.com; dkim=pass header.d=parc.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parc.onmicrosoft.com; s=selector2-parc-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JfB5Nycs6E8D72s247OA3dnul+Q1YVFJ+14zOvakH14=; b=3op24d+KtPIoeW80S0TffeV9YzxWzQC5a+4/R7fC8m4plCUFOuxTPvWH0nV8jaLhSXGNWGRskNEQJvftoxtKzjfonGCcfHCA3zq9HfzD6O+Tp4I9eF9VZewIlh3f+2MdjrvxgY8rLHCFdq0Alndmp4bGj9HNlGqMu2H/w48TEwk=
Received: from BYAPR15MB3238.namprd15.prod.outlook.com (2603:10b6:a03:106::29) by BYAPR15MB2839.namprd15.prod.outlook.com (2603:10b6:a03:fd::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.21; Fri, 1 May 2020 02:01:17 +0000
Received: from BYAPR15MB3238.namprd15.prod.outlook.com ([fe80::e56e:1f6e:a036:156c]) by BYAPR15MB3238.namprd15.prod.outlook.com ([fe80::e56e:1f6e:a036:156c%4]) with mapi id 15.20.2937.028; Fri, 1 May 2020 02:01:17 +0000
From: Marc Mosko <mmosko@parc.com>
To: Ken Calvert <calvert@netlab.uky.edu>
CC: "icnrg@irtf.org" <icnrg@irtf.org>
Thread-Topic: [icnrg] recursive key Lookup in CCNX
Thread-Index: AQHWHCObAI+sMBrnCEeZ6mpy7a+GbaiMxiQAgAWxVQD//5OyAA==
Date: Fri, 01 May 2020 02:01:16 +0000
Message-ID: <C22725E0-65C6-475A-8ACB-B3D5E3BBBF44@parc.com>
References: <91F2CCB5-F962-4DEF-A8C2-B8BCCD32F185@netlab.uky.edu> <AA95366C-99BF-4333-B6BC-366BE12990F5@parc.com> <74542F45-9E40-485F-A891-CAA92956CC1B@netlab.uky.edu>
In-Reply-To: <74542F45-9E40-485F-A891-CAA92956CC1B@netlab.uky.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
authentication-results: netlab.uky.edu; dkim=none (message not signed) header.d=none;netlab.uky.edu; dmarc=none action=none header.from=parc.com;
x-originating-ip: [50.0.67.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e6a5f037-281b-4afb-8273-08d7ed7388f7
x-ms-traffictypediagnostic: BYAPR15MB2839:
x-microsoft-antispam-prvs: <BYAPR15MB2839B80F1781EB8A6BEE2CECADAB0@BYAPR15MB2839.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0390DB4BDA
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rIUP5/tJeEf6A16WaHWzZM+tRU7GeQ7e8NFeS6Yr/vV2V5biP8lhVnNmnCr1SZZc2E9QhohBNbEFa5sXkSHuwIW0rQv/HHCwZBU8L1I2F2p8GaJvPUgGqwUJlBORFrYztWUDrs3MxOS9cxn5eSEgpNnaE2PXeOVfkPAAvrVnxKpXU+tdqtPROKOReMrvR5qVl/KFC6PFeL1YA7OH+nHEd+mQgow72dZQBZOhTjDj8flUKw56PfLL2aI070oHoL1vbmiyUb2JFu8lwUmbFGTZCLV7ENCmau3MgmPDaiTVG4zBro+mVdbg2NaCIOG2GNdjCdwh2lyOHmRk1aRbPIU1G5ZixjNh5wQ8Zx2JvRmHzr0fEhx5l9HPPY+dlvbyDBW9sC0tZ4619AKOxS4hbiYjy63sA0zZAi1bpMuOyoG+hRyIBo4qt7TI9YHJ8oEhlbqIavuMRa9s25Usueyc0MyKdsxDb0z1/wDbibLPEe7mMaRa8m+t+iHdEruC7QMRcb0k
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR15MB3238.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(39850400004)(136003)(346002)(376002)(396003)(76116006)(66946007)(66476007)(66556008)(64756008)(66446008)(2906002)(2616005)(6486002)(71200400001)(8936002)(36756003)(8676002)(6506007)(53546011)(186003)(26005)(478600001)(966005)(33656002)(86362001)(66574012)(4326008)(6512007)(316002)(5660300002)(296002)(6916009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 9GTcFp0tZTBFdkdAmSkCzMe7+JF4v/ELNR/GhzeWX2VZ+tyzKRhZQ0mLJyAPhtNwYPFb0UXMgEyZtb/VW/4YVYMmxHMJTI3ZfZvKDoDWryu0gTAxoVKnxVd07D6QUux+1/UwlYi9j6yZYb20VOBSV8OljJfl1Xj5EPrY58qvYTS9yy4BtEuPI4s3Htvmba1qkD+96Jlaff0IcoCKPnnGcxpN3Qj6RmVFuJuG5iaW2uEJ2745jFmRI1rraNMvy8T0Zb27vE8rY0a7YF5dpf86ZF1VZdPcr67OVoV67tqiwrCP1JZTCeJSFbHBtKazyeFp/2cnqfRez+5zysKpL6uRjiFC9Rt/9cIQucCFjnjlpvp6RUXffWlYp4WwvMwnVdGQN5EwBxzgyXe9l2Axi+ypi52fVDyOotX1IQu6c0fTgHANMB9XIJAFQ7qs3uPwsg5WVtVl0y+fMNkAYcS2oHztopi34JwpIQUz6Yi0SgaMIdxCwKpJORskUIX7VYgd1OxSn/sC2QVyMNYVaFUDR4It2uh35psqygatLiE4DJwHk8oKK9Bu356L7GhLWSpSXo/W4mIdQ7EbyHHK//b+P+0bpwKB1FgivBkPhDWTitCjlXS7VylL6Q9DSBPIpYK01b8emjicb2bKgi5skFrD53scjxRMwUc6cIklHnPHUvj4fu13N/eX4C0R6eGCYJiwxoRUfSMTU4TjmorFQx4ZZ0a2I0EzG+yye/L/VjRnXTA+0VyJjxrUyomFah6Xcy6me7wiNRRaAuJ8P58QOhqsTz5wUFu6PDgQRPn3eRHZ7qfSFyY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <FACCA0616232EA4EBF7D86B00CC1FA59@namprd15.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: parc.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e6a5f037-281b-4afb-8273-08d7ed7388f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2020 02:01:16.9749 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 733d6903-c9f1-4a0f-b05b-d75eddb52d0d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WJkh20f9umtQECp4EIwCmh6DT9/+qKTPDbPouiYzX6J7KVbyBElbmJXetdDxHAWT
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2839
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/EOGdWzp7vPJYU8aJFpnGNbwYrIg>
Subject: Re: [icnrg] recursive key Lookup in CCNX
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 02:01:29 -0000

Ken,

I will take a look at your email.

Here's another take an explaining it.  In section 8.4, we needed to explain a detailed method to validate a content object.  In the end, we decided that having a method to off-load the x.509 certificate (and its public key) to a second content object was desirable.  But, we did not want to go deep into all the what-ifs that happen with recursive lookup via links.  So, we settled for 1-step of indirection.  It would be perfectly reasonable for someone to say, "I have a system for resolving certificates via multiple links and here's an algorithm I can prove is correct and safe."  That would be great.  At the time of writing the RFC, we did not have such an algorithm and we did not want to leave content object verification to the imagination of anyone trying to use the protocol.

Another perfectly acceptable alternative is to propose your own ValidationAlgorithm that supports recursive KeyLink.  The IANA requirements for getting an assigned ValidationAlg number is "Specification Required" (https://tools.ietf.org/html/rfc8126#section-4.6), which is a pretty low bar.    Anyone can specify such a ValidationAlgorithm, get a number, and start using their validation algorithm with recursive KeyLink.

One can also use an Experimental validation algorithm without any review in your own testbed.

Let me also try to disentangle some terminology.  In CCNx, we use actual x.509 certificates in the payload of a content object.  We are not making a "certificate-like-thing" from the signing of a content object that has a public key.  I could see in that later case how recursive KeyLink fields would be useful, but that is not what we do.  It's a true X.509 certificate.  There is no reason to have recursive KeyLinks because the signing key of the 2nd object must be the same as the first object and the embedded X.509 certificate must match the same public key.  The 1-step indirection is simply to save space in a content object using x.509 certificates and allow caching of those credentials independently of other content objects.

NDN, over the years, has evolved their own certificate format and maybe they use recursive KeyLocator fields, I do not know.

marc

On 4/30/20, 6:29 PM, "Ken Calvert" <calvert@netlab.uky.edu> wrote:

    Marc - 

    > It's at the end of Sec 8.4, not 8.1.  

    Right, thanks, sorry.

    I've responded to your points below off-list, but here I'll just say that I remain unconvinced:  RFC 8569 declares trust out of scope, but then proscribes recursive key lookup.  To me, the latter places an undue constraint on how applications can deal with trust.  But I realize I am years late to this party, and I'm not a security expert.

    I did not find any discussion of this issue in the mailing list archives (pointers welcome if I missed it or if it was discussed at any of the meetings).  I note that the explicit prohibition of recursive key lookup first appears in the RFC, and was NOT in any of the internet drafts - although the idea that a content object returned for a KeyLink should contain an X.509 certificate was there from the beginning.

    I am wondering if I'm the only one who cares about this.

    Cheers,
    Ken

    > 
    > Recursive link traversal has several issues.  The main one is loops and another is if there is a maximum length of a chain.  Specifying the validation process for recursive key / certificate lookup is not simple, especially if one does not include publisher public key restrictions.  Given that CCNx does not allow for prefix-matching on names, it is not so simple to create a system of looking up the current certificate for a content object using get-latest-version.  One needs to use expiry dates so the content object expires at or before the certificate expires and re-publish the content object, in which case one can update the KeyLink at the same time.
    > 
    > We do not require the trust chain to be of length 1.  We require the certificate retrieved by the keylink to be self-contained.   The certificate can have as many signers as one desires.  Also, the KeyLink could point to a segmented or manifest-based object, in which case the retrieval is not specifically 1 operation, but it is 1 security indirection step.
    > 
    > 8569 says that trust is out-of-scope for the document.  Thus, we allow, by exclusion, other mechanisms the determine what is a trusted key.  If that mechanism includes network operations, that is ok.  So if you have a key lookup mechanism to fine the trusted keys for a namespace, that's ok.  This process should also specify how one revokes trust too.  If one specifies a trust scheme that needs to update RFC8569, then that's ok.
    > 
    > Also, the spec essentially recommends the process in section 8 as the Consumer behavior (Sec 2.2) by saying the consumer "SHOULD cryptographically verify the signature as per Section 8."  There are some reasons why a consumer should not use section 8.  For example, a manifest that the consumer trusts has a hash pointer to a content object with an untrusted or expired validation section.  The consumer does not need to (and probably should not) apply section 8 to the hash-pointed-to object.
    > 
    > We also recommend that the KeyLink use a content object hash restriction in the link.  In that case, it does not make much sense to have multiple hops as they cannot change.  One could also use the publisher key id restriction for a less-restrictive means, but it is less secure.
    > 
    > Finally, we wanted to have a correct validation process specified in the document that is spelled out in detail.  In Sec 8.4, we specifically limit a KeyLink to point to a Certificate (whereas before it could point to raw public keys too).
    > 
    > See "Trust in Information-Centric Networking: From Theory to Practice" [https://doi.org/10.1109/ICCCN.2016.7568589] for some details on why.
    > 
    > In relation to NDN, my understanding is that their certificate format also does not allow indirection (http://named-data.net/doc/ndn-cxx/current/specs/certificate-format.html).  It is not 100% clear from the NDN spec, but the description of KeyLocator says it is a "name that points to another Data packet containing certificate or public key" (or it's a KeyDigest).  If the certificate is non-recursive, I think you have pretty much the same situation as RFC8569, modulo name prefix matching.  Though it is not clear if that retrieved object could have its own KeyLocator, though I do not know why it would have one.  I am not aware of place where NDN specifies the recursive verification process (or even the non-recursive case) outside of the code, but would I like to know if someone has that pointer.
    > 
    > Marc
    > 
    > On 4/26/20, 4:37 PM, "icnrg on behalf of Ken Calvert" <icnrg-bounces@irtf.org on behalf of calvert@netlab.uky.edu> wrote:
    > 
    >    Why is recursive key lookup prohibited in CCNx 1.0?
    > 
    >    I am really surprised that Section 8.1 of RFC 8569 says "we do not allow for recursive key lookup".
    > 
    >    First, this seems to dictate a single policy for all applications using the CCNx network layer. That seems like a Big Deal, so I would expect to see some reason given in the RFC, but there's no justification.
    > 
    >    I always thought being able to just "turn the crank" and retrieve the key that signed a content object,then the key that signed that, and so on (as long as the names match a trust schema, as described in the Yu et al ICN '15 paper) until you reach a trust anchor was one of the very best things about CCN/NDN.
    >    What am I missing?
    > 
    >    Related question:  What is the essential security difference between an X.509 certificate and a KeyLink?  If there's no difference, why require that trust chains be of length one, and end in X.509 certs (or known keys)?  And if there is a security difference, why define a separate Key object at all?
    > 
    >    Thanks,
    > 
    >    Ken
    >    _______________________________________________
    >    icnrg mailing list
    >    icnrg@irtf.org
    >    https://www.irtf.org/mailman/listinfo/icnrg
    >