Re: [icnrg] recursive key Lookup in CCNX

Marc Mosko <mmosko@parc.com> Mon, 27 April 2020 17:33 UTC

Return-Path: <mmosko@parc.com>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29CE33A0B90 for <icnrg@ietfa.amsl.com>; Mon, 27 Apr 2020 10:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=parc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29WrT7McPKsG for <icnrg@ietfa.amsl.com>; Mon, 27 Apr 2020 10:32:58 -0700 (PDT)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2089.outbound.protection.outlook.com [40.107.244.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C2D93A122A for <icnrg@irtf.org>; Mon, 27 Apr 2020 10:32:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YbWvB3o+JVlrmM1ED6Ouglf5HGWzHnAIsxLznRViDCOo3728xm/9Ots5Zio7GcWHnrx/sU4DWKEKUWBIYsAz9uVL8NIS1HqavpPRxjx8h1uKTDXxlfv8PpViaxTpMjbW6VKNyPGLphAf7JDrHzIPDsCzoPeY6N1Mvvz4volHJIdt+0lB3EA7PeezPACVn33VhYXOCivzkg/+bvanpYoSabzG/VYfy/iF3I1px27oHXsvvPSX/iCQ3aSenHCfIqF55YNmMpHucWmC0D4e7teXIXntJij1NZ9uVSVwotmcHrhc8vLEuPnriNJVyhXrj9PgLevX8bLu+7qiwIKyCiEF2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nj7VWqKyQPUfilEUsWk8LPvzl/rdq/n83bLFqOF+cQM=; b=SSLUQY95FZRBY6vOkakXtbDy8D74hXttsvVtUAjCWnGMsPXrL/HI88GC9upTOjLoF++zeASvWFLxrmt9dv6fA3rs97sukaoTfsvzc4NPBvk1lg/GeDvPj2D38AGpdZnT7CPl8/Xwx6wFBC5hyrkoQtlaXlICSxa+UUhpOOPa0imXlxyWgAVIke1qmoJZi8Z7QTfXgkfD9IkYw2b3yAJkfwLOZdEBjkG880ijSFx1+B7x6/PqJu/qJ5sD+1lRUcoFfIroXPbx/EpkQUNoMr1+6nGyjEC7sTU9DpskBycLWVWMq2BewqFLoJNVTvYFP0xDKx5RuLiUAx66u3zyBiXgkw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=parc.com; dmarc=pass action=none header.from=parc.com; dkim=pass header.d=parc.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parc.onmicrosoft.com; s=selector2-parc-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nj7VWqKyQPUfilEUsWk8LPvzl/rdq/n83bLFqOF+cQM=; b=BzisLJttMxulRPRsB6WGhqpzAnawMQHSLmSCpuqDo8lDzR9hTor8uW3EnP+fYl8YQa5bCVqGWHuCeQiH7QibJKR3NDJ+SCecCc/O+i/A80X65qX7HoMc9GMe6v9UOa6C4fvwpo6xkfD9MXj3IWO9+f5zfkC3Y6xmwDunGA0UVZw=
Received: from BYAPR15MB3238.namprd15.prod.outlook.com (2603:10b6:a03:106::29) by BYAPR15MB2951.namprd15.prod.outlook.com (2603:10b6:a03:f7::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Mon, 27 Apr 2020 17:32:55 +0000
Received: from BYAPR15MB3238.namprd15.prod.outlook.com ([fe80::e56e:1f6e:a036:156c]) by BYAPR15MB3238.namprd15.prod.outlook.com ([fe80::e56e:1f6e:a036:156c%4]) with mapi id 15.20.2937.023; Mon, 27 Apr 2020 17:32:55 +0000
From: Marc Mosko <mmosko@parc.com>
To: Ken Calvert <calvert@netlab.uky.edu>, "icnrg@irtf.org" <icnrg@irtf.org>
Thread-Topic: [icnrg] recursive key Lookup in CCNX
Thread-Index: AQHWHCObAI+sMBrnCEeZ6mpy7a+GbaiMxiQA
Date: Mon, 27 Apr 2020 17:32:55 +0000
Message-ID: <AA95366C-99BF-4333-B6BC-366BE12990F5@parc.com>
References: <91F2CCB5-F962-4DEF-A8C2-B8BCCD32F185@netlab.uky.edu>
In-Reply-To: <91F2CCB5-F962-4DEF-A8C2-B8BCCD32F185@netlab.uky.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mmosko@parc.com;
x-originating-ip: [50.0.67.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 061093e9-1bb5-4d79-cd6c-08d7ead10546
x-ms-traffictypediagnostic: BYAPR15MB2951:
x-microsoft-antispam-prvs: <BYAPR15MB2951BECBCFEFCF200C01C6CCADAF0@BYAPR15MB2951.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0386B406AA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR15MB3238.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(39840400004)(366004)(376002)(396003)(346002)(5660300002)(86362001)(8936002)(6512007)(66946007)(76116006)(26005)(2906002)(36756003)(186003)(33656002)(71200400001)(6486002)(478600001)(66556008)(64756008)(66446008)(296002)(66476007)(110136005)(6506007)(81156014)(316002)(2616005)(8676002)(966005); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: parc.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: I5eHgRPiY925ZtBYwm380SULdCFXg9EOEktVfINUeMJrXewv7FyG/RHTXVi3DZAhCYyzDoVsX/uPtKtwQEJOcIdxlhw5uZw1+F9ru4IK8LubQ2UanmP0tttRIT7e3X2rzXatNnaTriHGnjalfrLwEHPyyjkl8mElzYLb+aMmW4FCZm3FxwmsO5//tlAoVojL0PTqR1VYqiwi5NUSIsXPR7yE89RfujZg8ryBhIvXZgteeMOAeO3z2neyyszwvggxjKvKQ09mS8PzEFR3St4W7V52QqKKon9fS0VtF2FTonr4BqJM9WL2Kjx1BmOtoMh8GLhipDA1byp63WYn9KYKuqcpHGuB9BHcdv4+PjFefxfgMPQi1gBd9tP7/Af2HF+nQYbzW+22wBN107RpwtHaPXMJHGjiL++7SwbWe2fLY2h7XxMbfAgEddOB6SKx9E4UfWfYkYODPtSeBXRxloKOS2piHx1IAAQKlqqmZVDHbaAw3b/7AGVDjpBEaOz4auRo
x-ms-exchange-antispam-messagedata: B6ZnqusKCL2990Fs0s0gr+m+U0MFML81o4AZVaS25byOYoqIOBeXf5prbwI9lYfjYOFu5v/OfaWqESy0iq9MKJJXccrgcnXc2cm9msb+X45w72VT8U8dJlXF2HhmR1Pl5ELX8GDhQ5Of4l+QZRH/y9X7x2qhmfTWqmO8JplJAuUxbBsAk8nkq88aEUmAAwbZfzMHxgau5peW6e/GeUuLRzomPNINtxXym5VMSfBJ/jJaU6qQX/nACogwWiAcfO3ICJ3DurirbV2YP7HxYKtVVYYfK48dLwunD0zm39QHOaJtJvyPWXGpR8LTgXWjUAkG6YaIYLuJYzbkCwXoms3OtHWvbVYkcEOrQDG9l8AblRi7xM4V+wVDOFNDwP1QdVHML4vEphfZ2XrbQk6mRnj1BRGXj4fKKx9eCbD1gG/A8+wD3J2eqqN86/dTaEp39v+SxIGy3WfkAJfP5+36hZtyAlnkZRU0tf+Rq5Vh904zjoRcS0md0OXQuWwV5X/8INy3huOAZOuoMt5iVFvURClnO47XHOgdvulg/6Mzd1Ew1xwNNeuJt0ctebpjWx8MsMbEdgUSPzr3RJxe4LA5xyju4naYMjwrgWsxnc2DGezJVfTsyd3N/GSMNmEy+XvThg2MdnIpDBakROr7U+8tJfEt9RipDnle9iZvZPuvJr213/XNhPZc7cClrTnCH20te520DomdLXrmN+lMeitl4DdaGpFJBxChQT4Oot05nppAGqIDHcyMiQi/WihZQh0/TNVxblcBNh2HEUpfmxIfj/++VCAG6CCOA2PkBHamu0pR2Ng=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <6E30026DD564DC4BB734C3DD5F88581E@namprd15.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: parc.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 061093e9-1bb5-4d79-cd6c-08d7ead10546
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2020 17:32:55.0696 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 733d6903-c9f1-4a0f-b05b-d75eddb52d0d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DGPd449lUa0bY0jTpZLnVQbwBBkEbHZX1f52O46gCSRZBwcCVvX7EELhWwf/K7mj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2951
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/diHDB2sgaSVdKnaFJZ4wVQkmteQ>
Subject: Re: [icnrg] recursive key Lookup in CCNX
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 17:33:00 -0000

Ken,

It's at the end of Sec 8.4, not 8.1.  

Recursive link traversal has several issues.  The main one is loops and another is if there is a maximum length of a chain.  Specifying the validation process for recursive key / certificate lookup is not simple, especially if one does not include publisher public key restrictions.  Given that CCNx does not allow for prefix-matching on names, it is not so simple to create a system of looking up the current certificate for a content object using get-latest-version.  One needs to use expiry dates so the content object expires at or before the certificate expires and re-publish the content object, in which case one can update the KeyLink at the same time.

We do not require the trust chain to be of length 1.  We require the certificate retrieved by the keylink to be self-contained.   The certificate can have as many signers as one desires.  Also, the KeyLink could point to a segmented or manifest-based object, in which case the retrieval is not specifically 1 operation, but it is 1 security indirection step.

8569 says that trust is out-of-scope for the document.  Thus, we allow, by exclusion, other mechanisms the determine what is a trusted key.  If that mechanism includes network operations, that is ok.  So if you have a key lookup mechanism to fine the trusted keys for a namespace, that's ok.  This process should also specify how one revokes trust too.  If one specifies a trust scheme that needs to update RFC8569, then that's ok.

Also, the spec essentially recommends the process in section 8 as the Consumer behavior (Sec 2.2) by saying the consumer "SHOULD cryptographically verify the signature as per Section 8."  There are some reasons why a consumer should not use section 8.  For example, a manifest that the consumer trusts has a hash pointer to a content object with an untrusted or expired validation section.  The consumer does not need to (and probably should not) apply section 8 to the hash-pointed-to object.

We also recommend that the KeyLink use a content object hash restriction in the link.  In that case, it does not make much sense to have multiple hops as they cannot change.  One could also use the publisher key id restriction for a less-restrictive means, but it is less secure.

Finally, we wanted to have a correct validation process specified in the document that is spelled out in detail.  In Sec 8.4, we specifically limit a KeyLink to point to a Certificate (whereas before it could point to raw public keys too).

See "Trust in Information-Centric Networking: From Theory to Practice" [https://doi.org/10.1109/ICCCN.2016.7568589] for some details on why.

In relation to NDN, my understanding is that their certificate format also does not allow indirection (http://named-data.net/doc/ndn-cxx/current/specs/certificate-format.html).  It is not 100% clear from the NDN spec, but the description of KeyLocator says it is a "name that points to another Data packet containing certificate or public key" (or it's a KeyDigest).  If the certificate is non-recursive, I think you have pretty much the same situation as RFC8569, modulo name prefix matching.  Though it is not clear if that retrieved object could have its own KeyLocator, though I do not know why it would have one.  I am not aware of place where NDN specifies the recursive verification process (or even the non-recursive case) outside of the code, but would I like to know if someone has that pointer.

Marc

´╗┐On 4/26/20, 4:37 PM, "icnrg on behalf of Ken Calvert" <icnrg-bounces@irtf.org on behalf of calvert@netlab.uky.edu> wrote:

    Why is recursive key lookup prohibited in CCNx 1.0?

    I am really surprised that Section 8.1 of RFC 8569 says "we do not allow for recursive key lookup".

    First, this seems to dictate a single policy for all applications using the CCNx network layer. That seems like a Big Deal, so I would expect to see some reason given in the RFC, but there's no justification.

    I always thought being able to just "turn the crank" and retrieve the key that signed a content object,then the key that signed that, and so on (as long as the names match a trust schema, as described in the Yu et al ICN '15 paper) until you reach a trust anchor was one of the very best things about CCN/NDN.
    What am I missing?

    Related question:  What is the essential security difference between an X.509 certificate and a KeyLink?  If there's no difference, why require that trust chains be of length one, and end in X.509 certs (or known keys)?  And if there is a security difference, why define a separate Key object at all?

    Thanks,

    Ken
    _______________________________________________
    icnrg mailing list
    icnrg@irtf.org
    https://www.irtf.org/mailman/listinfo/icnrg