IETF Logo Mail Archive

Re: [Iotops] [Rats] 802.1AR device identity

Ash Wilson <ash.wilson@valimail.com> Sun, 18 April 2021 00:49 UTC

Return-Path: <ash.wilson@valimail.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 415D43A3A15 for <iotops@ietfa.amsl.com>; Sat, 17 Apr 2021 17:49:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JbMpTNnsGKWh for <iotops@ietfa.amsl.com>; Sat, 17 Apr 2021 17:49:07 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED1283A3A16 for <iotops@ietf.org>; Sat, 17 Apr 2021 17:49:06 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id z15so15611354qtj.7 for <iotops@ietf.org>; Sat, 17 Apr 2021 17:49:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hLQZUE7Hx+ydwdx62v2x1ABj98tUeVOu7dZvo3TuuEQ=; b=B0oHNI3rymouYU98kzBs9Ntxndg6TUt+/kUboLLOZbcclR/DweG/qopGa3PGgfp6G6 gmdYNxnwfEBe+YhAIRfxrAIoCZsDqhHMB0PjlLL02uwH0G6mMfTkdcyd4olrOFAeBQg6 dg500g/HLFgPb1wM/7DVxJxhvGKrUlNxi7goglS2kuRbEdHdn6buwfTg+d0b6JjZia5u b4rsRDHgKhpdHNq2atfFvmc4pKEOebBJ9h3ZovuZUjQXlU/CdvAqCwFQ5ChUbetMMQs6 baV3agvbN8UmIRr6w0DiWQl1s2cwM9xKBCgH07uW03tRXa7cj1EY89dvV0+jNIHDgxcI lRNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hLQZUE7Hx+ydwdx62v2x1ABj98tUeVOu7dZvo3TuuEQ=; b=Hn8jtQ4p3nj5LpfLsSpXVxrxADTSK/cSpHtPSH8o7NeUUehF4SxzGI81DEJE2zcOa9 z4V2WdpSCuOSaHbXr6Bj+aktqTmDKWZQn+XLvuAXzlGDWEzc3pLf4WLYn7jptLV74qlN SOWCrE+btkMDg1J7/NNjHp7AzesmCbS4FmTBvzizZAEV/Z8F/E9yJ5OMJah7zKTAwL3O bcwoo4TwJwSmSB0pQj99vkLwkw+63onFQe6bHc/wRSPpW5AYZ0cZi4TkYdqMxFuZKzGN EEKPe/8c/duo5JWNfxLBiozdUi7Gz1GkTgTHw1koW2fpmAiL0PWsufu2nw/XdiiBf7Kw 0mLw==
X-Gm-Message-State: AOAM530Z4gzDcYxw9xY6ONfHoHTaD4z15SydyS3pxIA+UEOAD3kh59uq eMrpxZ0m0jLJeI8rZ/ycGfT5d9vA+H+nqNFzffKcIQ==
X-Google-Smtp-Source: ABdhPJx9NCW2cZl+JQl6MYeDF2SgwHVHDwtwAoMRjzI89Lt8rA/u7bEOlMZHaFJfmrAsLcuCa3kKEeoxFVApMz7Tvzw=
X-Received: by 2002:ac8:5655:: with SMTP id 21mr5900946qtt.187.1618706944820; Sat, 17 Apr 2021 17:49:04 -0700 (PDT)
MIME-Version: 1.0
References: <D197C29D-95C4-4696-BE22-703E14DFFE35@intel.com> <E0971364-E3AD-40C6-A08A-A0BA7E64D18F@cisco.com> <22167.1615685681@localhost> <BLAPR05MB737820F60EB1379958A79D5DBA6C9@BLAPR05MB7378.namprd05.prod.outlook.com>
In-Reply-To: <BLAPR05MB737820F60EB1379958A79D5DBA6C9@BLAPR05MB7378.namprd05.prod.outlook.com>
From: Ash Wilson <ash.wilson@valimail.com>
Date: Sat, 17 Apr 2021 17:48:52 -0700
Message-ID: <CAEfM=vREUdWXp5vUjmsEDBZmUD1=TYnFtdy1ZGYQjyuAbbQPkA@mail.gmail.com>
To: Guy Fedorkow <gfedorkow=40juniper.net@dmarc.ietf.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, iotops@ietf.org
Content-Type: multipart/alternative; boundary="00000000000071183505c034949a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/ppolHvMgunyFfa4x3I_AuybStgI>
Subject: Re: [Iotops] [Rats] 802.1AR device identity
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Apr 2021 00:49:12 -0000

Joining the conversation a little late...

I think that while the IdevID was originally intended to be a life-long
birth certificate of sorts, improving the standard to allow certificate
rotation could be useful.

Keys become easier/cheaper to guess over time. Guessing the key will
eventually be easier and less expensive than compromising the TPM which
protects it. And not all implementations are created equal. For instance:
https://en.m.wikipedia.org/wiki/ROCA_vulnerability . If the certificate
can't be rotated, then even after a firmware update, you're stuck with a
vulnerable private key in a patched TPM.

Protocols exist to allow an entity to rotate its own certificate. If it
were possible to safely do so, wouldn't the security posture of a device be
improved by having some cryptographic agility for the identity's method for
proof-of-possession? Rotation frequency recommendations can be related to
the amount of time required to guess the private key. What if the device
could rotate its own key in a shorter period of time than an adversary
could guess it?

If the device's name is universally unique and the certificate is
discoverable using that name, then the certificate then becomes just a
means of proving possession of the name.

 A manufacturer could support the rotation of IdevID certificates through
an integration between the CA and the discovery mechanism.

Certificate rotation like this could work with DANE for client identity.

On Mon, Mar 15, 2021, 06:30 Guy Fedorkow <gfedorkow=
40juniper.net@dmarc.ietf.org> wrote:

> I agree with Michael.  The IDevID in my point of view is as permanent as
> the serial number on the box or the VIN on your car.
> I think DevID could have privacy implications in some applications, so
> within TCG there have been proposals to download the IDevID at the
> customer's discretion, but in that case, it would have to be linked to
> TPM's EK (another immutable key), so there's still only one possible IDevID
> ever for a box.
>   As noted, LDevIDs can be made and destroyed at will.
> /guy
>
>
>
> Juniper Business Use Only
>
> -----Original Message-----
> From: RATS <rats-bounces@ietf.org> On Behalf Of Michael Richardson
> Sent: Saturday, March 13, 2021 8:35 PM
> To: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>; rats@ietf.org;
> iotops@ietf.org
> Subject: Re: [Rats] [Iotops] 802.1AR device identity
>
> [External Email. Be cautious of content]
>
>
> Eliot Lear <lear=40cisco.com@dmarc.ietf.org> wrote:
>     > Yeah, this is an issue that comes up from time to time.  How
>     > “immutable” should that iDevID be?
>
> I take the approach that the IDevID that was shipped from the factory can
> not be replaced without a device recall.
>
> (It could be that there are modes where another IDevID can be installed,
> but the original would not be removed.  Whether this is an LDevID or IDevID
> is open to intepretation)
>
>     > I’ve had this thought in two
>     > different contexts: What if the signature algorithm, CA, or private
> key
>     > used to protect the iDevID has been compromised?
>
> Then, the device is broken.
> I think you would certainly agree that this can be the only answer if the
> software signing key is compromised, right?
>
>     > Can one recover with an update?
>     > What if there are attributes in the cert that I want to
>     > dink and share with the deployment?
>
> Please define "dink" for me.  I know of only one definition from the
> school yard.
> Does this mean remove? replace?
>
>     > I’d like to take that latter case off the table, but then we need to
>     > seriously think about RATS or SUIT providing a standard protected TLV
>     > list that deployments could receive through a standard interface.
>     > These are attestations of a form, but they’re not really
> measurements,
>     > as has been previously discussed here.
>
> Can you give me an example of one of these attributes?
> This sounds like the FIDO situation, from section 6.3 of (my) the usecase
> document:
>
>    According to [fidotechnote] FIDO uses attestation to make claims
>    about the kind of device which is be used to enroll.  Keypairs are
>    generated on a per-device _model_ basis, with a certificate having a
>    trust chain that leads back to a well-known root certificate.  It is
>    expected that as many as 100,000 devices in a production run would
>    have the same public and private key pair.  One assumes that this is
>    stored in a tamper-proof TPM so it is relatively difficult to get
>    this key out.  The use of this key attests to the the device type,
>    and the kind of protections for keys that the relying party may
>    assume, not to the identity of the end user.
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
> --
> Iotops mailing list
> Iotops@ietf.org
> https://www.ietf.org/mailman/listinfo/iotops
>

v2.23.0 | Report a Bug | By Email