Re: [OAUTH-WG] [SPICE] SPICE Revocation
Tom Jones <thomasclinganjones@gmail.com> Sat, 06 April 2024 20:01 UTC
Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B79DC14E515; Sat, 6 Apr 2024 13:01:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.074
X-Spam-Level:
X-Spam-Status: No, score=-7.074 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xV0p3j37NDnI; Sat, 6 Apr 2024 13:01:15 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4157C14F5F5; Sat, 6 Apr 2024 13:01:14 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-56e37034cebso382422a12.0; Sat, 06 Apr 2024 13:01:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712433673; x=1713038473; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=L0Cqx5+teEb0Q1cv4PmHiVtRGlhIGUOO0PxuP6qZesY=; b=Lq2fK6JMvPZLhGH3hGV1Df5RSQBMTbdobN0QONGxDIoxmWTH/PVxRnjYNPnxg/trKI 7Tx3atNw6pgDEbIFAxefMbYW3XI7rOGuWPJvz9+c6eZ6l1UR/J8aLiyDytCwZOghAH/U 01lilNuoDDO2gHWW0Xzn5kRMc14PXr1zaMhWbbrTQIJK5JZYYoGa+BT7q6PVMi4du9Zp LPJApqYa48u4FWw1cBuxF0V7/qXmdYFlCyooio+1O8t2qpYEMkqyI3ELcX8UOvcDAi1f ZF+aUF53rA9PYzZzRbb1orWomIdhKkQo7f09ZjuJfwwroDq2+KpqD3KjqxwDyjxmnNK+ apUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712433673; x=1713038473; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L0Cqx5+teEb0Q1cv4PmHiVtRGlhIGUOO0PxuP6qZesY=; b=VTQscrPAFu9VC2ZxIH43NmIg3+MUwo/esSHz5E0Ewuk8OZmo3yBrBpMdtxJ0YHaoyc avwVhdVI0sgCzXiRDwSDWIxpGk1VrN6ou4ALsAswVEFZO4u883B32zvC7ARVhUAk3lxB XOx2S0K7lqlVPUk2UFgojdVsR7WOr6h/cxy5CFZGCRVpIMkBrKrbn/zg0C6z2rUFSCtv rVml3htDG3DQ+aemGHT0toHqbnxCwfYoZfS2p+KS5WFPSeCQA/dOcEXjYWsz6GoMxMt1 5ClyjKdUFfWL3BOA5zwn9Qto3a5hFL4fTjmcYXoCIPFizyQvoxtOt5YZkaOGc1Uc6N7s voVg==
X-Forwarded-Encrypted: i=1; AJvYcCU5fGBhXX7yFZr06WP+0iJaZF8ZTyZGRSVO/v+/rqjEAzrxqTrYu9VnT0pbLJmKxRai4WNZBfDosWRaKMS3p6u1qTo3NwMIW5zf3RXD++4=
X-Gm-Message-State: AOJu0YxTF6Up+WWlmc69AGMDRz4iXe5a0KdcJDg4jAYzJwaCnECzX/n3 AvIhQKiw+5HorX5Yjg/UF8O4gRV/eH8DVQ8+v+wEipQwSZBa+vSU6oIrrLA64jsGWC69tst6GWr 9RJM5qQSAHKaRlfwsbjnoLYW+FUslewVv
X-Google-Smtp-Source: AGHT+IFdkpKPkIKNG6USF/io8NkvIi2VR1W+EuiLmNWckHzv6KDKvPdrod0wbdy/gVbAjsb4uZU0wCbFU6lv3gHYniw=
X-Received: by 2002:a17:907:1383:b0:a46:f9a0:748 with SMTP id vs3-20020a170907138300b00a46f9a00748mr2646723ejb.5.1712433672882; Sat, 06 Apr 2024 13:01:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_Kw1ajnH0zBVengsX-Y_wGk4G3DmOcmbQYYbV+NN03kKA@mail.gmail.com> <CAGJKSNSxRsZN_vMkU60-qVV=5i61tvbD8eDkOxEW5+zfHw0EPA@mail.gmail.com> <b8af9e6c-4391-f0df-a2e1-1a031f9c1013@free.fr>
In-Reply-To: <b8af9e6c-4391-f0df-a2e1-1a031f9c1013@free.fr>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Sat, 06 Apr 2024 13:01:00 -0700
Message-ID: <CAK2Cwb4CAM1ahwbD91iTcpMBQ6KCbs+1Vy9TLLDztgkGjsP7kQ@mail.gmail.com>
To: Denis <denis.ietf@free.fr>
Cc: Orie Steele <orie@transmute.industries>, spice@ietf.org, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c611af06157308e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/HVtaPRHdZL6RPoDni9JProvo_LI>
Subject: Re: [OAUTH-WG] [SPICE] SPICE Revocation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2024 20:01:19 -0000
There is a huge hole here. Revocation of (for example) driving privileges should not impact the use of the cred for other purposes. The revocation idea can lead to cancelation of the person. Some that violates the fundamental rights of human beings. Revocation is basically discrimination. thx ..Tom (mobile) On Fri, Mar 29, 2024, 2:50 AM Denis <denis.ietf@free.fr> wrote: > This thread is related to the three roles model, i.e, Holder, Issuer and > Verifier. > However, I also copy this email to the OAuth WG, since it is currently > developing draft-ietf-oauth-status-list. > > Thanks to Orie for providing the second link: > > https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md?ref_type=heads#ocsp-stapling > . > > What first follows a copy/paste of some parts of the "Architecture > Proposal for the German eIDAS Implementation". Then after, my observations > follow. > > Various use cases and scenarios may require revocation: > > - the PID/(Q)EAA Provider wants to revoke its issued credential > because the contained data is no longer valid > - the Wallet Provider wants to revoke a Wallet Instance because Wallet > Security Cryptographic Device (WSCD) > or the Wallet Instance application is compromised or vulnerable > - the user wants to revoke their Wallet Instance because they lost > their smartphone > - the user wants to revoke their PID > - the PID Provider wants to revoke a PID because the person has died > > To enable revocation within the EUDI Wallet ecosystem, the following > mechanisms for revocation are considered: > > (a) Certificate Revocation Lists > (b) Status Lists > (c) Online Certificate Status Protocol (OCSP) > (d) OCSP stapling > > *My observations:* > > For case (a): "CRLs have seen some scalability limitations in the Browser > TLS context, and > it remains open to evaluate if CRL sizes remain > manageable within the eIDAS ecosystem". > > For case (b): "it remains open to evaluate if this is sufficient for the > eIDAS ecosystem". > > For case (c): "Therefore, usage of OSCP is *not* recommended". > > For case (d): "a proposal applying the concepts to the PID credential > formats is under development > <https://datatracker.ietf.org/doc/draft-demarco-oauth-status-attestations/>. > [i.e., draft-demarco-oauth-status-attestations-00] > the concept has the privacy potential as the Relying Party does not fetch > the revocation information itself". > > draft-demarco-oauth-status-attestations-00 looks interesting. > > Presently, this draft does not include a privacy considerations section. > It is thus questionable whether it is able to support the unlinkability > property > [it cannot be distinguished whether two transactions are related to the > same user or not]. > > Some nice characteristics are : > > - "the Relying Party does not fetch the revocation information > itself". > - "both the wallet and the verifier work without internet connectivity > during the presentation phase". > > But what about a mechanism where, in addition, the holder does not fetch > the revocation information itself ? > Yes, neither the holder, nor the verifier, fetch itself any revocation > information. > > > > Is it "mission impossible"? No, it isn't. > > > > A Wallet Provider is in a position to suspend (i.e., which is equivalent > to a temporary revocation) any digital credential placed in a Wallet > Instance. > It is also in a position to invalidate the use of a Wallet Instance or to > remove any digital credential placed in a Wallet Instance (which is > equivalent > to a definitive revocation). > > A Wallet instance is THE Holder, i.e., an application that needs to be a > Trusted Application (TA) running in a TEE. Every time the holder > (application) > is online, it can transparently connect to the Wallet Provider. If > instructed by a Credential Issuer, a Wallet Provider can suspend any > digital credential > issued by that Credential Issuer. > > The digital credentials placed in a Wallet Instance will only be usable if > the Wallet Instance has been online during, e.g., the last 24 or 36 hours. > > From a holder point of view (or a Wallet Instance point of view), each > time it is online, it will connect to its Wallet Provider. > If no digital credential needs to be suspended, then all the digital > credentials will be usable during the next 24 or 36 hours, but no longer. > The query made by the Wallet Instance to its Wallet Provider can be > transparently repeated, e.g., every hour. If a suspension is requested > by a Credential Issuer while the Wallet Instance is online, the suspension > will occur at latest within, e.g., the next hour. > > The same mechanism can also be used to revoke the Wallet Instance when the > individual lost his smart phone. > All the other approaches would require the revocation (or the suspension) > of each digital credential, one by one. > > This approach avoids to define new data structures that would need to be > exchanged between a Holder and a Verifier or fetched by a Verifier. > This approach would be fully privacy preserving. In particular, the unlinkability > property will be supported. > > Note also that a suspension is much better than a revocation; for example, > if a lost smart phone is found again by the legitimate individual. > With this flexibility, the individual will no more necessarily ask for an > immediate revocation which has sad consequences in terms of availability. > The suspension state allows to recover the use of the wallet, e.g., within > the same day. Whereas an individual was afraid of the consequences > of the revocation, he will not be afraid of the consequences of a > (temporary) suspension. This allows to reduce the risks and hence to > improve > the security level. > > eIDAS 2.0 does not currently allow the suspension state. Once, that > approach will be known, maybe the eIDAS.2.0 draft will be modified. > It is only a draft at this moment. > > Denis > > Orie - this is great work. I definitely think that scoping out how this > approach could be used with SD-CWT could be an important part of > documenting the architecture. > > Mike Prorock > Founder > https://mesur.io/ > > > > On Thu, Mar 28, 2024 at 12:53 PM Orie Steele <orie@transmute.industries> > <orie@transmute.industries> wrote: > >> Hello, >> >> At IETF 119 OAUTH session, I shared some alternative solutions to the >> "dynamic credential state" or "suspension and revocation problem", in >> digital credentials. >> >> https://datatracker.ietf.org/doc/draft-demarco-oauth-status-attestations >> >> This approach offers some advantages and disadvantages over status lists >> / CRL type dynamic state mechanisms that need to be fetched over a network >> by relying parties, or fetched by holders and presented alongside the >> credentials they monitor. >> >> The primary improvements are: >> >> 1. Reduce implementer burden for relying parties, many of which might be >> forbidden from calling out to networks. >> 2. Eliminate the bitstring status list, which can include decoy / dummy >> values that can be used to track relying parties, or that communicate or >> update state for credentials which are not relevant to the transaction. >> >> There is some interesting commentary on this approach here: >> >> >> https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md?ref_type=heads#ocsp-stapling >> >> Which you might all find interesting. >> >> As a general comment, CRLs and OCSP can both address revocation use cases >> and approaches in JOSE and COSE, and applications of this approach to >> SD-CWT or SCITT Receipts are particularly interesting to consider. >> >> Regards, >> >> OS >> >> -- >> >> >> ORIE STEELE Chief Technology Officer www.transmute.industries >> >> >> <https://streaklinks.com/B6DNq7fQ0K3-fblaFg95UjF6/https%3A%2F%2Ftransmute.industries> >> ᐧ >> -- >> SPICE mailing list >> SPICE@ietf.org >> https://www.ietf.org/mailman/listinfo/spice >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >