Re: [Rats] comments on draft-birkholz-rats-uccs

Jim Schaad <> Mon, 17 August 2020 20:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 788EF3A1055; Mon, 17 Aug 2020 13:14:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id m-EF7wI7GrzH; Mon, 17 Aug 2020 13:13:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 51BFC3A0EDD; Mon, 17 Aug 2020 13:13:58 -0700 (PDT)
Received: from Jude ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 17 Aug 2020 13:13:52 -0700
From: Jim Schaad <>
To: 'Henk Birkholz' <>, 'Jessica Fitzgerald-McKay' <>, <>
CC: 'Jessica Fitzgerald-McKay' <>, <>
References: <> <>
In-Reply-To: <>
Date: Mon, 17 Aug 2020 13:13:50 -0700
Message-ID: <016a01d674d2$edf35630$c9da0290$>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKSrUcr9Gm0Xi9nn2sIf7/6XuQYBAG8bGQep7ZPCIA=
Content-Language: en-us
X-Originating-IP: []
Archived-At: <>
Subject: Re: [Rats] comments on draft-birkholz-rats-uccs
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 17 Aug 2020 20:14:01 -0000

-----Original Message-----
From: Henk Birkholz <> 
Sent: Monday, August 17, 2020 3:49 AM
To: Jessica Fitzgerald-McKay <>om>;
Cc: Jessica Fitzgerald-McKay <>ov>; Jim Schaad <>om>;
Subject: Re: [Rats] comments on draft-birkholz-rats-uccs

Thanks Jess!

the discussion on where this is incubated was deliberately scoped down to provide:

* a finite and still useful set of Security/Privacy considerations, and
* relatively specific guidance and context on how prerequisites for usage look like.

The concept of an UCCS tag goes beyond RATS, of course. The usage of an UCCS tag alas requires some application-specific "rules".

That said, we will discuss this topic specifically asap. Also, Jim is now in CC (Hi Jim) and maybe he can weigh in on this topic?

With respect to your technical comments, please give us some time to come back with well-formed answers. I do not want to barge ahead with half-baked replies :-)

Viele Grüße,


On 07.08.20 16:01, Jessica Fitzgerald-McKay wrote:
> Hi, UCCS authors,
> Mike Jenkins and I reviewed the UCCS draft. Our comments are below. 
> Happy to talk through any of them with the group.
> Thanks,
> Jess
> The intent of this draft is similar to the key concept of EST - use 
> the authentication of the secure session connection. Most schemes 
> build on this concept leave a lot of banana peels laying around, some 
> of which we describe here. In general, this does not seem appropriate 
> to the scope of RATS. We feel that COSE might be a more appropriate 
> work group to think these issues through.

[JLS] To me COSE is exactly the wrong place to do this.  If it is not done in RATS then ACE would be the appropriate location.  Doing it in COSE would be something along the lines of "If you don't use the core technology of this group then you should?"

> - If you're using a static symmetric key for authentication (as one 
> might with highly-constrained devices), you can only authenticate a 
> net, not an entity. The receiver cannot differentiate between 
> authenticating the sender and authenticating itself.

[JLS] I don't see this as being interesting for this document  The exact same set of problems exist if you use HMAC or symmetric encryption with COSE where a static symmetric key is used.  The thing that might be interesting would be to talk about correspondences of the secure channel security and the equivalent COSE objects.
> - The authentication happens at the secure channel termination, not in 
> the channel-contents-using application. It's important how the 
> termination process vouches the authentication to the application. (In 
> EST, this question is how the EST server vouches the requestor's 
> identity to the CA server.)
> - A TEE only helps if the TEE application can punch through the REE 
> and set up the secure channel completely on its own. If the TEE relies 
> on the REE to set up the secure channel, you might as well just 
> operate in the REE.
> - There is a comment at the end of the introduction (!) about 
> transitioning back and forth between self-protected and 
> channel-protected CWT, "in a well-defined scope". Define the security 
> characteristics of that scope or get rid of the comment. You're 
> handing someone an awful lot of rope there.
> - The claims set should be treated as ephemeral by the recipient. It 
> shouldn't be stored, and can't be forwarded except as data originated 
> by the recipient. As soon as it emerges from the secure channel, it's 
> no more valid or meaningful than any other piece of unprotected data 
> in the application environment.
> _______________________________________________
> RATS mailing list