[Rats] freshness in the background check interaction model
Michael Richardson <mcr@sandelman.ca> Thu, 29 July 2021 00:41 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 899343A0766; Wed, 28 Jul 2021 17:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Level:
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZrFJ-ODRXysQ; Wed, 28 Jul 2021 17:41:44 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9A633A0749; Wed, 28 Jul 2021 17:41:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 8AA9D389A6; Wed, 28 Jul 2021 20:45:32 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8EYcaJK-3XK6; Wed, 28 Jul 2021 20:45:27 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1682B3898C; Wed, 28 Jul 2021 20:45:27 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0C4B14B6; Wed, 28 Jul 2021 20:41:36 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: rats@ietf.org
cc: anima@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 28 Jul 2021 20:41:36 -0400
Message-ID: <19612.1627519296@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/1eNogrRwxo3bQZFauwSlhWZZzkc>
Subject: [Rats] freshness in the background check interaction model
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 00:41:50 -0000
In the background check interaction we assume that the Attester
has connectivity to the Relying Party, and that Relying Party will
communicate with a Verifier itself, passing Evidence along the way.
{This is not an architectural issue. This is an issue of how to
implement RATS in a particular flow}
This could occur as part of Network Endpoint Assessment, including both
802.1X processes or onboarding such as with BRSKI (RFC8995).
(I am unclear in the TEEP case (which uses both interaction models), how this
works)
In the BRSKI case the mapping is as follows:
1) Pledge => Attester.
2) Registrar => Relying Party.
3) MASA => Verifier
This works well, because the MASA is associated with the manufacturer and so
it can get all the Endorsements or Reference Values by private channel.
The Pledge reaches out to the Registrar, and provides it with a Voucher-Request.
We could trivially include Evidence (or pretty much any form) in the
Voucher-Request.
The Voucher could include a reply which can be evaluated by the Registrar
(Relying Party) to provide a signal to the Registrar (they RP) as to whether
or not the Pledge (Attester)'s evidence is satisfactory.
There are some options other than embedded the answer for the (2)->(3) protocol including:
a) use another end-point on the (3) that would return the response.
b) use multipart/mixed reply for the reply from (3)->(2)
[this wins for constrained case, because (1) never needs to see this]
but, the purpose of this email is to ask about how we get freshness.
Ideally, a nonce would be created by the Verifier (MASA) and transmitted to the
Attester (Pledge) via the RP (Registrar). A challenge is that the Registrar
doesn't know which MASA to use until after it has received some communication
from the Pledge. That comes with the Pledge's IDevID, which it uses both
to sign the Voucher-Request, and which it uses as TLS Client Certificate.
Since the TLS setup occurs before the Voucher-Request, in theory the
Registrar could retrieve a nonce from the Verifier, but in the BRSKI protocol
flow, we did not add a step to return the Nonce to the Pledge.
In the middle of writing this, a gather.town discussion occured...
A suggestion was to use a TLS Exporter to get a nonce that both the Registrar
and the Pledge knew. The Pledge can then build it's Evidence and include
that in the (raw) Voucher-Request. The Registrar then has to communicate this to
the MASA (Verifier)..... how do this is a question... probably in the
parboiled Voucher-request.
In the middle of this, Goran Selander brought out his slides on
draft-selander-ace-ake-authz, and most of this can be wrapped up into EDHOC.
If we can get our packets small enough, we can do AKE, Enrollment, and
Remote Attestation in three flights (two round trips).
Is it acceptable for a nonce to be created via TLS Exporter?
Is it acceptable for the nonce to be known to the RP?
Is it okay that the Verifier didn't get to insert entropy into the nonce?
All of this coming to a draft near you.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [Rats] freshness in the background check interact… Michael Richardson
- Re: [Rats] freshness in the background check inte… Thomas Fossati
- Re: [Rats] freshness in the background check inte… Dave Thaler