[Rats] freshness in the background check interaction model
Michael Richardson <mcr@sandelman.ca> Thu, 29 July 2021 00:41 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 899343A0766; Wed, 28 Jul 2021 17:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Level:
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZrFJ-ODRXysQ; Wed, 28 Jul 2021 17:41:44 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9A633A0749; Wed, 28 Jul 2021 17:41:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 8AA9D389A6; Wed, 28 Jul 2021 20:45:32 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8EYcaJK-3XK6; Wed, 28 Jul 2021 20:45:27 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1682B3898C; Wed, 28 Jul 2021 20:45:27 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0C4B14B6; Wed, 28 Jul 2021 20:41:36 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: rats@ietf.org
cc: anima@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 28 Jul 2021 20:41:36 -0400
Message-ID: <19612.1627519296@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/1eNogrRwxo3bQZFauwSlhWZZzkc>
Subject: [Rats] freshness in the background check interaction model
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 00:41:50 -0000
In the background check interaction we assume that the Attester has connectivity to the Relying Party, and that Relying Party will communicate with a Verifier itself, passing Evidence along the way. {This is not an architectural issue. This is an issue of how to implement RATS in a particular flow} This could occur as part of Network Endpoint Assessment, including both 802.1X processes or onboarding such as with BRSKI (RFC8995). (I am unclear in the TEEP case (which uses both interaction models), how this works) In the BRSKI case the mapping is as follows: 1) Pledge => Attester. 2) Registrar => Relying Party. 3) MASA => Verifier This works well, because the MASA is associated with the manufacturer and so it can get all the Endorsements or Reference Values by private channel. The Pledge reaches out to the Registrar, and provides it with a Voucher-Request. We could trivially include Evidence (or pretty much any form) in the Voucher-Request. The Voucher could include a reply which can be evaluated by the Registrar (Relying Party) to provide a signal to the Registrar (they RP) as to whether or not the Pledge (Attester)'s evidence is satisfactory. There are some options other than embedded the answer for the (2)->(3) protocol including: a) use another end-point on the (3) that would return the response. b) use multipart/mixed reply for the reply from (3)->(2) [this wins for constrained case, because (1) never needs to see this] but, the purpose of this email is to ask about how we get freshness. Ideally, a nonce would be created by the Verifier (MASA) and transmitted to the Attester (Pledge) via the RP (Registrar). A challenge is that the Registrar doesn't know which MASA to use until after it has received some communication from the Pledge. That comes with the Pledge's IDevID, which it uses both to sign the Voucher-Request, and which it uses as TLS Client Certificate. Since the TLS setup occurs before the Voucher-Request, in theory the Registrar could retrieve a nonce from the Verifier, but in the BRSKI protocol flow, we did not add a step to return the Nonce to the Pledge. In the middle of writing this, a gather.town discussion occured... A suggestion was to use a TLS Exporter to get a nonce that both the Registrar and the Pledge knew. The Pledge can then build it's Evidence and include that in the (raw) Voucher-Request. The Registrar then has to communicate this to the MASA (Verifier)..... how do this is a question... probably in the parboiled Voucher-request. In the middle of this, Goran Selander brought out his slides on draft-selander-ace-ake-authz, and most of this can be wrapped up into EDHOC. If we can get our packets small enough, we can do AKE, Enrollment, and Remote Attestation in three flights (two round trips). Is it acceptable for a nonce to be created via TLS Exporter? Is it acceptable for the nonce to be known to the RP? Is it okay that the Verifier didn't get to insert entropy into the nonce? All of this coming to a draft near you. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [Rats] freshness in the background check interact… Michael Richardson
- Re: [Rats] freshness in the background check inte… Thomas Fossati
- Re: [Rats] freshness in the background check inte… Dave Thaler