IETF Logo Mail Archive

Re: [Rats] Why variability is needed (Re: EAT Profiles)

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 17 September 2022 17:14 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE76C1522AD for <rats@ietfa.amsl.com>; Sat, 17 Sep 2022 10:14:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLm2ehzMwoBI for <rats@ietfa.amsl.com>; Sat, 17 Sep 2022 10:14:51 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB153C1522A1 for <rats@ietf.org>; Sat, 17 Sep 2022 10:14:51 -0700 (PDT)
Received: from dooku.sandelman.ca (dynamic-077-011-033-222.77.11.pool.telefonica.de [77.11.33.222]) by relay.sandelman.ca (Postfix) with ESMTPS id 111491F480; Sat, 17 Sep 2022 17:14:50 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 7170C1A0FCB; Sat, 17 Sep 2022 19:14:49 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Laurence Lundblade <lgl@island-resort.com>, rats@ietf.org
In-reply-to: <B48D92C7-9304-4B28-BDA5-8C447CF951B8@island-resort.com>
References: <71934.1663019954@dooku> <6D74BAE0-3B37-4A1F-9966-96EB60B9D675@island-resort.com> <240776.1663329145@dooku> <B48D92C7-9304-4B28-BDA5-8C447CF951B8@island-resort.com>
Comments: In-reply-to Laurence Lundblade <lgl@island-resort.com> message dated "Fri, 16 Sep 2022 11:23:01 -0700."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 17 Sep 2022 19:14:49 +0200
Message-ID: <396614.1663434889@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/3dWweOUe1eqa5z_qKvjPUgkwHwY>
Subject: Re: [Rats] Why variability is needed (Re: EAT Profiles)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Sep 2022 17:14:55 -0000

Laurence Lundblade <lgl@island-resort.com> wrote:
    > Here’s use cases that diverge from 6.3 to serve as examples that cover
    > just about everything listed in 6.3

> Composite of pure HW attester and TEE/HLOS attester
> - HW uses non-preferred encoding of integers to output registers directly
> - HW is simpler because an indefinite length map is used to hold the Claims-Set

Okay, so could we call the first profile "Purple" and the one of the HW
attester above "Brown", and name them in the EAT document?

> JSON attester - Some one doesn’t use CBOR

Well, yes, but isn't not using CBOR, so it's automatically not a CBOR
Protocol.  It's "Blue"

    > Chinese Attester - Must use Chinese crypto
    > Don’t trust NIST - Want Edwards algorithm. See TEEP profile.

I don't think that profiles should name crypto algorithms.
Please see RFC https://www.rfc-editor.org/rfc/rfc8247.html for what we should
do, if we really need to write down MTIs.  I don't think we can/should though.

    > Multiple signing for PQ - Use COSE_Sign instead of COSE_Sign1 to sign
    > with a PQ algorithm (e.g. LMS) and widely supported algorithm
    > (e.g. ECDSA) (I know someone doing this)

I agree that this is a difficult part.
I'd prefer the EAT said that things that verify EATS (i.e. Verifiers and RPs)
MUST support both COSE_Sign and COSE_Sign1.

    > Time-based freshness - A highly constrained environment has trusted
    > time and wants avoid sending a nonce

Seems like a reasonable thing to be able to say.
I'd still like EAT to offer a clearer palette.

    > X.509-based keys/endorsements - Rather than using a kid, the leaf cert
    > / endorsement is included per draft-ietf-cose-x509

"If kid is absent, but x5c is present, then a verifier may assume ..."

    > Privacy/confidentiality required - The use case requires the encryption
    > of the EAT - Also may want to explicitly disallow UEID because it is
    > PII

That seems both out of scope (the encryption is will need to be bolted on),
and entirely reasonable for the user to list forbidden claims.

    > EAT carried by a tag-using CBOR protocol - The protocol carrying the
    > EAT wishes to use the CWT/COSE tag numbers to identify the item as CWT
    > and the type of protection it wants

Can you give me an example here?
Will this user register then own CBOR Tag?  (What's a CWT Tag?  I think a typo..)

I'm pushing for EAT specifying somewhere between four and ten variations
(with clear names), rather than allowing NxMxPxQxZ combinations to exist.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email