[Rats] AD review of draft-ietf-rats-uccs-08
Roman Danyliw <rdd@cert.org> Fri, 02 February 2024 22:16 UTC
Return-Path: <rdd@cert.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4D85C14F610 for <rats@ietfa.amsl.com>; Fri, 2 Feb 2024 14:16:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EfKJ2mTPKGi for <rats@ietfa.amsl.com>; Fri, 2 Feb 2024 14:16:47 -0800 (PST)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0061.outbound.protection.office365.us [23.103.208.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4980DC14F61C for <rats@ietf.org>; Fri, 2 Feb 2024 14:16:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=fKF9jyxmHUqkmuedfOx7kMbxHWzXtUcjNrLB/CMiE+nCFsMR3PyNGldZE2D5g2cJoK4u/1UsLrDwA7ZNWAA4AE4jcV2HIuYjdmD/Ud4OCF2D7rmLljQYD5qqmfqWN+Ty4HRkuz+bRtd6IlWWuES2530r+kX6K6qJwohncvTENgp+RZYzB765VAp7xGGSL45Pp6eFrTNd90T9o1ZzdFbQU7xQnfQu9AiRUkCJ8rUn8kdbvZjCZAoyZzaXdSJTEa7G/rx5iietQdJ8KB0pdTzkIgrQllFQAsM250g8yIANrnHhz6jwucQfDg1EdURNnZ5ykjqUnbYCF/s7GPJQCP+5Pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=waNUEvion6SlkmR1TQAQOyB+1XaqiSLZ23Tv2zoy1XY=; b=su8zjhwPucfkBHTotjjS5CMXp5s4d5dHTk65HASCBM7jplwpr4hMlmXgreH/Ps8Cj+RSNhUro+CdsDA+lu5+YpBghBbk/QAA8tKTcyD2r//oOcdKiA9yj0JIwj9idEHkyydJDHfSGEWE7hT4EWZI62X/ixYXA8gQ+ZpLwBg48kr8exmiilGTlgNmMleeMm6O4Ag74nLr6jdzZ/OB0qLUjqOILB9t1v0dpybymAWoy2EPsfYaUkiUYF1Bh7M/e08ZQvTPhfvn9QUX2iGgNMfkjY33nXUljTbW7wO8aYhYHs19ikvX/v8lWiJNwW0BizebagXxbYmdVPv7Wff7YCgXWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=waNUEvion6SlkmR1TQAQOyB+1XaqiSLZ23Tv2zoy1XY=; b=RVhBhyK/N0i1T6drP7giAQDR9y7homiC8SVNlCB7Anx0aMGy+tEjfekazIFuBH7agx39c1Z8YwFTg6vJTu1WXx90KTp4c91Jzj7CdqMvksOlHRVRUJghHvnto5cNPwM43Be2uh2NwJgtQ6lJHRq2slDPbALP3FBByVtAInvbdxk=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1011.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.30; Fri, 2 Feb 2024 22:16:44 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f%4]) with mapi id 15.20.7249.027; Fri, 2 Feb 2024 22:16:43 +0000
From: Roman Danyliw <rdd@cert.org>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: AD review of draft-ietf-rats-uccs-08
Thread-Index: AdpWJVIGFmua8N/sTmqs4sr6wKH+6Q==
Date: Fri, 02 Feb 2024 22:16:43 +0000
Message-ID: <BN2P110MB1107CBE54D5BCE5345C25BB2DC42A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1011:EE_
x-ms-office365-filtering-correlation-id: 6e48960c-8eea-4a59-62a8-08dc243ca37d
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RSkbmmfftMIatzb7Hvra4BolYxlwGlQqLJ5xNHOs1B2WGyyjvqwG9oILWxRgbgx7B2muGoUS4SbzyTMj37ZT/Ow8GrNSKVYtX8f6if+avY+MxaqWrF5bMQO5FZ8hemmmSA/nxOCCC/WbhXDhOGYF0omsk3q6dzbilMtgvW/+8WzRqLv899JQNNlqW1dejv9ucm2AG7lHi9vPhmEFgp0FLIQowGDVyq07ykOCJjeNijh7+Z9k2qSZrWaCnPTluUkD3A0Yx4OfOIMF+z/L+JN2JqbJf4QNkiLyXEfvdkj/oqlAITxSGiZ3yTOwKNxaN7dRaNr+9dyPpvqDAPHRT98RY2IAbWu6lETHUt0Pg2peIq5WLghq0xRWMXUlp+NXZeOycjGkwL/2vF2P4mEItjAnp30yjhKtrofgU3o87bvyby9CpbdAhMblBr4jnhOmFqk/Rki9Ir2ykY/+Fhycpgl2z8nKQdQWvqbHkkKT22G1QR4p1pVlGUbbmoDGdNmtugpFyyFFcT7mbLhpZoRrpp0jWdruIDLHr9zy5Wot9aGsELcyN+ZFRdQbn/9NAUokS0BODc0oWcE5Vc69ueY2Pb8kBayDSecrjQd8Mz8npS+LDsI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(136003)(396003)(366004)(39830400003)(230473577357003)(230922051799003)(64100799003)(451199024)(1800799012)(186009)(508600001)(52536014)(66899024)(8676002)(8936002)(66946007)(41320700001)(66476007)(66446008)(76116006)(66556008)(6916009)(64756008)(86362001)(966005)(2906002)(38070700009)(41300700001)(33656002)(5660300002)(26005)(9686003)(83380400001)(122000001)(71200400001)(7696005)(82960400001)(6506007)(55016003)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JafaJcIFSojMiCO9FqNwl5qzKNiZcN0JG38z+cyyHWOMec61DGTWZXuh6VsjJgSehdxFiJmMFBGQuDsN+KIxyA7vCP59qyLVbfIrbbbd3bHCG+baUqLE69a6q0N65UfVf/g91aP4ssFBZdi/6v6Vw4pc+Qseo4LUKuguhzHdZF4sL/rTUUM0zAd23Q8iDDBUAvNjAKgciY/PxvggCnMEgB+Iy1Z+mFqlLQkJFN2MB7ubxtBgz3W2BEVYk0j/ASV7L1lPDYUB4Z/Q/yKVZHweFoCc9y+0vke54ZzWLEl0Goxtz+5HAOlWzTYIEIdPge0SbuDyyEeZmOyUAsroX6c021eVQK7tsZKhsc4NHw1iJUvg4mF0Aw9gDU9oZg5NuRL02Rtr/HpJL5YJC9CmQE7BKsFNhYQ/iGQaZEDrCHbjXhLRacqEqGQc0rdPmKRL3kl7NU/i20NBKnuRhO1yHoypBwarZ9uzMbM6WFYl5Eld4wDxzh7brJL+O06km0vvCgwJOHYjHu6QKBmD4wLuAQXZDSKHxakgmIDw5KgnBOkikyq2mvqq5n2fRv7Dk094l8SPjVGcec4HC+xEbD6K60E4h2ybBVNigLvKd3pdQ5SjDOC9UdDdZwyHz/3o0Y8+H40pVDxDkqMaZNx0+iqUH6Y1Bc3UP8jbUbIvcD47N2w0Z1+/8r5VcD293VB4bsVpcB+1l7/uYtKq7rkwU9vIcfEN4Z3h7nElVH/QwY8OFGV4BNylAG9P94kBVBYow2Xg8hvl+80H583cQtrP/UGfCHXKz+nmzdUV41R+XMu5nlCTBbt/40F1+rF9CcPcXQPx37vaIyFCex4khakAlAh7QBmvlSqyonqHjAicTzIpnHDbjvYtsVv15vW5ELPizrdSoorY3ahGcXCak7e89n7g9Ra47SflrUi6pUtRjzXRiei1Lx66F2ew0AVw4PzOikpGAIDN1kEiv4cYA9cWeutfzfEqAZ0pH4IjImobb2xONgp/N3NzDDRVHtvhxCuBPjofSB+s7Mko4kdjrjzJUqFebrEy3xUSYpObmSUwXO4qoYiSmeDWgy9HEArQwA5TnVK6MwXe2bDxXQ0oqOajYWxWrLs7xw/+1WTLKXfuPjOdwDODDrmXy7ZR8hx3oCuvWq92r9aEeZwQ9CMQvFqD/evyPwUKIIRgo/thO/hcfCc2gGfBaqxF0le8ZlZA1TbDT31vOa9YFUOO5Y5HmUWrWRpYOFSOq1/2J2hohwUbLPzJdnZUjVV8zUksh8EFgIi5NV6lPzPG4HNb5vLnA91CWkJcghApgOHGCilOJt9QuQhk7D57y/Dp6zIKp+vu5w6HcQxzc1bBhLwTu8aifvufE2dZxE14hhpiBdyMjISqRWrVFSJQ7GIoCJkakTkDl1KmvBWsRJffsigmbKgOuvdx5xq+GCTksdl2Rrl8xdRuWPGCKWXzC6gfIuWldnFG+z+I57LE+YWJb3ACxLCRjFhEs+1SSbr7JIoZcdYFYqIvVs1tOjnjDuc=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e48960c-8eea-4a59-62a8-08dc243ca37d
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2024 22:16:43.8822 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1011
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/3rfzNY_RrjQODnjHaO2O3pLgUh8>
Subject: [Rats] AD review of draft-ietf-rats-uccs-08
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2024 22:16:51 -0000
Hi!
I performed an AD review of draft-ietf-rats-uccs-08. Thanks for this document. My feedback is below:
** Section 1.1. The minimally required security properties of the Secure Channel seem unclear. It seems to be defined in three ways:
-- The NIST definition is cited to say that it would be a channel that provides confidentiality, integrity, replay protection and mutual authentication.
-- Via examples of PCIe IDE, TLS or CMS and X.509
-- Via the statement of “in specific cases, the Secure Channel as defined here does not itself provide mutual authentication”
Does the mean that the security properties of the “Security Channel” as defined here must be “confidentiality, integrity, replay protection”? Could a declarative statement on the security properties please be made.
** Section 1.1.
Examples include
conveyance via PCIe (Peripheral Component Interconnect Express)
IDE (Integrity and Data Encryption), a TLS tunnel, or other object
security than COSE, such as CMS or X.509 v3 certificates.
If possible, can a pointer please be provided on how to pass CBOR via CMS or X.509.
** Section 2. Editorial.
As these are Claims, [RFC8392] is a suitable format.
That statement struck me as odd since the whole premise of this document is that RFC8392, the CWT, can’t be reused and it’s being decomposed and re-bundled here.
** Section 4. How is this section to be used?
-- The title says “UCCS and Remote Attestation Procedures (RATS)” . Does it not apply if not in the RATS context? How does one normatively know that “RATS” applies?
-- Are the sub-sections normative? Section 4.1 uses RFC2119 language which suggests normative. However, Section 4.2 is high-level prose and not sufficiently specified to be interoperable.
** Section 4.1
As a minimum requirement in the scope of RATS Claims, the receiver
MUST authenticate the sender as part of the establishment of the
Secure Channel. Furthermore, the channel MUST provide integrity of
the communication between the communicating RATS roles. If data
confidentiality [RFC4949] is also required, the receiving side MUST
be authenticated as well; this can be achieved if the sender and
receiver mutually authenticate when establishing the Secure Channel.
This text seems to be suggesting that confidentiality might not be provided in the Secure Channel. However, the definition in Section 1.1 seems to suggest it is a requirement.
** Section 4.1.
A Secure Channel established or maintained using weak cryptography
may not provide the assurance required by a Relying Party of the
authenticity and integrity of the UCCS.
How could “weak cryptography” be used in a Secure Channel if the security considerations and associated algorithms should be “similar to COSE”?
** Section 4.1.
Where the security assurance required of an Attesting Environment by
a Relying Party requires it, the Attesting Environment SHOULD be
implemented using techniques designed to provide enhanced protection
from an attacker wishing to tamper with or forge UCCS.
-- I had trouble following this guidance. The first clause says “where the security assurance required of the attestation environment” suggesting something is required. However, the second clause then says “the Attestation environment SHOULD”. SHOULD implies it is not mandatory. How can a mandatory need be satisfied in an optional way?
-- What is the relationship between the Attestation Environment and the UCCS? I ask because there appears to be an optional (SHOULD) to prevent tampering or forgery of the UCCS. However, the Secure Channel defined in Section 1.1 seems to suggest that integrity and replay protection is mandatory.
** Section 4.1
As with EATs nested in other EATs (Section 4.2.18.3 (Nested Tokens)
of [I-D.ietf-rats-eat]), the Secure Channel does not endorse fully
formed CWTs transferred through it.
I am confused as to why there is discussion about a Secure Channel and CWTs. Should this be UCCS? If not, why is discussing CWTs moving through the UCCS Secure Channel relevant here?
** Section 4.2. Editorial. Please expand “local IPC”
** Section 6.
The security
considerations of [RFC8392] need to be applied analogously, replacing
the function of COSE with that of the Secure Channel.
If all of the Security Considerations of RFC8392 apply, then there is an authenticity requirement for the Secure Channel. RFC8392 says “it is not only important to protect the CWT in transit but also to ensure that the recipient can authenticate the party that assembled the claims and created the CWT.” Such a requirement conflicts with:
-- the definition Secure Channel in Section 1.1 seems to indicate that authenticity might not always be provided
-- the Privacy Preserving channel of Section 4.3 seems to explicitly suggest that there “receiver cannot correlate the message with the senders of other received UCCS messages “ which seems to be the opposite of authenticity.
** Section 6.
The UCCS specification -- and the use
of the UCCS CBOR tag, correspondingly -- is not intended for use in a
scope where a scope-specific security consideration discussion has
not been conducted, vetted and approved for that use.
Can this guidance be clarified to explain who is supposed to do what? Who is supposed conduct the “scope-specific security consideration discussion”? Who is “approv[ing] use”?
** Section 6.1 – 6.4. How is the reader supposed to interpret this section? Is it normative? Section 4.1 reminds us that “For the purposes of this specification, the mechanisms used to establish a Secure Channel are out of scope.” However, this section appears to go in depth on the properties of that Security Channel mechanism.
** Section 6.2, 6.3. and 6.4. Abstractly, the guidance in this section is clear. As cited, it appears to be coming from different places in RFC9053.
-- From an editorial perspective, is the WG confident it needs to reproduce this guidance here?
-- From the perspective of an implementor, how would one use this guidance? Section 1.1 provides illuminating examples of Secure Channels: TLS, CMS, X.509, PCIe IDE. Is there a sense of which Secure Channels one would apply this too? I ask because I’m not sure how any of these are relevant for X.509. Per TLS, applying this guidance doesn’t seem straightforward. I don’t know much about PCIe IDE but I think it only support AES-GCM.
** Appendix A. I observe that in the body of the text there is no discussion of what claims are permitted in a UCCS. Is anything possible?
** Appendix A. Excuse my rough understanding of CDDL.
-- Why did the WG decide to use the CWT claims in Figure 1 of RFC8392? These don’t seem germane to the RATS use case? I was under the impression that RATS intended to use UCCS to describe evidence via CWT claims. I don’t see that here.
-- What role does CWT-cnf play? This appears to be primitives to provide object security which UCCS is not intended to do?
-- My read of this CDDL is that there is JSON hooks included with the JC<> construct. This JSON binding isn’t explained any place else.
** Appendix B. What is the original of the 601 tag? From https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml that looks unassigned. I have observed the IESG entering DISCUSS ballots on instances were examples of unallocated values are used. Minimally, add an note to the RFC Editor with instructions to replace this value with the allocated ID.
** Appendix C. Did this section just invent the concept of UJCS? Is this normative?
Regards,
Roman
- [Rats] AD review of draft-ietf-rats-uccs-08 Roman Danyliw
- Re: [Rats] AD review of draft-ietf-rats-uccs-08 Henk Birkholz