IETF Logo Mail Archive

Re: [Rats] Android comments on EAT draft

Laurence Lundblade <lgl@island-resort.com> Thu, 11 July 2019 04:18 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63814120128 for <rats@ietfa.amsl.com>; Wed, 10 Jul 2019 21:18:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ThAcbOku8vr3 for <rats@ietfa.amsl.com>; Wed, 10 Jul 2019 21:18:53 -0700 (PDT)
Received: from p3plsmtpa08-05.prod.phx3.secureserver.net (p3plsmtpa08-05.prod.phx3.secureserver.net [173.201.193.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3762120048 for <rats@ietfa.amsl.com>; Wed, 10 Jul 2019 21:18:52 -0700 (PDT)
Received: from [192.168.0.107] ([67.237.247.208]) by :SMTPAUTH: with ESMTPSA id lQXhh7cn4L46UlQXih9wki; Wed, 10 Jul 2019 21:18:52 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <5C3D43D7-8C32-4C83-AEC9-DF98FE5DCF6B@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6C10CB1E-ADF1-4E54-ADF5-54206CC3538B"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 10 Jul 2019 21:18:48 -0700
In-Reply-To: <CAFyqnhWQhw-JpDxdQLyXhf1wAJX_BUzOftouxBZjGk35q=Vnag@mail.gmail.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietfa.amsl.com" <rats@ietfa.amsl.com>
To: Shawn Willden <swillden=40google.com@dmarc.ietf.org>
References: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com> <29657.1562351277@localhost> <CAFyqnhU3KQN_Ww9km8yu7RsdJ1=6ut-bzLmFXtk00H-Zn1ykuQ@mail.gmail.com> <d572ce18b5ea40f18e8ff460dbab1e8b@NASANEXM01C.na.qualcomm.com> <CAFyqnhWQhw-JpDxdQLyXhf1wAJX_BUzOftouxBZjGk35q=Vnag@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfLfkBSxU7NNk46FCdGgVHMQ+RDoS3qlQpSTUGjUYMieSdfosaNPYEHRFW4Vv1V1Tos9WXGHKr7xzbdCHC8c+VdtEbWK29rqgDB8CBtJiuoge710hwuvb C/4jI4XsjbrPdUYa70kPiW+2kgrzluA33lLNk+xQzWx/Yls5Fe38tw6MrE1pGWtnYFenoQYa9QxG35UdKA/9CM61oB+w1Uw+oT/D+qtEEXKC8M9tXCdolwfV u76HEg/5MmSwjHajXqX9wvCZ41LVVpknda6mAmifdQoAtZHHPVMxrHgL7tntHLtA
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/54AotLgIS3aMCnLfWsfaIctPDRk>
Subject: Re: [Rats] Android comments on EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 04:18:57 -0000

First comment: I’m not sure this discussion has a big effect on what we standardize here. It seems reasonable to standardize the location claim even if Android or others don’t use it because it is a useful claim. So we should keep the location claim.  There should be some privacy discussion for the claim, probably suggesting at minimum the user’s consent be obtained before it is sent.

Second comment (not really relevant to standards work): It could work like this. The non-TEE part of the device (i.e., Android) tells the TEE if it can include the location or not. When the TEE includes it, it will be non-spoonable. That should be OK, because the user and Android are still in control. I fully agree that the TEE should not be sending any data that has any privacy issue on it’s own.

LL


> On Jul 6, 2019, at 12:33 PM, Shawn Willden <swillden=40google.com@dmarc.ietf.org> wrote:
> 
> On Sat, Jul 6, 2019 at 8:05 AM Giridhar Mandyam <mandyam@qti.qualcomm..com <mailto:mandyam@qti.qualcomm.com>> wrote:
> >>Can you say more about location?
> Are you saying that Android would never provide a relying party (say, an
> open-protocol implementation of Pokemon GO) with where a device is?
> 
>  
> 
> >I strongly doubt that we will ever provide that.  I understand the benefits, but the privacy team feels like the risks are too great, that it's important that it always be possible to spoof privacy-critical data elements like location.
> 
>  
> 
> Can you expand on why “it’s important that it always be possible to spoof privacy-critical data elements like location”? 
> 
> 
> I'm not a member of the privacy team, so I don't know all of the rationale/considerations, but I know one element of it is to protect dissidents living under oppressive regimes.  There's a desire to make it possible for them to prevent their devices from giving away any information they don't want revealed, via rooting and modification of the Android OS.  Since they can't modify TEE/SE functionality, it's on us to limit the feature set of the TEE/SE code so it doesn't reveal private information, to the degree we can.
> 
> This is why the existing Android attestation uses batch attestation keys, to avoid making the attestation key a strong unique identifier, and why the ID attestation features are tightly restricted and include a low-level API to wipe the IDs and thereby disable ID attestation.  I'm assuming that similar logic would preclude location attestation, though the question hasn't actually come up.
>  
> 
> If we compare to the FIDO 2 location extension (https://www.w3.org/TR/webauthn/#sctn-location-extension <https://www.w3.org/TR/webauthn/#sctn-location-extension>), which can be included as part of the FIDO 2 attestation, the location data inclusion in the attestation is managed by the browser permissions framework that already exists for location (https://www.w3.org/TR/webauthn/#browser-permissions-framework-extensions <https://www.w3.org/TR/webauthn/#browser-permissions-framework-extensions>). 
> 
> 
>  
> 
> It seems that the Android permissions framework could be similarly leveraged for an EAT-based location claim.
> 
> 
> It could, yes, but I don't think Android will enable that.
> 
> 
>  
> 
> -Giri Mandyam, Qualcomm
> 
>  
> 
> From: RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>> On Behalf Of Shawn Willden
> Sent: Saturday, July 6, 2019 7:25 PM
> To: Michael Richardson <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>>
> Cc: rats@ietfa.amsl.com <mailto:rats@ietfa.amsl.com>
> Subject: Re: [Rats] Android comments on EAT draft
> 
>  
> 
> CAUTION: This email originated from outside of the organization.
> 
>  
> 
>  
> 
> On Fri, Jul 5, 2019 at 12:28 PM Michael Richardson <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>> wrote:
> 
> 
> Shawn Willden <swillden=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>> wrote:
>     > Specifically, EAT is about attesting to a *device* while Keystore
>     > Attestation is about attesting to a *key* -- though we also attest to
>     > quite
> 
> I have include a section in the use case document called "Cryptographic key
> Attestion"
> 
>  
> 
> Great!
> 
>  
> 
>     > Another, more tractable, area of difference is that EAT provides Claims
>     > for
>     > several data items which Android will likely never allow to be attested
>     > because of their privacy implications and potential for ecosystem
>     > fragmentation (apps choosing which devices they'll run on -- we generally
>     > try to deny them the information they'd like to have to make those
>     > choices).  These are:
> 
>     > - UEID
>     > - Origination
>     > - Location
> 
> Can you say more about location?
> Are you saying that Android would never provide a relying party (say, an
> open-protocol implementation of Pokemon GO) with where a device is?
> 
>  
> 
> I strongly doubt that we will ever provide that.  I understand the benefits, but the privacy team feels like the risks are too great, that it's important that it always be possible to spoof privacy-critical data elements like location.
> 
>  
> 
>     > Some other claims that we have, and think are important, are OS version
>     > and
>     > patch-level (represented as a date, YYYYMMDD); secure boot verification
>     > key
>     > digest; secure boot digest (hash of all verified code); application ID (a
>     > digest of the requesting app signing key); and secure app version (hmm,
>     > don't have a patchlevel, but we should!  I'll see about adding that for
>     > R).
> 
> These are all intended to be covered under "network attestation", but
> now I wonder if that term is mis-leading.
> 
>  
> 
> Hmm.  Yes, you're attesting to the device state, not anything about a network.  I guess "network attestation" is because you're expecting the relying party to be the network?
> 
> 
> 
>  
> 
> --
> 
> Shawn Willden | Staff Software Engineer | swillden@google.com <mailto:swillden@google.com> | 720-924-6645
> 
> 
> 
> -- 
> Shawn Willden | Staff Software Engineer | swillden@google.com <mailto:swillden@google.com> | 720-924-6645
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email