[Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09
Carsten Bormann <cabo@tzi.org> Thu, 04 July 2024 10:11 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 287AFC1840C8 for <rats@ietfa.amsl.com>; Thu, 4 Jul 2024 03:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRQCHA9593eZ for <rats@ietfa.amsl.com>; Thu, 4 Jul 2024 03:11:44 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [134.102.50.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38158C1DA2CE for <rats@ietf.org>; Thu, 4 Jul 2024 03:11:42 -0700 (PDT)
Received: from [192.168.217.145] (p5089ae14.dip0.t-ipconnect.de [80.137.174.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4WFC9S2G3GzDCgM; Thu, 4 Jul 2024 12:11:40 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <PH1P110MB1116C5BE031039613AA69302DC2DA@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM>
Date: Thu, 04 Jul 2024 12:11:39 +0200
X-Mao-Original-Outgoing-Id: 741780699.802586-0635cbce8ce4f13a51c7b8738947bd51
Content-Transfer-Encoding: quoted-printable
Message-Id: <32215BE3-F49B-4B9D-BFC0-076A74CE09CD@tzi.org>
References: <PH1P110MB1116C5BE031039613AA69302DC2DA@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Message-ID-Hash: FWVWWY627J55IGWOLF3KPMXC4M22AOKR
X-Message-ID-Hash: FWVWWY627J55IGWOLF3KPMXC4M22AOKR
X-MailFrom: cabo@tzi.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "rats@ietf.org" <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6p5LRQvzU_4MwQuzs6G7ogIt3JM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi Roman, apologies for the slow reply, and even more so for replying on July 4. We created a -10 from the input we received on -09: HTML: https://www.ietf.org/archive/id/draft-ietf-rats-uccs-10.html Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-rats-uccs-10 On 2024-03-19, at 00:49, Roman Danyliw <rdd@cert.org> wrote: > > Hi! > > I previously performed an AD review on draft-ietf-rats-uccs-08. See https://mailarchive.ietf.org/arch/msg/rats/HU2eIC7AevBSBHGk5tqXSR8wMco/. Thanks for -09. For ease of tracking issues, this new email summaries the remaining issues from AD Review. > > > ** Section 6. > The security > considerations of [RFC8392] need to be applied analogously, replacing > the function of COSE with that of the Secure Channel. > > [per -08] > If all of the Security Considerations of RFC8392 apply, then there is an authenticity requirement for the Secure Channel. RFC8392 says “it is not only important to protect the CWT in transit but also to ensure that the recipient can authenticate the party that assembled the claims and created the CWT.” > > [per -08] the Privacy Preserving channel of Section 4.3 (Section 5.3 in -09) seems to explicitly suggest that there “receiver cannot correlate the message with the senders of other received UCCS messages “ which seems to be the opposite of authenticity. You didn’t cite the rest of that sentence, "beyond the information the Secure Channel authentication provides.”. The objective here can be that this authentication be ephemeral. So the receiver can authenticate (an identity of) the sender, but cannot stash away a third-party verifiable representation of a signed statement that the sender has made. Avoiding the creation of such a representation may be the main point of doing authentication in a Secure Channel as opposed to via object security (i.e., in a CWT). > [response] >> The objective of 4.3 (now 5.2) is to discuss how authenticity does not >> necessarily lead to linkability. >> It does not relax the authenticity requirement. >> (E.g., DAA replaces the attester key with a group key, and something >> similar could be a use case for secure channels as well.) > > [Roman] Can this nuance please be explained in the prose. This seems to be a very different situation than authenticity in the CWT sense. I don’t think we want to discuss the example I gave in the email, authentication via group keys, in the document; such an application probably should come with its own, more specific, instruction leaflet (as should other examples, such as batch-endorsed single-use keys). But CWT also can use group keys (or single-use keys), so the situation is not that fundamentally different, except that the authentication with these on a Secure Channel can be ephemeral. (E.g., while it is already possible to use a group key or some kind of "DAA issued certificate" to establish a Secure Channel, such a procedure is out-of-scope of this document as it implies the issuance of endorsed keys of this kind in the first place. With a future specification that builds on, say, the RATS DAA I-D when it becomes an RFC, an additional document addressing the use of such endorsed keys could become a thing. It seems pretty clear that the particulars of using group keys or similar to authenticate any end of a Secure Channel are out-of-scope of this specification.) > ** Appendix A. Excuse my rough understanding of CDDL. > > -- [per -08] My read of this CDDL is that there is JSON hooks included with the JC<> construct. This JSON binding isn’t explained any place else. > >> Yes. >> Parts about JSON bindings do not use normative language, >> because UCCS is >> about CBOR claim sets. >> This CDDL is designed to be useful in a mixed environment, based on >> requirements from EAT. > > I don’t understand. This CDDL in Appendix A is normative, and so is the flexibility in its design to support JSON. Otherwise, it would be “C< ...>” and not “JC<...>”. I don’t take exception with providing a JSON binding but please explain this in the prose and in the introduction.. The text introducing Figure 1 now reads: >> In Figure 1, this specification shows how to use CDDL for defining the CWT Claims Set defined in [RFC8392]. Note that these CDDL rules have been built such that they also can describe [RFC7519] Claims sets by disabling feature "cbor" and enabling feature "json", but this flexibility is not the subject of the present specification. We added “This appendix is informative”, as it does not preempt the definitions in RFC 8392, but provides a directly usable CDDL form of them. And while it is doing that, it does the same for RFC 7519 Claims Sets, as that is easy to include. Grüße, Carsten
- [Rats] AD follow-up review of draft-ietf-rats-ucc… Roman Danyliw
- [Rats] Re: AD follow-up review of draft-ietf-rats… Roman Danyliw
- [Rats] Re: AD follow-up review of draft-ietf-rats… Henk Birkholz
- [Rats] Re: AD follow-up review of draft-ietf-rats… Carsten Bormann
- [Rats] UCCS and EAT media types (was: Re: Re: AD … Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Carsten Bormann
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Orie Steele
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Henk Birkholz
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Carsten Bormann
- [Rats] Re: AD follow-up review of draft-ietf-rats… Carsten Bormann
- [Rats] Re: AD follow-up review of draft-ietf-rats… Kathleen Moriarty