IETF Logo Mail Archive

Re: [Rats] Collection binding (was Re: New RATS)

Laurence Lundblade <lgl@island-resort.com> Sat, 04 June 2022 17:53 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16174C15AAC8 for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 10:53:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.925
X-Spam-Level:
X-Spam-Status: No, score=-6.925 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sxHjBzh_Vx-C for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 10:53:24 -0700 (PDT)
Received: from p3plsmtpa09-01.prod.phx3.secureserver.net (p3plsmtpa09-01.prod.phx3.secureserver.net [173.201.193.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FAE1C15AAC6 for <rats@ietf.org>; Sat, 4 Jun 2022 10:53:23 -0700 (PDT)
Received: from [192.168.1.4] ([75.80.148.139]) by :SMTPAUTH: with ESMTPA id xXxinDA4hyFgAxXxjnPopv; Sat, 04 Jun 2022 10:53:23 -0700
X-CMAE-Analysis: v=2.4 cv=daRFYVbe c=1 sm=1 tr=0 ts=629b9c13 a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=7CQSdrXTAAAA:8 a=K6EGIJCdAAAA:8 a=48vgC7mUAAAA:8 a=NEAV23lmAAAA:8 a=XLXudCiOjpabWp1PldQA:9 a=QEXdDO2ut3YA:10 a=jFBgEE98biG8lXXbQ88A:9 a=xR1QLY1XuoEe6osm:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22 a=L6pVIi0Kn1GYQfi8-iRI:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <8A39D3EB-BF46-46E1-8B2A-9E2159805240@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E105D066-7DC4-4CC9-A624-7BB920271367"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Sat, 04 Jun 2022 10:53:22 -0700
In-Reply-To: <AS8PR08MB6392DEC03BDEFBB0CC506C71EFA09@AS8PR08MB6392.eurprd08.prod.outlook.com>
Cc: "rats@ietf.org" <rats@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
To: Simon Frost <Simon.Frost@arm.com>
References: <AS8PR08MB6392C7D0CC195B30CBC789CBEFDD9@AS8PR08MB6392.eurprd08.prod.outlook.com> <0606C657-7BA5-4439-A65E-4FBE6E01DEA6@island-resort.com> <AS8PR08MB6392DEC03BDEFBB0CC506C71EFA09@AS8PR08MB6392.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-CMAE-Envelope: MS4xfHQqbkwHRxfhReE5zTsmj9BNaDFX4TUOfTC5Du2OfAuX/aZ7iIvYL1F9aZwCd5PEhLFP7o8HCgJ+D3Jahu2OJ8kow12S1BFh8m1f3YC2lkT9EpYOqUAl gk5cdA2f8NVJjaqCskc/U5uQ3EG06MKtAs9zNNOq6BPkEmZyd2iwu71Go0zkdr6Owcf0ZocYlRcS5OqavsGxJ3qe4jXgWoS/R7nEpCnhKCJwdrVF20kZco3k g1zFtBzHUtkaJQnoRiYB8A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ImF0_qoExYbEi2ZjfMxGgZChmto>
Subject: Re: [Rats] Collection binding (was Re: New RATS)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2022 17:53:28 -0000

It seems OK to not define any particular structure for the crypto to bind the collection, but if that is the approach, I think a paragraph or two of security considerations section on it is needed because the size of the whole here is pretty large.

LL


> On Jun 4, 2022, at 12:19 AM, Simon Frost <Simon.Frost@arm.com> wrote:
> 
> The clear intent of collections is part 3 below. The definition of the collection says that they have “some internally defined relationship through which the integrity of the whole collection can be determined”. I can introduce normative language that makes that clearer if necessary. Typically the mechanism is that within one signed element claim set, there is a claim which can be used to demonstrate a cryptographic binding to another element, for example a hash of their signer public key or a hash of the whole token. Binding between elements will be established as part of verification.
>  
> Reworking a typical collection to be a recursive encapsulation inside the terminal element is possible, but adds processing overhead and is inelegant and inflexible which isn’t the approach I see elsewhere in EAT.
>  
> Thanks
> Simon
> From: Laurence Lundblade <lgl@island-resort.com> 
> Sent: 03 June 2022 19:16
> To: Simon Frost <Simon.Frost@arm.com>
> Cc: rats@ietf.org; Thomas Fossati <Thomas.Fossati@arm.com>
> Subject: Collection binding (was Re: [Rats] New RATS)
>  
> This is one of two comments I have on collections.
>  
> Without any cryptographic binding between tokens in the collection, an attacker can easily substitute a good attestation from another device for one that is not good. This is very large vulnerability in my view. So what to do?
>  
> 1) One option is to write some very large security considerations. They would probably recommend strongly the use of TLS to provide the binding. They would look a lot like all the text in UCCS.
>  
> 2) Another option is to abandon the draft for submods that does provide that. The top-level signer could be a weaker attester whose job is just to provide the binding. It would be kind of similar in security characteristics as using TLS (where TLS is not implemented in a root of trust).
>  
> 3) There could be some other cryptographic binding. Perhaps a hash of one is COSE aad for another. There is allusion to cryptographic binding in the draft, but nothing specific. That other binding could be left up to the implementer and not standardized in which a big recommendation in security considerations is needed. It could also be standardized by describing what it is in this draft.  Can you describe what you were thinking about?
>  
> I don’t have a strong opinion of which option should be used, but I think one (or more) is needed.
>  
> LL
>  
>  
> 
> 
> On May 30, 2022, at 4:33 AM, Simon Frost <Simon.Frost@arm.com <mailto:Simon.Frost@arm.com>> wrote:
>  
> FYI. I’ve just submitted a new draft for a proposed extension to the top level object in EAT.
>  
> There’s a full justification in the doc, but as a quick summary, there are difficulties in creating a top level ‘envelope’ object for a multi-token system while remaining compatible with EAT. Given the recent move to fix the list of top level objects but embrace extensions, this approach seems to be an appropriate proposal.
>  
> See: https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/ <https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/> & https://github.com/SimonFrost-Arm/draft-frost-rats-eat-collection <https://github.com/SimonFrost-Arm/draft-frost-rats-eat-collection>
>  
> Thanks
> Simon
>  
> Simon Frost
> Senior Principal Systems Solution Architect, ATG, Arm
> Mob: +44 7855 265691
>  
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________
> RATS mailing list
> RATS@ietf.org <mailto:RATS@ietf.org>
> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>
>  
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email