Re: [Rats] Quantum-safe attestation

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 24 August 2020 21:17 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 033CD3A0C9F for <rats@ietfa.amsl.com>; Mon, 24 Aug 2020 14:17:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHMjPe318ooL for <rats@ietfa.amsl.com>; Mon, 24 Aug 2020 14:16:58 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68A3B3A0C9E for <rats@ietf.org>; Mon, 24 Aug 2020 14:16:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id D1988389AE; Mon, 24 Aug 2020 16:55:59 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 5KVAI_dKmg4p; Mon, 24 Aug 2020 16:55:59 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id DC73B389A1; Mon, 24 Aug 2020 16:55:58 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 5B4253F; Mon, 24 Aug 2020 17:16:55 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Laurence Lundblade <lgl@island-resort.com>, rats@ietf.org
In-Reply-To: <B12C563A-066F-4FB7-934D-48D1373206E5@island-resort.com>
References: <B12C563A-066F-4FB7-934D-48D1373206E5@island-resort.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Mon, 24 Aug 2020 17:16:55 -0400
Message-ID: <28631.1598303815@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/JpJoBypdzxeiQa40Kc0NkMnun7c>
Subject: Re: [Rats] Quantum-safe attestation
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2020 21:17:00 -0000

Laurence Lundblade <lgl@island-resort.com> wrote:
    > We probably want RATS architecture to be able to use quantum-safe
    > algorithms. On low cost and low speed devices that might mean HMAC is
    > used since SHA-2 and such seem to be quantum-safe. On higher cost and
    > higher speed devices there may be alternatives that look more like
    > PKI.

Yes/no.

Use of a keyed HMAC requires a symmetric key, which will be a hassle to
provision the verifier, and effectively locks the device to a single (likely
manufacturer provided) verifier.   It will also raise questions of
non-repudiation.
Better *might* be RFC8778 HSS/LMS Hash-Based Signature Algorithms.
They are bigger, and have a limited number of uses.

I would say that the architecture does not need to say anything about the
algorithms.  These are functional requirements, not design requirements.

There will have to be firmware updates to the Attesting Environment once
either we have quantum-safe asymmetric algorithms, or when we have a QM
breach.  That can be done with SUIT signed by RFC8778.
I don't think that our architecture need worry about that.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-