Re: [Rats] using symmetric keys in an Endorsement/Verifier flow

Russ Housley <housley@vigilsec.com> Fri, 19 February 2021 19:23 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18B0D3A13A1 for <rats@ietfa.amsl.com>; Fri, 19 Feb 2021 11:23:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DhKKWxQes1Br for <rats@ietfa.amsl.com>; Fri, 19 Feb 2021 11:23:00 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 068DA3A1397 for <rats@ietf.org>; Fri, 19 Feb 2021 11:23:00 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4C4D1300BCD for <rats@ietf.org>; Fri, 19 Feb 2021 14:22:57 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Gz2UNKsoaJyF for <rats@ietf.org>; Fri, 19 Feb 2021 14:22:35 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 321CA300B93; Fri, 19 Feb 2021 14:22:35 -0500 (EST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <FC9B612B-C045-4287-94E0-314616D97051@island-resort.com>
Date: Fri, 19 Feb 2021 14:22:36 -0500
Cc: "rats@ietf.org" <rats@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A83D877-8A85-4EB5-B86F-4350F3546E64@vigilsec.com>
References: <31999.1612560697@localhost> <1568.1612561139@localhost> <FC34391E-023A-416B-BD43-39371C8A43D2@intel.com> <FC9B612B-C045-4287-94E0-314616D97051@island-resort.com>
To: Laurence Lundblade <lgl@island-resort.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Kg_SmWMe265p1zuQ6Qqaw7I-0Ew>
Subject: Re: [Rats] using symmetric keys in an Endorsement/Verifier flow
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2021 19:23:02 -0000

Maybe something should be said in the Security Considerations that the design in this document does not cover Endorsements should have confidentially protection such as ones that employ symmetric keys.

Russ


> On Feb 8, 2021, at 3:35 PM, Laurence Lundblade <lgl@island-resort.com> wrote:
> 
> So the proposal is to say nothing about when/if Endorsements should have confidentially protection in the architecture document, right?  This leaves it up to the designer/implementor/user of symmetric verification keys to figure this out on their own. I’m fine with this.
> 
> (Note that I was only suggesting a security considerations statement like “if endorsements carry symmetric keys for verification the endorsements should have confidentially protection”.  Given that the UCCS draft has paragraphs about integrity and confidentially, then a statement like this seems appropriate).
> 
> I'm happy it is closed.
> 
> LL
> 
> 
>> On Feb 8, 2021, at 10:32 AM, Smith, Ned <ned.smith@intel.com> wrote:
>> 
>> +1 "Endorsements with symmetric verification keys should write another document"
>> 
>> This is a reason to re-charter. It would allow drafts that address the corner of the diagram that was ruled out of scope during chartering discussion to be written and adopted as a way to clarify content that isn't appropriate to include in an architecture draft.
>> 
>> -Ned
>> 
>> On 2/5/21, 1:40 PM, "RATS on behalf of Michael Richardson" <rats-bounces@ietf.org on behalf of mcr@sandelman.ca> wrote:
>> 
>> 
>>   In https://github.com/ietf-rats-wg/architecture/issues/162 it was argued that
>>   we needed to be clear that:
>> 
>>     "Endorsements should have confidentiality protection when carrying
>>     symmetric verification keys. "
>> 
>>   but, many of the Architecture Design Team didn't feel that the architecture
>>   was intended to provide any kind of specification on Endorsements.
>>   Within the dataflow diagram:
>>     https://www.ietf.org/archive/id/draft-ietf-rats-architecture-09.html#dataflow
>>     (attached below, for those who use a fixed-width font)
>>   That only the "Evidence" and "Attestation Results", which are between
>>   solid-lined entities was really in scope.  That the rest was for future
>>   documents.
>> 
>>   We felt that this requirement went into the Design Requirements which the
>>   IETF usually tries to stay out of, sticking to Functional Requirements.
>>   Further, we felt that the Functional Requirements in the RATS Architecture
>>   should not even cover Endorsements.
>>   At least, not in this edition of the document.
>> 
>>   The recommendation is that those who need to do Endorsements with symmetric
>>   verifification keys should write another document in which this topic would
>>   get adequately dealt with.
>> 
>> 
>> 
>>     ************   *************    ************    *****************
>>     * Endorser *   * Reference *    * Verifier *    * Relying Party *
>>     ************   * Value     *    *  Owner   *    *  Owner        *
>>        |           * Provider  *    ************    *****************
>>        |           *************          |                 |
>>        |                  |               |                 |
>>        |Endorsements      |Reference      |Appraisal        |Appraisal
>>        |                  |Values         |Policy           |Policy for
>>        |                  |               |for              |Attestation
>>        .-----------.      |               |Evidence         |Results
>>                    |      |               |                 |
>>                    |      |               |                 |
>>                    v      v               v                 |
>>                  .---------------------------.              |
>>           .----->|          Verifier         |------.       |
>>           |      '---------------------------'      |       |
>>           |                                         |       |
>>           |                              Attestation|       |
>>           |                              Results    |       |
>>           | Evidence                                |       |
>>           |                                         |       |
>>           |                                         v       v
>>     .----------.                                .---------------.
>>     | Attester |                                | Relying Party |
>>     '----------'                                '---------------'
>> 
>> 
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats