[Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonces

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 19 June 2024 16:47 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8099C1840DF; Wed, 19 Jun 2024 09:47:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OihbF5R7HC9p; Wed, 19 Jun 2024 09:47:27 -0700 (PDT)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BA96C14F6A8; Wed, 19 Jun 2024 09:47:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=In-Reply-To:From:References:CC:To:Subject: MIME-Version:Date:Message-ID:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=tn3Rp+ZpRneVpHJLz6cdS6UdrEKdxJeeOBMjBXE+NZo=; b=cnUvI2R0earQ/aWxe3ggXcMXwV jMpmg4hJsmEUWEM18HsaR2XUWhFHJ33Q+WL14VTmoRUcfqd8zkoI+GYH80/fEow4fp0NJ/cXtKSxB PVO1A3RWCf/HLRMaTe492F+Mkg/Lnoxb7Gyn51N8Z5tsisaSzQZiTchg12R+MZtzt/cOfHjvv7c3R OgyyplDzkZnklS2WGitop3hQT5HlX2jJL46F4SDrtNnK0Ng4GdROGD40VZz2aNvqPB+ZwpfnTZomB ITCMlDStjIH5NJCWMAOTBOEG3dHBjHRDRr7VxzWRdcx5CVf5p+PM//bosYXWVNgojr+j0oJnDJ8Lb d5HsACGQ==;
Received: from [172.26.35.114] (helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1sJyCD-00GT5x-A0; Wed, 19 Jun 2024 18:30:05 +0200
Received: from [192.168.1.2] (89.12.38.150) by MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Wed, 19 Jun 2024 18:29:51 +0200
Content-Type: multipart/alternative; boundary="------------GEgPIjVl0VAanKIV8og0TkrI"
Message-ID: <8fac96c7-a941-4099-8b19-860391fb50e6@tu-dresden.de>
Date: Wed, 19 Jun 2024 18:29:51 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
References: <AS8PR10MB74275704257FDAB125BE4B31EECD2@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <CH0PR11MB573974D46A64B7892E555BA49FCE2@CH0PR11MB5739.namprd11.prod.outlook.com> <c99aee9e-8932-44a1-9b21-a76b8b75f271@tu-dresden.de> <CH0PR11MB573973434D170D888A513BB99FCF2@CH0PR11MB5739.namprd11.prod.outlook.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <CH0PR11MB573973434D170D888A513BB99FCF2@CH0PR11MB5739.namprd11.prod.outlook.com>
X-ClientProxiedBy: MSX-L313.msx.ad.zih.tu-dresden.de (172.26.34.113) To MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Message-ID-Hash: DCTEBXPBZSXWMKVALG5M7XYLDIT2JV5O
X-Message-ID-Hash: DCTEBXPBZSXWMKVALG5M7XYLDIT2JV5O
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>, "spasm@ietf.org" <spasm@ietf.org>, rats <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonces
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/U6QUlazBJpxothyR51XuZyNaIAE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

Hi Mike,

On 19.06.24 15:56, Mike Ounsworth wrote:
>
> I agree that when a nonce is involved, “something” needs to be stateful.
>
My point was that it is actually not stateful. Random number generator 
has to ensure that it generates a random number each time. There is no 
global state across the sessions.
>
> My question is whether it’s the RP that’s stateful, or the Verifier.
>
I think both because both might need freshness guarantees. Since your 
arrangement is Background Check model:

  * Verifier can generate and check nonce for Evidence.
  * Relying Party can generate and check nonce for Attestation Results.

Usama