IETF Logo Mail Archive

Re: [Rats] name of identity key

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 28 November 2019 07:37 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D8E412092C for <rats@ietfa.amsl.com>; Wed, 27 Nov 2019 23:37:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.436
X-Spam-Level: *
X-Spam-Status: No, score=1.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRC-jIXiJC6w for <rats@ietfa.amsl.com>; Wed, 27 Nov 2019 23:37:33 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09F27120271 for <rats@ietf.org>; Wed, 27 Nov 2019 23:37:32 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [185.201.63.254]) by relay.sandelman.ca (Postfix) with ESMTPS id D5D2A1F47D; Thu, 28 Nov 2019 07:34:19 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id D290D110C; Thu, 28 Nov 2019 15:23:27 +0800 (+08)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Smith, Ned" <ned.smith@intel.com>, rats@ietf.org
cc: Guy Fedorkow <gfedorkow@juniper.net>, "pritikin@cisco.com" <pritikin@cisco.com>, Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, Henk Berkholz <henk.birkholz@sit.fraunhofer.de>, William Bellingrath <wbellingrath@juniper.net>
In-reply-to: <A52561C0-95BD-4D16-98B9-25A375C41F16@intel.com>
References: <BYAPR05MB4248D3AE10BAA7E74D588E76BA490@BYAPR05MB4248.namprd05.prod.outlook.com> <32083.1574668598@dooku.sandelman.ca> <1E5F7794-BA58-4D6D-928A-4B0E9C227B69@intel.com> <11202.1574848474@dooku.sandelman.ca> <A52561C0-95BD-4D16-98B9-25A375C41F16@intel.com>
Comments: In-reply-to "Smith, Ned" <ned.smith@intel.com> message dated "Wed, 27 Nov 2019 19:12:11 +0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Thu, 28 Nov 2019 08:23:27 +0100
Message-ID: <16604.1574925807@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/UosWU2ruRCeW0OFxS3K3mbtZpQA>
Subject: Re: [Rats] name of identity key
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 07:37:36 -0000

In some private thread, Guy said:

    > Smith, Ned <ned.smith@intel.com> wrote:
    >> Actually, it is expected that there will be many keys in a platform
    >> that could be used to obtain an IDevID credential. As discrete
    >> components (vendors of) are increasingly embedding root-of-trust / key
    >> gen capabilities. The challenge is more likely one of deciding *which*
    >> key should be regarded as the 'platform' key/identity used for
    >> onboarding.

    >> I agree that having multiple IDevID credentials could be confusing to
    >> "platform" owners but that should not imply that a platform can only
    >> have one key / credential. It is possible for a platform to have a
    >> delegate device that represents the platform remotely while other
    >> *devices* recognize the delegate as a platform local 'verifier'. This
    >> is the Open Compute Project's Cerberus architecture / use case. The EAT
    >> sub_mods claim and TEEP architecture seems to support this convention
    >> as well.

I said:
    mcr> I don't want to prevent multiple IDevID credentials, I want to name them
    mcr> consistently :-)

Ned Smith then said:
    nms> Good question. Part of the motivation to use "IDevID" terminology in
    nms> TCG is to agree on some industry standard naming. The
    nms> Cerberus/RIoT/DICE work introduced other terms "AliasID" and

Do you mean Kerberos, or are you referring to something else?
(There have been multiple crypto protocols with that name, alas)

    nms> "DeviceID" which are more confusing than helpful. DICE layering also
    nms> uses subscript notation to disambiguate which component/layer a key
    nms> belongs to, since it doesn't make sense to name things like naming
    nms> your kids given a layered architecture. Even so, TPM and DICE still
    nms> distinguish between key / credential types based on expected usage
    nms> (identity, attestation) and DICE also support embedded CA use cases
    nms> therefore acknowledges a third type (ECA). ECA keys can attest, but
    nms> do so by including Evidence in the certificate it
    nms> issues. Attestation keys can sign evidence (e.g. sign an EAT) while
    nms> identity keys sign an auth challenge. Auth challenges can support
    nms> implicit attestation - meaning claims ascribed to the Attester
    nms> arrive at the Verifier through an out-of-band channel and can
    nms> include claims signed by Endorsers. The identity (aka SubjectName /
    nms> SubjectAltName etc...) is used to link the identity to Tokens or
    nms> Endorsements containing Claims.

    nms> Maybe it makes sense to talk about how the keys are used rather than trying to name them?

Well, I think that having it named "the key we use for Onboarding" is the
same as saying, "Onboarding Key", right?

I don't know how the manufacturing process that involves a TPM with a TPM
attestation key works.  I just know that when doing BRSKI, that there were
issues with being confused between various TPM keys, and we originally wrote
text saying that the device Serial Number might be in weird places.  We later
ripped that text out, as time had changed things, and I'm worried that this
issue is not really dead.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [




--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email