IETF Logo Mail Archive

Re: [Rats] Requesting a Nonce from a Verifier

hannes.tschofenig@gmx.net Sun, 03 March 2024 11:02 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3A88C14F6BB for <rats@ietfa.amsl.com>; Sun, 3 Mar 2024 03:02:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.103
X-Spam-Level:
X-Spam-Status: No, score=-7.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtrTkESK9dsJ for <rats@ietfa.amsl.com>; Sun, 3 Mar 2024 03:02:27 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 946CAC14F6B7 for <rats@ietf.org>; Sun, 3 Mar 2024 03:02:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1709463741; x=1710068541; i=hannes.tschofenig@gmx.net; bh=g+d38fmSwQUlqXqeLM8uNpBGe+rhP8aBCQ68X7RManY=; h=X-UI-Sender-Class:From:To:References:In-Reply-To:Subject:Date; b=nsSaD/7ncPLk01SXOTFqUixzStf7wZuJNDRtKc0SBseT+4uh/7XHq92G48HPcpzl zDCbJGIgvDvrVsgjqSrwOszCQ2XCguJmHPQqpoGRYzPdwxnr/pn8+ZPayUC57jKWh f/k3SsaLDKJUSifRPB9kzijSA38kAZvh1QHv2eVH8QC0dPUzG7c5mGpREb3Xu7KZi To8fZRBeSyzodho+FFq/lknxC3b8TYaP6VK/Sut7gLOvCmumz8n9/YJ8rCbFtTb8D IZlKr1Odn6U5OHLi1mxtNRmlkTvEVZgawFl11uIDhhMb3j9xYaS+H6DmzBKecdq1B uThjZV+/IaOqniZk/w==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([213.162.73.184]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MlNtP-1r0HRI0JDx-00loHH; Sun, 03 Mar 2024 12:02:21 +0100
From: hannes.tschofenig@gmx.net
To: "'Smith, Ned'" <ned.smith@intel.com>, 'Henk Birkholz' <henk.birkholz@ietf.contact>, rats@ietf.org
References: <02c501da6987$d2d64490$7882cdb0$@gmx.net> <ecf9ac86-82f2-80b7-160a-bdde42387ef0@ietf.contact> <2E3E84DF-F528-420D-BB70-B6E23FEE0978@intel.com>
In-Reply-To: <2E3E84DF-F528-420D-BB70-B6E23FEE0978@intel.com>
Date: Sun, 03 Mar 2024 12:02:19 +0100
Message-ID: <011401da6d5a$43ce9ff0$cb6bdfd0$@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHkjc8NO12IKOZuXw2UILj14z9qVAJzCjp3AbxM7Hyw8B1w4A==
Content-Language: de-at
X-Provags-ID: V03:K1:2VhyHFE3pnf2F/LB5rg4iKUnmVI8kN+xAjJsjY9I30egOBEsFV5 a4q1Ct+THQwiYM9OxcWm951bOZ+GocSxoZAFKANrhgD2iEJ2EZw+6q7jYm3NyOM2gAQkv0j isdrk5Gxg6Pcc9y6V+7dT9sWWJF69sWgb6+vGW5x0pXprLRIMAtyho1rzazmICQ9/bUsZgd fJmjO71UfPzDCp1szK6MQ==
UI-OutboundReport: notjunk:1;M01:P0:p17faTX8ApM=;4p8IojIuOun8Xr4vJhjwzuY90a9 K6thAc/oiWB2IsdoS1SVZ0MwKY7+tfpkvj/tEg5oo0XBbJovMuQuLmYuclQO7M+b5ItxyAMlv VPTviJ/MSHKQ17pTC6pzYxYRdkIOZUjXDJWvnhI5qNuCw9d6Y4RPf5dP5BduGBItkm7Uepo1O qPjXG5KM1gavWZQMKL5WkL759lWkXzP9UH0+AHAMj7Aczt9Fnj0yHSad8IHx2XPcV7jFiDr1f ZBS9K9JL/ALpykyno6jRVe2mVfcMIgZ1O6hJHCyniZvTK3Uz+Wi4t/oy+yv6gxYWmF+UAmvbV DJMuXaokPSX7fbZHoLVx1ui0H8jisBK2wOP4TleUb/fC9Et/FtH9gKWIWliAbdLHjftAdC6gV lzahQ05F7aZZRa2boNG8b0nuDJQ4QMFKSkaXKj2QTz+6pZaJJZKZx5XGk17a6cCwCRS4HbgZT 0m8Tg5/3Ptd5bQzp5AMsHVSIuLlVxlKV1XzLlC9ul6sC3UEOYiGYStJ6sI9ak9tmEpzdmE+O0 98GiZ9xLZTTvKblMPrVSXw47M4pxruIIPyswcXpVC14Q09hUeRvOGOK0wBRrM3VCYrm7ELM4A +QI+qFn8svGByIeYDC1zw79w+HaJl/XBxOjLoWRARtc1ivSeGxx5gCaysnCd7Vy1MpZPcjgg4 A4lP1XDOGHAIhphJo9X6L0rBrNgQrfoq7jV1BB13474Juazp4sv8ucXHfc6DIh91jEbfyNstQ 4boTXV/fiGA2P0oKMgti0ikhtyg24sRdqV5RFVgSpPrpaK5yoqDAzVrcX3C3VvW2dgtH5Cf40 7HZjA1iLnHfMRC9bi+GYNKFUi8W5CVGuPTv9Emim+DqYQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Z50z98ZLugdJ5gH_XaLbMyGlMZ0>
Subject: Re: [Rats] Requesting a Nonce from a Verifier
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2024 11:02:28 -0000

Hi Ned,

The CMP/EST nonce draft does not modify the freshness approach defined in the RATS architecture. On the contrary, it is an instantiation of the nonce-based mechanism. There are two other freshness techniques described, which are not covered in this document, namely synchronized clocks and epochs. Both techniques do not apply to CSRs for which this draft was written.

Ciao
Hannes

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Smith, Ned
Sent: Mittwoch, 28. Februar 2024 02:25
To: Henk Birkholz <henk.birkholz@ietf.contact>; rats@ietf.org
Subject: Re: [Rats] Requesting a Nonce from a Verifier

Given 9334 outlines several possible ways to incorporate freshness and recentness and given the reference interaction models I-D provides patterns for exchanging information that should possibly include freshness and recentness considerations. And considering the WG charter biases the WG to focus on augmenting existing protocols over designing new ones, it seems Henk's suggestion to improve the reference interaction models I-D make sense. 

If this thread is focused on an I-D that modifies an existing protocol with freshness and recentness, then would it make sense to use the interactions models I-D to work out the general principles for how freshness/recentness is achieved first. Then, can it be cited as background for other I-Ds that describe specific modifications for an existing protocol?

-Ned (not as chair)

On 2/27/24, 11:35 PM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of henk.birkholz@ietf.cont <mailto:henk.birkholz@ietf.cont>act> wrote:


Hi Hannes,


I am in a weird TZ offset, so just a quick reply.


On 27.02.24 15:18, hannes.tschofenig=40gmx.net@dmarc.ietf.org <mailto:40gmx.net@dmarc.ietf.org> wrote:
> Hi all,
> 
> Hendrik and I have been working on an update of the CMP/EST 
> extensions, which allow an Attester to request a nonce via the Relying 
> Party (in the background check model). This “nonce draft”, see 
> draft-tschofenig-lamps-nonce-cmp-est, aims to provide freshness for 
> the CSR attestation draft (see draft-ietf-lamps-csr-attestation).


Why focus on a nonce for a combination of recentness and freshness, when you could also use an epoch marker?


> 
> We have been wondering about the design of this protocol interface. At a 
> minimum, the attester needs to indicate the length of the nonce being 
> requested from the verifier.


Why? It can cut it short, the Verifier will understand? Are there 
obvious security considerations that I am missing here? The nonce is 
requested via an authenticated channel, I assum?


> EAT, however, supports also an array of 
> nonces in the nonce claim. Should such a protocol interface allow a 
> request for multiple nonces?


Sure, the you do not have to request a nonce for ever interaction and 
the Verifier can keep track.


> Furthermore, the Attester may also need to 
> provide information about the Verifier. This is necessary when there are 
> many Verifiers in the system and not everyone of them might be able to 
> successfully verify the Evidence. Should the request for a nonce also 
> include information about the attestation technology supported by the 
> attester?


Discovery of appropriate Verifier and "requesting nonces" (which kinda 
is still shooting from the back into the eye) are different things. You 
can compose both protocol action, but my initial reply would be: 
Discovery, Feature negotiation, and then epoch marker requests are quite 
different things.


> 
> We thought that this type of foundational feature is described in detail 
> in one of the RATS working group documents and the 
> draft-ietf-rats-reference-interaction-models seemed like a good starting 
> point for such details. Unfortunately, this document falls short in 
> explaining these types of aspects because it is heavily focused on a 
> specific TPM deployment.


That is bad. Please help us fix that.


> 
> Has someone in the group thought about this aspect already or has 
> otherwise gained experience with this aspect?


Requesting a nonce and therefore taking on the role of a challenger in 
arequest/response interaction model to then get a nonce to provide a 
solicited push of Evidence is bit of a flaky procedure, isn't it?


How do you assure that the recently received nonce is used to convey 
fresh evidence? Is there a timeout? Can you cache it? (like with the 
array of nonces). Why can't the Attester just trigger the Verifier to do 
the challenge/response? That seems a bit more straight forward? Maybe I 
am missing something very obvious here.


> 
> Ciao
> 
> Hannes
> 
> 


Viele Grüße,


Henk


> _______________________________________________
> RATS mailing list
> RATS@ietf.org <mailto:RATS@ietf.org>
> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>


_______________________________________________
RATS mailing list
RATS@ietf.org <mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>



_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email