IETF Logo Mail Archive

Re: [Rats] Requesting a Nonce from a Verifier

hannes.tschofenig@gmx.net Sun, 03 March 2024 11:35 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 464DFC14F6B9 for <rats@ietfa.amsl.com>; Sun, 3 Mar 2024 03:35:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.803
X-Spam-Level:
X-Spam-Status: No, score=-2.803 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IgtsipotPla0 for <rats@ietfa.amsl.com>; Sun, 3 Mar 2024 03:35:29 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00AF7C14F5F2 for <rats@ietf.org>; Sun, 3 Mar 2024 03:35:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1709465726; x=1710070526; i=hannes.tschofenig@gmx.net; bh=iRiwasG3zJI/LisTIXKlQkRPr3VZ9ZIMfIJQJUK3q9Y=; h=X-UI-Sender-Class:From:To:References:In-Reply-To:Subject:Date; b=gyOcwdn/X7OC+XIDKkY37x/UERwSWNniH6+gj0HMkXb9M5zwxqKDgvPQx6K05asJ 2yUIs6jRbkbqJUo1JgtfBM7P9wqTsJZLzMHMwaCvisnuiwzxjcDweB7Z067xFI0wY fCnXlJ8eNrIHl0Cf4WIPaeaHMMX1vWvZR3ceN+vxQwAlx4gp3bgswDQ/71Bn50HqP wMK5W7xa9apRtoJbHZAHf8wLYwOC43iQNBcwqjDTnDSWtIFFH9S5bznx5Sb7sW1IT HYAs5YU6dBGd0jlKOSVfkCFwaJs5anCGtPTSwUzJXFGvVeQ7jPqhZRp+4k5E5aQzO edDWUEEs2cEPIwYodg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([213.162.73.184]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MbAcs-1r9tLS1Al6-00bfSC; Sun, 03 Mar 2024 12:35:26 +0100
From: hannes.tschofenig@gmx.net
To: 'Henk Birkholz' <henk.birkholz@ietf.contact>, rats@ietf.org
References: <02c501da6987$d2d64490$7882cdb0$@gmx.net> <ecf9ac86-82f2-80b7-160a-bdde42387ef0@ietf.contact>
In-Reply-To: <ecf9ac86-82f2-80b7-160a-bdde42387ef0@ietf.contact>
Date: Sun, 03 Mar 2024 12:35:24 +0100
Message-ID: <011b01da6d5e$e30e4e90$a92aebb0$@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHkjc8NO12IKOZuXw2UILj14z9qVAJzCjp3sP4AmKA=
Content-Language: de-at
X-Provags-ID: V03:K1:JUd/2DGNbcmba0fJPl/LOcbPijlrGwRfGba5jZRs7mvEf6opOFX H57jAA9ax7wGMQRVDDo9ZqpOgmrujjAesXzdJ0yNjrPludJdP45iCnniBiZf8ulFbUxf7cw FgkhWRnlDrisPe0JBQewK9C1PVGUjJg5Ql3pvML3V35C64fuTI3dfG+QC48zEVfi9fz02a6 iWX/MJ/8ipn4PGLeT5ecw==
UI-OutboundReport: notjunk:1;M01:P0:ll+9lpKLniw=;3GUal4wYbDh/+fiS+D5cXd7/A8e UduEAmE7AatGSGOg/UYbitoKjo/3/p+Q9CF+6HeVsHcNy45Vkv71nYrEPAlFQn38KosNEZCPn 2tH/Sjor/FtqXlQu3BSJXCXMB1vvKfKHSwWEjfFKz7Aki1C274EDhaeGKM3sI5phX9ov1qzeP t3KIjM7UlWy/pI8hghdsy/nQRx/Mi785fokSOEc8clRc0s7T615w7iknobeWVQwEHdQCtbUOZ SuWGZtWGlgy2Hc19JArWQ/QQoE3Bf7DWPuw9ZlTNm6C0+WiNC+B6rknb+YPyPlVVrXNOAMpeu seSj0etRX1uFobFlTeuKgjomkZz4pYFoDrXbpSQfkmCxjpZ+2mc0v3Q8CpQ2486nry2pFGBvh neXC28KUqErw2LqG/1o3u2SbF3mg4FPiPpo3jjsqbwzQDTF8QQ0OtRLeGtisHQw1w2CWQFj8M QxrCfXl2xkymD3Jsq9oB3yCPoQzuMttl3Mkz/c6MIzUkowjEPaPVLCaItS5BURebWT2Y//Cam 3LUBycGtH04RHN1z+OOYY4o2OqLKcDpUNVlfysz7XcVorxUm3JdIoF3+PpNjhOHvrh8+0sn7f XMSBfSOhKvBCFED30g0VmoioxtTzZbUbkZX82nGK4hCQBZf3SLwKG2+eHw0pPwTHQ4Tf4Mnog 3VSYVqt3G0wFHpxCpbMJ4KzQMAwolaLhoqh7fiSh5LNVdnbAXpKaThvYY6ybCS/4xVWvm+ZRM XCJDukAIVTfsASuBs9clEJYCkmUsOWY1A4VRffT/Y2dbWWqO7SXONMeRSs1wWjpWGtnWz+VkI W2GPkbKuncXW14JoRO5RYSovCHIXc93XL/8uF4LObrcNM=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Zj7t6SrjAdaty2bP-MQtEqIhF3w>
Subject: Re: [Rats] Requesting a Nonce from a Verifier
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2024 11:35:30 -0000

Hi Henk,

Thanks for your quick response. See my remarks below: 

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Henk Birkholz
Sent: Dienstag, 27. Februar 2024 15:35
To: rats@ietf.org
Subject: Re: [Rats] Requesting a Nonce from a Verifier

Hi Hannes,

I am in a weird TZ offset, so just a quick reply.

On 27.02.24 15:18, hannes.tschofenig=40gmx.net@dmarc.ietf.org wrote:
> Hi all,
> 
> Hendrik and I have been working on an update of the CMP/EST 
> extensions, which allow an Attester to request a nonce via the Relying 
> Party (in the background check model). This “nonce draft”, see 
> draft-tschofenig-lamps-nonce-cmp-est, aims to provide freshness for 
> the CSR attestation draft (see draft-ietf-lamps-csr-attestation).

Why focus on a nonce for a combination of recentness and freshness, when you could also use an epoch marker?

[Hannes] Nonces are a popular technique used by attestation technologies, which we have to support.
Anyone can write another draft that uses epoch markers or timestamps to offer freshness for CSRs.

> 
> We have been wondering about the design of this protocol interface. At 
> a minimum, the attester needs to indicate the length of the nonce 
> being requested from the verifier.

Why? It can cut it short, the Verifier will understand? Are there obvious security considerations that I am missing here? The nonce is requested via an authenticated channel, I assum?

[Hannes] Different attestation technologies use nonces of different length. For example, the PSA attestation token supports nonces of length 32, 48, and 64 bytes.


> EAT, however, supports also an array of nonces in the nonce claim. 
> Should such a protocol interface allow a request for multiple nonces?

Sure, the you do not have to request a nonce for ever interaction and the Verifier can keep track.

[Hannes] OK. This is a concept that does not seem to be supported in the draft-ietf-rats-reference-interaction-models draft. The question is "why". Did the EAT draft authors went a bit too far and the feature isn't really needed in practice or are the RATS documents not well synced-up yet? 

> Furthermore, the Attester may also need to provide information about 
> the Verifier. This is necessary when there are many Verifiers in the 
> system and not everyone of them might be able to successfully verify 
> the Evidence. Should the request for a nonce also include information 
> about the attestation technology supported by the attester?

Discovery of appropriate Verifier and "requesting nonces" (which kinda is still shooting from the back into the eye) are different things. You can compose both protocol action, but my initial reply would be: 
Discovery, Feature negotiation, and then epoch marker requests are quite different things.

[Hannes] How do you solve the following problem: Image a device wants to transmit a CSR with attestation evidence to the CA. The device needs a nonce to demonstrate freshness. There is more than one Verifier.

How does the exchange look like such that a Verifier is selected, which fulfills two properties:
* it needs to support the attestation technology of the attester, and
* the attester's signing key of the evidence is trusted by the verifier. 

We cannot design a solution that only works when there is only a single verifier or when there is a lot of out-of-band information exchange necessary to get the technology working.

> 
> We thought that this type of foundational feature is described in detail 
> in one of the RATS working group documents and the 
> draft-ietf-rats-reference-interaction-models seemed like a good starting 
> point for such details. Unfortunately, this document falls short in 
> explaining these types of aspects because it is heavily focused on a 
> specific TPM deployment.

That is bad. Please help us fix that.

[Hannes] I will definitely plan to contribute to the draft but before I create a PR I would like to understand the design constraints.
A sort of "discuss first" - "write later" approach. 

> 
> Has someone in the group thought about this aspect already or has 
> otherwise gained experience with this aspect?

Requesting a nonce and therefore taking on the role of a challenger in 
arequest/response interaction model to then get a nonce to provide a 
solicited push of Evidence is bit of a flaky procedure, isn't it?

[Hannes] Not sure what you mean by flaky procedure. In a typical CSR approach you have a device that creates a public/private key pair locally and wants to turn this into a certificate. With the CSR attestation work we want the device to request a nonce first to demonstrate freshness of the evidence.

How do you assure that the recently received nonce is used to convey 
fresh evidence? Is there a timeout? Can you cache it? (like with the 
array of nonces).


[Hannes] In the CMP/EST draft, there is a timeout field.

 Why can't the Attester just trigger the Verifier to do 
the challenge/response? That seems a bit more straight forward? Maybe I 
am missing something very obvious here.

[Hannes] We are using the background check model here. The attester is the device creating the CSR. In the background check model the device talks to the Relying Party (the CA), which then contacts the Verifier. Figure 1 from https://datatracker.ietf.org/doc/draft-tschofenig-lamps-nonce-cmp-est/ shows this exchange graphically.

In the passport model the attester talks to the verifier directly. This is also a good model, which we should also support. As you know, in the LAMPS design team we started with the background check model. We have to start somewhere.

Ciao
Hannes

> 
> Ciao
> 
> Hannes
> 
> 

Viele Grüße,

Henk

> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email