Re: [Rats] draft-birkholz-rats-uccs
Laurence Lundblade <lgl@island-resort.com> Sat, 13 March 2021 19:05 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 922573A1490 for <rats@ietfa.amsl.com>; Sat, 13 Mar 2021 11:05:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYx9V1c-3oQp for <rats@ietfa.amsl.com>; Sat, 13 Mar 2021 11:05:53 -0800 (PST)
Received: from p3plsmtpa07-10.prod.phx3.secureserver.net (p3plsmtpa07-10.prod.phx3.secureserver.net [173.201.192.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C269A3A148E for <rats@ietf.org>; Sat, 13 Mar 2021 11:05:53 -0800 (PST)
Received: from [192.168.1.81] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id L9aClNzgRukyLL9aDlfD2k; Sat, 13 Mar 2021 12:05:53 -0700
X-CMAE-Analysis: v=2.4 cv=Od9dsjfY c=1 sm=1 tr=0 ts=604d0d11 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=7CQSdrXTAAAA:8 a=peZTQ7ZvZS6PrZUI7MwA:9 a=QEXdDO2ut3YA:10 a=98bJbRI06K_aagl-:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <E98547E5-6F6D-4CDE-9F7E-54D8B5C3BCD5@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_25A0916D-D925-4B3D-8923-6F8AD9509745"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Sat, 13 Mar 2021 11:05:52 -0800
In-Reply-To: <VI1PR08MB2639F0B6CDC8DA24A300BA22FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "rats@ietf.org" <rats@ietf.org>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
References: <VI1PR08MB2639119D9BB1C98A1FBF3863FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com> <BYAPR02MB442217661B96C66A8881DD89816F9@BYAPR02MB4422.namprd02.prod.outlook.com> <659C7D3E-B5C9-484F-85E8-5D48E2C2F856@island-resort.com> <VI1PR08MB2639F0B6CDC8DA24A300BA22FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfMNtUuVmoX9/1cL6gFh+XW5EbigLbab2FjKD6oIv5LPnaesnT18lay+vn3DVQ0+yJoM70worbeeAFCO+bPgrzTFTero0XQn2c9LAjT/XtF6Y4dethxxd z/r8BFtFUZJvtvK3m8gI3suP0y+w1/ufsT4bEpQ/iXXCf2GbQJVk644LbVFhOazOeliPRVzqjv97FrCE2jed+UDRgdydspWtQYzFQeo7hODSxocC6nd8/eOn 9SwF0ia1FJbd39DGyIhZxHCkHqBINKiOzl2DWCX+tqk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/_NE10HvEKEfl3IQLdmr6GpLeus8>
Subject: Re: [Rats] draft-birkholz-rats-uccs
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Mar 2021 19:05:56 -0000
> On Mar 12, 2021, at 10:29 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > > Hi Laurence, > > Could you clarify a few things? > > > The horse is pretty dead, but one more comment. > > What does this mean? Micheal covered this one well. :-) > > > My thought is that UCCS over-specifies security. > > Could you explain what this means? My understanding is that the provide the protection just at a different layer. IMHO their approach has security advantages that are missing in a pure COSE-based security approach. > > > UCCS is a very general format for use inside rats and outside rats. > > Their document says not much more than: there are deployments where protection of EAT tokens are provided at a different layer. If you do that then it is not necessary to protect EAT tokens with COSE. I am not sure what “inside rats and outside rats” means. Someone could use UCCS for some authentication-related protocol (that’s what CWT was made fo)r. Someone could use UCCS for some other non-attestation protocol that non of us have thought of yet. UCCS is a very general format useful way beyond EAT and rats. Its just a CBOR map of label-value pairs that can be put to use any time one wants such a map. Security for this open-ended set of use cases is also open-ended. Maybe IPsec works. Maybe CMS is used. Maybe something else. > > > It also will be used in several ways inside rats (Evidence and Results). > My reading is that it will be used for the communication from the attester to the verifier. It will also be used between the Verifier and RP. > > A general document like UCCS can’t anticipate all the use cases and all the possible security issues and all the security solutions for all the use case so it should just have some general warnings that it provides no security. Would make the document very short and sweet. > > No document can anticipate all use cases. UCCS does not claim it does. It has a specific security model in mind, which is different from the one assumed by others. IMHO it is fine to use a format like EAT in different deployment contexts To me putting all the security discussion in to the UCCS spec is like putting the TLS and IPsec standard into the HTML, JSON or XML standards. HTML, UCCS… just define data formats. The difference here is that CWT which has security built in and came first where as HTML, JSON and XML were invented first without security. > > > The general security architecture and concerns for UCCS applied to rats should be in the rats architecture document. > It might be good to discuss the security architecture in RATS. Expanding on this thought, let me ask where are the best places to lock down the security requirements for attestation in the ultimately published RFCs? This would need to cover the use of COSE, JOSE and TLS in ways specific to the attestation use cases. Is it sufficient for EAT to reference what’s in the rats architecture document now? I didn’t think of this before. What about splitting UCCS into two standards? 1) Describe the UCCS format — very short sweet document that is not specific to rats 2) TLS-secured attestation evidence — how to secure rats attestation evidence with a transport protocol. Can be used for CBOR claims (UCCS) or JSON claims or XML claim… It is specific to rats. LL
- [Rats] draft-birkholz-rats-uccs Hannes Tschofenig
- Re: [Rats] draft-birkholz-rats-uccs Giridhar Mandyam
- Re: [Rats] draft-birkholz-rats-uccs Laurence Lundblade
- Re: [Rats] draft-birkholz-rats-uccs Hannes Tschofenig
- Re: [Rats] draft-birkholz-rats-uccs Michael Richardson
- Re: [Rats] draft-birkholz-rats-uccs Laurence Lundblade
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Laurence Lundblade
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati