IETF Logo Mail Archive

Re: [Rats] Removal of the "replay protection and privacy" section in the EAT draft

Giridhar Mandyam <mandyam@qti.qualcomm.com> Thu, 29 September 2022 14:07 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 012C5C14CF17 for <rats@ietfa.amsl.com>; Thu, 29 Sep 2022 07:07:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.007
X-Spam-Level:
X-Spam-Status: No, score=-7.007 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=qualcomm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rrIWxp1hriSo for <rats@ietfa.amsl.com>; Thu, 29 Sep 2022 07:06:56 -0700 (PDT)
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65682C14F740 for <rats@ietf.org>; Thu, 29 Sep 2022 07:06:56 -0700 (PDT)
Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28TBVmPF004232; Thu, 29 Sep 2022 14:06:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=qcppdkim1; bh=eN6r41/9xRnRwXqeJox0EkVFa3vXQqIfYpzwNAZkIEg=; b=L+eoPirir6g4yeG7l9i5/tI606hFt+PganW6PBeEdlma9fzu4vsbapc+q6Hf6xRE3L41 7wcY4IfK06MqyXUxx2yJvCNDYQZ4R8TeAGXiRMkxCLfqj/Vi4aJ9kMNzih1qypRN8DQu 3aH7bldyPGCk32DLplQDYslVfUTSmh4cyDapA7DHwUKz+RyDURSXNaHoEhiNgXZ+Gicf utbLQPP2uHKIe+uYmkeZiorZE5QW10NlJDVNyNMMtutBTAbFvD6tRdPiZUw2ImvJCPAo 6l9ft5VdaEGXtA0XTVvijN2R4oXa0RypdzQcWZOn5e3VPc3Gg/5DixVcuIzoZaLihhlD Zg==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2171.outbound.protection.outlook.com [104.47.56.171]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3jvuxtu5ke-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Sep 2022 14:06:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EdkQ4nvVL4aQrp5+iNcJ5SyscFr7ks5HTlxhcP6GdRUfu45x9NkNl5/3LUe2FSxXrJXfeHcpj+Uq2qAZOZP9gqEeZVU9NVmVvf+w+VzdVsIiqT0VZ9uFOoyVdmbYH7glkxpdJuuHH5uG3h/nh3/CVvzrkauGqBhnZt8KqTh+LkxYFZXLCuVEaDBkPUhVpTdOs+iXUMhV1H7VsMudOzz8jUzPd8sWz5Doz93rZqAzAowkD3GKpKnMI7cH33QO3ILIVUdCZ7N9HrXnXk+29AkCdrOCCO5xuwhJUmpN0bq2BiWUkd40DOFHVIQvMAkImGXkN28l8pQcvzo8U5JQzKH6XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eN6r41/9xRnRwXqeJox0EkVFa3vXQqIfYpzwNAZkIEg=; b=F+8ZNdlZt1FtAl8dsqIPEwegKgIRhDD0bETnMMVv6URP/vu1HvEsziFWco3bJSGzSgmslZ0MUpU/yLehumYcI4pVx3YEZYK9TKl2AC36eFgGcSD2QCvhkt3SpO0pGnRcPIh7PPZ46dcWks/QRajVTkPZoX5qmeVT4dCo4sx9B0E6FF2tmZNVUDspwLbVs4lfC2KBgCM9wv8Am4E1fcDdI7StV7ySH0XXnEOBfv7f1OUXR+3bC6gu1/ulpfEBDRO0Ll928sGRcB+wzjdJcVkQKrz8pFvA3RSWenVPtB0ctWNIXJowPxOeFrd8zVURgyZmQJkYlRtU2MuE7FDuz2PAQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com (2603:10b6:a03:3e4::7) by DS0PR02MB8997.namprd02.prod.outlook.com (2603:10b6:8:c9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.19; Thu, 29 Sep 2022 14:06:49 +0000
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::e199:3741:f31:a3a1]) by SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::e199:3741:f31:a3a1%8]) with mapi id 15.20.5676.019; Thu, 29 Sep 2022 14:06:49 +0000
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Removal of the "replay protection and privacy" section in the EAT draft
Thread-Index: AdjT95DcUeBB3MsiQ7iId+dgIoVOIQAEePCw
Date: Thu, 29 Sep 2022 14:06:49 +0000
Message-ID: <SJ0PR02MB83536F77C65C2A2E182F705E81579@SJ0PR02MB8353.namprd02.prod.outlook.com>
References: <DBBPR08MB5915743F728A04E27961AD36FA579@DBBPR08MB5915.eurprd08.prod.outlook.com>
In-Reply-To: <DBBPR08MB5915743F728A04E27961AD36FA579@DBBPR08MB5915.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB8353:EE_|DS0PR02MB8997:EE_
x-ms-office365-filtering-correlation-id: a9c32443-48b0-4ac7-c440-08daa223da51
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: o9AdvVNsndHI0Qjd1bmfQBLV34rGtbUyy1PWp/u6gewzaSfJjs4LJIFV22W+MWTEek+CGoHHFHN8KIkNQ1SLbHhklnHFMzvjClH+Dma88bpe8aVKfN3IEXn4IVuszXrAiwFik0fdSpiN1K/Bv9F35KHWwZGfgvpbBNAbgBs4oJsPkLxAJjGD4YkkmbjjQh8Fym5b4j2q9QLeEPzjoSTfro9dCoRjJjmESn4verWsleiAazYJM4InApCuV4Ah6moWxdGlPSYT6amJy1w+g17IF2sWSTaNQf5qMC3P5YF31vRZFDA1gW2TurTlFm6aMxyHDY6bYJ70ECzza/67FFsyfvFDQ1zMNRGAxGF5SbsadOJmAYB1VopmawQgdha+phvZss8mLtT08QI1sUh2eHydPdiF8VIwSY+A9Pa9lwFubElWGrak6RO56Rj8lX3tM3DQCHbbfOyTjFhGPz7ID7lPVqkhyBLZPo1v+Es0lzfA8ikLbct3fx6rkLjsSLn7fvk9DjjpjlNUEMoS8EXiaig6xS7NBioYkdpNgwJBvOBDP642q0uRaZtDwpQbaIX1xgaqxCDMoRo1ihoeel6ZI0/yjKOxt8DBOq2anoXujRWF0yME1u0uWOFHIjn8/KErtG14n9h4EdrcwZO7mN4/mzp/mW2gIJd41DgMN0yTCFScw5G85miH8gdBjw4geEPOGupTSUeG4QMjCQlcBMtsXnPIhjZSoG6GWYtLZ2Ovp0pKRPJRRaQmgrtdamX3ZxQfnVCHuKi2ADidVEIjrst/BhmFbJ0TU3KdF+L+Q8+k59AcDcPQsILysimkWOUHp6bE2indvUSOac1+csU0pkYBZCG/lQhZO4luyKlSswPR3DxyZM0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB8353.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(366004)(39860400002)(136003)(376002)(346002)(451199015)(9686003)(53546011)(7696005)(26005)(478600001)(71200400001)(6506007)(83380400001)(186003)(966005)(8936002)(2906002)(55016003)(316002)(110136005)(66946007)(41300700001)(5660300002)(8676002)(76116006)(64756008)(66446008)(66476007)(66556008)(52536014)(66899015)(86362001)(33656002)(38070700005)(38100700002)(122000001)(12393003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: k8gEQCrgijqb7uOjqTH/antd/j0fhoifudX/4vYG8EX4Hgt3IzsKliio4l5ncw6vUZbc/3USoWs0EowMSQM9KQwsKmRinSe/4eqG88fq+O+oB4+P39yfpy0XTyGPe9UxPtsQ7Dj6ITBzVlnVVfkdPxsyy8fWrvo2G9Zg6cv0Z46a/AHTFMKNIl7ZTtMTnG/VZD7TYSkMjFWDMwkS+8eB8pZVJXYDLya5NOctJehloIMQK6z3llWaBJNrOWCp/5rpq0K+yQHFB8f40x2XDQ8l5/RbyBPVsXeUhwf9xJjy+8X+pA9PKiYozFCGsC5dZy5+WsGSxnJYPl4L8/bMI8rM9nqxMRkEV7XlCVrZKHyUyYZlfDlX3hb7L1lvHcTKgBEYKk5z2QV8xccu5P1zuxadgj4Iffd2La9JilJ5QxGwpfRNaKsX1chMtZqslJMki1hs51GUIHo0RRg6WthvnHUolgDDIHUyKGjpASMhlynH+1lpc69hp5tfXYIYPoY/ocZQtOmgWCXcTVAS3LUlL9bHhuOVh8dR3jMWRFA4J+XPimYzUi3JsVx/m7omCzgQdR/6VqT336sHHRsE/At54HMFiuCHE0FM6JQGiLbHv/O2NOWF5MOr/QlxgrhoZe4UOwyVFs/ykRfhFz/DGlWshvBtzrdaoCcLKuCQq+DgVagTfuBc01KldnbxEGYlVJHF0BoVOY3JtJHaDe1kW0LPThzBKj385POpGdFyfe8GN4l1uZkmrVtd8fvjW9+DbDvpFLjIW9hWPyvuaVscC0wuJE6xkvUPiN8Rr+qDl2p0dz3Wz/C5BAI/v2VLEymG50YNefLmlTqv0tGTGxcSfsDmSXhhKG1Dgypy3b/4/ThILAJSNQakiLebC5mT648chZUr+HGLXRXMUNgeLnPGfoNizjY3Pas8BDegrh52eLzoEDyCTZ7+nAa3IE6cn7/NqWwq4uxh8jvMRIGKAPHiAluA8Ta1ihqd+0203QjR1Yb1c8JhncE5bjEDLVn6WhtOzu8ZDePLI8GW8FLHEU/rZ7zhb0wrOYS1GddsHZ5CtUzW0urxGfwTdKdLEYuHMcXACKcSbxRz1lHF7u25Tous94M32JT9UerFcrAxH2mJhCbxmXy3NWmj7a8jBbfeQ2+mN4CW5TY2pXbQrOdG78aPHfzRvsY62Bi3EMrvGV8ymdOF56B+uUPYC/Tyo0DVS1K38JJUhJz5ZijC4wviNuYfbqP9xydh0LMskWbjb9hT1FYgvQqJi1/w3KgjViY3TqmRTyTPl9cn1oOlQ445e1LlQcYS2ySq/laeV4hjsPCOasmymWRZLl+Xf3bsJsXlyWDpgcVEKVdZQ0UHzHWKa+dYnV6gGtSPNULf7v79UvrhSHm8N6SJC3nHvtT05FopjU0ceudU1oHSPvSdwe8RnHd4kllR0NkXlLTTq5fQR58QhkCSSPktazXFCJ+9qa9Y2YG5LPD63ci1jv8KmcuCIortrpwwQcVRzw4kpTdYGqsy0tDBHFIKpt+rW+yuSvzns0MTjGsmq/k/X9TIbTbvpenRYUsud9jX/ECZ1HV4CQK23i9xtegXbR5MPXxWFgbHHtgAmCu39nq0mqH6K4/dpV4M1Q4rl8U/Eg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB8353.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a9c32443-48b0-4ac7-c440-08daa223da51
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Sep 2022 14:06:49.6380 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l69tUMtWX7JiSMoRq/Bir4iC1f9agz1vIJZoTIh8p0DBhYxLgWa7wJ7cFXr8+NHlEvqCVrDIgxuzLulIs0JDASW6+RFLxcV2E/Bnw6bvIAQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR02MB8997
X-Proofpoint-GUID: dPY7fFG_0zz92aQt9kFWsN6tjhurv-5E
X-Proofpoint-ORIG-GUID: dPY7fFG_0zz92aQt9kFWsN6tjhurv-5E
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-29_08,2022-09-29_03,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 spamscore=0 mlxlogscore=999 clxscore=1015 phishscore=0 suspectscore=0 mlxscore=0 bulkscore=0 priorityscore=1501 malwarescore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209290088
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/_QR10mrLoE9MtXFEk68BGk8RKmM>
Subject: Re: [Rats] Removal of the "replay protection and privacy" section in the EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 14:07:01 -0000

> The text above talks about two mechanisms, namely
>- nonces, and
>- the cti/jti.
> In the EAT draft version -14 the cti/jti claims are mentioned in two sections, namely in Section 8.4 (see above) and also in Section 4.3.1. The cti claim contains a unique identifier for the JWT.

Actually all mention of cti/jti has been removed in this section and the rest of the document as of recent PR merge.  See https://github.com/ietf-rats-wg/eat/pull/308.  EAT spec is now silent on the use of cti/jti.

I do think there is room for cti as the sole replay protection in an EAT token when a nonce is not possible (i.e. one-way transport such as IP Multicast/BLE-AD), but it appears that group consensus is to not discuss it as a replay mechanism in the document itself.  EAT does not prevent an implementor from using an existing CWT/JWT claim so cti could appear in an EAT token.

> The privacy implications of the nonce are not described nor are other privacy implications of the iat (issued at) claim defined, which would correspond to the timestamp replay protection mechanism defined in the RATS architecture.

That is not my interpretation of the current text.  The text only discusses the privacy implications of the nonce.

Moreover, iat is a claim whose value is set by the token issuer.  Nonce presumably is not.  For claims set by the token issuer, the attester could (depending on the implementation) take user privacy preferences into account when determining which claims to include.  As a crude example, if an entity's permissions settings indicate that location should not be exposed by the device to any 3rd-parties then the location claim could be excluded by the attester.  Therefore the privacy considerations for the 2 claims are different.

There could be a privacy considerations sub-section for token-issuer controlled claims, but I think such considerations would not be particularly meaningful without assuming certain implementations (e.g. Android/Windows permissions framework and how it affects claims included in the token).  This might have been the reason why RFC 8392 avoided such a discussion altogether (https://datatracker.ietf.org/doc/rfc8392/).

-Giri

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Thursday, September 29, 2022 4:37 AM
To: rats@ietf.org
Subject: [Rats] Removal of the "replay protection and privacy" section in the EAT draft

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Hi all,

In PR https://github.com/ietf-rats-wg/eat/pull/299 I proposed a re-write of the privacy consideration section.

As part of my re-write I removed text that was, according to Giri, "reviewed and agreed upon by the Architecture team and EATS editors in https://github.com/ietf-rats-wg/eat/pull/164".

Now, I would like to bring it to the group. Here is the relevant text:

8.4.  Replay Protection and Privacy

   EAT offers 2 primary mechanisms for token replay protection (also
   sometimes known as token "freshness"): the cti/jti claim and the
   nonce claim.  The cti/jti claim in a CWT/JWT is a field that may be
   optionally included in the EAT and is in general derived on the same
   device in which the entity is instantiated.  The nonce claim is based
   on a value that is usually derived remotely (outside of the entity).
   These claims can be used to extract and convey personally-identifying
   information either inadvertently or by intention.  For instance, an
   implementor may choose a cti that is equivalent to a username
   associated with the device (e.g., account login).  If the token is
   inspected by a 3rd-party then this information could be used to
   identify the source of the token or an account associated with the
   token (e.g., if the account name is used to derive the nonce).  In
   order to avoid the conveyance of privacy-related information in
   either the cti/jti or nonce claims, these fields should be derived
   using a salt that originates from a true and reliable random number
   generator or any other source of randomness that would still meet the
   target system requirements for replay protection.

The RATS architecture talks about three approaches for providing freshness, namely
- timestamps,
- nonces, and
- epoch IDs.

The text above talks about two mechanisms, namely
- nonces, and
- the cti/jti.

(As you will see later, the cti/jti does not correspond to one of the freshness mechanisms from the RATS architecture.)

In the EAT draft version -14 the cti/jti claims are mentioned in two sections, namely in Section 8.4 (see above) and also in Section 4.3.1. The cti claim contains a unique identifier for the JWT.

Assuming that an implementer uses the cti to convey a username / account login is unjustified given what Section 4.1.7 of RFC 7519 defines it to be, see  https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7.

So, there is only a privacy problem with the cti/jti if you use it in a way that has not been envisioned and even suggested by the RFC that defined it.

The privacy implications of the nonce are not described nor are other privacy implications of the iat (issued at) claim defined, which would correspond to the timestamp replay protection mechanism defined in the RATS architecture.

For this reason I suggested to remove this text from the privacy consideration section.

Ciao
Hannes



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email