[Rats] draft-birkholz-rats-epoch-markers-04 early review
Carl Wallace <carl@redhoundsoftware.com> Fri, 24 March 2023 20:56 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88BAFC15155E for <rats@ietfa.amsl.com>; Fri, 24 Mar 2023 13:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S4pm3x40ABwS for <rats@ietfa.amsl.com>; Fri, 24 Mar 2023 13:56:27 -0700 (PDT)
Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7418DC14CEFE for <rats@ietf.org>; Fri, 24 Mar 2023 13:56:27 -0700 (PDT)
Received: by mail-qv1-xf33.google.com with SMTP id 59so2428301qva.11 for <rats@ietf.org>; Fri, 24 Mar 2023 13:56:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; t=1679691385; h=content-transfer-encoding:mime-version:thread-topic:message-id:to :from:subject:date:user-agent:from:to:cc:subject:date:message-id :reply-to; bh=Up3HZw3DDkB9LrhpVnJ/WlVifYflzn5210eAAlfzuO0=; b=b4Rp+R9BhPt3oIXQD1HGRpdk0/n4x3eK+EblQauucUQRc1uWK/wG1WB/m6iUiSqov1 //JPQrDewsB+TUWQ/tLpTRqCOaYsJMOxc1wf6U54ohNjTHVjudksFM4Sx4RZ1H45TW9u HxRxxaZ8kvaUITO/lusx8bd3qX/QPoGl52NUU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679691385; h=content-transfer-encoding:mime-version:thread-topic:message-id:to :from:subject:date:user-agent:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=Up3HZw3DDkB9LrhpVnJ/WlVifYflzn5210eAAlfzuO0=; b=k3dHM3wlNKa2R8bBpj4/yjETNrSd6OHi54MrLkXjLm5jn0BzJEMeHGNhzqUHgurTN8 Qs4Xpg55MONvko774w/SWFw36k4D+BlZKQyJF8xlgwcKvtA7PtD66ZRUc9XLJKsDIjzu odx32grH10MMeC+a/fierzsLfnywi55rWV35a7KVUyJamabsfireeiA8DfSIMjkw1mPn a86lJ39v9VgFA3JJDmakXdNjupzE7qrpdODuEORnoMlrg2g86l4ekF3dsJfusl42SKCC kBc5INYv+H3O929bajxdYQ2Iu0tT/d2JRKvMC84A/teZv7Wc9WMAuuRXrJ5BYp7TzwEd 1m8w==
X-Gm-Message-State: AAQBX9eg37pyz4/zTWFTvpYBt0e6Yxjex0IDAXlsW3OQ34qILcb27arh 2dQu1FExsn1R0MOWOud1Af/njWuGvObgZMtU2xcGGw==
X-Google-Smtp-Source: AKy350b9vGP8RO3E8knDq/hO2gA14gcFN3nOaYYAzOyzY3FgWzKIth5KN+IRcrs7+l/GRoXqGt08ng==
X-Received: by 2002:ad4:5c82:0:b0:5c6:92e0:ba3 with SMTP id o2-20020ad45c82000000b005c692e00ba3mr8413036qvh.2.1679691385556; Fri, 24 Mar 2023 13:56:25 -0700 (PDT)
Received: from [192.168.2.16] (pool-96-255-232-167.washdc.fios.verizon.net. [96.255.232.167]) by smtp.gmail.com with ESMTPSA id mf16-20020a0562145d9000b005dda7ec48edsm890613qvb.13.2023.03.24.13.56.24 for <rats@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Mar 2023 13:56:25 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.71.23031800
Date: Fri, 24 Mar 2023 16:56:24 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: "rats@ietf.org" <rats@ietf.org>
Message-ID: <4F82E5DE-5969-49CF-A709-094B9211D227@redhoundsoftware.com>
Thread-Topic: draft-birkholz-rats-epoch-markers-04 early review
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/a2arsgQtpLtdYfF6GnV_PiNnRbc>
Subject: [Rats] draft-birkholz-rats-epoch-markers-04 early review
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2023 20:56:31 -0000
I realize it may be a bit early to review the draft, but I gave it a read and had some comments and questions. - How/where is this intended to be used? Some elements seem useful to conveying a (pool of) nonces that would be used in a claim like eat_nonce, others seem like they would serve as a new claim type (i.e., the 3161-focused options). - What is Concise Evidence? It is listed as alternative to EAT in section 4. - The draft is currently a description of a format. It might benefit from sections describing creation and verification (or at least some considerations for each). - Is the epoch-marker structure intended to be authenticated? Some of the options can be authenticated already, i.e., 4.1.2 and 4.1.7. It's not clear what the plan is for the top level (or if encryption is required). - It's not clear to me what the “never-repeating byte string” phrase in sections 4.1.4 and 4.1.5 means? Is this phrase intended to avoid confusion because the nonces may be used one time by multiple parties? As written, it could be read as referring to the contents of the value. - Are each of the possible types applicable to each model? - For the RFC3161-based types, what does the message imprint in response cover, i.e., what data was hashed? This seems likely to vary with the model. - In section 4.1.2, it's probably worth explicitly excluding failed RFC3161 responses or maybe just conveying the timeStampToken field instead of the response. - Section 4.1.7 describes a "stateless nonce" but there is state, i.e., the symmetric key and synchronized clocks. To assure one time use, there would also need to be state up until some window size elapses. This feels a bit like TOTP (RFC6238), in which case, why is the time field needed at all? If you want to use a key and a time value, just use one of the timestamp token options. - It'd be helpful to include words on nonce handling for unsolicited and subscription models and how this varies for each role (since storage burden will vary for attester and verifier, for example). - Section 7.3 of draft-ietf-rats-reference-interaction-models-07 states "While a Handle Distributor is not required in this model, it is also limited to bi-lateral subscription relationships in which each Verifier has to create and provide its individual Handle." This suggests reuse is possible. - Given the ordering requirements on multi-nonce, this feels less like a nonce and more like a one-time pad. Some words on what happens if a message gets lost would be helpful. Ought this type require the verifier to be able to distinguish between attesters (in order to maintain state)? Given the ordering requirement, probably worth noting storage burden is diminished for the verifier.
- [Rats] draft-birkholz-rats-epoch-markers-04 early… Carl Wallace