IETF Logo Mail Archive

Re: [Rats] draft-richardson-rats-usecases-00 comments

Anthony Nadalin <tonynad@microsoft.com> Wed, 20 March 2019 19:19 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EE891310FB for <rats@ietfa.amsl.com>; Wed, 20 Mar 2019 12:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.012
X-Spam-Level:
X-Spam-Status: No, score=-0.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HAP4zLB7dx91 for <rats@ietfa.amsl.com>; Wed, 20 Mar 2019 12:19:49 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650098.outbound.protection.outlook.com [40.107.65.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6AAC1288AB for <rats@ietf.org>; Wed, 20 Mar 2019 12:19:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jN/ilEnO+UL2WMrTAbkPZYrfDLmBeELEbJCViqSec44=; b=AW6hAAJDjq2IC1ysp1L4ZqeM9SWbnei4jhXOxByBSAghMlgj22Of4/NWVa4c8Oz5uc9EnjUqGJpDDcr0YJWCmMJrNJMyoF8b0Y1TOhtLdhkwhq8IacqhvetmyRbtRMaoXc3EeQSMGXtN3tz4/eZI6SNKwLuo/OApnyF7jReToac=
Received: from BL0PR00MB0387.namprd00.prod.outlook.com (52.132.20.29) by BL0PR00MB0420.namprd00.prod.outlook.com (52.132.21.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1767.0; Wed, 20 Mar 2019 19:19:43 +0000
Received: from BL0PR00MB0387.namprd00.prod.outlook.com ([fe80::a9ee:1dc:30c5:78c7]) by BL0PR00MB0387.namprd00.prod.outlook.com ([fe80::a9ee:1dc:30c5:78c7%3]) with mapi id 15.20.1767.000; Wed, 20 Mar 2019 19:19:43 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Laurence Lundblade <lgl@island-resort.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] draft-richardson-rats-usecases-00 comments
Thread-Index: AdTZH2WW+rxmtagrSLqGRlNOUrYHUwALVFSAAYCfcgAAAJwofQ==
Date: Wed, 20 Mar 2019 19:19:43 +0000
Message-ID: <BL0PR00MB03871C11F00D270BB1A7BE10A6410@BL0PR00MB0387.namprd00.prod.outlook.com>
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost>, <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com>
In-Reply-To: <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [107.77.221.217]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 52ccba90-fb60-4f4b-c32e-08d6ad690233
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:BL0PR00MB0420;
x-ms-traffictypediagnostic: BL0PR00MB0420:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BL0PR00MB0420FE3AB6072F2E5A115F59A6410@BL0PR00MB0420.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:639;
x-forefront-prvs: 098291215C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(346002)(396003)(39860400002)(136003)(199004)(189003)(52536014)(7696005)(256004)(5660300002)(105586002)(106356001)(316002)(22452003)(606006)(14454004)(229853002)(10290500003)(71190400001)(71200400001)(8936002)(53936002)(9686003)(6306002)(55016002)(68736007)(236005)(6436002)(6246003)(25786009)(966005)(54896002)(478600001)(486006)(76176011)(102836004)(53546011)(86612001)(4326008)(6346003)(26005)(6506007)(33656002)(99286004)(186003)(7736002)(81166006)(8676002)(81156014)(86362001)(10090500001)(110136005)(66066001)(74316002)(446003)(3846002)(6116002)(11346002)(2906002)(476003)(97736004)(8990500004); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR00MB0420; H:BL0PR00MB0387.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tonynad@microsoft.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: yMBMYXDyQ1Krq+8UHFCwKJrXHGEBYC/E63EOoJpwaa8osCoBGvnp/f5nYTcIkjlYu/spcJZpxwFzK2mwSiriA6H7nAFqUm6UZt4BhZK3cX/kKLnrBUfuEW/1C96gu9noRjJ5Ep4AWfYnUva1UldYKWZzZLUOM1KyGbtGxezu9b1mNsbQpt5ltmIe1JONTk+u6w9xQA8g5r6jaa8e7CXuZ+L4KyC2zsBDjuaZihAnkma9XYFqBBW/RnZSBe4AsqYsxdATNr8Z27JCT3sMdOp9eo6xvLyWkYt/IftPXQaQLyls822wBOV7e0OxPagbMpPqsjSKxEaHqP+4u0ZTjZ3Y9ISu8lrWjI3bnRRZFeR/bOMJspNb8fLIfq2+YSd7J6IUXEGODxZCKxa5c638AOhfUnPK4c+M3UvQVmAffO3JYDI=
Content-Type: multipart/alternative; boundary="_000_BL0PR00MB03871C11F00D270BB1A7BE10A6410BL0PR00MB0387namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 52ccba90-fb60-4f4b-c32e-08d6ad690233
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2019 19:19:43.7842 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR00MB0420
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6hYwUuDNURE0KZqnW2D0_TjcUrI>
Subject: Re: [Rats] draft-richardson-rats-usecases-00 comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 19:19:52 -0000

And in the FIDO case we don't need a transport as it's carried in the W3C WebAuthn and FIDO CTAP protocols

Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: Laurence Lundblade <lgl@island-resort.com>
Sent: Wednesday, March 20, 2019 8:00:38 PM
To: Michael Richardson
Cc: Anthony Nadalin; rats@ietf.org
Subject: Re: [Rats] draft-richardson-rats-usecases-00 comments

The way I’d approach the FIDO use case is to say that the relying party wants to to have the HW/SW implementation that did the biometric check strongly identified (attested). This is to make sure that the end user is not using some short cut or hacked, or insecure implementation that is not checking the biometric properly.

FIDO allows a bunch of attestation formats now because there is no broadly common attestation format, something I hope we will remedy. It will take some years of course…

I don’t know that it is necessary to dig into all the different formats that FIDO allows.

Agree with Tony that solving the privacy issue in a broad standard way will be really helpful for lots of use cases (also some use cases don’t have a privacy issue).

LL

> On Mar 12, 2019, at 8:27 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>
>
> Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org> wrote:
>> The section on FIDO usecase (5.3) is out of date, as in FIDO/W3C there are
>> many attestation formats that are acceptable from devices, the major concern
>> that we have is the privacy issues as most all the attestation formats lead
>> to potential collusion in one form or the other. The JS API is now the W3C
>> WebAuthentication API that is a recommendation now, this is no longer in
>> FIDO. I would be happy to send edits to this section.
>
> That would be wonderful, THANK YOU!
> It's a -00 afterall, and the goal is to tease out what might be
> old/nonsensical/etc. so that we can get to the bottom of things :-)
>
> (I thought I did say that it all became the WebAuthentication API...)
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-
>
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Frats&amp;data=02%7C01%7Ctonynad%40microsoft.com%7C036e72240d664c971e4508d6ad666949%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636887052703477437&amp;sdata=cJOWJx7QKyLqZOBxLQEWFj0SQX9eZ1AUUwdsEPxRtEY%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email