Re: [Rats] draft-birkholz-rats-uccs
Thomas Fossati <tho.ietf@gmail.com> Mon, 15 March 2021 15:39 UTC
Return-Path: <tho.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B38F3A142E for <rats@ietfa.amsl.com>; Mon, 15 Mar 2021 08:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWed6zQ-h5Ql for <rats@ietfa.amsl.com>; Mon, 15 Mar 2021 08:39:35 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 806103A142D for <rats@ietf.org>; Mon, 15 Mar 2021 08:39:35 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id r3so49385274lfc.13 for <rats@ietf.org>; Mon, 15 Mar 2021 08:39:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CYcsmkjCkWZNv1Z4gmXutfK1zyXlQrxx2ehEieyrut4=; b=NGNx0rvszptC4/80/xT48Q49q8t6M3rY3AgrKkiaA77x/HU4Whf9RpKp3UDA3BSnfZ TZ0jJ2+8IfdNxZWZ4KwKqg1PTye6MqDkMA4aD2DywkxXJfhofd9rkoJ+6UHl24H1bhwe rHMEAMLGyNcubF4/RGqr0Cf99iRpEZBCaztHA55sNszEkwDvwkqWNUCNdkW5uyxOxZsx iAVKYQ8VJ+x0y7c4ojy39Ynzrz6o2fUO85VMO8f/ihm0tGN8mCa6Hj58YHsfLBEOmdUo i+4rXPZLU6s8OwWqU28BgAIuQXtd8IevwBkYUcbV9cXCQoA3Ti8NVV2vrT6OxCeDieqp h+yQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CYcsmkjCkWZNv1Z4gmXutfK1zyXlQrxx2ehEieyrut4=; b=t1ssK9js4bSKJltXlYOQ5aRvjF1GBqDS9wqVqjRleQDg4JI10X2Xd7UNW0fvlLwn0D XGLEygGg8hnLoTHdl7gJDI7EfS0ctKkBHIBFYYA9LGT+LW6I3rHH/z43JoK7a4/zHXIG Ps956++y2MQhWCEF1ODY26ylG2BEUWPeqekKnjiiHjL59JcIDqsM3BTOpu+n2+jhA2jm Agf9zFraajksaPAY1j9SZXYLSfXat+FEfWWt23MV7XGo+buIEpC9jGeNzn1b1f7cIQrk vyeb8BqykqsqetXRILXTR2lr+samUYcmAHvFM/MTQA19zM/ORHYwFxRATO1V7aEGDZC3 HCUQ==
X-Gm-Message-State: AOAM533udQyHRw5Ere2NPU0RB5nYVXisbsNFO6yy8cstdOyH0oEV9J3T 8W1tq2jOvZbp0BtHLbFO6HrBRVq9Gwa0kPYLk04=
X-Google-Smtp-Source: ABdhPJyJpOH5LuAzMyvgmp37UEyA6gM7uefOztoEPxutFJCAsUjsm943nRfGVsYct8+pvxTtkjFTTJ5s6/GjEKp3+7E=
X-Received: by 2002:a05:6512:1088:: with SMTP id j8mr7990447lfg.475.1615822772091; Mon, 15 Mar 2021 08:39:32 -0700 (PDT)
MIME-Version: 1.0
References: <VI1PR08MB2639119D9BB1C98A1FBF3863FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com> <BYAPR02MB442217661B96C66A8881DD89816F9@BYAPR02MB4422.namprd02.prod.outlook.com> <659C7D3E-B5C9-484F-85E8-5D48E2C2F856@island-resort.com> <VI1PR08MB2639F0B6CDC8DA24A300BA22FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com> <E98547E5-6F6D-4CDE-9F7E-54D8B5C3BCD5@island-resort.com> <CAObGJnNGqGLKVq7Xi_-GL5w-xFNhULg4BPR18pdRWoSCvKYRiQ@mail.gmail.com> <3C82808C-E93B-43A7-B8A4-21CD73299C6F@tzi.org> <CAObGJnN8VbTs5ppyZ3vdx4B75By=LUXuhFDwrORcYr3WzAH-KA@mail.gmail.com> <9D63D9F6-7A8C-42CD-AD8D-7EF9E4C9B86E@tzi.org> <CAObGJnPL-E1ts2G8Jy_ZNXxF59ftk4UqmDHZneuwdxEXhK01LQ@mail.gmail.com> <25C459C8-E5BE-4F7A-9F8F-7306160A13B5@tzi.org>
In-Reply-To: <25C459C8-E5BE-4F7A-9F8F-7306160A13B5@tzi.org>
From: Thomas Fossati <tho.ietf@gmail.com>
Date: Mon, 15 Mar 2021 15:39:21 +0000
Message-ID: <CAObGJnMVP7t2883diLddfTt_AP93VSbZ99uvDR4Cv-CzmuLrVQ@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: "rats@ietf.org" <rats@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Giridhar Mandyam <mandyam@qti.qualcomm.com>, Laurence Lundblade <lgl@island-resort.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/bmeItqicBqkKfbo4pkkQ2STdmrc>
Subject: Re: [Rats] draft-birkholz-rats-uccs
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 15:39:38 -0000
Hi Carsten, On Mon, Mar 15, 2021 at 10:49 AM Carsten Bormann <cabo@tzi.org> wrote: > > On 2021-03-15, at 11:44, Thomas Fossati <tho.ietf@gmail.com> wrote: > > > > On Mon, Mar 15, 2021 at 10:26 AM Carsten Bormann <cabo@tzi.org> wrote: > >> > >> On 2021-03-15, at 11:16, Thomas Fossati <tho.ietf@gmail.com> wrote: > >>> > >>> The oxymoron between "Unprotected" and the COSE in "CWT" has the > >>> potential of creating cognitive dissonance. > >> > >> It is not the CWT that is unprotected; the CWT claims set is. > > > > I don't want to sound polemic, but if you take a CWT and you peel off > > its security layer (i.e., you "unprotect" the CWT) what you are left > > with is the CWT claims set :-) > > Exactly. > But it is not a CWT, just as the people sitting in a tank are not a tank. The analogy is correct but incomplete. At least for the RATS context (which I'm assuming is what we are interested here), you don't just kick the people in the tank out and you're done with it: you need to put them on a train and make absolutely sure that the train and the tank came out of the same factory. I.e., the requirement for UCCS is that the signing key that identifies the secure transport endpoint is - or can be linked to - the same key that would have signed the attestation Evidence, were it encoded as "proper" CWT. > >>> That IMHO deserves some discussion *in* the document. > >> > >> Definitely. But piling up security considerations for when you are carrying around unprotected information seems a bit on the motherhood and apple pie side. > > > > I don't think I have suggested piling up stuff - IIRC I even used > > "minimalist" upthread - but something needs to be said to clarify what > > are the assumptions that need to hold for this to be usable. > > > > (I will review the draft and provide some more useful/actionable comments.) > > I definitely appreciate that! Will do shortly, cheers! -- Thomas
- [Rats] draft-birkholz-rats-uccs Hannes Tschofenig
- Re: [Rats] draft-birkholz-rats-uccs Giridhar Mandyam
- Re: [Rats] draft-birkholz-rats-uccs Laurence Lundblade
- Re: [Rats] draft-birkholz-rats-uccs Hannes Tschofenig
- Re: [Rats] draft-birkholz-rats-uccs Michael Richardson
- Re: [Rats] draft-birkholz-rats-uccs Laurence Lundblade
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Laurence Lundblade
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati
- Re: [Rats] draft-birkholz-rats-uccs Carsten Bormann
- Re: [Rats] draft-birkholz-rats-uccs Thomas Fossati