[Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09
Carsten Bormann <cabo@tzi.org> Fri, 31 May 2024 20:44 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DDCAC14F5F1 for <rats@ietfa.amsl.com>; Fri, 31 May 2024 13:44:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyYvs-hkMXMW for <rats@ietfa.amsl.com>; Fri, 31 May 2024 13:44:53 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [134.102.50.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB63CC14F5E9 for <rats@ietf.org>; Fri, 31 May 2024 13:44:51 -0700 (PDT)
Received: from eduroam-0016.wlan.uni-bremen.de (eduroam-0016.wlan.uni-bremen.de [134.102.16.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4VrZqj1v6kzDCbt; Fri, 31 May 2024 22:44:49 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <PH1P110MB1116C5BE031039613AA69302DC2DA@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM>
Date: Fri, 31 May 2024 22:44:48 +0200
X-Mao-Original-Outgoing-Id: 738881088.103062-6afda0799f9f177a79938a744aaa6884
Content-Transfer-Encoding: quoted-printable
Message-Id: <609017C0-5043-46A1-81B1-6835F4BD6FF9@tzi.org>
References: <PH1P110MB1116C5BE031039613AA69302DC2DA@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Message-ID-Hash: 3UFLM45TPEYGRLPIC2MEEVEMJG6OXJXZ
X-Message-ID-Hash: 3UFLM45TPEYGRLPIC2MEEVEMJG6OXJXZ
X-MailFrom: cabo@tzi.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "rats@ietf.org" <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dX52zqonYK86sMXP5zzDAuk_IK0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi Roman, thank you for the reminder, and apologies for losing track of this in the post-119 shuffle. We prepared an PR #29 [29] [29f] for the changes we think are needed. [29]: https://github.com/ietf-rats-wg/draft-ietf-rats-uccs/pull/29 [29f]: https://github.com/ietf-rats-wg/draft-ietf-rats-uccs/pull/29/files On 2024-03-19, at 00:49, Roman Danyliw <rdd@cert.org> wrote: > > Hi! > > I previously performed an AD review on draft-ietf-rats-uccs-08. See https://mailarchive.ietf.org/arch/msg/rats/HU2eIC7AevBSBHGk5tqXSR8wMco/. Thanks for -09. For ease of tracking issues, this new email summaries the remaining issues from AD Review. > > > ** Section 6. > The security > considerations of [RFC8392] need to be applied analogously, replacing > the function of COSE with that of the Secure Channel. > > [per -08] > If all of the Security Considerations of RFC8392 apply, then there is an authenticity requirement for the Secure Channel. Indeed, and -09 makes this much more explicit now. > RFC8392 says “it is not only important to protect the CWT in transit but also to ensure that the recipient can authenticate the party that assembled the claims and created the CWT.” This is a great sentence that we decided to add as a quote in line 359/360. > [per -08] the Privacy Preserving channel of Section 4.3 (Section 5.3 in -09) seems to explicitly suggest that there “receiver cannot correlate the message with the senders of other received UCCS messages “ which seems to be the opposite of authenticity. > > [response] >> The objective of 4.3 (now 5.2) is to discuss how authenticity does not >> necessarily lead to linkability. >> It does not relax the authenticity requirement. >> (E.g., DAA replaces the attester key with a group key, and something >> similar could be a use case for secure channels as well.) > > [Roman] Can this nuance please be explained in the prose. This seems to be a very different situation than authenticity in the CWT sense. We added "beyond the information the secure channel authentication provides” (Line 320..323) — if the authentication only pertains to a group, the information will be limited to be about membership of that group. > ** Appendix A. Excuse my rough understanding of CDDL. > > -- [per -08] My read of this CDDL is that there is JSON hooks included with the JC<> construct. This JSON binding isn’t explained any place else. > >> Yes. >> Parts about JSON bindings do not use normative language, >> because UCCS is >> about CBOR claim sets. >> This CDDL is designed to be useful in a mixed environment, based on >> requirements from EAT. > > I don’t understand. This CDDL in Appendix A is normative, and so is the flexibility in its design to support JSON. Otherwise, it would be “C< ...>” and not “JC<...>”. I don’t take exception with providing a JSON binding but please explain this in the prose and in the introduction.. We now made it explicit that this is there as “CDDL you can use” — a normative intent when actually using this is desirable but the CDDL itself is not changing the specifications in any way, hence it is an informative appendix. Line 462..465. Grüße, Carsten
- [Rats] AD follow-up review of draft-ietf-rats-ucc… Roman Danyliw
- [Rats] Re: AD follow-up review of draft-ietf-rats… Roman Danyliw
- [Rats] Re: AD follow-up review of draft-ietf-rats… Henk Birkholz
- [Rats] Re: AD follow-up review of draft-ietf-rats… Carsten Bormann
- [Rats] UCCS and EAT media types (was: Re: Re: AD … Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Carsten Bormann
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Orie Steele
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Henk Birkholz
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Carsten Bormann
- [Rats] Re: AD follow-up review of draft-ietf-rats… Carsten Bormann
- [Rats] Re: AD follow-up review of draft-ietf-rats… Kathleen Moriarty