IETF Logo Mail Archive

[Rats] AD review of draft-ietf-rats-yang-tpm-charra-11

Roman Danyliw <rdd@cert.org> Thu, 04 November 2021 20:47 UTC

Return-Path: <rdd@cert.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F00C33A095D for <rats@ietfa.amsl.com>; Thu, 4 Nov 2021 13:47:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qYkh_o5XyObd for <rats@ietfa.amsl.com>; Thu, 4 Nov 2021 13:47:53 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on072f.outbound.protection.office365.us [IPv6:2001:489a:2202:c::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FC4F3A096C for <rats@ietf.org>; Thu, 4 Nov 2021 13:47:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=lzysGQ+rnWTf7UXrN6u2dCOgkKQ0JwO45W/VxPdDDAmxhmAtFZ6zDrNF4mbt8eaZF/ZGYAOeM01/sYjguz/wf8O1A5i9igkZvtYbAeLuNdPJ7cj0vmwvrgOwh+2RvC0hhOwFX/dA9JM8OuxwcXOAxdKb/M6pwciFBvA7ChS6TUSoLv16sQ1lO6tbZMEWL/XNP2J7Pa0j5nR4KCm+Cpkiz+yAPrpkmffHbr4oU/L3/lryRrYcymR4PGxlO7xyuXul2wjRpKePtyZnktL/YhjByW3NHX3nlNXeFgSWw256+OMvgmXBbY1ot4Pwo0avj/+UuRqqXHlELFhkd6vxNe/fvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9s8SxlM/tDLXvbq1ou/zXAW+O/MOQ6Qp6333J1Vawno=; b=aVbAfavX/9fOTeEiAXOJO4WwYM0kya3LubJlyMEuFSW7Z10yKXmY5InNwbdOqDiIVmCQVzTzOONmo2n0yA0NQeuRy8kDrObECVxs5lW/qzshf41D+416YPxdDgjsyxZ1U2IY0Ox9ZYdVWsnRphqdMH/0qCfhPGL/Cf9CfM7gM0KHjCxrhQFRPHUoSQ33u88JUJ1uy26/ZEdxE0w611QYGL9pt+ji7PsCYKXV7X7A1A8YB5/PYMuypWg560ECQZuV4G+Rfn7wjt0iSlp50TCV2Xde1wvLqGyHCbhu5FeGWrnTnDrUFcs0d0IIlaWZjZP9a32d4SSyYw8qldY4urPHmQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9s8SxlM/tDLXvbq1ou/zXAW+O/MOQ6Qp6333J1Vawno=; b=K920EbvZXPnyxKxnPWrDfNgYcuaQmHvboataC5dqv8MdX3OQKs2Z2c+1xlGQH/ZQu99Sz0HnsMjbKihijtFHKhm7op8Md0cO7p7q5vIEWIAZai/bhmhinw90StK0rqi1cSRABEe/iuTMENsde4eoYsB1VNlGhUpyRfIVtDg84Zk=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0804.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.13; Thu, 4 Nov 2021 20:47:48 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Thu, 4 Nov 2021 20:47:48 +0000
From: Roman Danyliw <rdd@cert.org>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: AD review of draft-ietf-rats-yang-tpm-charra-11
Thread-Index: AdfRvLpG8Y7TcPJ2RaC07mrIadsk8g==
Date: Thu, 04 Nov 2021 20:47:48 +0000
Message-ID: <BN1P110MB093953B691FF389775053B2DDC8D9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a81466d0-fad0-4df2-10cd-08d99fd45cbe
x-ms-traffictypediagnostic: BN1P110MB0804:
x-microsoft-antispam-prvs: <BN1P110MB0804875E8C09B58FAF63B712DC8D9@BN1P110MB0804.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2oFGhr0+OCjoOh2qPzEymwapu1sNudmzwVvz6BnK/yjlRjxg7ZSGh2V/HByiLI8H/aUs2wlFcvM0yI8WXD5y7VRerAX54uxTCUNxTVVOfqH4YqXscZR+uSRoilBOvhLPqahFRmvwK8LWH4ftrfJWUw1Nyk7wWZx/uqT/XsMJAL76iwWZrgGslDi8/BqLYSmSh/YubIEyRWABCU+buNnm9qwz+TjyHfeaGTSFQn/xrkTxixYDeasuflI6fG4OlcoEB0hke/y9PR0HutplfEyzMpC7GbgERlSnWjBlaUsuvKUZBrFZMsRieTpwtu/NqtZxgtbs7ktgtxDJ0w5t4UtsgXBemwQF6Q7HszmwRaNDd+Dot08H/TtYpjNXfSNyGu9vNoe7L2itmOd9nPqEa/jmDESwYxz3kk1E3cSg/e4+IILrZHzTld6wDuXqCtwUev3MDes2oYb9XLAVKvl6PUlxvZMmzqfkGfyrRvlSXSwyLGmJecpBnPbIB03hJtM6zDlljdkit2p1Uq42V1pSlYJDgmjIoxjeGiTb+pc9oaMK6/pmpJpwYTxabhvow8k14tVCJuVqYZijPAZODmo+eeiz8DllNXg6nxSttzJD91cA3805a5vwrermFaZ9GuivNJQNXj329t+DmPQG0WLgRALappJWZcza0c1I+2QZS0ZwDyaybqpxnEsJQD5em+wdKe9sisA4BdcAGNZrc6gTyBwxHdQ0NT2GQLVGiJxwUmk7c4U=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(83380400001)(186003)(64756008)(66446008)(5660300002)(6506007)(66476007)(66556008)(66946007)(26005)(8676002)(55016002)(76116006)(6916009)(8936002)(52536014)(9686003)(7696005)(498600001)(33656002)(38070700005)(38100700002)(71200400001)(122000001)(966005)(86362001)(82960400001)(2906002)(15398625002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iUz+v4RwVF9lsqafI0d2xH8yucBK7jo12z7CTVgJqyW3xxmjNBdTxxnCkC0xVONNBXSEFFS1Jj2bZoK2xOvr/rOlSCvQQ0raoblJKAmu36OibShtUa0BfujwzmvONqF8KV8QG/+n+ONBoW1AIXlM1Q==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a81466d0-fad0-4df2-10cd-08d99fd45cbe
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2021 20:47:48.7129 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0804
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dqHumg_GwGwARvCwQ9NcuEPrD2M>
Subject: [Rats] AD review of draft-ietf-rats-yang-tpm-charra-11
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2021 20:47:58 -0000

Hi!

I performed an AD review on draft-ietf-rats-yang-tpm-charra-11.  Thanks for this document.  My comments are below.

Thanks for being making specific section reference to the various TCG specs in the YANG module.  These exact citations were very helpful.

In a few comments below, I may be too closely associating this document with draft-ietf-rats-tpm-based-network-device-attest so please let me know when this is the case.

** There are eight authors.  Customarily (per RFC7322), the total number of authors/editors on the first page is limited to five.  Could I have a write-up/confirmation on why this current arrangement makes sense.

** Section 2.  
One or more TPMs MUST be embedded in a Composite Device that provides
   attestation evidence via the YANG module defined in this document.

Should this text be left this flexible, or should it explicitly reference [TPM1.2] and [TPM2.0]?

** Section 2.  Per "A fresh nonce with an appropriate amount of entropy MUST be supplied ...", where can the guidance that characterizes "an appropriate amount of entropy" be found?

** Section 2.  
The functions of this YANG module are restricted to 0-1 TPMs per
   hardware component.

Can the phrase "... are restricted to 0-1 TPMs per hardware components" be stated differently.  I'm don't follow the intent.

** Section 2.1.1.1.  Could a forward reference (just as is used in the YANG module) be provided for each of these features to improve readability.  

** Section 2.1.1.1 and ietf-tpm-remote-attestation@2021-05-11.yang module.

As listed in Section 2.1.1.1 and later in ietf-tpm-remote-attestation@2021-05-11.yang module, it appears that this document supports the following log types:

(1) feature bios ==> "https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf,           Section 9.4.5.2";

(2) feature ima ==> "https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_CEL_v1_r0p30_13feb2021.pdf  Section 4.3";

(3) feature netequip_boot ==> no reference, "The device supports the netequip_boot logs."

-- per bios, this document and draft-ietf-rats-tpm-based-network-device-attest use different references for BIOS logs.

Here there is:
https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf,  Section 9.4.5.2

draft-ietf-rats-tpm-based-network-device-attest uses:
   [EFI-TPM]  Trusted Computing Group, "TCG EFI Platform Specification
              for TPM Family 1.1 or 1.2, Specification Version 1.22,
              Revision 15", January 2014,
              <https://trustedcomputinggroup.org/resource/tcg-efi-
              platform-specification/>.

Are these complimentary?  Should they be the same?

-- per ima, does this document only support IMA in the Canonical Event Log Format or all of the Canonical Event Log Format (asking because draft-ietf-rats-tpm-based-network-device-attest isn't that specific)? Citing Section 4.3 is helpful but doe not resolve the ambiguity as the CONTENT_TYPE TLV=7, 8 is IMA but 4 or 5 would not be.

If it only support IMA, please be clear down to the TLV reference.  Additionally, there is a conversation to have about draft-ietf-rats-tpm-based-network-device-attest which in Section 2.3 says that "Attestation logs SHOULD be formatted according to the Canonical Event Log format [Canonical-Event-Log]" - that is, it doesn't seem to restrict down to IMA.

If it supports more than IMA, than this feature name needs a more expansive name.

Also, this draft cites v1, Revision 0.30, Dec 11, 2020 version of Canonical Event log.  draft-ietf-rats-tpm-based-network-device-attest cites v1, Revision .12, Oct 2018. Should they be the same?

-- Per netequip_boot, is there a reference which explains what this is?

Also, since this document is supposed to use "the operational context defined in [I-D.ietf-rats-tpm-based-network-device-attest]", how does netequip boot fit into that document?  I can't link that log type to the existing text.

** Section 4, Section 2.1.1.3.1 and 2.1.1.3.2.  There is an implicit verification workflow/protocol built into using these challenge-response RPCs.  A few clarifying questions:

-- Where can one find the guidance on generating the nonce.  For example, for TPM1.2, Section 16.4 of https://trustedcomputinggroup.org/wp-content/uploads/mainP3Commandsrev103.pdf says it should 160-bits.  Does that apply here?  What about for TPM2?
-- Where is the guidance on how to verify the signature on TPM_QUOTE2 and TPM_QUOTE_INFO?

-- Where is the guidance on how the certificate-names-ref might be set?

** 2.1.1.3.2.  Per the RPC challenge example:

       <tpm20-hash-algo
           xmlns:taa="urn:ietf:params:xml:ns:yang:ietf-tcg-algs">
         taa:TPM_ALG_SHA256
       </tpm20-hash-algo>

I'm missing something.  Why is there an XML namespace in the element body? (i.e., why the "taa:" for "TPM_ALG_SHA256")?  The response also has a "ks:something".

** ietf-tpm-remote-attestation@2021-05-11.yang .  grouping tpm12-attestation. Can a URL be provided for the reference?  The current text says to use rev116.  I found the following link to revision 103.
https://trustedcomputinggroup.org/wp-content/uploads/mainP3Commandsrev103.pdf

** ietf-tpm-remote-attestation@2021-05-11.yang .  list unsigned-pcr-values. What should be the behavior if an unsigned pcr value is found to deviate from the signed one?

** Section 2.1.2.  I'm not sure the history is needed here and it won't age well in an archival series  This section could just start with "This document as encoded the TCG Algorithm ...

** ietf-tcg-algs@2021-05-11.yang. Typo. s/collasping/collapsing/

** ietf-tcg-algs@2021-05-11.yang. Identity asymmetric.  The URL to the document containing Table 2 returns a 404.  I believe this is the correct link:
https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_r1p32_pub.pdf
For all of the identities that use "TCG_Algorithm_Registry_r1p32_pub" as a reference, please provide the full URL or the formal name of the registry.  The partial file name does not help.

** ietf-tcg-algs@2021-05-11.yang. identity tpm12 and tpm20.  Thanks for include the PDF name.  Can you please add the full URL.

** ietf-tcg-algs@2021-05-11.yang. For all of the identities that use "TCG_Algorithm_Registry_r1p32_pub Table 3" as a reference.  Please either use the formal name of the TCG reference or provide a URL.

** Identity TPM_ALB_MGF1.  Typo. s/IEEE Std 1363a -2004/IEEE Std 1363a-2004/

** Identity TPM_ALG_KEYEDHASH.  Typo. s/specification. ./specification./

** Identity TPM_ALG_SM3_256.  The reference provided here does not match the TCG registry.  TGC says it should be "ISO/IEC 10118-3:2018".

** Identity TPM-ALG_SM2.  The references doesn't match the TCG registry which says "GB/T 32918.1-2016, GB/T 32918.2-2016, GB/T 32918.3-2016, GB/T 32918.4-2016, GB/T 32918.5-2017"

** Section 4.  draft-ietf-rats-tpm-based-network-device-attest said that "RIV implementations SHOULD use TPM2.0".  Is that a recommendation here?

** Section 4.  

Is there a reason that this document doesn't provide any additional caution or normative recommendations against using certain algorithms in the YANG module - TPM_ALG_TDES, TPM_ALG_SHA, TPM_ALG_SHA1, TPM_ALG_XOR, TPM_ALG_NULL?  If not, at least something weaker to remind implementers to carefully select which algorithms, and recognize that sub-optimal choices may need to be made given the constraints of the fielded TPMs in the attesters.

** Section 4.  Thank you for using part of the YANG  security considerations template from https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines.  A few additional considerations:

-- [RFC 8446], [RFC6241], [RFC6242], [RFC8341], and [RFC8040] must all be "normative references"

-- What measures should be put in place to ensure that only authorized verifiers are permitted to engage the attesters?  For example, will NACM be used?

-- Per sensitivity of read, could the information collected through the RPCs reveal that specific versions of software and configurations of endpoints which could identify vulnerabilities on those systems?  

-- Per the existing text in about verifying the appropriateness of the AK.  Is there a reference for that?

** Section 4.  Editorial. s/ i. e./i.e.,/

** Section 4

   RPC 'log-retrieval':  Pulling lots of logs can chew up system
      resources.

Consider using a less colloquial description, perhaps "requesting a large volume of logs from the attester could require significant system resources and create a denial of service".

Regards,
Roman

v2.23.0 | Report a Bug | By Email