[Rats] comments on draft-birkholz-rats-uccs

Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Fri, 07 August 2020 14:01 UTC

Return-Path: <jmfmckay@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 984F93A0BE4 for <rats@ietfa.amsl.com>; Fri, 7 Aug 2020 07:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.998, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 6z_5zeOF9f9e for <rats@ietfa.amsl.com>; Fri, 7 Aug 2020 07:01:20 -0700 (PDT)
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 304503A0BE3 for <rats@ietf.org>; Fri, 7 Aug 2020 07:01:20 -0700 (PDT)
Received: by mail-ej1-x62f.google.com with SMTP id a26so2212056ejc.2 for <rats@ietf.org>; Fri, 07 Aug 2020 07:01:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=wBJ1LJpxMmP5FOkDcVCfO0WoO7Xr0Kz6JYFVEt8lCik=; b=uEbOU4q6OSbzp2Ux6jsgKAEnnbAdEXOsaddOgzEldsZH8teGSkG1GPPlsd8ulvuVpF 7LYpWuqVSKK/UHliSYH25Ef98T30qTx2m0MJLGREUQgAbxNEiyNjTr0tutWyYotAhTTb tf8qTLpg8rqS4LYdqQswtMnWFAXw6ZVb4p8BtHoLI3j8tHvDKPyY9gFU/CmkrD+975Wo +QI/4N5ebx3sfPkfv1d1x7hV6GnvQukS6GYg8Gm+6yM8jbIFTXjEVP1P16zeS96pxcFf bLuxl7yvyxiIS0zvHP1ccmCzHgd5wYR/RQ9KJBYqtge2KT/cqWpd/RhmEqeivD/ogshF cs+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=wBJ1LJpxMmP5FOkDcVCfO0WoO7Xr0Kz6JYFVEt8lCik=; b=rgGYQo2W0yMlrhPRNJbtODLOiYhbpkAyvfmQUBbpzxsNO2PXs+xfwuOzjNDMMt9i9B xLx+C8RS76IAdUhzz4M1Dx8sble9rfBFOA0dXSVBLouR0EU3/VpZOVory5eLkiQ+mbNH ZzAwUxlElFmDBc4bDltfD/9up4N2+MagkdYdN5RNTMXQOImFtAUjiYNCLw+GRoxgOAM0 xDVtqLkD7KL2pZsFyKnevCBn4TlnnlQdeibpGSkfU1mOfDAkSghJFwGN0bYWdJdNmYyL VnODBhgNETOb0PyD5e8vbUYASEKE1aUejBOxOi4eUD6CVl9ppqEgOni2ZKPPrLdJmcjB Topw==
X-Gm-Message-State: AOAM533CYyPjVKYAHSykK/WCYwhbi56Px1ZlDK6HZCQIiecjThzIEfWd uJ5ISQcRx5osPfx0KBk0CootH2LL3yU9OU70oeAwRQM+//Y=
X-Google-Smtp-Source: ABdhPJw8AY0f6G/bFwyzXtmbBIjyYybHa5wRlfSWn+J0UoVLGAVNTKWMv4jhkrOeF/XrwoMN3UMueIQwIkfolFCxGKg=
X-Received: by 2002:a17:906:7f0e:: with SMTP id d14mr9353985ejr.400.1596808878184; Fri, 07 Aug 2020 07:01:18 -0700 (PDT)
MIME-Version: 1.0
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Fri, 7 Aug 2020 10:01:07 -0400
Message-ID: <CAM+R6NUya3dgpXWC11qufhKE9BcSSzG9W2W7jGDxqyRdOcrtRw@mail.gmail.com>
To: rats@ietf.org
Cc: Michael Jenkins <m.jenkins.364706@gmail.com>, Jessica Fitzgerald-McKay <jmfitz2@cyber.nsa.gov>
Content-Type: multipart/alternative; boundary="000000000000f55ea905ac4a09e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/eZrFetHRPad8JHFVkO0-N5eeJew>
Subject: [Rats] comments on draft-birkholz-rats-uccs
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2020 14:01:22 -0000

Hi, UCCS authors,

Mike Jenkins and I reviewed the UCCS draft. Our comments are below. Happy
to talk through any of them with the group.


The intent of this draft is similar to the key concept of EST - use the
authentication of the secure session connection. Most schemes build on this
concept leave a lot of banana peels laying around, some of which we
describe here. In general, this does not seem appropriate to the scope of
RATS. We feel that COSE might be a more appropriate work group to think
these issues through.

- If you're using a static symmetric key for authentication (as one might
with highly-constrained devices), you can only authenticate a net, not an
entity. The receiver cannot differentiate between authenticating the sender
and authenticating itself.

- The authentication happens at the secure channel termination, not in the
channel-contents-using application. It's important how the termination
process vouches the authentication to the application. (In EST, this
question is how the EST server vouches the requestor's identity to the CA

- A TEE only helps if the TEE application can punch through the REE and set
up the secure channel completely on its own. If the TEE relies on the REE
to set up the secure channel, you might as well just operate in the REE.

- There is a comment at the end of the introduction (!) about transitioning
back and forth between self-protected and channel-protected CWT, "in a
well-defined scope". Define the security characteristics of that scope or
get rid of the comment. You're handing someone an awful lot of rope there.

- The claims set should be treated as ephemeral by the recipient. It
shouldn't be stored, and can't be forwarded except as data originated by
the recipient. As soon as it emerges from the secure channel, it's no more
valid or meaningful than any other piece of unprotected data in the
application environment.