IETF Logo Mail Archive

Re: [Rats] Requesting a Nonce from a Verifier

Orie Steele <orie@transmute.industries> Wed, 28 February 2024 01:41 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91F99C151524 for <rats@ietfa.amsl.com>; Tue, 27 Feb 2024 17:41:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EtfXQZSU8HVm for <rats@ietfa.amsl.com>; Tue, 27 Feb 2024 17:41:49 -0800 (PST)
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7D52C15109A for <rats@ietf.org>; Tue, 27 Feb 2024 17:41:49 -0800 (PST)
Received: by mail-pg1-x534.google.com with SMTP id 41be03b00d2f7-5c66b093b86so324954a12.0 for <rats@ietf.org>; Tue, 27 Feb 2024 17:41:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1709084509; x=1709689309; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HuW1qU4GpV6HkDvYcNvVAapVQUReyqSt3OOvU4IpWqc=; b=eD/PD1OR/t1bW1L598EHfIFc+qpIfncOKKAUzJRHIbojMAydSjXceEyur09L1i4dzH JLSLkFusXpsxiOjLYdAxwwTXTSS37pKtMETPpOdxGHkO/pEsWOT5tIdHe6nhSpoE9bQI fL6ZEiNg+VgwXNaxMSaA+Q52SzV/4H2AeqNNHfOrqCj9tpKh5zCrpCiAZsHpBhDoxsf+ +AFPSwkKL411tD4VzIhMkuvG6StRM70NbcrWxKb3A6RlfL/Bx9/BQVTKoPmzhk0KmAlT oaXASE3VJzYmoySR2D4kEJOO2YYdHS1aQBmU+vWZXFNAu7jGkvQuiRX9dgf+71Xr6z5y Zg0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709084509; x=1709689309; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HuW1qU4GpV6HkDvYcNvVAapVQUReyqSt3OOvU4IpWqc=; b=nY+H58x5VMnEa0zxidTeeA9Myj3ZNME5cW7w0tkQi+d6mvOJXs397dciOAmCQYmj86 qqV2hEIQ5wRteRFCF/54tTDZEm7iJMXfvfoBC6JDZ7R/EgkoouYygkcSUbIJyDDFGu+S ZX394bQYOtTf6EmsNcNJutYarA9U/0+xjjxvZgQI8UdYIaQOERCXqxCCUuMQKfWiBt9J iZbM6YfiuZw+fDlywWcvmg4Sf8cObo7u8OhBSIkTX12KaIBNIffNYjN0P/CJQhR8ZWmR M6DWQXE3gyPUQgxp0lHp8G3IHW4oIaZBqk/5OmCPrWOaPtaaeCYI5tiyBkbVcW5+JG+F +KBw==
X-Forwarded-Encrypted: i=1; AJvYcCUOULSET4v04yjcClN//z7mq1QHlM3JSlAwUHa+LNi1jZWFK9eeSXqScCDrVo2m487rvKqSK154NULyfogQ
X-Gm-Message-State: AOJu0YxM/VbVxcHR2aev6c+IGf0YiPkmbSFTiIzTw7WMpaU1hHyu/+Wy uEub2BT41LlrmnljZVy0gWmd6PcthK+qeKoCcBLkb52MBOBH5u5F7soA7sqBhb/D0qcUTgV+BVT N4f5fauUvWvutDGoOQWUD7Dx+VRLqiMEPXYSqeg==
X-Google-Smtp-Source: AGHT+IGKBcPMd7BRngOPmzt6jaPnTR2+LvyEKHGBclDDSs7jpvJA6QLltIJXTB0YgEC8u5ZedsIeiMuyRsH+wDRTv+Q=
X-Received: by 2002:a17:90a:5d96:b0:29a:ea3d:5776 with SMTP id t22-20020a17090a5d9600b0029aea3d5776mr1524432pji.11.1709084509283; Tue, 27 Feb 2024 17:41:49 -0800 (PST)
MIME-Version: 1.0
References: <02c501da6987$d2d64490$7882cdb0$@gmx.net> <ecf9ac86-82f2-80b7-160a-bdde42387ef0@ietf.contact> <2E3E84DF-F528-420D-BB70-B6E23FEE0978@intel.com>
In-Reply-To: <2E3E84DF-F528-420D-BB70-B6E23FEE0978@intel.com>
From: Orie Steele <orie@transmute.industries>
Date: Tue, 27 Feb 2024 19:41:36 -0600
Message-ID: <CAN8C-_LO+J+gj3=RutGiyxzpvint3Jb40-OwEEraGht-1dhdBw@mail.gmail.com>
To: "Smith, Ned" <ned.smith@intel.com>
Cc: Henk Birkholz <henk.birkholz@ietf.contact>, rats <rats@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001142df0612673f54"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/fObqcrazmYwuh4Mdi-7fv3NTJTE>
Subject: Re: [Rats] Requesting a Nonce from a Verifier
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 01:41:53 -0000

In the context of OAuth DPoP the same endpoint that requires proof of
possession, can return a fresh nonce, in error messages, and there is also
this draft:

https://datatracker.ietf.org/doc/draft-demarco-oauth-nonce-endpoint/

Which seeks to solve a similar challenge, without overloading an error
response.

OS

On Tue, Feb 27, 2024, 7:24 PM Smith, Ned <ned.smith@intel.com> wrote:

> Given 9334 outlines several possible ways to incorporate freshness and
> recentness and given the reference interaction models I-D provides patterns
> for exchanging information that should possibly include freshness and
> recentness considerations. And considering the WG charter biases the WG to
> focus on augmenting existing protocols over designing new ones, it seems
> Henk's suggestion to improve the reference interaction models I-D make
> sense.
>
> If this thread is focused on an I-D that modifies an existing protocol
> with freshness and recentness, then would it make sense to use the
> interactions models I-D to work out the general principles for how
> freshness/recentness is achieved first. Then, can it be cited as background
> for other I-Ds that describe specific modifications for an existing
> protocol?
>
> -Ned (not as chair)
>
> On 2/27/24, 11:35 PM, "RATS on behalf of Henk Birkholz" <
> rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of
> henk.birkholz@ietf.cont <mailto:henk.birkholz@ietf.cont>act> wrote:
>
>
> Hi Hannes,
>
>
> I am in a weird TZ offset, so just a quick reply.
>
>
> On 27.02.24 15:18, hannes.tschofenig=40gmx.net@dmarc.ietf.org <mailto:
> 40gmx.net@dmarc.ietf.org> wrote:
> > Hi all,
> >
> > Hendrik and I have been working on an update of the CMP/EST extensions,
> > which allow an Attester to request a nonce via the Relying Party (in the
> > background check model). This “nonce draft”, see
> > draft-tschofenig-lamps-nonce-cmp-est, aims to provide freshness for the
> > CSR attestation draft (see draft-ietf-lamps-csr-attestation).
>
>
> Why focus on a nonce for a combination of recentness and freshness, when
> you could also use an epoch marker?
>
>
> >
> > We have been wondering about the design of this protocol interface. At a
> > minimum, the attester needs to indicate the length of the nonce being
> > requested from the verifier.
>
>
> Why? It can cut it short, the Verifier will understand? Are there
> obvious security considerations that I am missing here? The nonce is
> requested via an authenticated channel, I assum?
>
>
> > EAT, however, supports also an array of
> > nonces in the nonce claim. Should such a protocol interface allow a
> > request for multiple nonces?
>
>
> Sure, the you do not have to request a nonce for ever interaction and
> the Verifier can keep track.
>
>
> > Furthermore, the Attester may also need to
> > provide information about the Verifier. This is necessary when there are
> > many Verifiers in the system and not everyone of them might be able to
> > successfully verify the Evidence. Should the request for a nonce also
> > include information about the attestation technology supported by the
> > attester?
>
>
> Discovery of appropriate Verifier and "requesting nonces" (which kinda
> is still shooting from the back into the eye) are different things. You
> can compose both protocol action, but my initial reply would be:
> Discovery, Feature negotiation, and then epoch marker requests are quite
> different things.
>
>
> >
> > We thought that this type of foundational feature is described in detail
> > in one of the RATS working group documents and the
> > draft-ietf-rats-reference-interaction-models seemed like a good starting
> > point for such details. Unfortunately, this document falls short in
> > explaining these types of aspects because it is heavily focused on a
> > specific TPM deployment.
>
>
> That is bad. Please help us fix that.
>
>
> >
> > Has someone in the group thought about this aspect already or has
> > otherwise gained experience with this aspect?
>
>
> Requesting a nonce and therefore taking on the role of a challenger in
> arequest/response interaction model to then get a nonce to provide a
> solicited push of Evidence is bit of a flaky procedure, isn't it?
>
>
> How do you assure that the recently received nonce is used to convey
> fresh evidence? Is there a timeout? Can you cache it? (like with the
> array of nonces). Why can't the Attester just trigger the Verifier to do
> the challenge/response? That seems a bit more straight forward? Maybe I
> am missing something very obvious here.
>
>
> >
> > Ciao
> >
> > Hannes
> >
> >
>
>
> Viele Grüße,
>
>
> Henk
>
>
> > _______________________________________________
> > RATS mailing list
> > RATS@ietf.org <mailto:RATS@ietf.org>
> > https://www.ietf.org/mailman/listinfo/rats <
> https://www.ietf.org/mailman/listinfo/rats>
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org <mailto:RATS@ietf.org>
> https://www.ietf.org/mailman/listinfo/rats <
> https://www.ietf.org/mailman/listinfo/rats>
>
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email