IETF Logo Mail Archive

[Rats] Requesting a Nonce from a Verifier

hannes.tschofenig@gmx.net Tue, 27 February 2024 14:19 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 607C6C151984 for <rats@ietfa.amsl.com>; Tue, 27 Feb 2024 06:19:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M79sEGOfpq10 for <rats@ietfa.amsl.com>; Tue, 27 Feb 2024 06:19:09 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 273B7C14F6E3 for <rats@ietf.org>; Tue, 27 Feb 2024 06:18:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1709043506; x=1709648306; i=hannes.tschofenig@gmx.net; bh=mZrRfg6aeOIhnIqDRGFeKw1RsIijQpi8coWjaOvrDeQ=; h=X-UI-Sender-Class:From:To:Subject:Date; b=Q5YyJNdcK0Fu9xt7AH/hYusHJmP7kPMzm0jhX9eCQJuvbbJjuFUgJ3lJ9PN024Tj Pd9eudvqYCdFCrH+CLzghVAL9IbwcKtuGvA1v5DGY2SZZgr3ST2sfRKMEOuKWnAPu Ex3RL0MxxFjMHF9IqNpgCedHiGFkHYFnC9H2536m/FFJOHkrbvVedVXa341irdcaz C2ZOosJ0JlHis4mn4YWTb8SykVOyQ+B36+AqcEjUUWbAESw8/e0lUXQ3cpWsWo20e /vmIe3oY3w9q5vrtB4D5WyJNl5tbC75qBrMfmGT21F2mPE01bGemyIz+jR9ptoPJL +l2dVgsbyFm6EkNavw==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([185.104.138.31]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MmDEg-1rEOxc1orA-00iDpX for <rats@ietf.org>; Tue, 27 Feb 2024 15:18:26 +0100
From: hannes.tschofenig@gmx.net
To: rats@ietf.org
Date: Tue, 27 Feb 2024 15:18:08 +0100
Message-ID: <02c501da6987$d2d64490$7882cdb0$@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_02C6_01DA6990.349AAC90"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Adpph2/sCzoh1slqSSKBshTevR+Zrg==
Content-Language: de-at
X-Provags-ID: V03:K1:AoGT1ogFeJ4p3roIY6zASBeSlYfgwiWyuja/WNGzn+0+5IGZLne 25E1dYrryFHYUm0Oc4ATrX3054sKAsCRiBEa+P16wQVeQQra87d9cN/3Ij7JcTIZjcp+eKH lzw7GwInZjZffyD9W/q79SVduRuF+oJz0nHkPQOc//qamko3X7bP8fgymoXFRlHMXI/43MQ MvpNlRm6m6WReuUms5Daw==
UI-OutboundReport: notjunk:1;M01:P0:iNLZYwEmMUs=;UBFw6B0SDl9YVufQdxK+4QO14+z afdECMnJ/Pd3vLYC0/mHrsxCpzfwudNzQlJvIN+MLCKJo/FfhfszLQkOcvgAvEuK9gU8s+42q uqW7NChJUs5hGHWN/lDQvd3En1KQBe+/iqcozCeN9aEW/6zXFt9pTYAT7oI/HFMds/x0cY3n6 7bqJppAdhbjlkV/BL8MPIhPfcNzgCehgIwnHZuzC74uCc6sCRqznTfsTvs4pk3L1aN72REmlg b2YoHuVch3gzQOzMMkSsxMdSOK2tO+HlkSYDEeTqssDrzj/LeWNkH1XqONRgeAMYQUEeW/asP AjnircNMF80v83aCEGfITsIDgo4vcIqzxDXSoXITTY1kfyfJX6fWeD7eI44uLBzY3lR3ae6Rp WTOCz8JaUIx3LQQBVH7xhzaiNlkU4oE7KkEKNGhmtBmsDgooF5DBls07hgEMhsRHtReck+ah0 m1hQtSjLDiXVksR3jxPKUkmpkdIzd1ZXl1A1TEpXIgCtC4c0cjXUPM9QSrVlWwEiKTUb4OUps DpUZdZocW3MYYPd+oN+OEDc7fJ1A0T30gzgnUi/GVtVkfxPoUL0vb3yyEvhc+TwkROGp7vDTG YsvpgyK8tgFX1kRs3G0nLkJPakhhX6cR9lifNX+4xL8//vkeZdaThbmqIbgTQNaSArb261VBZ OJTc14NRBnHnfByjsJceCEkt1qwfazeer5c9u98Vr0DGIBoKZ4yaPU/AyQ39+kcKgXYzE1kGQ 4J9tbqZIA7kLWwlZLfumODnFYggV7nWid89OqJVtOx13oCm9VwHjRKqXJUZTZwwJhdCMhgcsK pPlJkKdCxAw+5wTRZVV4d7HGQWrtXr81yvrBsB/N1Gbo4=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/gTu0zkLw0emEBVozQBUUQLJXqhY>
Subject: [Rats] Requesting a Nonce from a Verifier
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2024 14:19:11 -0000

Hi all,

 

Hendrik and I have been working on an update of the CMP/EST extensions, which allow an Attester to request a nonce via the Relying Party (in the background check model). This “nonce draft”, see draft-tschofenig-lamps-nonce-cmp-est, aims to provide freshness for the CSR attestation draft (see draft-ietf-lamps-csr-attestation).

 

We have been wondering about the design of this protocol interface. At a minimum, the attester needs to indicate the length of the nonce being requested from the verifier. EAT, however, supports also an array of nonces in the nonce claim. Should such a protocol interface allow a request for multiple nonces? Furthermore, the Attester may also need to provide information about the Verifier. This is necessary when there are many Verifiers in the system and not everyone of them might be able to successfully verify the Evidence. Should the request for a nonce also include information about the attestation technology supported by the attester?

 

We thought that this type of foundational feature is described in detail in one of the RATS working group documents and the draft-ietf-rats-reference-interaction-models seemed like a good starting point for such details. Unfortunately, this document falls short in explaining these types of aspects because it is heavily focused on a specific TPM deployment.

 

Has someone in the group thought about this aspect already or has otherwise gained experience with this aspect?

 

Ciao

Hannes

v2.23.0 | Report a Bug | By Email