IETF Logo Mail Archive

Re: [Rats] draft-birkholz-rats-uccs

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 12 March 2021 18:31 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A1DB3A0E6B for <rats@ietfa.amsl.com>; Fri, 12 Mar 2021 10:31:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.101
X-Spam-Level: *
X-Spam-Status: No, score=1.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RAND_MKTG_HEADER=3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=U50fm/jz; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=U50fm/jz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yz-kiBFMb7XZ for <rats@ietfa.amsl.com>; Fri, 12 Mar 2021 10:31:14 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80053.outbound.protection.outlook.com [40.107.8.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3B373A0C30 for <rats@ietf.org>; Fri, 12 Mar 2021 10:31:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IPsUp4YbZ2ijyQgl90ytfSSK4wqhK9SQrHJOC6DAYsE=; b=U50fm/jzGJ2xpWHt3dCDTvBw3E3vZGAWsBKAnfEsABKQSWqRmkLCoE2dLW3fn04L3E7gTetZENqieARCVQfpxrVhnMtdRvx9aIumrSh9DHSYlUnQ9//lD47KbEH/oDSUBXYRYOkAPDIfotou8AIB043tC0a+6YECIR9P74TB9HI=
Received: from AM5PR0402CA0020.eurprd04.prod.outlook.com (2603:10a6:203:90::30) by DB9PR08MB6635.eurprd08.prod.outlook.com (2603:10a6:10:254::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31; Fri, 12 Mar 2021 18:31:10 +0000
Received: from AM5EUR03FT023.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:90:cafe::a2) by AM5PR0402CA0020.outlook.office365.com (2603:10a6:203:90::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31 via Frontend Transport; Fri, 12 Mar 2021 18:31:10 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT023.mail.protection.outlook.com (10.152.16.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31 via Frontend Transport; Fri, 12 Mar 2021 18:31:09 +0000
Received: ("Tessian outbound bbad306dbec1:v71"); Fri, 12 Mar 2021 18:31:09 +0000
X-CR-MTA-TID: 64aa7808
Received: from 81d099c820e1.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C447DDFA-68F7-40EB-9F42-B0CB355137B2.1; Fri, 12 Mar 2021 18:31:04 +0000
Received: from EUR02-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 81d099c820e1.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 12 Mar 2021 18:31:04 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EmhssXXzV2NcqoGI7yz6Jz/4jN5GjuvZbHIJHN8FFnw+7nyKTagOiLmiBxWrBSChnVTjl3vOJIl9uXI4HfEkkRwPxCKE0lClMs6EMQy1yFGkQuz+a79twvwE8WTGEBAsNYnp32hfzuu2jjPYV83//uuC0Gm0NHQMtJaWRPOS1xUV8CNow5xNa0cilmhTrHjFc9tU6U922VJ+dvFJ3A9OujiAEEs4jisPUpgcBeF3Wv3Lt2XlHY22uQ/klhK4or5MRGq0TLH93JbowDBfX12EDaq6ehhxZ8wOh1UcTCuwRrMX4HZSDkoRWuBPpIcUXhhSjNu3b1XmgPvwioiudVo4pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IPsUp4YbZ2ijyQgl90ytfSSK4wqhK9SQrHJOC6DAYsE=; b=U9Eae5SnMVsZX9rJfHlrAOu1f4mTpxQF+itZyjDmEAxsPwLzNO2BKnNUQ5UvTqwtsfeQ/9klG+SlRe+MnWW4DPJpLxIiXkGSezfRSmRnE4Lv1GTctql/M+SrXRtBoFGvqLfMrsR3DTWPJKoH/GzlCv9Rs+BjwtzEGFi+Pga56H/92PdMo33NTuGE4Nao2/eHg9dsFmFqfYpbKBxcLFQlNm/l0tUI1qIqvV3TBDOkiFfz+uutYBWvGnApsUKHGJugSzmWEsIOTWG9TXDCUW8Sjkbna+5LDzC19sjxxQDPqRWR3Cjq5j3ErPBF/0zhSqLDAN60wyZlb+VPSLHKmLnvUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IPsUp4YbZ2ijyQgl90ytfSSK4wqhK9SQrHJOC6DAYsE=; b=U50fm/jzGJ2xpWHt3dCDTvBw3E3vZGAWsBKAnfEsABKQSWqRmkLCoE2dLW3fn04L3E7gTetZENqieARCVQfpxrVhnMtdRvx9aIumrSh9DHSYlUnQ9//lD47KbEH/oDSUBXYRYOkAPDIfotou8AIB043tC0a+6YECIR9P74TB9HI=
Received: from VI1PR08MB2639.eurprd08.prod.outlook.com (2603:10a6:802:25::13) by VI1PR08MB2815.eurprd08.prod.outlook.com (2603:10a6:802:19::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Fri, 12 Mar 2021 18:31:01 +0000
Received: from VI1PR08MB2639.eurprd08.prod.outlook.com ([fe80::f004:92db:341e:9d6b]) by VI1PR08MB2639.eurprd08.prod.outlook.com ([fe80::f004:92db:341e:9d6b%7]) with mapi id 15.20.3912.028; Fri, 12 Mar 2021 18:31:01 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>, Giridhar Mandyam <mandyam@qti.qualcomm.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] draft-birkholz-rats-uccs
Thread-Index: AdcXJ0G5gdzAgCZnQcmPuyVwth6WNgAOAwXQAAGgjgAAAQTfMA==
Date: Fri, 12 Mar 2021 18:29:57 +0000
Message-ID: <VI1PR08MB2639F0B6CDC8DA24A300BA22FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com>
References: <VI1PR08MB2639119D9BB1C98A1FBF3863FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com> <BYAPR02MB442217661B96C66A8881DD89816F9@BYAPR02MB4422.namprd02.prod.outlook.com> <659C7D3E-B5C9-484F-85E8-5D48E2C2F856@island-resort.com>
In-Reply-To: <659C7D3E-B5C9-484F-85E8-5D48E2C2F856@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 7C8A96DC82C4284A916735B98A6F4614.0
x-checkrecipientchecked: true
Authentication-Results-Original: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.121.157]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 939fa66c-d768-473c-3601-08d8e58501d4
x-ms-traffictypediagnostic: VI1PR08MB2815:|DB9PR08MB6635:
X-Microsoft-Antispam-PRVS: <DB9PR08MB6635E06A1CCD1E12437647ABFA6F9@DB9PR08MB6635.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 3e8xStqevPk+ZtOVHVdY1T1dwi3A2wUJo8Yvfs5MsSvTtqtRO2fRgaSvnPSdQGcGyjQ53rcLbQSQZQhn4ADfgT1sTJSimF76RJQkOjAOVmDNjrIROvHN3BicgGOdHLUk01kWfBSle77dV+37a5ksUwjnWDR2UpAeoBbJgfiaw283sXDsUno5Bwjhg8ujlGMno1ienfBCmeBIb9Ce9g+d4QNY1zl/cfnTuUd44EkOgdadPQdhGM9ggxzwYx6naEe3UxJ3v2fnctRKWxp9XoZikS422p/nDQ4fIpXIw0oXulsn14hp3HehtCHUbr6ztK5Lvk8we79WhyBfFR5sIemZYYiEznhejJO0oZW+DO1CkSrwpbA2Ddy4VF+HcEwKwac/GHfiy0av5B3bJaU6VTxwo3CiRfkCr1Lc+aDY129cfJSYJaKD50Fyd/WbpBz8s3posIpbigdlqYyDhRZjAJtm2ZtEs2lz9YYWJmOiPKGhOB8W0fq0tCodvg7S0OcZ0ZdXTHR8zYM6kIsgfzZ5WlLagEs+i1snVskS3iD/qMaDflBB8YEOowtyexnExWgKKJIkH+qXKsu6oNsvqViIpLpwMxrQS4tJO6/8wgjUrWXidq8vl7uWUWUAgDzcTIglgs8J0yyLP+NSdibNCUoYlBkqDw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR08MB2639.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(376002)(39860400002)(346002)(136003)(52536014)(55016002)(76116006)(64756008)(66476007)(66446008)(9686003)(966005)(316002)(478600001)(66946007)(26005)(9326002)(66556008)(110136005)(8676002)(8936002)(4326008)(86362001)(5660300002)(33656002)(6666004)(71200400001)(186003)(6506007)(83380400001)(53546011)(7696005)(2906002)(166002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: gsf/v33meZ50sX6W9bkm2Ig+4QZ/cwcC3YOPi2GnJrUnymKbQd2ebml2xtI4SOtOUM646Vaqh5WAEe8bvj6dgaXOcMROOieKrU1+bARAXuPfPNYXUAGzg/M915GAhpX+usDUXkm03VmgaBZ0MjAqCz210DLoL0MmfFLFbKQbcWJzmZd73FYVrcALSlCYKtM4q0P2xnaKTkYeZ06ruobaxqqvY4eN9a/uHCE4yllZDKKOx+8xwR5ovboSSDNNHjo+yIhxVZI+56uPqc0QFvND1aTQMioHqDUWhvofV6PfXX0BQtYzvSXK7kfleJEALrKcM0RHJCUS/n1FQuRLXDwDDti3amPCiMb11JIuiG6yafC8YG4ew3iM79sRqro6lJRasrK1LqXZDCuqOEXnTYLnT954fReBGHsd9Cfsbi5L4LcYbnv+QrMmgv2z4b52Prv9MZTEllIXBc/mpnhRNzDsURw0G5twXW4Xdg0NpOiT75zsyetsQnWAc/VqpsU9i6J8G5GSTXcB8L6oJiQQXZBGqB5yzES+YqaLxcCQtTO1kFPilcktn84UK7G/Gau1Au2/gtl5ZxRHQzgMykumgOo2SoQp+CwSfiu8uyVsoTQRAtz3UCKSHqpi2a8uMEtqh+1ZgmYm7kjT3uF5150Oj985pcG3hRNMXkCZNegpwWrkl1JBkLa/S3qm4Nng8dww5sV6gQXZHBzaj/f1CDrWOYKQT1+Z5fjwnM75aoVVsr/KUswHNMJhLC93IqqlzOdGEDVi4lMWdoFY33S2Jww71gX1+B3oSR4AdPmzqdFXDyrW2HYcrSV9ss5IABp4MG/up1xY8RzQllIQMdpcXf1EghEzzjZOwH/dYeqcg8kKhrphvi2be2gHAdeCavhwICxlpMwGo2il5A43dOgeaT8ciyaH7UXXKxwU/WcZDquxjMrrXFNfXVG0HS5N3XqK0xlZOHvpsM7pAt7zYjIoEm+r/VfL+sdwn4pJ7x++bSnt3NT8EMeahLVazV5Tn3iq26uzS7orPLL/EmPEQSgTLCmh1xuxuNxtoi9jx4ObvEkZ2LdRxodJxF/Dl1uZagFejM5rSFZrsbaQvUhXuOr0Fixjxdzxiqk2R6+WraLN/0X2V9lyqegs5pJNgd+DOwdvShrLw53nREC8fcWBHOPwbEz5LsEJcbVbo2fsxznFz/0eKrQqhzMsnro7icqB72gOllRQn1TtSRdn0k+1FiqWe9lKk+9Pd4KSpLM8ZGOzm8VqxedoqcoNMuAhWFWp31S3q+n9XjRGPZtMkTBxk9y+2jhpqUaSc0WavleF5N71F5u1TuNPjfixF65W8OtaVSr9wrQ9tZ1U
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB2639F0B6CDC8DA24A300BA22FA6F9VI1PR08MB2639eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2815
Original-Authentication-Results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT023.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 30d2b556-c39a-4077-03ea-08d8e584fcd3
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: G6AQU+97njK9PuRIb81XjnkudeV9PAw4dN+rhh0pPc/K/zDW/2AtlQHBUDS1enMOPiJq9V7Edw/V8R36erL1p+CEzj0DM3SIJfw3/G1DmV+EjBk7V3CuJZHidHm+XcFm7aj/ozDjf3sghoN28Gg0onBe571OBMlRfCv4us9I8BJyivNyF1w6nZaKAMYZDGbtbxzMzio/Ht0iBdaIAKUyUtiXfgv3wsvYgAU0YJ3NsJ0/3VAFaqRZQR8PadfKSr5z5PkyPhIRDA8rWHd+GQk1xoE0qpVkjJ4yfiFYlQ5EkdsUqV+sUD8Sfv3Uyu3C509QDm/PM20U0tNkEKRPxZITK2R7XP+wf4Whgx5vuirUUZ/kUsBNO7H2KHc3KCHTaKcO26r2bM+/kUirsjAzlrJo6U7H/npJQuUjXkksVzFRdzYemThmST2P7nV+5aSUHgb9XLOLSGnT3mm7UkECLSFwwt5AneSS+t8Zbe9/ub1QoRcTlcU6K/mIQLOa9NcO34PA3TGWWBSb0MyQ6iIQFsGvWglxGumtu3lG6kN2+d93wCoE4e8/UKIZdUnr2SIOIH3hG/rHhJQ+IAtta3GzQUo6NYxDuge2YvxbR9V8mWpocIy0TljtNFdSFYoR9ueuHexyga+F4ijOWWGyUkXllFEu4WI3yk83SuqGpWyFgeelhu/nc5S1dNZeQwmVYqVDSAFO9YQKQUG/D4eXiWWxqOFNM0+eF6fe3rz5XQENZOyiNjY=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(39860400002)(136003)(376002)(346002)(46966006)(36840700001)(70586007)(53546011)(9686003)(110136005)(316002)(55016002)(186003)(6506007)(6666004)(30864003)(5660300002)(336012)(26005)(7696005)(966005)(478600001)(33964004)(52536014)(86362001)(9326002)(2906002)(81166007)(166002)(82310400003)(83380400001)(82740400003)(36860700001)(70206006)(4326008)(356005)(8676002)(33656002)(47076005)(8936002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2021 18:31:09.6291 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 939fa66c-d768-473c-3601-08d8e58501d4
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT023.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6635
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/kpLJQY-XG3m5Gr9Aoo_X-5fHM20>
Subject: Re: [Rats] draft-birkholz-rats-uccs
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 18:31:18 -0000

Hi Laurence,

Could you clarify a few things?

> The horse is pretty dead, but one more comment.

What does this mean?

> My thought is that UCCS over-specifies security.

Could you explain what this means? My understanding is that the provide the protection just at a different layer. IMHO their approach has security advantages that are missing in a pure COSE-based security approach.

> UCCS is a very general format for use inside rats and outside rats.

Their document says not much more than: there are deployments where protection of EAT tokens are provided at a different layer. If you do that then it is not necessary to protect EAT tokens with COSE. I am not sure what “inside rats and outside rats” means.

> It also will be used in several ways inside rats (Evidence and Results).
My reading is that it will be used for the communication from the attester to the verifier.

> A general document like UCCS can’t anticipate all the use cases and all the possible security issues and all the security solutions for all the use case so it should just have some general warnings that it provides no security. Would make the document very short and sweet.

No document can anticipate all use cases. UCCS does not claim it does. It has a specific security model in mind, which is different from the one assumed by others. IMHO it is fine to use a format like EAT in different deployment contexts

> The general security architecture and concerns for UCCS applied to rats should be in the rats architecture document.
It might be good to discuss the security architecture in RATS.

>That said, I’m OK with it as is.
Cool!

Ciao
Hannes

LL



On Mar 12, 2021, at 8:55 AM, Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>> wrote:

Agree with Hannes.  I’ll also add that current text in https://tools.ietf.org/html/draft-ietf-rats-architecture-10#section-12.2 states:


“The security protecting conveyed information may be applied at different layers, whether by a conveyance protocol, or an information encoding format.  This architecture expects attestation messages (i.e., Evidence, Attestation Results, Endorsements, Reference Values, and Policies) are end-to-end protected based on the role interaction context.  For example, if an Attester produces Evidence that is relayed through some other entity that doesn't implement the Attester or the intended Verifier roles, then the relaying entity should not expect to have access to the Evidence.”



In other words, the first figure below actually shows a relaying entity (HTTP client outside of TEE/SE security boundary) that may have access to the evidence.



-Giri


From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Hannes Tschofenig
Sent: Friday, March 12, 2021 2:17 AM
To: rats@ietf.org<mailto:rats@ietf.org>
Subject: [Rats] draft-birkholz-rats-uccs

Hi all

draft-birkholz-rats-uccs was discussed at the WG meeting this week and there was some controverse around its security protection.

Having looked at the draft again I believe the proposal is sound. In fact, I would even argue that it provides better security protection than the use of COSE.

Here are my thoughts.

Here is how some want to deploy EAT tokens:

   +-------------------------------------------+
   | Device                                    |
   |                          +--------+ Maybe TLS/Maybe not
   |    +-------------+       |        |-----------+  +-----------+
   |    | TEE/SE      |       | HTTP   |---------+ |  |           |
   |    | +--------+  |  +----| Client |       | | |  | Verifier  |
   |    | |Attester|  |  |    |        |       | | +->| ( HTTP )  |
   |    | |        |<----+    |        |       | |  +-| (Server)  |
   |    | +--------+  |       |        |       | +->| |           |
   |    |             |       +--------+       |    | +-----------+
   |    |             |                        |    |        |
   |    |             |                        |    +--------+
   |    |             |                        |
   |    |             |                        |
   |    +-------------+                        |
   +-------------------------------------------+

                              EAT protected by COSE
             |----------------------------------------------|


Here is how the UCCS protection looks like:

   +-------------------------------------------+
   | Device                                    |
   |                          +--------+  TLS not needed
   |    +-------------+       |        |-----------+  +-----------+
   |    | TEE/SE      |       | Broker |---------+ |  |           |
   |    | +--------+  |  +----|        |       | | |  | Verifier  |
   |    | |Attester|  |  |    |        |       | | +->| ( HTTP )  |
   |    | |        |<----+    |        |       | |  +-| (Server)  |
   |    | +--------+  |       |        |       | +->| |           |
   |    |             |       +--------+       |    | +-----------+
   |    |             |                        |    |        |
   |    |             |                        |    +--------+
   |    |             |                        |
   |    |             |                        |
   |    +-------------+                        |
   +-------------------------------------------+

                              EAT protected by TLS
             |----------------------------------------------|

If you compare the two, then you might realize that a TLS handshake run into the SE/TEE actually provides better security properties than a  COSE protected EAT (with a signature or MAC) provides.

My conclusion is: draft-birkholz-rats-uccs is good stuff. I would even go as far as recommending to use TLS into the SE/TEE rather than terminating it on the non-secure side.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email