Re: [Rats] UEID where an instance is a group member
Simon Frost <Simon.Frost@arm.com> Fri, 27 March 2020 10:45 UTC
Return-Path: <Simon.Frost@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B8853A0990 for <rats@ietfa.amsl.com>; Fri, 27 Mar 2020 03:45:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.361
X-Spam-Level:
X-Spam-Status: No, score=-3.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-1.463, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=KS9jC9Ys; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=KS9jC9Ys
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GS5x9T99V8sX for <rats@ietfa.amsl.com>; Fri, 27 Mar 2020 03:45:44 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70087.outbound.protection.outlook.com [40.107.7.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D6C83A098D for <rats@ietf.org>; Fri, 27 Mar 2020 03:45:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7GiKSilYd0cmC5IkNn+bU3mihIliNcyTYZaW05xIYOI=; b=KS9jC9YsAyIU3zS6vb+MRYI9mg86GpQSgBg8sspORpDldTNwsXwMVzygRqsCnUDIyOCDlmm3lUhY4vmn3ohJAxbgoZEDqt985ggjsLHB8hMoRZN7UfRKP+mOjJ3x4elOmBoW84Gwvcor7NtqdpsGkNMIVEJw47n+ijXZQzGm1ss=
Received: from AM0PR06CA0035.eurprd06.prod.outlook.com (2603:10a6:208:ab::48) by AM4PR0802MB2147.eurprd08.prod.outlook.com (2603:10a6:200:61::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.18; Fri, 27 Mar 2020 10:45:39 +0000
Received: from AM5EUR03FT049.eop-EUR03.prod.protection.outlook.com (2603:10a6:208:ab:cafe::54) by AM0PR06CA0035.outlook.office365.com (2603:10a6:208:ab::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.20 via Frontend Transport; Fri, 27 Mar 2020 10:45:39 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT049.mail.protection.outlook.com (10.152.17.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17 via Frontend Transport; Fri, 27 Mar 2020 10:45:39 +0000
Received: ("Tessian outbound 60d769d68364:v48"); Fri, 27 Mar 2020 10:45:38 +0000
X-CR-MTA-TID: 64aa7808
Received: from 14abbb9e49f8.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 1510C87A-DE68-4F6D-95A4-FECE85445ACC.1; Fri, 27 Mar 2020 10:45:33 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 14abbb9e49f8.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 27 Mar 2020 10:45:33 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sxc13T/X+7uTNXCsdFf9xsDY/UhKYREcpRFFZXjqjN18VOba2yGkF6U1mdjy42kSCeI+lxELNvIct5CDBv8L+kSguihxDd6TQHnXNlbQ/UAuCAA95rKYLN4FTxBXSZZeycs/aBcOttIMcDY+BmqJoS+JnBrJJNns/o72yvlr2Qk2xkQYNEkee2FjMrWQyOgIr6Qi8R5okA124Gx3jfpzumqn59LP4xCx9gCipV3/qxMosFaN7iA/XnldYjxlyEmE/eBb/AvzvhvwUgincACwmNVOOPMTpZW9RsusfgHFiLZb6H17v1/8aCabrdudaSkxBTXoiSy763hb2FqfG2L17A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7GiKSilYd0cmC5IkNn+bU3mihIliNcyTYZaW05xIYOI=; b=Z1FR4IZrFc+rfHthLNqcMHeX89t49E4DMFz9YwA2pAAIt1PQXijpzpFVzdKp8UJACc0iKkwPhLRoFH/zw5gf35ZiRY8twYTbDCP7hq1BdpUyVP+L4gV6fcPdZcznj3o/qm4t8DaQiUlqfLXu80WDC5148n3OVCcPK4kL5ZqH60YcrfOrd5Sv0sKMsoux0bmVt8/CU2ofKhYDeXjHmbd+lh8R8XAgdYXvT1DiWt5RiWCNXMWl+LMMU5GHatbifdcgyPIYsiri1g/TwD71v3tnTtG1VBKmc6S0l4Tk1CT/ZhbJf2XZPU/qVGaa+sCBPPFg4Of9wjf3hOklZYsxZW+3gg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7GiKSilYd0cmC5IkNn+bU3mihIliNcyTYZaW05xIYOI=; b=KS9jC9YsAyIU3zS6vb+MRYI9mg86GpQSgBg8sspORpDldTNwsXwMVzygRqsCnUDIyOCDlmm3lUhY4vmn3ohJAxbgoZEDqt985ggjsLHB8hMoRZN7UfRKP+mOjJ3x4elOmBoW84Gwvcor7NtqdpsGkNMIVEJw47n+ijXZQzGm1ss=
Received: from DBBPR08MB4903.eurprd08.prod.outlook.com (10.255.78.17) by DBBPR08MB4459.eurprd08.prod.outlook.com (20.179.43.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Fri, 27 Mar 2020 10:45:30 +0000
Received: from DBBPR08MB4903.eurprd08.prod.outlook.com ([fe80::4126:33a9:6bb6:9c0]) by DBBPR08MB4903.eurprd08.prod.outlook.com ([fe80::4126:33a9:6bb6:9c0%5]) with mapi id 15.20.2856.019; Fri, 27 Mar 2020 10:45:30 +0000
From: Simon Frost <Simon.Frost@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>, "Smith, Ned" <ned.smith@intel.com>
CC: "rats@ietf.org" <rats@ietf.org>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: [Rats] UEID where an instance is a group member
Thread-Index: AQHWAsKRdD+aXklc+0GMpNNrohEb06hcP6gw
Date: Fri, 27 Mar 2020 10:45:30 +0000
Message-ID: <DBBPR08MB49035D533662EE9ABCAD4164EFCC0@DBBPR08MB4903.eurprd08.prod.outlook.com>
References: <C205FBA7-71A7-4987-AE82-DA855BF86B84@intel.com> <C3A707FF-4AF1-4E0A-BABB-8EE2F52A2D2B@island-resort.com> <33f462bb-979e-80cc-9c27-af1e3b77d5e6@sit.fraunhofer.de> <7C94FAC2-AADB-4397-A50D-4FBB11EFCABA@intel.com> <A4C4246B-400F-4C38-839C-6747620C35C2@island-resort.com> <4F616CB6-6F42-43CE-94A6-ADD155900535@intel.com> <5F7158C8-F937-4769-A53B-B864D3010FBF@island-resort.com>
In-Reply-To: <5F7158C8-F937-4769-A53B-B864D3010FBF@island-resort.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 23f28331-9fe7-485f-a68b-5ded7b1961bf.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Simon.Frost@arm.com;
x-originating-ip: [212.69.61.73]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: e90c8da8-3896-4439-5ca3-08d7d23bfd56
x-ms-traffictypediagnostic: DBBPR08MB4459:|AM4PR0802MB2147:
X-Microsoft-Antispam-PRVS: <AM4PR0802MB21471BEC918F5613F9198ECAEFCC0@AM4PR0802MB2147.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:8273;
x-forefront-prvs: 0355F3A3AE
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB4903.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(366004)(39860400002)(136003)(346002)(376002)(396003)(53546011)(316002)(66946007)(5660300002)(4326008)(7696005)(110136005)(54906003)(66446008)(26005)(76116006)(66556008)(66476007)(33656002)(186003)(52536014)(64756008)(8936002)(9686003)(30864003)(8676002)(966005)(55016002)(478600001)(2906002)(71200400001)(81156014)(81166006)(6506007)(86362001); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 3ivrVkJ6B87Fsz7YTYNOTZHJafsJz8JwREE0JnERi+xfmKzKsL+6GsDEVAijFFRhAfe/7X8PNbjz4Mlc6ozaZ/VXRiJZv7f18WtYax5XxqgafT/9bECt4kFTBz7QF7ijXgYRzeYaW9PwTy3XhAqd1sSzZLuAB0DS0vMJYLghYFBQiVCKhGFrbFsKvXWypZth8MdARz/hJ0wY7jU53SfLXVmPT1Jka4Uxbm5DyVJGSmA8pTpHEX8WVR3hhqQcwVWFPcDRSwXbKRPd4na8dIrtJAmjT8KZQ69ZtalLI8076kVgm8lWTO9MXwDI+UOJWmS2rax+Cq2OcYe8dOE5zxqcwHTnqbMKSqlDOaI3YTOmk2PgwtOtEGNzeXAuIY+Oqpdy4ggeMfgFG6RVXtPV63Vy1t6rLe0RHsNONIZjArjKMqyQVkmigz17d8XL38gdA06+NXzX4wqyNl8CDBkIUAZ+3P3pO5SA//RND1BBzdIJM6dMbxp96QLmBaE+Sv11+LyN7AKhWtyzc72uIF1RXK3W1Q==
x-ms-exchange-antispam-messagedata: HWNJQsOv0NXNW8UIxcs1pftaj/ijXOTY8sejxEMM4zYaC4cJYqFmUbZ2uQRHf1mZ9teu1wyk5ux0qfPI9wUSi5EmrWncoCJQhwvipBiNwte+8OQnlud7yf6SsYezshCZ1VYVHPXQEf0dOW/94Of3BA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB49035D533662EE9ABCAD4164EFCC0DBBPR08MB4903eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4459
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Simon.Frost@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT049.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(396003)(376002)(136003)(346002)(46966005)(966005)(9686003)(55016002)(26826003)(30864003)(478600001)(2906002)(33964004)(81166006)(7696005)(8936002)(8676002)(52536014)(5660300002)(81156014)(336012)(86362001)(110136005)(316002)(6506007)(54906003)(186003)(53546011)(33656002)(26005)(4326008)(36906005)(70586007)(47076004)(356004)(70206006)(82740400003)(107886003)(579004); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 439b0b1d-3d1c-44f4-0875-08d7d23bf818
X-Forefront-PRVS: 0355F3A3AE
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: BOGzlBb/DMk+G7K1TpSE8THBuD9nNAAOKpqENJAoV2C9pnfzwezdjtI27vBmsdLydwDsv3hA1bC38eoH67UQ98SZw2XLTVKVjb0T8mlRTSMladyj8m1cLBHnfKZeXK4F0n2B3gpFmG/3zgbCM31eJmo3kNklDxsX+zjG9NM34VL3FdT9lV+DtFtqeZZDuN/LoAtbAENXma/B51w5g3+yDlUzRQfMS/PaBoyV5ubOcuZMhjWpcJXZvUuOzGMjnxAlDXYt5iLIEY9i9p1xX5jRilU6vp9YtR74CZiyXF0gtPHu8VmsWEgZDGQ5h6X7obs2O7LnBXOXLrwuN1B3p1LKGIodclH7TA33mxsquqqP14uZjvnCg8OYSgiThtSALAdCFe3Co8FGiWUwESaXFWS071UHTRZ5Ox8Uq95vvzcHBAqJXJipjz0uaZ0tDxwu9EtucUhSFwbCQyVmLVhCjLKwhoJEDGf34lrG1kMrw/NA4Ktb1PdlVfnSAxZ2GXZD9A80514tJuyMET0P4f8n3fAe4pEyGqkNEhLmH/NvGVI95XZSIMlpYLmrYfDjVyhh4uoYJjKAIiM4XjGwTZp4zGZDeg==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2020 10:45:39.0592 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e90c8da8-3896-4439-5ca3-08d7d23bfd56
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2147
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/KH-c350kKS9jE7lrOsXbtLr0uq0>
Subject: Re: [Rats] UEID where an instance is a group member
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2020 10:45:49 -0000
> If we want some other thing that is a claim that is for groups of devices, define that separately and say what the purpose and rules for grouping are. That’s one use for what I was proposing, which was the creation of a GEID because for a group use case, the UEID claim from the current definition is not suitable. The intent was to try and avoid divergence by forcing the use of custom claims. I believe is that it’s impossible to predict the usage of such a claim and thus was not anticipating any constraint on how an implementation could consume it. I wanted to raise the key association possibility to make sure it was properly discussed, but it’s entirely possible that the signing and identity don’t go hand in hand. Cheers Simon From: Laurence Lundblade <lgl@island-resort.com> Sent: 27 March 2020 01:15 To: Smith, Ned <ned.smith@intel.com> Cc: rats@ietf.org; Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Subject: Re: [Rats] UEID where an instance is a group member I was trying to make the case that the bits in the secured attestation that the verifier uses to verify the signature (key ID, X.509 cert chain, ECDAA parameters and such) are not always the same as UEID, as a device identifier. Seems like we agree on this, as you say a key ID identifies a key and UEID identifies a device. I’m quite sure that Simon’s proposal is to use GEID to identify keys. I say it’s find to have such an identifier, but put it in the COSE headers where key IDs should go and just use it as a key ID. If we want some other thing that is a claim that is for groups of devices, define that separately and say what the purpose and rules for grouping are. LL On Mar 26, 2020, at 2:58 PM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote: Laurence, The point I was making is that EUID and keyID are not always synonymous. In a case where a device only ever has one key, then maybe they are synonymous. Otherwise, they should be treated differently. My assumption is UEID identifies an entity (device) while keyID identifies a key. A GEID has the same semantics in terms of being an entity identifier (vs. key identifier) only the GEID points to an entity that is pseudonymously named. I agree it might be a useful to write a draft that defines how attestation for privacy sensitivity should be accomplished. The other observations seems accurate but I don’t see how they relate to the discussion about whether entity identifiers differ from key identifiers. Thanks, Ned From: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> Date: Thursday, March 26, 2020 at 10:35 AM To: "Smith, Ned" <ned.smith@intel.com<mailto:ned.smith@intel.com>> Cc: Henk Berkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>, "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>> Subject: Re: [Rats] UEID where an instance is a group member The claims giving characteristics of the device should really just focus on the characteristics of the device, not the scheme for securing the evidence and results. Seems like overloading could result in trouble. For example, you need to change the grouping scheme because of some manufacturing problem, but you can’t because you are using it to represent some type or model info. Or maybe there’s a proxy necessary for securing attestation evidence. It would be best if it didn’t need to look into and/or modify the claims. Here’s a few schemes I think are likely to get used to secure evidence and results: * Basic flat per-device public key * Some X.509 hierarchy that may have X.509 certs carried in COSE headers * ECDAA and other variants of DAA that may have other things in COSE headers * Group keys like FIDO, Android and this proposal * Symmetric schemes, either per-device or group * TLS (particularly for attestation results) * Other new crypto protocol... COSE, JOSE, TLS, CMS and such all provide headers / parameters to carry things like key IDs to make all of these schemes work. Using UEID for the key ID for per-device keys is probably mostly OK because it is exactly using the semantics of the UEID. There’s not really any overloading. GEID used for a key ID and something else would be overloading. Better to clearly define separate claims for device types, models and such. I’d suggest defining a group key ID header for COSE (and JOSE) and using that instead of inventing the GEID claim. It would be even cooler and more useful to write a draft and standardize privacy-preserving attestation signing for COSE. It would be really beneficial for lots of people doing attestation that need to solve the privacy problem. Maybe FIDO and Android would eventually adopt it someday. If using the group key ID header, you’d leave out the UEID, so the number of bytes transmitted is the same (if you put the UEID in you’d break the privacy preservation). Keeping claims separate from security header parameters also keeps the SW stack simpler and cleaner. To verify typical COSE: - Parse the COSE headers to get the key ID and look up the key - Verify the signature and get the payload - Decode the sig-checked claims in the payload If you depend on the claims to verify the signature: - Decode the COSE structure to get the unverified payload - Decode the unverified claims to get the key ID and look up the key - Verify the signature and get the payload - Decode the sig-checked claims in the payload again LL On Mar 25, 2020, at 11:34 AM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote: It seems the purpose for using group ID (GEID) instead of a device ID (UEID) is for privacy reasons. UEIDs can be used to track device instance. This violates the pseudonymity/unlinkability requirement (https://tools.ietf.org/html/rfc6973#page-18). Therefore, if the device is operating in a privacy protected mode it might opt to use a GEID instead of a UEID as its identity claim/evidence. Keep in mind that keyID is also potentially privacy sensitive. Therefore, the keyID in privacy sensitive mode should refer to a privacy preserving / group key. For example, in FIDO there is support for DAA keys (I think?). The use of identifier claims and key IDs should be consistent with the privacy protection requirements. Either GEID is a privacy preserving equivalent to UEID (and a group attestation key is used to attest when in privacy protected modes). Or key IDs double as identifiers which seems to suggest UEID and GEID are unnecessary. However, since a device may have multiple keys over its lifetime (and therefore multiple key IDs) the value of identifiers (UEID / GEID) being distinct from key IDs is that the device / group identity persists even though keys are revoked/replaced/refreshed. -Ned On 3/25/20, 9:55 AM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org> on behalf ofhenk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>> wrote: Hi Laurence, potentially, I just realized, it could serve the purpose of matching the Authenticator Moodel of a FIDO Authenticator and therefore might help the peer that the Atttester is talking to understand the format it has to expect being incoming based on the additional input of a FIDO Metadata-Service (aka the Authentcator-Model that is called, IIRC?). Any structure of that kind would help a Verifier to better... "guess" (well.. it probably is the output of some kind of negotiation), whether it is, e.g. FIDO or RIV? Viele Grüße, Henk On 25.03.20 17:46, Laurence Lundblade wrote: A GEID of similar structure to a UEID seems like a possibility, but what exactly is purpose of such a GEID? What does the RP do with it? What does the verifier do with it? An RP will use the UEID to track the unique, specific device. That is its clearly stated purpose. In some designs, a verifier may use the UEID to identify the verification key, but that is not the UEID’s purpose. It a useful side-effect. If the purpose of a GEID is solely for the verifier to identify the verification key, then I don’t think it is should be a GEID. It should be key id. So for me this kind of hinges on what a GEID will mean for the RP. What are the groupings it gives and how are they meaningful to an RP? LL On Mar 25, 2020, at 9:29 AM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com> <mailto:ned.smith@intel.com>> wrote: Is a GEID structurally different from a EUID? I think currently a EUID is either a 128-bit or 256-bit bstr. I assume the semantics of uniqueness differ. *From:*RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org> <mailto:rats-bounces@ietf.org>> on behalf of Simon Frost <Simon.Frost@arm.com<mailto:Simon.Frost@arm.com><mailto:Simon.Frost@arm.com>> *Date:*Wednesday, March 25, 2020 at 8:47 AM *To:*Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com> <mailto:lgl@island-resort.com>>, "rats@ietf.org<mailto:rats@ietf.org> <mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org> <mailto:rats@ietf.org>> *Subject:*[Rats] UEID where an instance is a group member We had an internal discussion in response to some changes in PSA which have elaborated the definition of an Instance Attestation Key (IAK) so that it may either be “unique to each device or a collection of identical devices”. The definition of the Identity claim is now a value that identifies the IAK. This has been done to support entity grouping for (some) privacy scenarios. While we have an EAT Profile for PSA that uses a full set of custom claims, our intent has always been to be to migrate as many claims as possible to the standard once the RATS work is complete. Previously, there has been a direct analogy betweenarm_psa_UEIDand the standard UEID. With this change though, we would have to move away from this. The current description of UEID makes it clear that it must be device world unique. There is some discussion (https://ietf-rats-wg.github.io/eat/draft-ietf-rats-eat.html#name-ueid-privacy-considerations) of the group scenario, but the only statement about the claim situation is that “It will often be the case that tokens will not have a UEID for these reasons”. In the privacy scenario, it is still desirable to have an entity identity claim, for use by a verifier or for general usage. The options seem to be: a/ If the entity is unique, include an UEID claim, otherwise include a custom group claim. It seems a pity to encourage diversification between profiles. b/ If the entity is unique, include an UEID claim, otherwise use a new standard GEID claim c/ punt this problem out to the kid of the COSE wrapper. This would ignore any more general uses of group identities. Of these, b/ (introduce a new standard GEID claim) seems to make the most sense and is the option we would propose to the WG. Thoughts? Thanks Simon Simon Frost Senior Principal Systems Solution Architect, ATG, Arm Mob: +44 7855 265691 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] UEID where an instance is a group member Simon Frost
- Re: [Rats] UEID where an instance is a group memb… Smith, Ned
- Re: [Rats] UEID where an instance is a group memb… Laurence Lundblade
- Re: [Rats] UEID where an instance is a group memb… Henk Birkholz
- Re: [Rats] UEID where an instance is a group memb… Thomas Fossati
- Re: [Rats] UEID where an instance is a group memb… Simon Frost
- Re: [Rats] UEID where an instance is a group memb… Smith, Ned
- Re: [Rats] UEID where an instance is a group memb… Laurence Lundblade
- Re: [Rats] UEID where an instance is a group memb… Smith, Ned
- Re: [Rats] UEID where an instance is a group memb… Laurence Lundblade
- Re: [Rats] UEID where an instance is a group memb… Smith, Ned
- Re: [Rats] UEID where an instance is a group memb… Henk Birkholz
- Re: [Rats] UEID where an instance is a group memb… Simon Frost
- Re: [Rats] UEID where an instance is a group memb… Thomas Fossati
- Re: [Rats] UEID where an instance is a group memb… Laurence Lundblade
- Re: [Rats] UEID where an instance is a group memb… Laurence Lundblade
- Re: [Rats] UEID where an instance is a group memb… Laurence Lundblade
- Re: [Rats] UEID where an instance is a group memb… Smith, Ned