IETF Logo Mail Archive

Re: [Rats] Removal of the "replay protection and privacy" section in the EAT draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 29 September 2022 14:52 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 710A7C14CF17 for <rats@ietfa.amsl.com>; Thu, 29 Sep 2022 07:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=1IiMt8H0; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=1IiMt8H0
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QgTQwPyAthKw for <rats@ietfa.amsl.com>; Thu, 29 Sep 2022 07:52:31 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50068.outbound.protection.outlook.com [40.107.5.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F19DC1524D7 for <rats@ietf.org>; Thu, 29 Sep 2022 07:52:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=kzqSZv5WVOvWCkFwZjEX+a1ERePRU4rl62e+V3kz1jWptZCEtrkWaobTKqfE4mKXCcgrQDjXD8ewZDVgtQ1CIToMGWZDkBjz/Oc4284v7vU8oWyzb2yhQURomtlRLzGLHaqb2WTP73m61/ruyZExyPPm75+lujyu5FqJKY42QvdMhbRW7bnffRi1kTJMFQivUWNhO5vw4ORvdUo0s2/W/kxS6l7KO/4VGk4g02cvR90dV77sTMA/cbE/tsJ8bZZPUawSqDw0yP8ZwKrFPjyjEEYbDED6u+KL6VEUGdSllw4YKk4pq8lTBV1wqc5agYK/Hgf2RIqYD8wsbxr0QJWR4Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dQuvkuIuIHd6HKrnRJR30cf1hgXuP7aPF1d8cdO9PFk=; b=AGRmeZABqjT1SiLCjNplU78VqHzXg/Xv7292/q2UedfGEtTjL0U7jcs09uem2A+sVSk3u3W2BDA7CItvrneDzAfDCh2LqOakumCtassFRRhsDt2FF88FOZpTN8ea7O0IvO+VqoZGKmbLLAUCqDT8PIl1YAUDRkyMvnGYAQlY3CHHFxoBdYrgubEvQdyQ7WugDzhWItsbqwUWyrHQwkBdIrD+HtBKOzNBFX/1NXVDd8Zp143QDORmkjDKhh3miQcFZqENWu13st0b8rRkAxy5ZkpP/ZFAH8Rzyo3f1C1Y27A+zpmd3SRyEwBk5V1DjdrLVKstUrl2UBqJbnITokubgQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQuvkuIuIHd6HKrnRJR30cf1hgXuP7aPF1d8cdO9PFk=; b=1IiMt8H0ZZNIU64groP1xSIuAkO2d8d+eKPdwVP8kDZ1QrWKoUhzKwPAu+iel99Bo2j67nbP+ikftvrZu8dNfzkCKqXzMoT3Ri3NuZRRj/j/GH4GLlV9E5DVph5en1n3vzN1wnAJSk0f06HsNFDhiqJ7tIYhKt9Coxq4MicVfws=
Received: from AM6P191CA0032.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:8b::45) by DU0PR08MB9202.eurprd08.prod.outlook.com (2603:10a6:10:416::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.17; Thu, 29 Sep 2022 14:52:18 +0000
Received: from VE1EUR03FT021.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:8b:cafe::92) by AM6P191CA0032.outlook.office365.com (2603:10a6:209:8b::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.20 via Frontend Transport; Thu, 29 Sep 2022 14:52:18 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT021.mail.protection.outlook.com (10.152.18.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.17 via Frontend Transport; Thu, 29 Sep 2022 14:52:17 +0000
Received: ("Tessian outbound c2c2da38ad67:v128"); Thu, 29 Sep 2022 14:52:16 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: faf2a83712a61769
X-CR-MTA-TID: 64aa7808
Received: from db0ad1d599d5.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 51DA5C15-3145-49CC-BC38-72A03BD902AD.1; Thu, 29 Sep 2022 14:52:09 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id db0ad1d599d5.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 29 Sep 2022 14:52:09 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JRjv56TlfEaVopVcY4S3HKrOhCApmYtdUs/3uD89CsuPRiN5uapT9ry1AxOuVhn0w3uGnEtuRuI9hQWiQj21EZczVGFHmbsb1dCjKBAlo0hLtDUp/cElx8MpPXYDCICmcCX2Y+S27bkNonqseMPcST8eS65hrQH8pbuMNHNtql0d0hvsd2BEzKCj2ojM5Ss9vLmUA8K2wnSXdWlPRMvvXl7z81GEjtjUlWcbIk2yZoChtLESpMVJ6VH589PdBTwkOzB5jOKfa7EGpKUVCsRHWIR8uu8ulxJwHdPvt4FOu1K1UDDT1+cY7AzaAU9Me65o836yu0kt7VniQ2t2LBDstA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dQuvkuIuIHd6HKrnRJR30cf1hgXuP7aPF1d8cdO9PFk=; b=Jr4oFn9UlhQjYlD+GD9TpN/ytb27LRFDjtgu7rePR2J4YVY+0SsUfGZsbwWUUFtjRys3ioQFE8CsjzmT80FcfIu6xkNLWESP5SE4PrM//QEOya3teVOCk5pSL4WGK0054imUeswgeUvwN1ZSBBqKXp8sVixXopDZw5jidx0V9Z2LBpMWZj/n92mcYs6xA+qj7Odisau6/9NVTE6mErnmalycTWUh+PYYmAAOF6agU3+G36jb1F8Was33I2zMXs/9BU6VITwj8CjXY5hVmHSUrHILyPMSGczSw7CZLwUO7VjpA5FX9XYfJe12OrjgkwV4wd+XUX0TvwAH9dJsweIT8A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQuvkuIuIHd6HKrnRJR30cf1hgXuP7aPF1d8cdO9PFk=; b=1IiMt8H0ZZNIU64groP1xSIuAkO2d8d+eKPdwVP8kDZ1QrWKoUhzKwPAu+iel99Bo2j67nbP+ikftvrZu8dNfzkCKqXzMoT3Ri3NuZRRj/j/GH4GLlV9E5DVph5en1n3vzN1wnAJSk0f06HsNFDhiqJ7tIYhKt9Coxq4MicVfws=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by AM8PR08MB6433.eurprd08.prod.outlook.com (2603:10a6:20b:36b::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.19; Thu, 29 Sep 2022 14:52:04 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::d48c:61b9:7a6a:88bc]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::d48c:61b9:7a6a:88bc%9]) with mapi id 15.20.5676.020; Thu, 29 Sep 2022 14:52:04 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Removal of the "replay protection and privacy" section in the EAT draft
Thread-Index: AdjT95DcUeBB3MsiQ7iId+dgIoVOIQAEePCwAAD/5UA=
Date: Thu, 29 Sep 2022 14:52:04 +0000
Message-ID: <DBBPR08MB59153091FA26DA7E744DBCA8FA579@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <DBBPR08MB5915743F728A04E27961AD36FA579@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR02MB83536F77C65C2A2E182F705E81579@SJ0PR02MB8353.namprd02.prod.outlook.com>
In-Reply-To: <SJ0PR02MB83536F77C65C2A2E182F705E81579@SJ0PR02MB8353.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 1CE43505668A4E4CB1532709C2EB3E89.0
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DBBPR08MB5915:EE_|AM8PR08MB6433:EE_|VE1EUR03FT021:EE_|DU0PR08MB9202:EE_
X-MS-Office365-Filtering-Correlation-Id: 7878701b-88e8-4d4a-b07f-08daa22a347b
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: XTsyqe7bLLITW20EUh59Ufi1VXgueK2PWmV8vkydjfCH3dYo5a8B5P/gBJ1LfZ+sGyh6Dm+GICHktdS5EAkj4oZjjZ8M1vZT3CCrEyxcMWQ/Gj48QNf41hH+uvGqCTGZYrfnT7uHn+AFS5gl+e7ndxqhfgv1kZKp+HPqVI7XasIPAej3DOimUVNLqN7vIv34iTJhTzKh6u8zLgunBwww0Z3Io3yJ2odJECnqYITblPD84e607JA69BImWYclhlC822SU37VcLRHVdEPGz/+4oDPNny3KfTMG8/WM/A57O1Y+v8U2wI+0mlfRIP6FJDhrHUEmv/fmQXilJQjvMALcG+f2RC2kJRgkuVnMCk5jBsMM2Emozox9ixfFgd9KXyqdTBjRCBiD/r9ioTNfuPjGeHq5lSecC2f0m8ipN8zzfzgh3w4Fafy/MYLaio49UZOcQlWLEodSJExjoPhTl9pfCXw66cWCSt4vV8poe5w/gMs1XPU19EGgezSaa3XCr192RRVdWru04TFKvVWYUa0egpoYqaC0sjtPvXPOZT+MxQoYUlh58z5NH8FdxaGPqWqPpKdj9Rj6JLeaJr6iiouGsYat0pMCTM/YxKhdhcZ74kvISEPQInOF1VGosueXR1paLFiejC5PkvhKEtW7H1OW4lh03OEPBGECop/uCU1kF3BpxeaNpsYl+oP59JHUmQAESr3g/cKmZ1sW7VroSYk/XFobJj1TFw9lF05YO/QeCZBIEEbQtEeEV3TJkfV3erD5vfiWppk3w5MC2fGkt9jSkZe5cy/3A6SVoLMYXGDdAheAY/DSJcygF9C2bkpB3QKdofVLngkrWekyzMdB6SaZBKwgxY2LnSsFF0daSYnADyM=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(366004)(39860400002)(376002)(396003)(136003)(451199015)(66946007)(110136005)(33656002)(86362001)(66899015)(38070700005)(5660300002)(122000001)(83380400001)(186003)(64756008)(66446008)(38100700002)(26005)(55016003)(53546011)(7696005)(71200400001)(478600001)(966005)(2906002)(66476007)(316002)(8676002)(6506007)(76116006)(9686003)(66556008)(41300700001)(8936002)(52536014)(12393003); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB6433
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 5b8c1687-3464-4aa6-cbb5-08daa22a2c6a
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: YhI3tu4hgUjOGth974iylWefqLNa//unQUtmozt12hl/FM3foJSEmz/2QOMJw4zxRtPXLyGAU3VdDB7TNxyFYuIcVxYCqMcwlS0zFw4iExmSymcDuiay7mil6fMkRwE7r+1t5k01YWD5VuSENtWnNeUdg+PcPyo8XhGranRnwoxQBSDuA+AzESgs1xYosAfVFKJIo2Zj3eMAe277X5VwmFN/4DScr9ogsEuiLYUJYvsU9IpYIWo/X+k3CAbpZ1QIrL+6M17gODF9+D+zzJXvC2+eHMvidyqOkEG7GB2dA9I0u9dwNYRPhvUBYmK2KVWzMVA6dtUO74fHH9o0QqNElfan1ZF8mypn/tfRsYKRT3sKGIOGIvOu7ACiX+AVVR1vO18gF9KAKfcxZcBREE5oz9Or+hSz05bgDFclfe4muUuWN5nt+bRDimfiBusDoipdEu+vXvDpQ10msQhdiXlEDb407RGEf1zHWEELqGj2yjoc2FxZxLzNiy8j116FqfXgNG49kAYQWebzwdC/bAbaGiVo0hWqNjNYa5A3ND5JQqxTLRmNgBzpbo0WMJVDEc1xtkOmAeKrNjwlQ8dKwGSul7FsIZp5CKxC5oKy6hUmYblOUzYBHJvk3Dzvw+anFH+Ycw09fSqVtEyeprS/0vcAPWSm7erg5kGPw4MQskazPXyK1fjvGFx7wNbYwIIZ+GxMrYb0mlG+IX8Xp0Zk8+glHnKvVxz/33/ggb1UXeUbL6f7vfq3Lgik76nmd81ByMjfZRzA2opcd8VmTZmKujfWmim/KOGdzLxnO70unecQokZZ2vhByLQ1hZZGzPc4iqyNSs8ETfrJySUMrcWnaX2hGCpw7Wq+DfKNo0R4Pgizvz4=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(396003)(346002)(376002)(136003)(451199015)(36840700001)(46966006)(40470700004)(40480700001)(86362001)(40460700003)(47076005)(82740400003)(55016003)(81166007)(83380400001)(356005)(966005)(316002)(33656002)(70206006)(52536014)(110136005)(8936002)(70586007)(8676002)(41300700001)(2906002)(82310400005)(336012)(5660300002)(186003)(478600001)(53546011)(26005)(9686003)(36860700001)(6506007)(7696005)(66899015)(12393003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2022 14:52:17.7821 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7878701b-88e8-4d4a-b07f-08daa22a347b
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB9202
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/l-zEqAVZMPNhrLA-bVsdh_3j2Uk>
Subject: Re: [Rats] Removal of the "replay protection and privacy" section in the EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 14:52:37 -0000

Hi Giri,

Good to hear that the text about the cti/jti was removed.

If I just look at the remaining text from the replay protection section (see below) then the content has obviously changed: instead of claiming that the cti contains an equivalent of a username or account login, it now says that the nonce may contain that information.

Why would anyone use a nonce to convey a username in it? Has anyone done this already?

Ciao
Hannes

------

Replay Protection and Privacy

EAT defines the nonce claim for token replay protection (also sometimes known as token "freshness"). The nonce claim is based on a value that is usually derived remotely (outside of the entity). This claim can be used to extract and convey personally-identifying information either inadvertently or by intention. For instance, an implementor may choose a nonce that is equivalent to a username associated with the device (e.g., account login). If the token is inspected by a 3rd-party then this information could be used to identify the source of the token or an account associated with the token. In order to avoid the conveyance of privacy-related information in the nonce claim, it should be derived using a salt that originates from a true and reliable random number generator or any other source of randomness that would still meet the target system requirements for replay protection.

-----Original Message-----
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
Sent: Thursday, September 29, 2022 4:07 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; rats@ietf.org
Subject: RE: Removal of the "replay protection and privacy" section in the EAT draft

> The text above talks about two mechanisms, namely
>- nonces, and
>- the cti/jti.
> In the EAT draft version -14 the cti/jti claims are mentioned in two sections, namely in Section 8.4 (see above) and also in Section 4.3.1. The cti claim contains a unique identifier for the JWT.

Actually all mention of cti/jti has been removed in this section and the rest of the document as of recent PR merge.  See https://github.com/ietf-rats-wg/eat/pull/308.  EAT spec is now silent on the use of cti/jti.

I do think there is room for cti as the sole replay protection in an EAT token when a nonce is not possible (i.e. one-way transport such as IP Multicast/BLE-AD), but it appears that group consensus is to not discuss it as a replay mechanism in the document itself.  EAT does not prevent an implementor from using an existing CWT/JWT claim so cti could appear in an EAT token.

> The privacy implications of the nonce are not described nor are other privacy implications of the iat (issued at) claim defined, which would correspond to the timestamp replay protection mechanism defined in the RATS architecture.

That is not my interpretation of the current text.  The text only discusses the privacy implications of the nonce.

Moreover, iat is a claim whose value is set by the token issuer.  Nonce presumably is not.  For claims set by the token issuer, the attester could (depending on the implementation) take user privacy preferences into account when determining which claims to include.  As a crude example, if an entity's permissions settings indicate that location should not be exposed by the device to any 3rd-parties then the location claim could be excluded by the attester.  Therefore the privacy considerations for the 2 claims are different.

There could be a privacy considerations sub-section for token-issuer controlled claims, but I think such considerations would not be particularly meaningful without assuming certain implementations (e.g. Android/Windows permissions framework and how it affects claims included in the token).  This might have been the reason why RFC 8392 avoided such a discussion altogether (https://datatracker.ietf.org/doc/rfc8392/).

-Giri

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Thursday, September 29, 2022 4:37 AM
To: rats@ietf.org
Subject: [Rats] Removal of the "replay protection and privacy" section in the EAT draft

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Hi all,

In PR https://github.com/ietf-rats-wg/eat/pull/299 I proposed a re-write of the privacy consideration section.

As part of my re-write I removed text that was, according to Giri, "reviewed and agreed upon by the Architecture team and EATS editors in https://github.com/ietf-rats-wg/eat/pull/164".

Now, I would like to bring it to the group. Here is the relevant text:

8.4.  Replay Protection and Privacy

   EAT offers 2 primary mechanisms for token replay protection (also
   sometimes known as token "freshness"): the cti/jti claim and the
   nonce claim.  The cti/jti claim in a CWT/JWT is a field that may be
   optionally included in the EAT and is in general derived on the same
   device in which the entity is instantiated.  The nonce claim is based
   on a value that is usually derived remotely (outside of the entity).
   These claims can be used to extract and convey personally-identifying
   information either inadvertently or by intention.  For instance, an
   implementor may choose a cti that is equivalent to a username
   associated with the device (e.g., account login).  If the token is
   inspected by a 3rd-party then this information could be used to
   identify the source of the token or an account associated with the
   token (e.g., if the account name is used to derive the nonce).  In
   order to avoid the conveyance of privacy-related information in
   either the cti/jti or nonce claims, these fields should be derived
   using a salt that originates from a true and reliable random number
   generator or any other source of randomness that would still meet the
   target system requirements for replay protection.

The RATS architecture talks about three approaches for providing freshness, namely
- timestamps,
- nonces, and
- epoch IDs.

The text above talks about two mechanisms, namely
- nonces, and
- the cti/jti.

(As you will see later, the cti/jti does not correspond to one of the freshness mechanisms from the RATS architecture.)

In the EAT draft version -14 the cti/jti claims are mentioned in two sections, namely in Section 8.4 (see above) and also in Section 4.3.1. The cti claim contains a unique identifier for the JWT.

Assuming that an implementer uses the cti to convey a username / account login is unjustified given what Section 4.1.7 of RFC 7519 defines it to be, see  https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7.

So, there is only a privacy problem with the cti/jti if you use it in a way that has not been envisioned and even suggested by the RFC that defined it.

The privacy implications of the nonce are not described nor are other privacy implications of the iat (issued at) claim defined, which would correspond to the timestamp replay protection mechanism defined in the RATS architecture.

For this reason I suggested to remove this text from the privacy consideration section.

Ciao
Hannes



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email