[Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 23 July 2024 20:58 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33E04C15152B for <rats@ietfa.amsl.com>; Tue, 23 Jul 2024 13:58:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRC_H5s-UoC3 for <rats@ietfa.amsl.com>; Tue, 23 Jul 2024 13:58:14 -0700 (PDT)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42EECC14CE3B for <rats@ietf.org>; Tue, 23 Jul 2024 13:58:14 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-52f04c29588so3648617e87.3 for <rats@ietf.org>; Tue, 23 Jul 2024 13:58:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721768291; x=1722373091; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=l0DhRh95Co8A0fRwB03FzpgobKCB6qxNo4WeYGGHfJ8=; b=W5Wgn740+hiSJGqsVpT+Tmmh6jr4Zkaa5YBeRDfVQ57ZAHIfoidqEb1O21fSeHRxX9 h/6tcpiJ3WBqr9fdNUJBGlSl8TioumDyXl8hNZ0gFnYdfxoa7ippSpy5BAZ/vm0YVsxS y/CWsRRJcE5+7gSLtqyZklJJRbbPvetW6OrOp2zYLQIfwEilSFVxm33kKoctw24SkBMS 1zrefVLiTaCO/CLJe608yzQo7kbvh3CmHqsPLgBDjh1XbMOMZMduLxPGevATQgpuX6Qz P2kA9uOzlX9/GKWsbjI+pia6rAbQh9Xr1ErB6I1Jfxs31684kb7YQv1SSCBILcZay5wl FVsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721768291; x=1722373091; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=l0DhRh95Co8A0fRwB03FzpgobKCB6qxNo4WeYGGHfJ8=; b=DpYuMBKthkXTKRZkrlTICm3WtDtsih0rdyLLIoWUL/OoBLZ3QbWHMJY2QNF4M9i55K Btf+qSfz8CNWlnjKFPEk26BcAGJI/Mm4ZpFvs/7H3jb1jfLVxPYNRuGCH7kD4JiB/t4b fMO0uVOmNw+VyBfzaAodt1qJFFDwP0b8NImY4ZGYJpLHHnQUc6pPSWaoULo9nyDmLFMG olRb41P1vPDeWvA5fjjX+TuXenNdlUUOzVsMuIxFE5SZjuCAraD7bpWX8gWFNtJu68d6 mfuV4z3QgnA56GCAb49Mf2DUVCMvuS5BChkdgl5hekLMyQ7wApNxlp5dkCelXILXtTUC qQcA==
X-Forwarded-Encrypted: i=1; AJvYcCXcIygSqU10GfN0AHEO/FyHAnS1924MXAQ+0cXlzCYCNqa2vu3aNctC3gEGw92Um9ma6EAVk52JPg7y5sSN
X-Gm-Message-State: AOJu0YwVY5gq0JsYiBhsx/wJbcOzfZ47BXodQ6Hv0nkxIsvRA3Z5vNM6 3+FYeVafPDvKzf/BkIn6/OXbhuzZW3fpx4Cnas8JAj5oFf59NbpXVplC/zvGmumLo6qJ6+cu1q7 3m21gkAWvILL/qO482Q1qPIF0rBs=
X-Google-Smtp-Source: AGHT+IHF75oydvybdxykbL5NhcMmFveOhX0MX/XpLsuwHUcxFCuFN31/OneAvjJf/r07XQZkpIi2LI/zC6DYrSgZAHk=
X-Received: by 2002:a05:6512:3f0f:b0:52c:e17c:3741 with SMTP id 2adb3069b0e04-52efb76b183mr7320250e87.5.1721768290951; Tue, 23 Jul 2024 13:58:10 -0700 (PDT)
MIME-Version: 1.0
References: <PH1P110MB1116C5BE031039613AA69302DC2DA@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM> <32215BE3-F49B-4B9D-BFC0-076A74CE09CD@tzi.org>
In-Reply-To: <32215BE3-F49B-4B9D-BFC0-076A74CE09CD@tzi.org>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 23 Jul 2024 13:57:34 -0700
Message-ID: <CAHbuEH5JLJhktq3YcGHqrN2sOWTRFASEwshjZDcj+BYQiZA5ug@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Content-Type: multipart/alternative; boundary="0000000000005e2a32061df06bf3"
Message-ID-Hash: QSDPQJZHKYFBE2ZDSLRNUISOVLLAQJDC
X-Message-ID-Hash: QSDPQJZHKYFBE2ZDSLRNUISOVLLAQJDC
X-MailFrom: kathleen.moriarty.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Roman Danyliw <rdd@cert.org>, "rats@ietf.org" <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/pahZ3fMr9rRq6Q8Mi6jn5hNxfnA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

Hey Roman,

I am bringing this message back to the top of your inbox.

Thank you!
Kathleen
(Shepherd)

On Thu, Jul 4, 2024 at 3:11 AM Carsten Bormann <cabo@tzi.org> wrote:

> Hi Roman,
>
> apologies for the slow reply, and even more so for replying on July 4.
>
> We created a -10 from the input we received on -09:
>
> HTML:     https://www.ietf.org/archive/id/draft-ietf-rats-uccs-10.html
> Diff:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-rats-uccs-10
>
> On 2024-03-19, at 00:49, Roman Danyliw <rdd@cert.org> wrote:
> >
> > Hi!
> >
> > I previously performed an AD review on draft-ietf-rats-uccs-08.  See
> https://mailarchive.ietf.org/arch/msg/rats/HU2eIC7AevBSBHGk5tqXSR8wMco/.
> Thanks for -09.  For ease of tracking issues, this new email summaries the
> remaining issues from AD Review.
> >
> >
> > ** Section 6.
> >  The security
> >  considerations of [RFC8392] need to be applied analogously, replacing
> >  the function of COSE with that of the Secure Channel.
> >
> > [per -08]
> > If all of the Security Considerations of RFC8392 apply, then there is an
> authenticity requirement for the Secure Channel.  RFC8392 says “it is not
> only important to protect the CWT in transit but also to ensure that the
> recipient can authenticate the party that assembled the claims and created
> the CWT.”
> >
> > [per -08] the Privacy Preserving channel of Section 4.3 (Section 5.3 in
> -09) seems to explicitly suggest that there “receiver cannot correlate the
> message with the senders of other received UCCS messages “ which seems to
> be the opposite of authenticity.
>
> You didn’t cite the rest of that sentence, "beyond the information the
> Secure Channel authentication provides.”.
> The objective here can be that this authentication be ephemeral.
> So the receiver can authenticate (an identity of) the sender, but cannot
> stash away a third-party verifiable representation of a signed statement
> that the sender has made.  Avoiding the creation of such a representation
> may be the main point of doing authentication in a Secure Channel as
> opposed to via object security (i.e., in a CWT).
>
> > [response]
> >> The objective of 4.3 (now 5.2) is to discuss how authenticity does not
> >> necessarily lead to linkability.
> >> It does not relax the authenticity requirement.
> >> (E.g., DAA replaces the attester key with a group key, and something
> >> similar could be a use case for secure channels as well.)
> >
> > [Roman] Can this nuance please be explained in the prose.  This seems to
> be a very different situation than authenticity in the CWT sense.
>
> I don’t think we want to discuss the example I gave in the email,
> authentication via group keys, in the document; such an application
> probably should come with its own, more specific, instruction leaflet (as
> should other examples, such as batch-endorsed single-use keys).
> But CWT also can use group keys (or single-use keys), so the situation is
> not that fundamentally different, except that the authentication with these
> on a Secure Channel can be ephemeral.
> (E.g., while it is already possible to use a group key or some kind of
> "DAA issued certificate" to establish a Secure Channel, such a procedure is
> out-of-scope of this document as it implies the issuance of endorsed keys
> of this kind in the first place. With a future specification that builds
> on, say, the RATS DAA I-D when it becomes an RFC, an additional document
> addressing the use of such endorsed keys could become a thing.  It seems
> pretty clear that the particulars of using group keys or similar to
> authenticate any end of a Secure Channel are out-of-scope of this
> specification.)
>
> > ** Appendix A.  Excuse my rough understanding of CDDL.
> >
> > -- [per -08] My read of this CDDL is that there is JSON hooks included
> with the JC<> construct.  This JSON binding isn’t explained any place else.
> >
> >> Yes.
> >> Parts about JSON bindings do not use normative language,
> >> because UCCS is
> >> about CBOR claim sets.
> >> This CDDL is designed to be useful in a mixed environment, based on
> >> requirements from EAT.
> >
> > I don’t understand.  This CDDL in Appendix A is normative, and so is the
> flexibility in its design to support JSON.  Otherwise, it would be “C<
> ...>” and not “JC<...>”.  I don’t take exception with providing a JSON
> binding but please explain this in the prose and in the introduction..
>
> The text introducing Figure 1 now reads:
>
> >> In Figure 1, this specification shows how to use CDDL for defining the
> CWT Claims Set defined in [RFC8392]. Note that these CDDL rules have been
> built such that they also can describe [RFC7519] Claims sets by disabling
> feature "cbor" and enabling feature "json", but this flexibility is not the
> subject of the present specification.
>
> We added “This appendix is informative”, as it does not preempt the
> definitions in RFC 8392, but provides a directly usable CDDL form of them.
> And while it is doing that, it does the same for RFC 7519 Claims Sets, as
> that is easy to include.
>
> Grüße, Carsten
>
> _______________________________________________
> RATS mailing list -- rats@ietf.org
> To unsubscribe send an email to rats-leave@ietf.org
>


-- 

Best regards,
Kathleen