[Rats] review of draft-birkholz-rats-uccs-02
Thomas Fossati <Thomas.Fossati@arm.com> Tue, 16 March 2021 00:59 UTC
Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E788F3A14F6; Mon, 15 Mar 2021 17:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=jQqUE0Ul; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=jQqUE0Ul
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6lNXgFdALbyN; Mon, 15 Mar 2021 17:59:17 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2083.outbound.protection.outlook.com [40.107.21.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0613F3A14F5; Mon, 15 Mar 2021 17:59:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8YMTntOdl/KwUYDmOafwttJnuC5d7nTsBpBgvWLJd8=; b=jQqUE0UlANP9cswZ5nqNBBlhsSodoWVSodQzVBenJDLk3mfyk+trR4UHRy37Y587tmygTBXbe5Jeq+9aA2b9CzTxU09uFpa8mh4seLuxS/4qvivXXgw1T9aVAR1Tdo1GnekAqnorEC+zXH+rummOj+OgRKS2Beu0gjbXDkw0/3E=
Received: from MR2P264CA0025.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500::13) by AM0PR08MB4547.eurprd08.prod.outlook.com (2603:10a6:208:140::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Tue, 16 Mar 2021 00:59:10 +0000
Received: from VE1EUR03FT021.eop-EUR03.prod.protection.outlook.com (2603:10a6:500:0:cafe::1e) by MR2P264CA0025.outlook.office365.com (2603:10a6:500::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31 via Frontend Transport; Tue, 16 Mar 2021 00:59:10 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT021.mail.protection.outlook.com (10.152.18.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31 via Frontend Transport; Tue, 16 Mar 2021 00:59:09 +0000
Received: ("Tessian outbound 3151b67811f0:v87"); Tue, 16 Mar 2021 00:59:09 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 3a0017cd6f86201a
X-CR-MTA-TID: 64aa7808
Received: from b6bd4903ee2e.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 5677C337-58A4-4D89-9B32-FE9C45CD5FFB.1; Tue, 16 Mar 2021 00:58:58 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id b6bd4903ee2e.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 16 Mar 2021 00:58:58 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GWvSDFwL+/UF9ttieqphSCo6CzHDXPnhWgy7fzxiktv0uYPerBNV6M9WhvCK9/QypoVAga7v5/5VDeHfmmLxZshQNZQ54Da0RICyLSEaYQmvjK8TXJ76ZaWFnnfh4PCKEJNPOqBsVSZol4y99KCJYtyI7ayZZJ9dqHhlThXzZblAMejjLJN98NyZMALPCQBkVYU7won3Dy1rdKYFdli0DquuK3GQRbn1ZR/l7k06rjg2Ku8GhXTToC9NCei8kldS2jx9pPjaolYRgZGgec2wNw0xUetUGiD/booTEFfExZZm2Y0XL8iEQ7C/SZ1WwsJ0WXsD2bK6zxeOt1XKFHipNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8YMTntOdl/KwUYDmOafwttJnuC5d7nTsBpBgvWLJd8=; b=CcmbPReM8HooDFN9sBMowrvmAAOvS1GuSA2sUvIe48IuMNb/Mkm9q9VoQB7LJpcvQgkT/r1liRioz+hIgNFe0oxH7Ro4rTnwL/YvkF2CsoKKDmcph30d8cJENN6/JXO4qlSoFx+mi2TJT3LIA86DqyziQu9yv1jEsMAxZEMWDdZ/AgXoT2UAG9WPYOQF5KKoTw11uh1xS1fUctYvvuunitxbyPfz3CnvvEjOSvHO4R544uVFuVR8/VhCoaFur2zDTvnFku8I+wg5Hq6BYwkusm7jCyIB3FxSe0a7eTrIvW2W0PdB82sxXqd1GEQe3mylL+s/QBe3eOZVlxsFtPNfLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8YMTntOdl/KwUYDmOafwttJnuC5d7nTsBpBgvWLJd8=; b=jQqUE0UlANP9cswZ5nqNBBlhsSodoWVSodQzVBenJDLk3mfyk+trR4UHRy37Y587tmygTBXbe5Jeq+9aA2b9CzTxU09uFpa8mh4seLuxS/4qvivXXgw1T9aVAR1Tdo1GnekAqnorEC+zXH+rummOj+OgRKS2Beu0gjbXDkw0/3E=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by DBBPR08MB4743.eurprd08.prod.outlook.com (2603:10a6:10:d9::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Tue, 16 Mar 2021 00:58:56 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::1f5:375c:310f:7df5]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::1f5:375c:310f:7df5%4]) with mapi id 15.20.3933.032; Tue, 16 Mar 2021 00:58:56 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: "draft-birkholz-rats-uccs.authors@ietf.org" <draft-birkholz-rats-uccs.authors@ietf.org>
CC: Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: review of draft-birkholz-rats-uccs-02
Thread-Index: AQHXGf+K+kf+ALiX8EuhWlqwm5G0/Q==
Date: Tue, 16 Mar 2021 00:58:56 +0000
Message-ID: <1F11989C-8FF6-4DFE-B17C-FDABBE1EEC32@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.46.21021202
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.12.10.179]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 413c17c5-fd64-4cc7-66ec-08d8e816b54b
x-ms-traffictypediagnostic: DBBPR08MB4743:|AM0PR08MB4547:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB4547F304012956CACEA003289C6B9@AM0PR08MB4547.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: fwUqGgQCjnga135Itx+Gvv5QRsowbyE92EzgRpgjBSrtOQonRnE4SPmACjc6vpiSZKX2hq0PPmnb8XTHmeKJTKLD8yKe3KQkMrNzdTASxPilpCZEtNgFS4SWalR6lM16FBoUOPcRwrtmFPCWQVYY/t+RVrx68XOmy+RHhnS9TCLNQ7+Hb2UDFMh90yBtGRexe5aWqQi1KeQi1jikMFP0Rii1fJfX3qSwP+Lq4rKLMDVVdOFjLobdFWTdv6ZriGlUK6MXF5G2egAN07JCda3KKMn1KKBZvp9swLD7E52BW/vg7ZLWzRo+FiWZbctzg0TWAbT9j+IBYen0C3khjFsAx2ORqmVh4V8WaK8BbIOzODssrdcAhqAunVqJkp9ZV1B47PqwVHx10GdlSMuA6vTivP6RClIR2Fphly/Be+q532Pn1QG8piAJ0MMypOJhx6HJ+Ql92OF6sT4boz2zSqx2EBp6wXq7LVOu9epzpG0DLfjU2ltssYUftkL509jffmT0oNgII/kaXCpcX7JkJfOWtewqDAaxvc3+rC+Mi8FnckDmbi23jIrfoAs8Oxkbct+QR8vivZKStZJBaUpZKUFkMvcy1ivyzukr/IZeALxuV4sl74xZagItlCtulQ+fGwI6
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39850400004)(376002)(346002)(136003)(396003)(8676002)(2616005)(6916009)(186003)(54906003)(2906002)(76116006)(66946007)(316002)(64756008)(66446008)(66556008)(91956017)(66476007)(8936002)(6486002)(71200400001)(6512007)(4326008)(86362001)(478600001)(26005)(450100002)(33656002)(83380400001)(6506007)(36756003)(5660300002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: D1v0Wjj/9zNgZpZm1ugyOWyIwL0vYktA7h+IZtPkk+XyWzNyvGt6MQ+0uVHMzszQ4ofsfv5QhYi9DzmlQDigxmyPyS3VzikxCTsGPnNj+IUZJS2cKtQvKkLuCdkXQ8eRzSRFSe71F7xCxzVYLGogG+Wm6PIOvcw1Fra2BqsabJRl8kIP5OLULhyQ2w1C0K+ikj84e2tYTQyq29ApjUwQrxRWjYcQw1wGydaX6j0/5T0slYh4EP5++hzql1wyKWWAKTR4/soUyu0/fXS/nl6divDaooDPoIcJXnDRLmZLuYBMDKo9sHnS2newckZM3TBNP2aODrIFsWBZubHgOHTeUdsMBvsLCMfLXniKce87GR7h1+7hYsrg6ZdbtbytCcWcaRUAWLU6vrJdyDgHUomR+SQoNPBo05HjxSQHbYCUbL3ckyA47D2uFadP0Cy5ZBtqfIbVix4d6eiY+eHLwx3HANlm40qjebrooycJfdM6nKzuwOaejsMGYGP/9qQ/M8/Sz+S6MDr+5DFhHB3uwG8Y3vkFpU2nAzqgHDl5t5iDnN0nb/QLYuQKF6wuzWX8sK3pqUX55m4pOxykjUBEB8y/itH8VCoJjkos2obwc8LmiWp/ZmAD4tk8BPRSZh7Nalx4muVYAGIITcP9fdH4liOsmIzZWePhSNTE0AxLK9TOg/q6nZODr31Oo1elewmIN0iUm0CdSShOzqKCW5dEirTdvgS3S8+q83JIo/kinfMdTZJzerFvyIhzJYOeaImbYC6OAONiUURgTeoanHSNEg2dlIMTcehroZY//aIbNIz1s3rWJoXzijmFbdDOHx9WWbcBF/yYHCyHlLaxFRc9QLqIroKkSBDbcVtxTZy4s8B+AhIAUPUfMOctICLS2l5028ORjTf/iR+eib6eM36wHc3D+0B481b8mi9IvfIhmnro28bLsLjr0t9O/zgbgg73VzWuja07mle05sYztM4myR/KZavRUWInsKO/EQXRkhJtBy1ia5kF1D0HKXPP3vlI9s4xeOiW3dbrH7KIXRgmrO5btaCSTZmYcZA8dc4LqYN6YcQf9sW1Epb/y4jDtQJnzoM1QYo+KNhknAXAHe37jNh7NmQpZCurPctB/r8oq5SYF3A/kvwZx1hTSgf8wUxnVbJYqM5Gh7e1mff9AJxGBNcIZ/C+EVS7d0lXVReHpiNscHIKvaiWMOfeiu7EalhsJ5lKk3ZcK6bxGdwSZM8gnLDKQva7btDnTuZj2CJiDb4JmaH0/nIPEKZCfwPAXhvb14Ytnda9eYNsamt/SvDWvOdqGHOlYX9sxIFbMLjiR0fqIiJMiRTo9kMWiO8RYUJ4jq7r
Content-Type: text/plain; charset="utf-8"
Content-ID: <0FE533A4139AA748AC0DD03F65A2CAF9@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4743
Original-Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 311cb532-f90b-4b85-567f-08d8e816acfb
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 3XFmWcPmd0pAW1pDSKcBfsyEMY6+wzCT2QDDyDcVVtXaOTmTDlj9pdB2tD/CuJUP9hHKQpTYg2dTJX8rzWkyHQJXYMPHkX0gQQ2E+CkNdyP/+w5kbQLa6T9ZJHXlvQdosZ9U3uY2u5kJbFYmlx+7c35EY46uLtgivvT8Q/ak8w2oAxzWtvZr5Ve3j1PgBUo0tM0ddR2aGtgtNogLXnGy3qE7YuqCpE1q3eOfzEuupY5wGK2xUl2WCBitSNOAeJ0h27dyaECHF6NGiwXbuU7OBMVWfikervq8AGTPfsip36VC78kto4LQgOKhfEawr9cDyWHr7k6eggbUh5kJ6UJ+eC0JCrH4D05GTXRo9Ryww4imInYTmqRe3ybVgyW9Nt01GZOC0F3m2IhyDuEPK6ABTbgWqX5wZlvfd90hxfV/TxBfxKAhnX8RYpu+IPcRr7e3kT/pR/KO8pyrn7qEpQ1i02Xx1C3UKYY1huAN10aZeOl9vzHwYiyd6kS4aIDH4wdZOUqixuHiwpR8OE0mRV+gUn8NLj7p/ar3XDN2gD3wL829DYrOBo3Z/GcusD6itLSyqCriv8MfnAs0jlf9mHZsCnvl3sZ/8Gu0OUA+Ul1c4iuIUcxZXy1dY8ELAxvBq0F/4eMDb0VurlO+NuSsnpRJqq56RKmGz2mc5Gfzd/pZkbo=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(376002)(396003)(136003)(39850400004)(36840700001)(46966006)(316002)(6506007)(33656002)(6916009)(2616005)(36860700001)(186003)(6512007)(70206006)(82310400003)(6486002)(478600001)(5660300002)(54906003)(86362001)(450100002)(26005)(8936002)(4326008)(8676002)(70586007)(2906002)(83380400001)(47076005)(81166007)(36756003)(336012)(82740400003)(356005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2021 00:59:09.9298 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 413c17c5-fd64-4cc7-66ec-08d8e816b54b
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4547
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/sxmbwzg5nfyP8m7epGVk8dTUI7M>
Subject: [Rats] review of draft-birkholz-rats-uccs-02
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2021 00:59:20 -0000
Dear draft-birkholz-rats-uccs-02 authors, I have reviewed your draft and here's a list of comments. The general impression is that the content should be streamlined and reorganised a bit. To that purpose, I am adding a few suggestions according to my personal taste that you may find completely rubbish. As a reviewer I think I need to exercise this privilege though :-) Let's go. * Section 1 * "the integrity protection mandated by RFC 8392" * is "mandated" the right word? What about alg:none? * "COSE provides - amongst other things - the integrity protection mandated by RFC 8392 and optional encryption for CWTs." * I think the other important security property that COSE provides is it identifies the principal of the asserted claims * Another relevant feature is that COSE provides the security properties end-to-end, not just in transit. * "Under the right circumstances" * What are these "right circumstances?" Please provide a precise characterisation (in place, or as a fwd ref). * "If a mutually Secured Channel is established between two remote peers, and if that Secure Channel provides the correct properties, it is possible to omit the protection provided by COSE, creating a use case for unprotected CWT Claims Sets." * I am now reading the third para and I don't know yet what these "correct properties" are. The impatient reader - like yours truly - is going to be scratching his beard at this point :-) * "Consequently, in a well-defined scope, it might be acceptable to * use the contents of a CWT without its COSE container and tag it with a UCCS CBOR tag for further processing" * Please do not suggest this, it'd have the effect of changing the semantics in a surprising way - from something with an associated principal to something that is completely lost, the Kaspar Hauser of RATS. If you need to forward "naked" claims - e.g., as you do in the verification pipeline once you have checked the signature - you just do that. No need for extra tagging: pass the CBOR map on and the calling site will know what to do with it. Comment: the intro seems to never get to the point. What I'd like to see here is "the why of UCCS". A couple of lines should be enough: * Rationale for using UCCS * Basic principle of using resources parsimoniously: when RATS roles have a pre-existing security association they can reuse it to implicitly sign their conceptual messages * (There is also the case in layered attestation of an attesting environment that does not have a signing key. In this case the protection is delegated to the outer attesting environment. The expected output is a nested EAT with a UCCS submod. However, this case doesn’t need further discussion because it falls back to the usual signed EAT.) * Section 2 * The motivation could be made less obscure * The title seems partially incorrect: in fact, the requirements are absent (the reader is forwarded to "following sections") Comment: I'd just remove this section and merge whatever is relevant, if anything, into the intro. * Section 3 * "The handshake protocol establishes the authenticity of one of both ends of the communication." * Typo: one of both => one or both * s/authenticity/identity/ * "Analogously, the considerations discussed in Sections 2.1, 3.1, and 3.2 of RFC 8725 apply to the use of UCCS as elaborated on in this document." * Are these references really applicable? I have followed the ref and I couldn't find anything relevant to UCCS there. * Section 3.1 * I don't understand the SHOULD in "the Verifier and the Attester SHOULD mutually authenticate when establishing the Secure Channel". If there are valid reasons to make the behaviour discretionary, it'd be useful if they were stated explicitly. * Last para: I don't understand the use of the term "endorse" here. (I might be confused by the special meaning it is given in the RATS architecture document though.) * Section 3.2 * "A Secure Channel which preserves the privacy of the Attester may provide security properties equivalent to COSE" * Could you please provide an example of such privacy-preserving secure channel? You mean running an attestation protocol over Tor? * I am slightly confused about the intended meaning of the second part of the sentence: which COSE properties are relevant here? Comment: what I'd have liked to see here is a crisp "applicability statement", answering the simple question: * Under which circumstances the signature "recycling" is warranted, i.e. it does not degrade the security assumed by the RATS architecture? * For both Evidence and Attestation Result * The signing key that identifies the "secure wrapping" entity (e.g., the secure transport endpoint) is or can be linked directly to the same key that would have signed the attestation Evidence/Attestation Result, were it encoded as "proper" CWT. * The robustness of the key material and algorithms employed in lieu is comparable (i.e., use modern secure protocols with recommended cipher suites) * For further applicability considerations, see the bottom of Section 7.4 of I-D.ietf-rats-architecture Also, I think it's important to state the caveats that apply, e.g.: * the different protection span * temporal * the cryptographic protection provided by a secure channel is ephemeral * Spatial * The cryptographic protection provided by a secure channel is only effective inside the perimeter of the tunnel * As a corollary: when UCCS arrives at destination, it MUST be consumed by a trusted entity and never forwarded outside the TCB * Also, compared to CWT, UCCS is vulnerable to an active MitM who can distort the Evidence / Attestation Result modifying, adding, or removing claims at will * Section 5 * I have followed the ref and it's unclear to me why the security considerations of RFC8392 apply here. Maybe be more specific about what exactly can be transplanted from there. That's all. Cheers! IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] review of draft-birkholz-rats-uccs-02 Thomas Fossati