IETF Logo Mail Archive

Re: [Rats] draft-birkholz-rats-uccs

Giridhar Mandyam <mandyam@qti.qualcomm.com> Fri, 12 March 2021 16:55 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 926893A0CD8 for <rats@ietfa.amsl.com>; Fri, 12 Mar 2021 08:55:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IFGRQkKT_ErH for <rats@ietfa.amsl.com>; Fri, 12 Mar 2021 08:55:55 -0800 (PST)
Received: from alexa-out-sd-01.qualcomm.com (alexa-out-sd-01.qualcomm.com [199.106.114.38]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D6D13A0CC5 for <rats@ietf.org>; Fri, 12 Mar 2021 08:55:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1615568155; x=1647104155; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=IDf5rdnYKSJMgUZfMRXcqompja20CCqtyNCXlhQuTD8=; b=COncSJtmaGRjEyKPMF5723i87WrpIUyIqq0gLgEsBVUvIHBwxmH0qzF9 PKIQmwwl2qAfF7BzvvdG5xA6nYiqqCoDCxDiWC6OlsfRvU4A5zmIcDqxs UyGRssSzvOprnewtIkO0Qwq+XJp1BAEHpQSTeaCB4prUfpoqqs09AhDd6 s=;
Received: from unknown (HELO ironmsg04-sd.qualcomm.com) ([10.53.140.144]) by alexa-out-sd-01.qualcomm.com with ESMTP; 12 Mar 2021 08:55:55 -0800
X-QCInternal: smtphost
Received: from nasanexm03f.na.qualcomm.com ([10.85.0.47]) by ironmsg04-sd.qualcomm.com with ESMTP/TLS/AES256-SHA; 12 Mar 2021 08:55:54 -0800
Received: from nasanexm03b.na.qualcomm.com (10.85.0.98) by nasanexm03f.na.qualcomm.com (10.85.0.47) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 12 Mar 2021 08:55:54 -0800
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (199.106.107.6) by nasanexm03b.na.qualcomm.com (10.85.0.98) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 12 Mar 2021 08:55:53 -0800
Received: from BYAPR02MB4422.namprd02.prod.outlook.com (2603:10b6:a03:5c::31) by SJ0PR02MB7501.namprd02.prod.outlook.com (2603:10b6:a03:2a1::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31; Fri, 12 Mar 2021 16:55:39 +0000
Received: from BYAPR02MB4422.namprd02.prod.outlook.com ([fe80::9c6f:ab8a:909a:347]) by BYAPR02MB4422.namprd02.prod.outlook.com ([fe80::9c6f:ab8a:909a:347%4]) with mapi id 15.20.3912.031; Fri, 12 Mar 2021 16:55:39 +0000
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: draft-birkholz-rats-uccs
Thread-Index: AdcXJ0G5gdzAgCZnQcmPuyVwth6WNgAOAwXQ
Date: Fri, 12 Mar 2021 16:55:39 +0000
Message-ID: <BYAPR02MB442217661B96C66A8881DD89816F9@BYAPR02MB4422.namprd02.prod.outlook.com>
References: <VI1PR08MB2639119D9BB1C98A1FBF3863FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR08MB2639119D9BB1C98A1FBF3863FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=qti.qualcomm.com;
x-originating-ip: [70.95.185.221]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 72656f85-04fa-4131-61be-08d8e577aa3e
x-ms-traffictypediagnostic: SJ0PR02MB7501:
x-microsoft-antispam-prvs: <SJ0PR02MB7501556BC1398C4FAB5388EB816F9@SJ0PR02MB7501.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 64HVsljmjH9Tyb9Uidcm8eTKG+1Ze8SJ81NsSOou9R1N5hbGTXIh2pbcAxkMyRl/++UC5gpn0850V0FfU4QBm2RgbAT/Oz1Q9axiZr4wzli3CP6BOjfqBJS/BFidh8teJRUGXicImqBaZQBSBj2daXQcl20xIO5ekBeFrLmvD90oWkazb4h3KJ26qLS2/nW2l5KRvy+QDXWE4l5dx76MUTD6qgJ4dnhzxC9vmE99t7IQ84dWB7YYz7qn20BNiF+ynup4U5t70bKRCWQ1Vw9KSWswvhBn4uMnYeMyRXunxzSaN5wdoUQTqXZwIoSIgv4bWzIxWTt9WIgXKN2zlx+prr5dF6j/RvdplPUx8BHZ60pLC6NqWLZqWZMOjqGIeMEjKiBFGRtHktevYmEnskhTPBQs5VtqMVMpsTD3x1MvYKJlwpFsRksDKHHRPvD3dVuMWmksWNSI/rgunCRRN5teFJl5QCjim8GV7JRe+YZVJ+/G6xmSUFBq9bJG3Y6PzPTDSlax20BrmKZDzvkpW8X8Xf1P17Hw0bGw07AVXrRLGosG1cbSuwjsl1NtbsAqQlqZzzMcuaFBMWVFZ1sfr2Ng8vDutQaFwDVPSnJQ/hdnP5Qt+akZ7W0c5Nm6SEYVX+/lw645F4znTVIyCnntKndcHA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR02MB4422.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(366004)(39860400002)(346002)(396003)(6916009)(2906002)(8676002)(166002)(33656002)(8936002)(3480700007)(83380400001)(86362001)(66946007)(6506007)(71200400001)(66446008)(76116006)(9686003)(53546011)(64756008)(186003)(55016002)(316002)(66556008)(66476007)(478600001)(966005)(26005)(52536014)(7696005)(5660300002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: xXyINNdSN3q0pgupuYQhEd5qk8UNxG+XMp3hpMxPbz21dWI4dp8E3wiXqgM8ytbFBgpZ5cPIpdBpUOWU+4XDET1m16rdI3Whnz3Q+7C+ZY2zXwhaablqZSZx0qnkqiSV6aD2/VO00L9E6BAM895d1Imo5nMHBBdEQdhg1wH3Fe20kFCqIxwoheSe0DiFyjibCSNj+Lt4fszOppEXyJUqdRZhfv8NIloQcoMGtk9k7Ho4qxIZmdQRpPnq/jfb9ppyxB5GZ6Ht7B8EtutjxGagzafK8J0wqLWlWJdlou6Pv33RwkjaF6hUI76w+DSB+4NTHKuA+cw4zCFSjM7Feo2Ot2ho83iMYO3I48LJJDZJOePZjwM+hguGzb3z2Oc1/vwjOGORd0N2gKOfAUJXiUihek2+Uo7vH1KhrCdvAIz93T72pSnOKbHUK8MvwaGZ9YwxLKuxQ4JyktK9xE0baR2LCZxBX9I0pmZI+HhXsgikB5SGGUiELLFX2QUd49vppJTTm17zpiYifEzypU8lCpBY06n9ytSjDS+nlzYTtesoDj8QMY1GCAjmj1OXV6zsQP1d8xfeq7iJIHA8eguxIKk/9orn/dQnsLP1raszhjT9Da/zAYNzMl4zqneYNoyd70KXWm2I+jH1ZGbHWeHa1xj+ZHwxqs7k7TgVDXL6fxB0AKTsC/Na7gDD1/3DwvslGJFZQMetRHJLAf3Df12aS1q9XFjN/pvq4pzDddH2UMKT14SF6jJTKNTjGitpHJd//d/u/MHB4FwNjVQnIvF3MJG7nPaz+Md26QYdZ0iJ2MFOkH2pgU0DNecZH2A3PR8SJ6Ws9Av3lIeFWS4fxxF3hlfvwjo19vLvMWLp3CJBvgAaNKjt5+r5tyDZdVEaedVdiGukr0g+ZoCw5A09FP+JXr5PQV3kNW4n5R/QNrwpNhH7smaw5jTIpI/pf+zedZfG1jjCdpDKwuRcdjWoNU+Fd0zkr8QKy4DreRfOLzYqC9BHb6rJ9+XFnI13nSgn+KjXZoNy+hBocVeNFnQ5hOPZ/mc9l31V9GxRmID0HDuZ8DBmNjqFEePgdqpMsOPWfiiz14VNw9PYkCXJliAMntDCd7rKujJawBCNpZv4QvghH3+72OJ9irg1Gbcf0g7IAvvVWXBDe00/za4QcecxUg+FYhkRX4tUhH0MaPha3Y7Db6k557QWAUW5CKiZrAWKlZ5ScafiarR2gNhQWa4HGbk5w8KlMWWw38/wKpc5e4xsYCR/exv1oCWgdrOD9KryKwGVI3P+AbzEvsYAfIyERISiPyoMT4yqSsYUBr0PMo2f5DDOdNbexpiyOOxcOGmD1UFoaJ8e
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nqlZA7L81H34CFQr63kILLUz9+O5IUiBenTVzhCzdzPhh8sasDc0CgrIFM9wkMSOp35g6cugXoSwfI5GBqSQQ9cr4gT7xq1cuZwb6KS+3WnWFIy8FrDYUyO70pevtdR0OFCosRMTZkGIWZ6677R29YUpWIiGBfCHifAX3Lum0XwdGdoNKOdG7MGXXTOeCp96W84vKWefO2DdhjsqRrMyxShOYbIwqjm3ytKdV6E8nAxMBK01pbeYYKeUuzse9GLLgQrxVSfFwXlbEZR6I0I7IzmuBcTldC92V/hUtr+MgEyp0vO/UKATIgdy/ojXT4SUm0W7QwAVHkjCBj2Z2Y/Svw==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OqttvzyOEWQpzzaelDt8MfmoddZ64KAtz/WMUWCgxHQ=; b=VjE5L9ivEqAUBX6GBgY3UQfUf/jvFdk0OrnaO6vVBZ1QeQKri4ptdhUtm2GcS3X9tTvXWGDNcPVhDGxo5DnNV3vsWUNiur5F8AwcapMjTheLZCkjEZ2TSZIu/V5QHQm9p3C+Xeg1QWQqkJZsfEqjevEWTE3dev+V1NdW1nBE3BL1ADs8mod4qyWnFe3162E1wXP20xN27bhordcxyENey51c4t6dcbL2pzSjLLHTIxmA4d6OeT/DRx6x+lq54DQ3d7hNDf/aJhQhXDH9tjlsnRobPnH8zDsGI+isNsK6sVPkpCEGKwqsbyq4JQd/8M8mGfP2+z3WTGI91mtHuLT66A==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: BYAPR02MB4422.namprd02.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 72656f85-04fa-4131-61be-08d8e577aa3e
x-ms-exchange-crosstenant-originalarrivaltime: 12 Mar 2021 16:55:39.2259 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: IfoAU9V5QkQHD6+PWUDoTgZBUcNF34/0y8GnVh4fkGrp+kgWLegQicXhW/kvHSTwBZZClZ09w/Wj4xsOilvw9CPaFnCXLWnVNzid0OhN6fg=
x-ms-exchange-transport-crosstenantheadersstamped: SJ0PR02MB7501
x-originatororg: qti.qualcomm.com
Content-Type: multipart/alternative; boundary="_000_BYAPR02MB442217661B96C66A8881DD89816F9BYAPR02MB4422namp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/uNH1d9ssyi6LsgyJMKYvoUGkL3I>
Subject: Re: [Rats] draft-birkholz-rats-uccs
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 16:55:58 -0000

Agree with Hannes.  I'll also add that current text in https://tools.ietf.org/html/draft-ietf-rats-architecture-10#section-12.2 states:


"The security protecting conveyed information may be applied at different layers, whether by a conveyance protocol, or an information encoding format.  This architecture expects attestation messages (i.e., Evidence, Attestation Results, Endorsements, Reference Values, and Policies) are end-to-end protected based on the role interaction context.  For example, if an Attester produces Evidence that is relayed through some other entity that doesn't implement the Attester or the intended Verifier roles, then the relaying entity should not expect to have access to the Evidence."



In other words, the first figure below actually shows a relaying entity (HTTP client outside of TEE/SE security boundary) that may have access to the evidence.



-Giri


From: RATS <rats-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Friday, March 12, 2021 2:17 AM
To: rats@ietf.org
Subject: [Rats] draft-birkholz-rats-uccs

Hi all

draft-birkholz-rats-uccs was discussed at the WG meeting this week and there was some controverse around its security protection.

Having looked at the draft again I believe the proposal is sound. In fact, I would even argue that it provides better security protection than the use of COSE.

Here are my thoughts.

Here is how some want to deploy EAT tokens:

   +-------------------------------------------+
   | Device                                    |
   |                          +--------+ Maybe TLS/Maybe not
   |    +-------------+       |        |-----------+  +-----------+
   |    | TEE/SE      |       | HTTP   |---------+ |  |           |
   |    | +--------+  |  +----| Client |       | | |  | Verifier  |
   |    | |Attester|  |  |    |        |       | | +->| ( HTTP )  |
   |    | |        |<----+    |        |       | |  +-| (Server)  |
   |    | +--------+  |       |        |       | +->| |           |
   |    |             |       +--------+       |    | +-----------+
   |    |             |                        |    |        |
   |    |             |                        |    +--------+
   |    |             |                        |
   |    |             |                        |
   |    +-------------+                        |
   +-------------------------------------------+

                              EAT protected by COSE
             |----------------------------------------------|


Here is how the UCCS protection looks like:

   +-------------------------------------------+
   | Device                                    |
   |                          +--------+  TLS not needed
   |    +-------------+       |        |-----------+  +-----------+
   |    | TEE/SE      |       | Broker |---------+ |  |           |
   |    | +--------+  |  +----|        |       | | |  | Verifier  |
   |    | |Attester|  |  |    |        |       | | +->| ( HTTP )  |
   |    | |        |<----+    |        |       | |  +-| (Server)  |
   |    | +--------+  |       |        |       | +->| |           |
   |    |             |       +--------+       |    | +-----------+
   |    |             |                        |    |        |
   |    |             |                        |    +--------+
   |    |             |                        |
   |    |             |                        |
   |    +-------------+                        |
   +-------------------------------------------+

                              EAT protected by TLS
             |----------------------------------------------|

If you compare the two, then you might realize that a TLS handshake run into the SE/TEE actually provides better security properties than a  COSE protected EAT (with a signature or MAC) provides.

My conclusion is: draft-birkholz-rats-uccs is good stuff. I would even go as far as recommending to use TLS into the SE/TEE rather than terminating it on the non-secure side.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email