[Rats] Re: Freshness with Nonces
Henk Birkholz <henk.birkholz@ietf.contact> Mon, 24 June 2024 17:04 UTC
Return-Path: <henk.birkholz@ietf.contact>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B680C151094; Mon, 24 Jun 2024 10:04:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.46
X-Spam-Level:
X-Spam-Status: No, score=-2.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.355, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ietf.contact
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDVTjGwaURkv; Mon, 24 Jun 2024 10:04:18 -0700 (PDT)
Received: from smtp03-ext2.udag.de (smtp03-ext2.udag.de [62.146.106.30]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BD36C15106A; Mon, 24 Jun 2024 10:04:18 -0700 (PDT)
Received: from [192.168.16.50] (p4fce9787.dip0.t-ipconnect.de [79.206.151.135]) by smtp03-ext2.udag.de (Postfix) with ESMTPA id DBB35E0578; Mon, 24 Jun 2024 19:04:15 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ietf.contact; s=uddkim-202310; t=1719248656; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ifW+ojfrAh9EYn0d6X+t5KNTCvOINMg/PzNMb8OIv9c=; b=MaXb8R37FfOTKbcM7tr/1wLBF/MwlgaTo9Yq4N5nbCfGlezYW1RKQUjTAY2br7dWLK+Y15 sVBJtNjgs++onuOEF/Kjkt9+XIVz6cY+qjrY5TCiwRLNSWnLoSyq3mqJJ4nS/zbKhZZAxw oqHSXNSu/4sNsT8wlEEGGkg/HNLXBD6Dy5oK+k5A1DinX9lQQ+qinxddtNud9hzM0niOZg zyWg5O1QZ437pcRKvA8mHbrqsRKaJInZ0JbuvDmRF9G2oLabhIZ0PZxSSwtTBnyVCMI/li JMrUJ4sPAOYM0Abz+HrSdWtQLyIQowJwB8tYGeP39nfn0CIm1CDdKiE74oGL1w==
Message-ID: <fb269c87-c360-827b-f108-a5f952f6f107@ietf.contact>
Date: Mon, 24 Jun 2024 19:04:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Carl Wallace <carl@redhoundsoftware.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
References: <3D0F8C7D-D1C6-4014-B69B-714771152A7E@redhoundsoftware.com> <trinity-e9d548b8-7cfa-4b36-a9d3-a304d09cba32-1719211973692@3c-app-gmx-bs24> <D13A6B1A-37B5-413B-9D8A-9368F24B7827@redhoundsoftware.com>
From: Henk Birkholz <henk.birkholz@ietf.contact>
In-Reply-To: <D13A6B1A-37B5-413B-9D8A-9368F24B7827@redhoundsoftware.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp03-ext2.udag.de; auth=pass smtp.auth=henk.birkholz@ietf.contact smtp.mailfrom=henk.birkholz@ietf.contact
Message-ID-Hash: DFZEL3SB63XAKOHII4RE2Z7RS36YAR2G
X-Message-ID-Hash: DFZEL3SB63XAKOHII4RE2Z7RS36YAR2G
X-MailFrom: henk.birkholz@ietf.contact
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Tschofenig, Hannes" <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, rats <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: Freshness with Nonces
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/yWkudEZMhhO4I-xHVOsqcb36Opg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
I still am puzzled why everybody is fixating on nonce use. Let's assume that makes sense. Then I think Hannes is correct, to cover every usage scenario for the csr-attestion spec - especially in cases where the nonce is not generated by one of the interacting RATS roles - an additional nonce provider role is required as well as three protocol-(flavor)s that cover the interaction models illustrated draft-ietf-rats-reference-interaction-models. As soon as the epoch marker I-D is adopted (I am not sure what the blocker is there, tbh), it will be relatively simple to specify a coap/cbor based protocol suite for the three interaction models or, for example, to augment draft-demarco-nonce-endpoint to make it an epoch marker endpoint, too. If you really think a nonce is the hammer for all your nails. Viele Grüße, Henk On 24.06.24 17:44, Carl Wallace wrote: > Inline… > > *From: *Hannes Tschofenig <Hannes.Tschofenig@gmx.net> > *Date: *Monday, June 24, 2024 at 2:52 AM > *To: *Carl Wallace <carl@redhoundsoftware.com> > *Cc: *"Tschofenig, Hannes" > <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" > <spasm@ietf.org>, rats <rats@ietf.org> > *Subject: *Aw: [Rats] Re: Freshness with Nonces > > Hi Carl, > > what you are saying is that you have some proprietary protocol that > allows the attester to obtain the nonce. I am arguring that we need to > standardize the details for the integration of the CSR attestation into > CMP, EST & co if we care about interoperability. > > [CW] This is not at all what I am saying. You wrote below that ‘we must > request the nonce’. I noted that in some contexts the nonce is provided > to the attester and gave a concrete example instead of an abstract one. > Of course, someone must still request and/or generate the nonce in my > example (though how that occurs is not particularly relevant to the > attester). In your case, what protocol or mechanism is used when ‘we > must request the nonce’? I would tend to view nonce distribution > mechanisms are being outside the scope for the CSR attestation > extension/attribute draft but if you are saying this draft is going to > address nonce handling in each protocol but has not done so yet, then OK. > > Ciao > Hannes > > *Gesendet:* Mittwoch, 19. Juni 2024 um 11:57 Uhr > *Von:* "Carl Wallace" <carl@redhoundsoftware.com> > *An:* "Tschofenig, Hannes" > <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" > <spasm@ietf.org>, "rats" <rats@ietf.org> > *Betreff:* [Rats] Re: Freshness with Nonces > > Inline… > > *From: *"Tschofenig, Hannes" > <hannes.tschofenig=40siemens.com@dmarc.ietf.org> > *Date: *Monday, June 17, 2024 at 8:33 AM > *To: *"spasm@ietf.org" <spasm@ietf.org>, rats <rats@ietf.org> > *Subject: *[Rats] Freshness with Nonces > > Hi all, > > In the RATS architecture the Evidence is processed by the Verifier. For > a given Verifier to check for replays timestamps, nonces, and epochs > have been introduced. I only talk about nonces here. > > The nature of nonces is that they are randomly selected by the party > that checks against replays, the verifier in our case. Section 10.2 of > RFC 9334 talks about nonce-based freshness. > > No problem so far. However, when we integrate CSR attestation (which > carries the evidence) into a certificate management protocol like EST or > CMP we must request the nonce in advance before the attester is able to > include the nonce in the signed evidence. > > [CW] I don’t think this “we must request the nonce” is correct, at least > where “we” includes the attester. In some cases, the attester is acting > upon instructions provided to it. Those instructions may include a > nonce. An example of this arrangement is a SCEP payload in the iOS OTA > protocol. How the MDM (or whatever prepared the instructions) obtained > the nonce is irrelevant to the attester and, in my experience, need not > be signaled in the subsequent request. > > This raises questions about how the relying party (in the background > check model) obtains that nonce without conveying any extra information > from the attester to the relying party about which verifier to select. > > What information should be used by the attester and subsequently by the > relying party to determine the verifier before transmitting the evidence? > > [CW] Your question raises questions about how the attester knows where > to obtain that nonce without having been provided any extra information. > > Ideally, the RATS architecture should have provided an answer to this > question but unfortunately it does not. > > [CW] I think this discussion is hinting at a desire for some attestation > verification protocol. It may be that sticking an extensible field where > the hint is now is the thing to do, to facilitate the relatively > abstract current hint mechanism or a future, more concrete, link to a > verification service. > > Ciao > Hannes > > PS: We (Hendrik and I) thought that the hint introduced in the CSR > attestation would have been a good candidate for this determination. In > our mental model the hint would be something like an FQDN because in the > passport model of the RATS architecture the attester also needs to have > the FQDN (or even a URL) of the verifier to get the communication working. > > _______________________________________________ RATS mailing list -- > rats@ietf.org To unsubscribe send an email to rats-leave@ietf.org > > _______________________________________________ RATS mailing list -- > rats@ietf.org To unsubscribe send an email to rats-leave@ietf.org > > > _______________________________________________ > RATS mailing list -- rats@ietf.org > To unsubscribe send an email to rats-leave@ietf.org
- [Rats] Freshness with Nonces Tschofenig, Hannes
- [Rats] Re: Freshness with Nonces Mike Ounsworth
- [Rats] Re: Freshness with Nonces Muhammad Usama Sardar
- [Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonc… Mike Ounsworth
- [Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonc… Orie Steele
- [Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonc… Mike Ounsworth
- [Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonc… Mike Ounsworth
- [Rats] Re: Freshness with Nonces Carl Wallace
- [Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonc… Muhammad Usama Sardar
- [Rats] Re: [EXTERNAL] Re: Re: Freshness with Nonc… Michael Richardson
- [Rats] Re: Freshness with Nonces Henk Birkholz
- [Rats] Re: Freshness with Nonces Muhammad Usama Sardar
- [Rats] Re: [lamps] Re: Re: Freshness with Nonces Henk Birkholz
- [Rats] Re: [lamps] Re: Re: Freshness with Nonces Muhammad Usama Sardar
- [Rats] Re: Freshness with Nonces Carl Wallace
- [Rats] Re: [lamps] Re: Re: Freshness with Nonces Orie Steele
- [Rats] Re: [lamps] Re: Re: Freshness with Nonces Henk Birkholz
- [Rats] Re: Freshness with Nonces Hannes Tschofenig
- [Rats] Re: Freshness with Nonces Carl Wallace
- [Rats] Re: Freshness with Nonces Henk Birkholz
- [Rats] Re: Freshness with Nonces Hannes Tschofenig
- [Rats] Re: Freshness with Nonces Henk Birkholz
- [Rats] Re: Freshness with Nonces Carl Wallace
- [Rats] Re: Freshness with Nonces Michael Richardson
- [Rats] Re: Freshness with Nonces John Kemp