IETF Logo Mail Archive

Re: [Rats] About (E)UID's

"Smith, Ned" <ned.smith@intel.com> Fri, 07 February 2020 21:50 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC1D51200F1 for <rats@ietfa.amsl.com>; Fri, 7 Feb 2020 13:50:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAk5GZGUkShq for <rats@ietfa.amsl.com>; Fri, 7 Feb 2020 13:50:39 -0800 (PST)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6318A1200E0 for <rats@ietf.org>; Fri, 7 Feb 2020 13:50:39 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2020 13:50:37 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,414,1574150400"; d="scan'208,217";a="404964306"
Received: from orsmsx102.amr.corp.intel.com ([10.22.225.129]) by orsmga005.jf.intel.com with ESMTP; 07 Feb 2020 13:50:36 -0800
Received: from orsmsx153.amr.corp.intel.com (10.22.226.247) by ORSMSX102.amr.corp.intel.com (10.22.225.129) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 7 Feb 2020 13:50:36 -0800
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.6]) by ORSMSX153.amr.corp.intel.com ([169.254.12.111]) with mapi id 14.03.0439.000; Fri, 7 Feb 2020 13:50:36 -0800
From: "Smith, Ned" <ned.smith@intel.com>
To: Simon Frost <Simon.Frost@arm.com>, Laurence Lundblade <lgl@island-resort.com>, "Salz, Rich" <rsalz@akamai.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] About (E)UID's
Thread-Index: AQHV3QtUaUOLh4A2CU2Ls4Ypa3w676gQLDiAgABDNgD//9e8gA==
Date: Fri, 07 Feb 2020 21:50:35 +0000
Message-ID: <509C8229-20DC-4888-BE1D-9109733A9E2D@intel.com>
References: <8BDAAE2E-9803-4048-AD5B-59233708E6FB@akamai.com> <1C16DAA0-D03B-417C-894A-30C4015AEED7@island-resort.com> <DBBPR08MB49031E717F69E4CF58CF67A1EF1C0@DBBPR08MB4903.eurprd08.prod.outlook.com>
In-Reply-To: <DBBPR08MB49031E717F69E4CF58CF67A1EF1C0@DBBPR08MB4903.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
x-originating-ip: [10.24.10.176]
Content-Type: multipart/alternative; boundary="_000_509C822920DC4888BE1D9109733A9E2Dintelcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/zp3BrrMMcu5FKECqg9ylsxBMHAU>
Subject: Re: [Rats] About (E)UID's
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 21:50:43 -0000

It was noted in the meeting that globally unique identifiers have privacy implications. One technique for protecting privacy is to limit the use of a particular identifier to a specific domain. Use in a different domain uses a different identifier making it hard to correlate transactions from Domain A with transactions in Domain B. This is essential to systems designed for privacy.

The IEEE802.1AR defines the notion of an IDevID and LDevID where the device receives a different identity following onboarding. Issuance of an LDevID has been used to protect privacy because within the community of devices sharing the same local context, they don’t recognize the device in terms of its IDevID identity. Not unless there is a UEID that is shared between the IDevID and the various LDevID credentials.

If UEID is defined to be globally unique, then it can’t be required for use if privacy is also needed.

I suspect implementations will ignore the wording in the EAT spec that asserts the value is globally unique and encode a value that is unique enough for their purposes. If there is some service out there that assumes global uniqueness but discovers collisions, then it will be a business decision whether or not to accept them.

Otherwise, the conversation for UEID should revolve around whether or not there are large domains that need an identifier that is unique within its domain. Based on the analysis there is enough space in 128-bits to allow for a domain of all people in the world being a member of the domain each bringing 100 – 100,000 things and where the things can be shared and exchanged within the domain context. I’m not aware of a real world use case for that domain. Hence, 128-bits with the flexibility to make them larger seems right. I like the suggestion to allow larger values in 8-bit increments because it allows the domain (of use) to optimize the cost/benefit trade-offs.

-Ned

From: RATS <rats-bounces@ietf.org> on behalf of Simon Frost <Simon.Frost@arm.com>
Date: Friday, February 7, 2020 at 8:15 AM
To: Laurence Lundblade <lgl@island-resort.com>, "Salz, Rich" <rsalz@akamai.com>
Cc: "rats@ietf.org" <rats@ietf.org>
Subject: Re: [Rats] About (E)UID's

> While not stated overtly in the draft, UEIDs are intended to be the sole identifier needed to universally identify a device.

I think there’s a problem with the expectation here. The current UEID test says.

UEID's must be universally and globally unique across manufacturers and countries.
  <snip>
No two products anywhere, even in completely different industries made by two different manufacturers in two different countries should have the same UEID (if they are not global and universal in this way, then relying parties receiving them will have to track other characteristics of the device to keep devices distinct between manufacturers).

How do we expect this to be realised in practice? It implies that all manufacturers must cooperate to guarantee there are no dups, which will quickly break down. I think the most that can be expected for a UEID is that it be unique to a manufacturer and that the bracketed part of the second sentence will apply (e.g. considering origination / OEMID) unless the relying party is aware that their use case is satisfied by a dedicated supply chain.

Note that the signing key may be able to derive the locus for this in some use cases, but not all – there are circumstances with unique keys per instance.

Thanks
Simon

From: Laurence Lundblade <lgl@island-resort.com>
Sent: 07 February 2020 12:14
To: Salz, Rich <rsalz@akamai.com>
Cc: rats@ietf.org
Subject: Re: [Rats] About (E)UID's

While not stated overtly in the draft, UEIDs are intended to be the sole identifier needed to universally identify a device. This is to make life easiest for the relying party. They do not have to combine it with any other claims to uniquely identify a device. (Maybe I should add text explaining this)

This makes life simpler for the device maker and for us, as we don’t have to specify any rules that say what combination of claims must be used to get proper global uniqueness and device maker doesn’t have to figure how some system for uniqueness.

Generally, interdependency between claims seems like something to avoid for the sake of simplicity.

I’m reluctant to rely on public keys for anything but signature verification because I think we must support a variety of signing schemes some of which don’t have a typical public key. One of these will be HMAC for which there is no pubic key. Another is likely to be ECDAA or such where the verification key material is a bit more complex than a public key.

The vendor is also allowed to change signing schemes and the means of creating UEIDs in their manufacturing process.


Also, as described in the draft, the UEID as defined is very permanent. It never changes over the life of the device. Some of the UEID options are based on identifiers that are specifically not to change with owner, IMEI for example.

LL






On Feb 6, 2020, at 4:34 PM, Salz, Rich <rsalz@akamai.com<mailto:rsalz@akamai.com>> wrote:

I made a proposal during yesterday’s interim about EUID’s and I want to explain it here in more detail to the whole WG. I have made some clarifications.

We need ID’s.  Laurence has done a lot of good analysis on how many bits an ID needs to be to accommodate various users, devices, etc.  The TL;DR is that 128bits seems good for the size for now and at least the short-term future.

I suggest that the UID stays at 128bits. But in order to compare UID’s, relying parties should consider an “expanded” UID, which includes the SHA2 signature of the public signing key. For most cases, the “small” UID of 128 bits is sufficient to put into data structures, transport on the wire, and so on. Applications which present “unsigned” UID’s should either include a “key context” element, containing the hash. If not present, receiving applications should consider treat the key-id part as the SHA2 hash of the single zero byte.

One feature of this, as pointed out on the call, is that when a device gets a new owner, the expanded UID changes.

Hope this is useful.

_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email