IETF Logo Mail Archive

Re: [Rats] About (E)UID's

Laurence Lundblade <lgl@island-resort.com> Fri, 07 February 2020 12:55 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11DD4120091 for <rats@ietfa.amsl.com>; Fri, 7 Feb 2020 04:55:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w_lzzlokKTIc for <rats@ietfa.amsl.com>; Fri, 7 Feb 2020 04:55:29 -0800 (PST)
Received: from p3plsmtpa12-07.prod.phx3.secureserver.net (p3plsmtpa12-07.prod.phx3.secureserver.net [68.178.252.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28009120019 for <rats@ietf.org>; Fri, 7 Feb 2020 04:55:29 -0800 (PST)
Received: from dii-102208.home ([79.168.9.213]) by :SMTPAUTH: with ESMTPA id 03AKj7TZM95bw03AMjw8Ko; Fri, 07 Feb 2020 05:55:28 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <567E8973-3658-4346-BE72-BE0282064A01@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8C3F6421-F9DE-408A-9DF1-BB441D495BD2"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 07 Feb 2020 12:55:23 +0000
In-Reply-To: <24800.1581078727@dooku>
Cc: "rats@ietf.org" <rats@ietf.org>
To: Michael Richardson <mcr@sandelman.ca>
References: <8BDAAE2E-9803-4048-AD5B-59233708E6FB@akamai.com> <1C16DAA0-D03B-417C-894A-30C4015AEED7@island-resort.com> <24800.1581078727@dooku>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfHmKedUrZhhXRLcpnA78lTOAThg5YClZgHfPVrIx7O2wbE457uH+9tNm9kkOCCU9JqQUno8EDJpB0/Szm1B6GgcApDBMNLTX6rP0jHESSPcsQe0RuT0u G8lqMXjorXTKK7pk83IAAjJdHXut7A25jmVbrAqL4t8H7yyCMbY4cVhFeXZrY/QwkEPJwqwq7wjOZg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/zrMbntfFoN08kSSqhBZkliDJuoE>
Subject: Re: [Rats] About (E)UID's
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 12:55:31 -0000


> On Feb 7, 2020, at 12:32 PM, Michael Richardson <mcr@sandelman.ca> wrote:
> 
> 
> Laurence Lundblade <lgl@island-resort.com> wrote:
> ...
>> I’m reluctant to rely on public keys for anything but signature
>> verification because I think we must support a variety of signing
>> schemes some of which don’t have a typical public key. One of these
>> will be HMAC for which there is no pubic key. Another is likely to be
>> ECDAA or such where the verification key material is a bit more complex
>> than a public key.
> 
> HMAC is a symmetric signature system, and I don't know how that would be used
> in practice.

Pretty sure it has been used in by some vendors and has certainly been considered by others. You’d better to use HSMs to store the secrets to be secure.


> 
>> The vendor is also allowed to change signing schemes and the means of
>> creating UEIDs in their manufacturing process.
> 
> I think that this is the bigger problem.
> 
> Making the UEIDs unique only within a manufacturer means that relying parties
> and verifiers have to become aware of when manufacturers roll things.
> Will TPM modules be updated with new keys?  I didn't think so, but they could
> wind up with renewed certificates, and the signing chain to get there could
> change.

UEIDs are carefully described in the draft so the manufacturer can change the means by which they are generated without affecting the relying party. The draft instructs the relying party to always treat them as an opaque blob of bits.

A change in signing scheme obviously would affect the verifier, but the relying party might not be the verifier and might not be affected.

> 
> This puts a lot of burden on the relying party.

> 
> So I think that 128-bit UEIDs are good enough for this decade, but I think
> that they are not good enough for my lifetime, so I want 256-bit UEIDs
> supported.  I don't want anything in between, because two sizes are enough.
> The document should say that ::128-bit-UEID is acceptable as a 256-bit UEID.
> That is, leading zeros can always be assumed.

Generally agree.

I don’t think we need to discuss leading zeros in the draft.  A 128-bit UEID is never equal to a 256-bit UEID. Map keys in CBOR with different lengths are never equivalent  We don’t write “___tent” to distinguish it from “portent” and such. 

Agreed on the size quanta, but was thinking 128, 192 and 256, in case someone super keen on saving bits wants to use 192 which is enough for all the use scenarios.

LL




> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email