IETF Logo Mail Archive

Re: [Rum] [EXT] RUM security model

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 15 October 2020 22:29 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17A143A0CF8 for <rum@ietfa.amsl.com>; Thu, 15 Oct 2020 15:29:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.214
X-Spam-Level:
X-Spam-Status: No, score=-2.214 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xs8PrSnlMWF3 for <rum@ietfa.amsl.com>; Thu, 15 Oct 2020 15:29:46 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2060.outbound.protection.outlook.com [40.107.93.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E1C63A0CF1 for <rum@ietf.org>; Thu, 15 Oct 2020 15:29:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=maJYSrHnFXxbO7Ox+KrsR8wll6ZwFwtsx7daHtxhynrtNWfg7xinK9Zlftvz5EtS8VP4MdMFz8P00gCl/NtO+N3hJp7iZAjkpRR2t6VMYtecRlO7JpLzu3wOGFiTpNReNeM5N5uw6xkwy2TYnhdwUkd7Xc/zwrIFk56GkdwFgbP41f29H2fTdUbGH/oHU/Wfc2zz0IvjCibe+Ex6U0ZwMMzW99Y8uBkZ8r8XzMVM9DWzvi7POXosXNVFXMPs1aI1htR4DM+qYt1X+2nK9ogFw7/7LkQy8ImSSNzkwY2ztsdoYr4HoL/yMroLTNZKSWbrt4cEbnHoOu2F2tn3HtlGAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EVcS+NUSxDgmdmMhOPjSIcS8B0cH8938aeh8gvBozl4=; b=jVUBJm+fL/PXR9dE877mm2uIWqI7GSHdzlm/LkZYlzEvtsBfMUoYzd4gKL8+8DOi1CqyMcBm1GgITVVoNk4v9nYMeZMpz6Pe4/bBBxF01zNa0mXNF2oH7cvwqo7CTdpoa9//1d/KpwTdpkuEHO4IGrEl/Y50+v7S93lFrb5YG2fkU+HZ5h8aplqv/eDE0E3I9zjwBl0/ppurk3CcKUjhV0C1Gxp+P/xSIJBj0rfnvfkbNYNDSs5YdZAQ4ygAMP6fU3CmGcnSCCazlzscnTQzwsx5sclwWXGhKC7NRTOvtUJTxvY5TvHaqN31zgi7vmAu9znc59JTKOUTHTG7l51dZg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EVcS+NUSxDgmdmMhOPjSIcS8B0cH8938aeh8gvBozl4=; b=KGI6HfwkceQX5qcJBQ29lUcBbtecX/7Bnvnoe3byF0HgG5uw8mvbGBJ6xdF5OXOHobeS3H3sKJwrhxi8nCiUMZA1eCrGdTVP2oNineIu15gixSygfdu2gQ8JYKhgV8yEsfnat7jpeOqMyDqUP26VyLf9o92kTsLY7AitoLRnxC4=
Received: from SN6PR01CA0003.prod.exchangelabs.com (2603:10b6:805:b6::16) by CY4PR1201MB0086.namprd12.prod.outlook.com (2603:10b6:910:17::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.25; Thu, 15 Oct 2020 22:29:34 +0000
Received: from SN1NAM02FT025.eop-nam02.prod.protection.outlook.com (2603:10b6:805:b6:cafe::62) by SN6PR01CA0003.outlook.office365.com (2603:10b6:805:b6::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend Transport; Thu, 15 Oct 2020 22:29:34 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT025.mail.protection.outlook.com (10.152.72.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend Transport; Thu, 15 Oct 2020 22:29:33 +0000
Received: from PaulKyzivatsMBP.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 09FMTWhH028759 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <rum@ietf.org>; Thu, 15 Oct 2020 18:29:32 -0400
To: rum@ietf.org
References: <159838856681.32208.2945571627178413540@ietfa.amsl.com> <E4141C48-64A1-4A34-81CD-2AFB098E411C@brianrosen.net> <eee4a662-9ccd-0ded-4639-76f5be34924b@alum.mit.edu> <3757_1601140882_5F6F7891_3757_32_1_a4a62f53-1571-56ec-35b9-7faecd4fa480@alum.mit.edu> <MN2PR09MB5948B9B3068E2AFA4EBE8A0AB9320@MN2PR09MB5948.namprd09.prod.outlook.com> <927a8854-51b9-c768-ee1e-5d0c4b76a45f@alum.mit.edu> <BYAPR04MB4983E82A884C12E33A316D60A3330@BYAPR04MB4983.namprd04.prod.outlook.com> <CAOPrzE0SvZKu5fhKv9vtivprmxu=Va0UtyttR8mJjAOUNeeFkQ@mail.gmail.com> <BYAPR04MB49831BE0D5B16E3DC64433C9A3020@BYAPR04MB4983.namprd04.prod.outlook.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <4d6ba97f-a83d-3d36-14a9-c6e84dd5b874@alum.mit.edu>
Date: Thu, 15 Oct 2020 18:29:31 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <BYAPR04MB49831BE0D5B16E3DC64433C9A3020@BYAPR04MB4983.namprd04.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 09f3a256-55b7-4d18-c7fd-08d87159cab2
X-MS-TrafficTypeDiagnostic: CY4PR1201MB0086:
X-Microsoft-Antispam-PRVS: <CY4PR1201MB008626C943145347E12C4D5FF9020@CY4PR1201MB0086.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: qawFJVxTeNXNklxNc8JtSFbxJWtw2ekn97s9gqMQj0ipHfuksiIuCwsX2fNRN4APVH50BhNDrlc8h18lnv3gAwp58PhW8MudD9k6x3Q3efYVO6eXWAQNSaDRcNs3r4dqbU3kfKpkJyUmdu29jLjGX8PFmkpKf0nuN4xnjDahyL8jxvyVKziRtJGmC/ujn0GaAPK0p996J1/e/sBmgK4KG6lP1bNxGFD+e4EGPKevl+3+8j6LLSb333wzyaOCZg6s7TJItIp6SnGcM94ABFxCZnKOkzVd90Le37Jjm0sGfYVbrDvjgvDm1+hMfcFkkDG5XsOgGXGuAjjOkTdtc++b4yo+msetMMslkeDKyA2FlzLH79InEWexfQ11Iyg98iK/KU5xxE7L4eDYWC6ADrh+89/ePsGoXKiY6k7zpWUxvjMXpuDNi29Sv6LgMUi9vGlSjKdyV2qWelAcQQeRQ1mOoMuTqbE8YJpel2h4KgAD5F06zQSNooOcJ12cPwuSCwDA
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(396003)(376002)(136003)(39860400002)(346002)(46966005)(83380400001)(786003)(82740400003)(956004)(316002)(2616005)(7596003)(47076004)(70206006)(70586007)(26005)(36906005)(53546011)(356005)(336012)(82310400003)(186003)(31686004)(86362001)(8676002)(2906002)(31696002)(6916009)(75432002)(15650500001)(966005)(478600001)(5660300002)(8936002)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2020 22:29:33.7865 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 09f3a256-55b7-4d18-c7fd-08d87159cab2
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: SN1NAM02FT025.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1201MB0086
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/CKrv5M5gHXwo19rGdLqkfNDr7xo>
Subject: Re: [Rum] [EXT] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2020 22:29:54 -0000

Eugene,

On 10/15/20 3:30 PM, Eugene Christensen wrote:
> Brian,
> 
> Admittedly I do not fully understand certificates and authentication but 
> would client certificates or mutual authentication with a shared secret 
> work here?

I'm also not a security expert. To my understanding, the key problem is 
that you want a proof that an implementation has passed some sort of 
test. That is more or less equivalent to having a special certification 
authority that is able to assign a certificate based on the passing of a 
test. But for the system to work that certificate needs to be bound to 
the entity (hw/sw) that passed the test. It can't be possible to 
transfer that certificate to a different device.

A possible alternative would be for each provider to have its own test 
service. When a user gets a new device/application, as part of the 
initial registration of their device with the provider, this test would 
be run. Then the result of that would be granting of credentials for 
that device to access that provider's system.

	Thanks,
	Paul

> Thank you.
> 
> Eugene
> 
> *CONFIDENTIALITY NOTICE.*This e-mail transmission, and any documents, 
> files or previous e-mail messages attached to it, may contain 
> confidential and proprietary information. If you are not the intended 
> recipient, or a person responsible for delivering it to the intended 
> recipient, you are hereby notified that any disclosure, copying, 
> distribution or use of any of the information contained in or attached 
> to this message is STRICTLY PROHIBITED. If you have received this 
> transmission in error, please immediately notify me by reply e-mail at 
> echristensen@sorenson.com <mailto:echristensen@sorenson.com>or by 
> telephone at +1 (801) 287-9419, and destroy the original transmission 
> and its attachments without reading them or saving them to disk.
> 
> *From:* Brian Rosen <br@brianrosen.net>
> *Sent:* Wednesday, September 30, 2020 5:47 PM
> *To:* Eugene Christensen <echristensen@sorenson.com>
> *Cc:* rum@ietf.org
> *Subject:* Re: [Rum] [EXT] RUM security model
> 
> [EXTERNAL]
> 
> I think we understand why you want it. What we don’t understand is what 
> mechanism would provide it. I am generally aware of this class of 
> problem and I’m not aware of a solution that will work.  So what we need 
> is a suggested mechanism that provides the assurance you want that is 
> technically sound.
> 
> Brian
> 
> On Wed, Sep 30, 2020 at 6:30 PM Eugene Christensen 
> <echristensen@sorenson.com <mailto:echristensen@sorenson.com>> wrote:
> 
>     Thanks for considering how we might implement this security
>     mechanism.  May I add my voice that it is essential that we find an
>     option for providing this desired security, whatever it is.  It
>     could be detrimental to the VRS providers to have UAs out there,
>     with the ability to register with VRS providers without first being
>     fully vetted.  It is our practice anytime we make updates to our UAs
>     to test how they work with our UAS before we ever release the new UA
>     software into our production environment.  We only want UAs
>     registering that have undergone this rigorous testing with our
>     systems and then only with users which we have awareness of.
> 
> 
> 
>     Thanks,
> 
>     Eugene Christensen
> 
> 
> 
>     CONFIDENTIALITY NOTICE. This e-mail transmission, and any documents,
>     files or previous e-mail messages attached to it, may contain
>     confidential and proprietary information. If you are not the
>     intended recipient, or a person responsible for delivering it to the
>     intended recipient, you are hereby notified that any disclosure,
>     copying, distribution or use of any of the information contained in
>     or attached to this message is STRICTLY PROHIBITED. If you have
>     received this transmission in error, please immediately notify me by
>     reply e-mail at echristensen@sorenson.com
>     <mailto:echristensen@sorenson.com> or by telephone at +1 (801)
>     287-9419, and destroy the original transmission and its attachments
>     without reading them or saving them to disk.
> 
> 
> 
>     -- 
> 
>     Rum mailing list
> 
>     Rum@ietf.org <mailto:Rum@ietf.org>
> 
>     https://www.ietf.org/mailman/listinfo/rum
>     <https://www.ietf.org/mailman/listinfo/rum>
> 
>

v2.23.0 | Report a Bug | By Email