IETF Logo Mail Archive

Re: [Rum] [EXT] RUM security model

Brian Rosen <br@brianrosen.net> Fri, 16 October 2020 00:24 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AC0B3A0D36 for <rum@ietfa.amsl.com>; Thu, 15 Oct 2020 17:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ng6YQaHTcE1N for <rum@ietfa.amsl.com>; Thu, 15 Oct 2020 17:24:43 -0700 (PDT)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1CD03A0D33 for <rum@ietf.org>; Thu, 15 Oct 2020 17:24:42 -0700 (PDT)
Received: by mail-qt1-x829.google.com with SMTP id c15so641511qtc.2 for <rum@ietf.org>; Thu, 15 Oct 2020 17:24:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vckQu6xMJ3+oqAklqe4RrN/nqV0t4JF6vmf6SLGwSxM=; b=InNEXxiJBYUA6k2uXhijzNdaJZK+ziHfeaGx6QI6RBDyE49gpww5J7qTJAwTxYMJcN wBfGtxgNJBpZbmU1S8x1TR1OKkKLCxAiUvsHGMUTmBrzDWNKdPbgDyaRSfTbWoyuthAz LFMWcT2uRLlM34gYdsYUwyZgMDf5xfPH7KcBG6J+rKmqLghIYZvuaZSUhI7tEPfaZs+H yU/4usYF+9la9qPDuC53+2liqx7UpU1Np+BRgkjFjhvc7zJtunuwJgkOTackgBpmXN0E UC3XMf79vqcuDns7g2jx7xkFVozKK2vsHGJbc8+LZK6NmB3DeitC5dV6W+dPj/8MGho6 idEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vckQu6xMJ3+oqAklqe4RrN/nqV0t4JF6vmf6SLGwSxM=; b=AeCE0YRH95cwBesrPmwulfyjya3OORvtkj1y0TKrSSbS4IpVNZ6b8IKAIDOvrH2kdW pOK6OUc5I2MQgPelOK/IIxVv9loAa2fPUrv7MDTRY/H9fauqkb9qQhW5SWDDP4VAzUwT XlwoQ1297l9xui4sOudvKaUjuk31L3+RWqJwdUZAbwtvseRBy27DGSPZsJFpg/0WK1yT Y2PHoPwosVqhIpyEvrUkr9Qn5PLB0Ihpubk0ws9vLJWjcBZb1GY/EQ8BXSXEmSiUKx7W XIh0y1Poo63qWAJpZLNCyYVCi56X2xQsSc3RnpASqF76a+SrQYENUGUhjQe8HxIpNy+3 qUCw==
X-Gm-Message-State: AOAM532j9bFUaOkgPPUnBFwRjeUp+ee4Cf5BRoqlwm9gXhJykMcFi+ua QhS4sxSZZ51Fnqh+HJwPHoCpxtyS/a7osXQaM/gNdA==
X-Google-Smtp-Source: ABdhPJyT8AYeypeNH3QtfSGKJL6r2z/tBRVwhYH3Gb7qCVRR/NGq0mmo8WkyHWSkdrhxZyLvUkPyBrP/D6kbks2qRYE=
X-Received: by 2002:ac8:44bc:: with SMTP id a28mr951625qto.214.1602807881891; Thu, 15 Oct 2020 17:24:41 -0700 (PDT)
MIME-Version: 1.0
References: <4d6ba97f-a83d-3d36-14a9-c6e84dd5b874@alum.mit.edu> <7A11F680-9EA6-4477-9BD8-6A7755AD0054@brianrosen.net> <7fdb95e6-e954-7275-60f7-462cf07eff0e@alum.mit.edu>
In-Reply-To: <7fdb95e6-e954-7275-60f7-462cf07eff0e@alum.mit.edu>
From: Brian Rosen <br@brianrosen.net>
Date: Thu, 15 Oct 2020 20:24:31 -0400
Message-ID: <CAOPrzE1ONDUcGwvcfRhpyu9YM5JJJD92AsLKaeXvXqH4fmNbBw@mail.gmail.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Cc: rum@ietf.org
Content-Type: multipart/alternative; boundary="000000000000719bc405b1becaff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/DTELP039aRmRIwnmsJOwgQh-5YA>
Subject: Re: [Rum] [EXT] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2020 00:24:45 -0000

Nope, it just takes a hacker to create a piece of code that patches an app
to look like another app.

On Thu, Oct 15, 2020 at 8:19 PM Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:

> On 10/15/20 7:52 PM, Brian Rosen wrote:
> > I don’t think even that would work because there isn’t any way to know
> that the app that was approved is the app that is being used.
>
> Yes, I guess you are right. But at least it would require the end user
> to enter into a conspiracy with the app developers, and be able to get
> the credential out of one app and into another.
>
>         Thanks,
>         Paul
>
> > What systems like iOS does is rely on the fact that you can’t download
> and run an app that hasn’t been vetted. The code is signed and the
> signature is checked every time the app starts. We don’t have an
> environment like that.  We can’t control what is downloaded and we can’t
> check signatures.
>
> > I don’t think there is a reliable way to do this. If someone has an
> idea, please explain it, but we can’t be in a “you do something” position
> without a clue as to how.
> >
> > Now, if the app was an iOS app, then the right thing happens. There are
> few other systems that are wired down like that. Android, for example,
> allows you to download and run from arbitrary sites if the device is
> configured to allow that.
> >
> > Brian
> >
> >
> >> On Oct 15, 2020, at 6:30 PM, Paul Kyzivat <pkyzivat@alum.mit.edu>
> wrote:
> >>
> >> Eugene,
> >>
> >>> On 10/15/20 3:30 PM, Eugene Christensen wrote:
> >>> Brian,
> >>> Admittedly I do not fully understand certificates and authentication
> but would client certificates or mutual authentication with a shared secret
> work here?
> >>
> >> I'm also not a security expert. To my understanding, the key problem is
> that you want a proof that an implementation has passed some sort of test.
> That is more or less equivalent to having a special certification authority
> that is able to assign a certificate based on the passing of a test. But
> for the system to work that certificate needs to be bound to the entity
> (hw/sw) that passed the test. It can't be possible to transfer that
> certificate to a different device.
> >>
> >> A possible alternative would be for each provider to have its own test
> service. When a user gets a new device/application, as part of the initial
> registration of their device with the provider, this test would be run.
> Then the result of that would be granting of credentials for that device to
> access that provider's system.
> >>
> >>     Thanks,
> >>     Paul
> >>
> >>> Thank you.
> >>> Eugene
> >>> *CONFIDENTIALITY NOTICE.*This e-mail transmission, and any documents,
> files or previous e-mail messages attached to it, may contain confidential
> and proprietary information. If you are not the intended recipient, or a
> person responsible for delivering it to the intended recipient, you are
> hereby notified that any disclosure, copying, distribution or use of any of
> the information contained in or attached to this message is STRICTLY
> PROHIBITED. If you have received this transmission in error, please
> immediately notify me by reply e-mail at echristensen@sorenson.com
> <mailto:echristensen@sorenson.com>or by telephone at +1 (801) 287-9419,
> and destroy the original transmission and its attachments without reading
> them or saving them to disk.
> >>> *From:* Brian Rosen <br@brianrosen.net>
> >>> *Sent:* Wednesday, September 30, 2020 5:47 PM
> >>> *To:* Eugene Christensen <echristensen@sorenson.com>
> >>> *Cc:* rum@ietf.org
> >>> *Subject:* Re: [Rum] [EXT] RUM security model
> >>> [EXTERNAL]
> >>> I think we understand why you want it. What we don’t understand is
> what mechanism would provide it. I am generally aware of this class of
> problem and I’m not aware of a solution that will work.  So what we need is
> a suggested mechanism that provides the assurance you want that is
> technically sound.
> >>> Brian
> >>> On Wed, Sep 30, 2020 at 6:30 PM Eugene Christensen <
> echristensen@sorenson.com <mailto:echristensen@sorenson.com>> wrote:
> >>>     Thanks for considering how we might implement this security
> >>>     mechanism.  May I add my voice that it is essential that we find an
> >>>     option for providing this desired security, whatever it is.  It
> >>>     could be detrimental to the VRS providers to have UAs out there,
> >>>     with the ability to register with VRS providers without first being
> >>>     fully vetted.  It is our practice anytime we make updates to our
> UAs
> >>>     to test how they work with our UAS before we ever release the new
> UA
> >>>     software into our production environment.  We only want UAs
> >>>     registering that have undergone this rigorous testing with our
> >>>     systems and then only with users which we have awareness of.
> >>>     Thanks,
> >>>     Eugene Christensen
> >>>     CONFIDENTIALITY NOTICE. This e-mail transmission, and any
> documents,
> >>>     files or previous e-mail messages attached to it, may contain
> >>>     confidential and proprietary information. If you are not the
> >>>     intended recipient, or a person responsible for delivering it to
> the
> >>>     intended recipient, you are hereby notified that any disclosure,
> >>>     copying, distribution or use of any of the information contained in
> >>>     or attached to this message is STRICTLY PROHIBITED. If you have
> >>>     received this transmission in error, please immediately notify me
> by
> >>>     reply e-mail at echristensen@sorenson.com
> >>>     <mailto:echristensen@sorenson.com> or by telephone at +1 (801)
> >>>     287-9419, and destroy the original transmission and its attachments
> >>>     without reading them or saving them to disk.
> >>>     --     Rum mailing list
> >>>     Rum@ietf.org <mailto:Rum@ietf.org>
> >>>     https://www.ietf.org/mailman/listinfo/rum
> >>>     <https://www.ietf.org/mailman/listinfo/rum>
> >>
> >> --
> >> Rum mailing list
> >> Rum@ietf.org
> >> https://www.ietf.org/mailman/listinfo/rum
>
>

v2.23.0 | Report a Bug | By Email