IETF Logo Mail Archive

Re: [SCITT] Internet-Draft draft-ietf-scitt-architecture-05.txt

Robin Bryce <robin.bryce@datatrails.ai> Mon, 12 February 2024 08:00 UTC

Return-Path: <robin.bryce@datatrails.ai>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD42BC14F60C for <scitt@ietfa.amsl.com>; Mon, 12 Feb 2024 00:00:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jitsuin.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nv3F_oYFgy4 for <scitt@ietfa.amsl.com>; Mon, 12 Feb 2024 00:00:21 -0800 (PST)
Received: from GBR01-LO4-obe.outbound.protection.outlook.com (mail-lo4gbr01on2114.outbound.protection.outlook.com [40.107.122.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE629C14F5E3 for <scitt@ietf.org>; Mon, 12 Feb 2024 00:00:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NLuf0Y2MtRsWTZAsMK9mkLR9ACm+rRxa+HVS+XeZK9FO7iy8QmxQK/cNBJzNY8LV0nmLv9ybTbGzC6uXENf2Bb1oXgtobOVUahI6IwgIoHsKpYqrUtQElkckwt1lQ04KPlFSOhnrzQv8s4TZiB98W882rfecgU5OV/iuWC1LwmjyUBXRyifUx1itVy5dbbyDQrbUnLFGD5Eo2xzyNzoeMJItf+nF2cDJ+CL5Y81BW3bWBTl4Wtn/MbkELq2qv7UtinbSM8Aa6CYzl1YM4V81hqmdDgd4J0/F4cf9bwrxSMOrhO7rgjnvFMvPDzm0xTsZexkVkhlkLISMFOiY75sYbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZuMOGZBeowlNWPypi0za/0qhPw3oreR8sBs36NjJvvs=; b=N9dRDp6Slsen/esH7AspcAl6B1mTX7FCWUC2M2lm9NmDLwBz37YrG6Qgo0pzoJoF8x+XlGcfGRCiAiglFpRFXUoM9QH3XrGJ+Ok1xYVh5I32f6bHtHJ3A3OhsjC9UuK6A4bz0Pz1UBByq3+2LzlZhdq8mXSqzWM/azjphAdVQvNk/sjeYOhjeHF4ojHQmRPH36DMDjb2jVg+uiwHl9gRrWJPkRRWMc7bFMwE2kTSdggbZUjprfMmfswGWD+teRhfptS6GhsgvIfrwZOKbhP/Lt/VaXlZ5iugl+bI5rXrx41QZaTYj4QUNm4UJLHqker7AmZbUJAfw/7sRrWButHw5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=datatrails.ai; dmarc=pass action=none header.from=datatrails.ai; dkim=pass header.d=datatrails.ai; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jitsuin.onmicrosoft.com; s=selector1-jitsuin-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZuMOGZBeowlNWPypi0za/0qhPw3oreR8sBs36NjJvvs=; b=k7C13wK8OnrOCsWP90z4Fo66gJNlIoBktPmIQtzSk9E77i3HGcyv92Rsnco+9oA9Z6nGTbGSapJKPxYhTS3qaYKsvjnoyZGJSe/HilmnWq4iD8W897B87gx/aZI06ZK3CczlMWPNa6kgA88Rt20MJIW4FLlNum/1D4YLbY66JF0+9TaLG7AuVpZvYYiYl2F76igU+OsFed60cprLXIypGQTO504BqIHO0tX5YMaORDAGUOD3n1I90+JVxMgGjiZyZmioJPe0baxdS46nXUc1iHU8MR6FbV0NYqeYeD9xyUAmwq5t4oRxfFvexXiXdumRgLY1NgFtVj5mb/ehrOMGPw==
Received: from LO4P265MB4247.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:20a::5) by LO2P265MB2479.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:12f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.37; Mon, 12 Feb 2024 08:00:16 +0000
Received: from LO4P265MB4247.GBRP265.PROD.OUTLOOK.COM ([fe80::fcb5:bb15:60e5:6fe2]) by LO4P265MB4247.GBRP265.PROD.OUTLOOK.COM ([fe80::fcb5:bb15:60e5:6fe2%7]) with mapi id 15.20.7270.033; Mon, 12 Feb 2024 08:00:16 +0000
From: Robin Bryce <robin.bryce@datatrails.ai>
To: "scitt@ietf.org" <scitt@ietf.org>
Thread-Topic: Internet-Draft draft-ietf-scitt-architecture-05.txt
Thread-Index: AQHaXYdajLumXH3NFUKn3nXCISdB0g==
Date: Mon, 12 Feb 2024 08:00:16 +0000
Message-ID: <LO4P265MB424709B41AC8D1146DDB7707E4482@LO4P265MB4247.GBRP265.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=datatrails.ai;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO4P265MB4247:EE_|LO2P265MB2479:EE_
x-ms-office365-filtering-correlation-id: 05644a94-b0e6-48bd-ef91-08dc2ba0a684
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kXZak1dXSNlqt7n5Uc+A+H3XqIZlQq3sImEm0bW4uPVMYQRbhVOssZsfnAtXHtOIsKuWYDAD1SmPytUpYKDrk3jYiUJRmRXZ7nFYrzYc6eO4ChYWo75IYXL6Cz5SdHtNcwHbmdzoyUx98ceIIYKwfzeMmaUvAPp+E+0QRb6lnGBcqF8tK2+yjgtq5CFI6pRq9fmkwN5vp+hRMLPgiicDU0DLqMg76psAuXf2Y3ZCrz/8cy4QKN9IhH8dgMwr/grn1A2611vazIOKx+r4pdd1RZ/AMTs4daoxJc0GIS0Xjxn+V74KcKD67YFmv3YmDFS9Bh74fkL3IoqoqTgOh7WOBvwBY6Q52yhy/3zJS1Xsq/ZOffIQI1ZussG8ADZopZE2mOVoTXF45WAu8Mmnx3yp78hqVZtTtl3MtLRnhMVF/LalUzvl4DL2r4KYZQm2h0jpa86U/s0EhzykBRJ2Y0aueBUazKhugr4ITWaZ3GajAr/9RFm1ZO7xgb1nbXEEKkk5fXV0uJc8uGFeLDjSpZE5GBBd+NjhrDS7oQRwM3hvKwco2BWW/Nt1cQIydHRIhIOWR7MNJKizOI8zGFPsGgSXnavmsvX+v/i5+K4TmHJQP+Y=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO4P265MB4247.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(396003)(346002)(136003)(376002)(366004)(39830400003)(230922051799003)(186009)(64100799003)(1800799012)(451199024)(2906002)(44832011)(52536014)(8936002)(8676002)(5660300002)(83380400001)(33656002)(38100700002)(122000001)(86362001)(38070700009)(316002)(66476007)(64756008)(66556008)(66446008)(66946007)(166002)(6916009)(71200400001)(76116006)(6506007)(7696005)(478600001)(966005)(9686003)(41300700001)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /w4Kbq0fxTZgnUpTqOrOmMHi42iRJAzVPvNJFFE4s4yHfDsWfEgboGJ+KWXqAv8dJhiM1U65synqAk3HXjyU6A8NbPGprNqQsi3XsvoI5oJ8ljKU88S7YzHWttUw/DhUbwE/F0lurvIt/sPBJOA8gx9pHjSbBdmhNrH89okkTvgRaelG9f8174784wNIoLzYiB7FqBodwOQgFAdNMk9bpEvAip8LlDdqQuom7wBrF/HvDivYwI2P3tkqrxr8Xg91lA7bb2s2ECzwQkiTqMcpVBcxodMX3IFru0E39Ca7soQ/jrXGYamBfrUUWXszaNptgk7JUthyBJAB4CeYNz2uWbz8ykDjzqBfmpMYNhHGqWeQI9qvN2EWUZwzGPLleuudtOHP8x6BldtSQ1X7ZEbR1b8yidljIHKBjVAYDJQfP9HRvvxIpEkqW8ERbHMRh3o6LyTpB/gXsrPvAdwbnWFM+9ZWdEFT2kHGMqiE2+JAWmx84vymbH5blt921Z5zjakYHMrB7vgTBwLlXxont5HwneTUwPxP3gIkxIUpKrlumJysVtcvHamGeI3OJue3dWLUiW0DjdnT0RsX9nKHH5b0eIKPzfEGZvx3siGSrfAMvvqC92T03Owo3MdvPjZS3uhVVJNt/jbp+BD/NSidR+q6hPbXMNCowkNV3GGVTDkI0g4vCqYPzVLPpHovl1hxzJ6BZ3GQY1yBLFYTW9GXl6SWKsnCV3ZfFzXXAKuEBeJXz3R9DVg6oBX4H0yhZB14kJYewdhCbCsbTjDug8RxyHq0+F8B50H+7ocpPnBrCQaLn09WwjJfF10UQofPFBnCehvLbcTrL6VTNwyH0JWA7vCRUZ4RdfFfDcCP70/7aIWVwEv7qRP3s2thTdfILafKqNK5UEmacC9VD6XxRUz7OkgSYxKonqFDgB6X+6gWmIA73AR67IiUC9cSq7L0zGtuJHSuKnpXo/0j6e7MP3fnLnl0XWx/5cwlecVYgDLQGFn8GXCCLelj5TKl9GnItPu+SLvjwIvsPC1t/UgwBYmSL26Q1vjvJ/dGQ17q4a5ll3hmD7WEND8UmC1ztssyD8Cg2oRe4ADLx/UTmxSGWNoEfSHGPVDwg5FMr2qbrma9zPm+uYrJgwCcwrkDyqHVkpAmdEFYUAe4vdhgOfUZvJU3t6xk3NUnIeRhDc+wUyuYs6Cg59SZCcy7Lb/j8NL2vULIicUPsQc1ojoH4yr+B/NPWzOELl09HvQhWi0LY0htvs9gWRkdVbAWbce3ipkQlzuxog7SFMEEx+i6taphE4HxDaub+OytHcEYJ3mPVGy+UT9Uw4ewtb5DfdcbA9NiZrsasqRtUUzwpr86nrM7rxMeYUITOT8HIxTHXyLBBp4sXHO1yuVZnKzszq5k8tqZ7nvIjtPgDusgijw/VmpRBwy2WvLFSauPTQEs/vOcEmE7s9mmZUQDp6+EG5N+5wcP3patkEpr0zhLLaCKstdauZzZmsJD5Mh/+y3T8T1ZIMhOHMNrR2Gwzjhf+SP/rfM+egoCqYYLkihbWVREm2bufCALsbvQ0dRzx+rLLMQTdr0e37tDxFkm/muazZAAdYfbQOTuvqXB36GqtxHpDfZ3qWTyN9PYyuS+wCQTj3cAHNYMLxyxjhUxeRLfRXTjXJgt3LMYh7WYxOwW4abTEYLJJOonca1WvJ2SAYbd5SnbxEHflEmlB8Q=
Content-Type: multipart/alternative; boundary="_000_LO4P265MB424709B41AC8D1146DDB7707E4482LO4P265MB4247GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: datatrails.ai
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO4P265MB4247.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 05644a94-b0e6-48bd-ef91-08dc2ba0a684
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2024 08:00:16.7843 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e6cd7cbd-4331-4942-b28d-a327d99a088a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dKZN4aeaAT9TnGxif6RFav+3CGiTPc5zrbF1mr102f3M+xmeCg+MhFFD41Wxpx7wpFVRRey6SocEZUdgNqpSQi7LxTwg0bDWsAn1BIgjEMc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB2479
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/3rsyFUtoTHWRtzom1LkpwD-uf-U>
Subject: Re: [SCITT] Internet-Draft draft-ietf-scitt-architecture-05.txt
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 08:06:36 -0000

Hi all,

Thanks for all the work that went into the new draft. I have some feedback & questions.

4.1.1 Initialization


This appears to prescribe the precise contents of the initial log entries in the name of solving a verification problem - that the statement verification requires a trust anchor in order that verification can be successful.

I don't understand why the trust anchor needs to be in the log in a particular position. Verification is just contingent on is availability. I also don't understand why it needs to be in the same log or any particular log at all.

It creates significant operational problems inserting these sorts of requirements, and it’s very intrusive with regards the log itself.

I think this section implies that an Issuer can submit a Registration Policy to self-attest its keys and scope of use and that becomes the thing the Transparency Service later verifies against? If that really is desired, then I think the last paragraph "This specification leaves implementation, encoding and documentation of Registration Policies to the operator of the Transparency Service" leaves scope for implementors to support that.

Precisely how registration policies are established ought to be the business of the individual log implementation.

4.1.2 Registration

Re: 2.

"Issuer Verification: The Transparency Service MUST perform resolution of the Issuer's identity. This step may require that the service retrieves the Issuer ID in real-time, or rely on a cache of recent resolutions. For auditing, during Registration, the Transparency Service MUST store evidence of the lookup, including if it was resolved from a cache."

A requirement to verify issuer identities in real time does not guarantee that maliciously or mistakenly signed items will not reach the log. Compromise of the identity may be discovered after the statement has been accepted on the log, and then we are no better off than had we simply relied on cryptographic verification. It is always going to be down to auditors, verifiers, and log consumers in general, to use the attested data to reach their own conclusions. And those conclusions may well change over time.

Having this as a requirement does not help solve these problems, it complicates the implementations, and it will be a significant performance bottle neck.

Deferring id verification to the point at which a receipt is asynchronously requested could be a workable compromise.

Secondly, it is far from clear what "evidence of the lookup, including if it was resolved from a cache" would look like in the real world. I don't think it is feasible for SCITT to specify that in detail. So the requirement is very ambiguous.

Re: 7

Receipts should be an optional part of the registration process. There exist verifiable data structures which enable receipts to be generated in the future which are provably identical to the receipt that would be issued at the time of registration. Decoupling these allows for higher volume use cases where receipts aren’t desired for all statements, or at least not desired immediately. This rests on the ability of the log implementation to provide tamper evidence and provable log consistency. There are efficient ways to batch proof (and hence receipt generation), that would be un-usable if a receipt is a required part of the registration process.

The wording in the Registration section isn't super clear about if and how this sort of batching is accommodated.

"A Transparency Service MUST ensure that a Signed Statement is registered before releasing its Receipt" this means the log entry for the signed statement must be committed to the log before the receipt can be created. That log entry itself cannot be a transparent statement because the receipt is its inclusion proof in the log. I think this is probably obvious, but some of the wording could imply the transparent statement is a log entry.

The wording at the start of 4.3 is much clearer in this regard.

4.2 Signed statements

"Support for x5t is mandatory to implement" Why is this helpful ? If I use a cnf claim and an iss to fetch an openid connect style well known document over https and then check the kid and public key match what is in the claim, don't I, as a transparency service implementor, get all the benefits of TLS certificates without exposing the implementation to the burden of x509 verification ? And that TLS certificate & its verification may well be backed by a transparency service in the full ness of time, but it’s actually more robust if its independent and opaque.

Surely it is sufficient to say implementations MUST implement either x5t or kid/cnf ? Is there a thread or reference somewhere I can read to catch up with the arguments either way on this ?

4.3 Transparent Statements

"Receipts are based on Signed Inclusion Proofs as described in COSE Signed Merkle Tree Proofs" I understood merkle based logs were one of the options and that the standard wasn't fixing on merkle based logs. Is this still the intent ?

4.3.1 Validation

"In order to verify the inclusion proof that is included in the Receipt, the verification process for the inclusion proof MUST be performed as described in the document that registers corresponding Verifiable Data Structure Parameters https://www.ietf.org/archive/id/draft-ietf-scitt-architecture-05.html#I-D.draft-steele-cose-merkle-tree-proofs"

This is a useful and helpful draft, but it only contains RFC9162_SHA256 in its registry. What should implementations do in advance of being able to register here ?

7.2.6 Impersonation

"It is up to the Issuer to notify Transparency Services of credential revocation to stop Verifiers from accepting Signed Statements signed with compromised credentials" this means the guarantee isn't terribly useful. It’s always going to require after the fact retrospective analysis to figure out which statements were recorded while the identity was unknowingly compromised. The guarantee is misleading. It is sufficient to guarantee that the identity presented at the time of the statement is evident in the log.

Hope this is useful and constructive. Thanks again for the great work!

v2.23.0 | Report a Bug | By Email