Re: [SCITT] SCRAPI: Registration with Proof of Possession
Orie Steele <orie@transmute.industries> Fri, 08 December 2023 14:34 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABB13C47A228 for <scitt@ietfa.amsl.com>; Fri, 8 Dec 2023 06:34:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id glMrfPcr4K_m for <scitt@ietfa.amsl.com>; Fri, 8 Dec 2023 06:34:09 -0800 (PST)
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B41FEC47A223 for <scitt@ietf.org>; Fri, 8 Dec 2023 06:34:09 -0800 (PST)
Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-5c230c79c0bso1506905a12.1 for <scitt@ietf.org>; Fri, 08 Dec 2023 06:34:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1702046049; x=1702650849; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=YdmwWnrUERD4VxEnG9Bi/HDXIYdQnIQBEXHVKsn551g=; b=WXFVMr5GTHZ7rbvIgUYH7ZTIWNTLMn1Z4etUrHpYqR1kYGN5q06ZlViglYEo4POsgK 4vItS1ZudYTq3llA7JeZloOMgJjIgzrWuaZL2nSzUfJhi8aojLOKFe8+opo3XK2w6z84 tgkyqxSmYI6KcEq77m/8KktixO3f4SPPmrGj0UsKaEc1UpvWhiCngQFsKqrciFam4/RX tKtRSpYvO9LSqxwqh5yYWAcE6SE6xP+9vCJs+T/fXfA0s1vn+pwFmoCtKBSq8lGMQif+ D2UhOScWlrdj4avM+KF5Fv5etQPsMdViILX4AP8U8DTWWMJ2OAs3pbeKMuNIcoAG/7h5 xP0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702046049; x=1702650849; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YdmwWnrUERD4VxEnG9Bi/HDXIYdQnIQBEXHVKsn551g=; b=rI9+vGIvTHi8Tcx8bmHZYL9IL4wWx/HiTYmfvaK/6J8PUF/QCY0IMUc/JQvxoIzZ/O LYkvjkf8BuXPcgtXeoV/sln5Wk1TL+yTM0AnBQ4F8V0q+ftJookkYYw6BzmrSx7RPGg9 eF6umTkF7ZkY5QBi1oljibarGDKbdKS6SpyZUzbqhjLqXtfZ6vOAIeDzoDUWzK/RlvzD 8tD4GgNRXYY6UObEot4Qi5Li6lkC0aIsU3xU3ywFigbuv/Dee2gJ4KcLxS1hP/AnovhU Gxbd1ZUiEZ+4jrdRTV5zKC76axXZAmACMwXPRcIV3kbIJ/BGMszcu5e9AxtC2KYG4Et8 5RnA==
X-Gm-Message-State: AOJu0YwQ8G1jz7NzoEHK4dwYO4ptsHFX7QSCAjtHqeEoMxLD7fzNrxdr 7B6T+yBi/2MGTGiNq4gznbYeZ7JZ3PT4lu/6SzQuwSnNO2kvV3comcQ=
X-Google-Smtp-Source: AGHT+IFfjdbReOhGrr1o59OrDeFHPwRQtsa5yohFQwtdoY8oNxj3yvNBgZutqDlJyP2xqVXiBE8wylrEdDOqHy7f9+4=
X-Received: by 2002:a17:90a:5787:b0:286:b6bf:e6d5 with SMTP id g7-20020a17090a578700b00286b6bfe6d5mr134997pji.14.1702046048725; Fri, 08 Dec 2023 06:34:08 -0800 (PST)
MIME-Version: 1.0
References: <CAN8C-_+GEKc9Xk7_CXgvVR-X40Bq8nfe9PsLs3x5NwGE0eG9Vw@mail.gmail.com> <CAN8C-_JL7qizQJ3Juzxt5Q9qmo5fkoQauAS3uR=6hAB=oqYQEg@mail.gmail.com>
In-Reply-To: <CAN8C-_JL7qizQJ3Juzxt5Q9qmo5fkoQauAS3uR=6hAB=oqYQEg@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Fri, 08 Dec 2023 08:33:57 -0600
Message-ID: <CAN8C-_+-FEHnaTJw8DQ8G5dpeWL882snGiD7Zo6ArwBYhTxRPw@mail.gmail.com>
To: scitt <scitt@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002042ff060c007a0c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/RAcuPyXqxCuZTg9e7S5bN-SBaPA>
Subject: Re: [SCITT] SCRAPI: Registration with Proof of Possession
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2023 14:34:13 -0000
I opened a draft PR to SCRAPI to capture some of this, and I have a PoC implementation of it for SD-JWT that can be adopted for SCITT Signed Statements. https://github.com/ietf-scitt/draft-birkholz-scitt-scrapi/pull/9 OS On Wed, Dec 6, 2023 at 10:50 AM Orie Steele <orie@transmute.industries> wrote: > After a chat with Richard Barnes, I think there are a few things happening > with `cnf` and key binding, that we should probably consider > independently for scitt: > > 1. Registration Policies that require fresh signatures from issuers. > 2. Registration Policies that require issuer's to commit to a recent tree > head. > 3. Registration Policies that require additional context binding and a > fresh signature from the issuer bound to special context. > > 1 and 2 are basically both about "time". > > If the Transparency Service does not trust the issuer to be honest about > time, the transparency service can force the issuer to include a time > commitment from the transparency service in their registration with binding > to their confirmation public key. > > In the case the "nonce" is a timestamp, the TS rejects key binding tokens > that are outside some window. > > In the case the "nonce" is a recent tree head, the TS rejects key binding > tokens that are not to a tree head inside some window. > > In the case the "nonce" is a "challenge token", the nonce is some special > context, the TS rejects key binding tokens that lack this special context. > > There is an opportunity to make the registration none interactive and one > shot, assuming the following is acceptable: > > 1. The key binding token nonce is a "recent timestamp / tree head" > 2. The transparency service rejects key binding tokens with nonces that > are not "recent" > > There is an opportunity to make the registration interactive and context > binding, assuming the following is acceptable: > > 1. The transparency service includes specific context the issuer must > commit to in their "challenge token". > 2. The issuer uses the challenge token as the nonce in their key binding > token. > 3. The transparency service rejects key binding tokens with nonces that > omit required context > > In this second case, imagine a "dynamic registration policy" > > Holder (Issuer) asks Verifier (Transparency Service) for a challenge token > for a Customs Entry for 16056100. > > The transparency service knows that animal products require certificates > to be imported, and issues a challenge token that looks like this: > > iss: "https://transparency.example" > aud: "https://transparency.example" > iat: ${now} > exp: ${now + 7 day} > > current_tree_head: ... (not all TS are trees) > current_policy_hash: ... (not all policies are stored in trees) > > entry_number: 42 > hts_codes: [ 16056100 ] > > The holder starts registering signed statements, each is bound to the same > "challenge token". > > The first signed statement covers a phytosanitary certificate for the sea > cucumber processing facility. > > The regulatory requirements change. > > The second signed statement covers the (now required) export certificate > for sea cucumbers. > > The transparency service would normally have rejected the second signed > statement, but because of the context in the challenge token, the > transparency service knows that the second signed statement is now actually > required. > > The holder did not need to request a "new challenge token" when the > regulatory changes happened, and the holder still had to prove > possession of the public key bound to both certificates ( and these public > keys are different ). > > I chose to make this context scenario about sea cucumbers, but it could > easily have been about network capable hardware devices that need to comply > with regulations specific to Radio Antennas and GPUs... In those cases > there would be firmware certifications required, and compliance > requirements might change inside the transaction window. > > This also solves the problem of forcing the issuer to commit to the > registration policies as they exist at the time the "challenge token" is > issued. > > The TS can reject registrations that are committing to stale policies, or > accept registrations that are commiting to stale policies, because the TS > will know which policies the issuer is committing to by checking the > challenge token. > > In the case that proof of possession is not required, and there is no need > to commit to policies, the challenge token can be omitted, and the > registration can proceed exactly as it is specified today. > > OS > > > > On Wed, Dec 6, 2023 at 8:10 AM Orie Steele <orie@transmute.industries> > wrote: > >> Hello Transparency Enthusiasts, >> >> There are some artifacts that are meant to be controlled only by specific >> parties. >> >> For example: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/ >> >> When registering a SD-JWT with key binding, the holder (issuer in scitt >> terminology), needs to demonstrate that they control the public key that is >> bound to the token using the `cnf` claim. >> >> In order to do this, they need to get a nonce from the verifier, and >> include the nonce in their presentation (registration in scitt terminology). >> >> OAuth / OpenID for Connect / Browser APIs have ways to do this, but they >> each are more complicated than what SCITT needs. >> >> In SCITT, we only need the transparency service to offer a "signed >> challenge" instead of a nonce, and for the holder to sign this challenge so >> the transparency service (verifier in other terminology), can be convinced >> that the issuer controls the key bound to the artifact. >> >> In reviewing relevant RFCs, I re-read ACME, and there are a lot of >> excellent ideas in it, many of which are relevant to "DIDs" or proving >> control of existing identifiers: >> >> https://www.rfc-editor.org/rfc/rfc8555.html >> >> I built a small PoC that is inspired by ACME, but focused only on >> delivering this challenge from the verifier to the holder. >> >> >> https://github.com/transmute-industries/dune/blob/ac75ff595ae87f19b3cbef693b3f61ed02b2e845/scripts/present-with-key-binding.sh >> >> Although this example uses W3C Verifiable Credentials and SD-JWT / YAML. >> >> The same approach works with CBOR and COSE, or SD-CWT: >> https://datatracker.ietf.org/doc/draft-prorock-cose-sd-cwt/ >> >> This "dune" prototype was built for >> https://datatracker.ietf.org/group/spice/about/ ... but it has the same >> key discovery and identity building blocks as SCRAPI. >> >> Specifically, they both use well-known URIs to discover the transparency >> service's issuer metadata: >> >> >> https://github.com/transmute-industries/dune/blob/ac75ff595ae87f19b3cbef693b3f61ed02b2e845/public/openapi.yml#L20 >> >> https://github.com/ietf-scitt/draft-birkholz-scitt-scrapi/blob/main/oas/openapi.yml#L21 >> >> A few questions for the list: >> >> - Is this challenge / nonce approach ok? I prefer to not make the >> verifier be stateful in the way ACME is stateful wrt tokens and key >> authorizations. >> - Is registration with pop in scope for SCITT? >> - Would it be helpful if I were to update dune to support the SCRAPI >> interfaces, and demonstrate the same things with COSE / CBOR ? >> >> Regards, >> >> OS >> >> >> -- >> >> >> ORIE STEELE >> Chief Technology Officer >> www.transmute.industries >> >> <https://transmute.industries> >> > > > -- > > > ORIE STEELE > Chief Technology Officer > www.transmute.industries > > <https://transmute.industries> > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [SCITT] SCRAPI: Registration with Proof of Posses… Orie Steele
- Re: [SCITT] SCRAPI: Registration with Proof of Po… Orie Steele
- Re: [SCITT] SCRAPI: Registration with Proof of Po… Orie Steele