[SCITT] Constraints on unprotected data in receipt...
Ray Lutz <raylutz@citizensoversight.org> Wed, 10 May 2023 22:32 UTC
Return-Path: <raylutz@citizensoversight.org>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94327C151B11 for <scitt@ietfa.amsl.com>; Wed, 10 May 2023 15:32:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.085
X-Spam-Level:
X-Spam-Status: No, score=-2.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=citizensoversight.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oKp8qVDeLnU for <scitt@ietfa.amsl.com>; Wed, 10 May 2023 15:32:23 -0700 (PDT)
Received: from vps5.cognisys.com (vps5.cognisys.com [69.73.173.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B5B6C1522C8 for <scitt@ietf.org>; Wed, 10 May 2023 15:32:22 -0700 (PDT)
Received: from [192.168.123.225] (ip174-65-13-111.sd.sd.cox.net [174.65.13.111]) by vps5.cognisys.com (Postfix) with ESMTPSA id 84E11234BA for <scitt@ietf.org>; Wed, 10 May 2023 18:32:20 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citizensoversight.org; s=default; t=1683757940; bh=OW5FPvARefy6NOGAVEWKTYbVHDY62gE4Fpb11gqyi4s=; l=1820; h=To:From:Subject; b=nL5BBhlRBNDjs4Aekf5XO5SzXA7Juy2eLMYS5vfVsCrYSMXhIlL1GQl7mVN65LK/m ZqQNbrWBqGwlMwBbkZRGUdy13cnk6qL/dD6WMABmqSKpWmKjQicgy3cB5RkKqC2f5x Ke6YUZrYryJHhBVf2Ppd69lzCmV+2yZhWUFO93HE=
Message-ID: <5b797713-0618-1eb2-1b74-ecee65af423b@citizensoversight.org>
Date: Wed, 10 May 2023 15:32:18 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1
To: "scitt@ietf.org" <scitt@ietf.org>
Content-Language: en-US
From: Ray Lutz <raylutz@citizensoversight.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/nAsOf-yxxJ1kSrd52DqJn9LfVKA>
Subject: [SCITT] Constraints on unprotected data in receipt...
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2023 22:32:27 -0000
Hi SCITT list: Henk asked me a question the other day and I had more time to think about it, and so I am providing these ideas to the list. The question is: Should the public key appear in the unprotected portion of the receipt, or can it be an id of the public key. The answer I think is driven by a rule I think is appropriate for the design of the SCITT architecture. This rule is that the receipt should be testable without consulting any other resource, to a great extent, but indeed not fully. If the public key is included in the receipt, then we can check the consistency of the receipt without an internet connection, and even in an air-gapped environment. If we have only a "public key ID," then that may not comply with this rule, bc then the public key has to be looked up using the ID and that may not be possible. Thus, including the public key in the receipt of the SCITT service would be the best course. Given a SCITT receipt, it should be possible to check the consistency using the public key without any other information. Later, and if the user is no longer in an air-gapped isolated network, the certificates can be checked etc. to further substantiate the data. Further, I notice in the architecture docs the idea that the public key and private key of a SCITT service has to be consistent for a long period of time. That is obviously not a good idea, as we will need the option of rotating keys and upgrading algorithms. So that should not be an underlying assumption. But it also means that there may be a set of keys and with each the signing algorithm that need to be maintained to allow the older receipts are to be validated. --Ray -- ------- Ray Lutz Citizens' Oversight Projects (COPs) http://www.citizensoversight.org 619-820-5321
- [SCITT] Constraints on unprotected data in receip… Ray Lutz
- Re: [SCITT] Constraints on unprotected data in re… Orie Steele
- Re: [SCITT] Constraints on unprotected data in re… Hannes Tschofenig
- Re: [SCITT] Constraints on unprotected data in re… Orie Steele
- Re: [SCITT] Constraints on unprotected data in re… Dick Brooks
- Re: [SCITT] Constraints on unprotected data in re… Ray Lutz
- Re: [SCITT] Constraints on unprotected data in re… Ray Lutz
- [SCITT] Fwd: Constraints on unprotected data in r… Ray Lutz