[SCITT] Claim revocation & freshness
Antoine Delignat-Lavaud <antdl@microsoft.com> Wed, 04 May 2022 17:40 UTC
Return-Path: <antdl@microsoft.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E77C1594BF for <scitt@ietfa.amsl.com>; Wed, 4 May 2022 10:40:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.574
X-Spam-Level:
X-Spam-Status: No, score=-7.574 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TnwLGRGHWOVJ for <scitt@ietfa.amsl.com>; Wed, 4 May 2022 10:40:19 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on071f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::71f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B45E5C1594B3 for <scitt@ietf.org>; Wed, 4 May 2022 10:40:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RISDoERCIFEBHvuFrHqNoWuIKbBH8SiCbJEhBSoCshEhtLcMMZdvFDxRtyU990r/GId4XxzGXn0KdTl+QZtkCfqlTcBozNualsRnu0UyeexTLjhEyNZQuJbuVcYu7oY64mq4a8e1DyuVvAlQjT2jb0LKxiPTWxxdUPsagczbsxP771gJu3D/G2r7tTfh2rvTHYkdFIgvzfHkwa69OsMRONyTjzO5zDK2kJxkzQerHGlxJZVrwNGk8ErXspi3ac9ah98DhoB4ww8kWcEvsIM5eiEPkGgu/sv5+52PGoT7NNi8BaFMLkMsa5zKDbMtSQ9zGAL6psAK66GUObNC9MWWKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RTlf70Tox+be3wEHmauaJsN8SyVhwg+RX5+7ZAa8DLI=; b=OzfJMLpq36NFpHHYxaeR0Mw6t9Fmzbzhd30elCeHTsc2x3CZraegoixrJBf9gKkEoOxnMGCUpM9KiMbcN894beGWKKnKBSZBNY6FhchDg75W3yPCMriowZa2gCqverCeVDHD1tbUddWC6MIGAUHz5rrLmL/V4G7HK8TjhqFSpVumURQ9cMuf8QLigzkA5TUSdLkLjpqEdLXLY/5iJpVOH8SjcJXETFbgNOsJWqs9r/S55szw75wMzinbSk83bRUZ4l5+LPb62GZJ6lPoB6bA3P+c2/5XSR4Ha8mvg7eNvGfj8cSw4Avpu+x+EklD2idh4JzWdS1hjm6mAkRqukcNhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RTlf70Tox+be3wEHmauaJsN8SyVhwg+RX5+7ZAa8DLI=; b=f+Xr/KEf4J4EOSYMrg5p9HISLLP8pEW5C2Nf3H65/ZV29Y3QjVJ5YaZ3J7JpyiSO4Zmg3mrReYFGPNqAafgL6vsGSJFWsobjQAoBB3AgKIQEYt+l2aOFaz6QOhjMk2gjbA96nKj996xbrKYHLGA269ACujdZxiaSYalSJFSKXA4=
Received: from PA4PR83MB0527.EURPRD83.prod.outlook.com (2603:10a6:102:26c::17) by VI1PR8303MB0080.EURPRD83.prod.outlook.com (2603:10a6:820:1b::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.4; Wed, 4 May 2022 17:40:14 +0000
Received: from PA4PR83MB0527.EURPRD83.prod.outlook.com ([fe80::201b:9229:565d:27e1]) by PA4PR83MB0527.EURPRD83.prod.outlook.com ([fe80::201b:9229:565d:27e1%9]) with mapi id 15.20.5250.008; Wed, 4 May 2022 17:40:14 +0000
From: Antoine Delignat-Lavaud <antdl@microsoft.com>
To: "scitt@ietf.org" <scitt@ietf.org>
Thread-Topic: Claim revocation & freshness
Thread-Index: AdhfyhG+wzsCrHDVQDei3A/73Bd8Cw==
Date: Wed, 04 May 2022 17:40:14 +0000
Message-ID: <PA4PR83MB0527950EFA20F9743B76A3CAB2C39@PA4PR83MB0527.EURPRD83.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=e953b2c5-1a71-4244-aa0a-0483eeae5967; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-05-04T15:17:17Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: deb22d2a-9d6a-4173-414d-08da2df5254d
x-ms-traffictypediagnostic: VI1PR8303MB0080:EE_
x-microsoft-antispam-prvs: <VI1PR8303MB00801DA3BD7112BBAB74F943B2C39@VI1PR8303MB0080.EURPRD83.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0H4L8GnblETjLnpGDJf6RhKYmZ6AzHa9jowOGoSMEE/40ReQaaxg0G1G+t/DMVvfHcsFp21RGgSA+9klCbbLR+3j4rXdBxCv3ZMChhEtjs2xQa6U6jbrtSwZvqEGxHqGufrGwuh5COhPvDmGJL9WaQbD+OafumPfLLhGcKSinT/emIkGmsSpzng2aEdVnKkEilIodtGepJ65shDukFGSlklgGbXsTzuTEKYXPt/8R8tNIM2NRh51+9LPEdIx/iEhacNUN9QqcwRYlK0S7/aarjK2v/ubGCNo0CuUaFwk7uGTapMfh8hVxpggvI7IjbYBOJVxxQoN7h8HGqDG0NgKPa+it6K1Zwmc+5IPWzCbu87eQ3RxWOOMTUuajdhv2j/sSgAfZmVgstDSU1ZOPIMmGBymFRBJwi3+50hVVNcf+VjA7VU+6HObGkO71FauhHXeniEmCrDS4jRgOihjv40o54iFm6DRPvQ7XV2iWp08JsBWfrm+pD7xfkV2+qiLSuVTDFwmlc8r1zwaoFcn1zr7VVxQ8KattlnmgBHjCrDzZfNL/cnfzputI7U0Ky7arVFhGyxWdkTfKVcmLn3Lc+6BcjzYxYLUwUH3NgQjBdoWT7CvweERl0a1UCP8tRFCvf+k65MTyN7AS5qkIt1pTkAvNe5tkw+6lPr06bYhFWu441YAq5K/fCSu+pc45DxDADdPjJbfvZwjsS1XvvKf5bvIiIO6W0Wgx5kEvNg6yCEbjNsHlv/z0jLoNWfi9jZSkt0NEMKHAOLY6pdZVc3ElqTX6O+vsH5h4+Rpw6NqNVXzzD99gLrs7oHAsGOetWzVaaggFdwd71lhWguousrmTmF2cQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR83MB0527.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(451199009)(186003)(2906002)(8936002)(8990500004)(9686003)(83380400001)(508600001)(52536014)(33656002)(316002)(38100700002)(38070700005)(166002)(10290500003)(966005)(122000001)(71200400001)(6506007)(6916009)(82950400001)(82960400001)(66946007)(8676002)(66556008)(86362001)(55016003)(66446008)(66476007)(76116006)(7696005)(64756008)(5660300002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: nzWlflE2g83qdLcM01ZOFf53xkUO4lpbUCzX2xnmLernu/C5ONMCnkchE7qduK1XDaqQDc+GoP/03kHLG3a+qgYlXS5B7mbVdcwwyhQOLE+L01MyEt7FeQI3LUnxkhWSK4NnIFiHofoI/QTIYKCI3k4L8G1iv8eRGuO4TpndkrakEz/yS2XmBeKNKv04WrdjIooGKteYPwKuzCkS7Smhh13v840HU3gdM4prUIWcAQcVRV0zZjruZdLV9WM1+4A73UURBVfGBo/lAa4zvo+KxqfZwUMwhnrqkOgG/nYCg4YsS2/ctUvkRkgCtQG8C++e6xegBrw6+RICCf1xjTykTaedpxWiuKllD+dKxrKZx/hKVOb9BXjvobqJ3K5dc8M16AzfgUmrYuzfMh05vdpToJfcKleJTSnxuIM4l7HpLXFU6fuMfWZiAEqXkE+5meL+RshJpm6E9g12GM8XxxtVLvzk/vqbXWoDuU6e2Q7+ra7Xhysu4tLWA6xZqUqegbj6vw9xZr6lvM7lizVC0MJxN+Ijx6Y8v0M1xK9tHbCa31/vkYDCTPjwYUMAQDLDZTmauA1R5sdLW05Gh6OI590Cufqf1T5z0mm6o3e0DhHw/+okvVNdO5mX4Yki9+RXzcgQw3MVLmjihyuWqd3O+u6X+iK7K64RhoCZ4/LvI+YltRP/RhIAbVJhNWVz3PQfIX2SX1A1N5k1vhkuqbYqMH7h1xWVgxF9InsGcYMSdAIQgKnnGh1+FFqnawtx1XhWBAUh7evc+niKIfWSEgOlQ2U2rzJ9zxx3KuicmkHADikCJmyWnTEIUfar8nWtc+GVb4N+FA+M5UPHK4cgMW7RpTZDxJLHxdh1jsVgnySeUSFjf08q4NGTTdrfpc5Q+Eu6te7cHnTKVd+X40RV3Cw96buZwaQtahw+S0r2ZWFbaAD18FWLSZZhLO2hH8SpoI2Qq2EGwsVAsvU99FCsBSamtrcceKA0nKnyyc2EkbgmwDwETLPpPasBSzmWgzocuIvcXjPWLH0QO8z0vOV70Y8j6lbS1SrnYxD/0lJCN4zawn4VPqKE2j44NAi1oFY8ZtViwu1Lx78ZDkpQ3G0U5VfI2bNjaj+7FiW3kGkCrccsJW9JtNfzVGCyowjUVj23a4lFT+wiWLwaxtEKM5S4fXfPJ3/LfYrhXtjwbXHeNvcWpSO7Z0YFWSktdE14xJoi/jl2eSBOp7FVw/PoNm9Ak+gEZYGje71c4PJwCTNIwsRjZXxe4hRnRA+JEJCondwjpGTffFK10n5D35k8jCW7+8XaH97HPzOPBlykOkU1l4fAA/NABDg02ETkMYyW3E7NKZXSjuGC8bhQG41CCURNum3O+7B3dktYQbnCeAP/ruqPhcCMtjF6vArXaIXC41PaxIKi7fEeAcPtbMTg5Ll67m+EeO2Fix1tGNYmp1LQMTtZApT2EWJIe6tPGxP20RKh9SJER9Abe4jDnA3okvjxsZDFtQzSe74wa7Vzsx2smJcDDdsVxS9mfBppjejsTpX0Y35mx9esZngfGev3HOF6Ep+ezZPP5jlqrq2elP+/wZVhnna6VcTfoGP/udByHWud+d4z9ensPZY6k6NdRacYOkfM9Rwg/CmRJel5/FMhgYMAY138jnmsEeVrPs6z53HsTOA6iWEuulDhck1wXRZuyQvSPg3/IqIQULMDE83z707kXYddSNqEpFpHWdeXIj//J6ORBA8r4NItIAX3Gz33bi3ox7pH4HtyTyVs6el15Cg/nVMAfkCvtnejJ3Ev6imFYSHMvX01ScyMs53q
x-ms-exchange-antispam-messagedata-1: Ff2Az9NyI8purw==
Content-Type: multipart/alternative; boundary="_000_PA4PR83MB0527950EFA20F9743B76A3CAB2C39PA4PR83MB0527EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PA4PR83MB0527.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: deb22d2a-9d6a-4173-414d-08da2df5254d
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2022 17:40:14.2203 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TvMixZMjVBUwnfNx7+MGRoWdxVMwYm105AoVvozHQiUFCY1HxSoeqbl9KX0E3X6BOVUOxIvhO/h/PbtEoZ8+bg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR8303MB0080
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/e8KTiTOmcPjZvvXLcjIbW6A3-N0>
Subject: [SCITT] Claim revocation & freshness
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 17:40:23 -0000
Hi all, One of the major unresolved issues in the SCITT Architecture draft 0 [1] is how we expect verifiers to check the freshness and/or revocation of a transparent claim or its signing key, and what are the resulting additional requirements for issuers and for transparency services that need to be added to the current IDs for SCITT architecture and receipts. Claim revocation. An issuer has signed claims, but it wants to make sure that TS won't register them anymore and/or that verifiers won't accept them anymore. For TS, one way to achieve this is to revoke the key that the issuer used to sign this claim (see the companion thread on issuer key revocation). However, it can also be achieved at a finer granularity - for instance, only the claims relative to a given artifact are revoked. What is more important is that verifiers need a mechanism to check for revocation of claims. Since claim revocation is a ledger-based notion (a revoked claim is still valid from the point of view of DID), it needs a revocation mechanism for the ledger countersignature. Claim freshness. Similarly, the verifier may want to know if a given claim is the most "up to date" for the given issuer and feed. (recall that by default SCITT does not enforce claims to be registered in the same order they are issued, so this concept requires and additional semantic order over claims with the same issuer and feed). While this is achievable with short-lived claims, they are painful to produce by issuers. Transparency services are aware of when claims are updated and can produce evidence without any involvement from the original issuer. There are several variants of claim revocation: the issuer may want to revoke only a particular claim (other claims from the same issuer/key and feed may continue to exist), or revoke an artifact (that is, revoke all claims associated with the artifact and prevent the registration of new claims with the same associated issuer and feed, i.e. feed revocation). We may also want to consider supporting external revocation of claims (e.g. take down notice) where an entity that is not the original issuer is authorized to revoke claims on the ledger. As much as possible, our goal is to make it possible to express the TS impact of claim revocation as registration policies, while we need the ledger countersignatures to enable client revocation and freshness policies. Regarding registration policies, it may be desirable to allow issuers to define custom revocation policy for their feed. For instance, the presence of certain registration policy info fields may be used to request the TS to apply some pre-defined standard revocation policies, or the issuer could use special claims with a payload meant to be interpreted by the TS to signal the revocation of a claim or the change of policy. A third alternative is for the TS to expose an explicit claim revocation API; while this may enable more flexible authentication/authorization than forcing the issuer to produce a full SCITT claim, it would need to be auditable in the same way as claim registration is, which probably requires duplication of effort compared to encoding revocation requests as a specialized usage of the standard claim registration API. Currently, we are open to proposals but our preferred approach is to use the registration policy info of the envelope to signal revocation requests or to stop using a particular feed. Verifier policies to enforce claim revocation are more difficult to achieve as verifiers now need evidence of non-revocation, which is a form of claim freshness (revocation can be encoded as an update to an empty claim). In the world of X.509 and PKIX, revocation lists and OCSP-style short-lived certificates of non-revocation both suffer from significant drawbacks especially if they need to be fetched on-line during certificate validation. OCSP is most successful when it is stapled to certificates. Following the same pattern, for a given receipt, a TS should be able to issue a short-lived proof that a registered claim is not revoked. The receipts defined in draft 0 are based on a historical Merkle Tree, and relate to the registration of the claim - sometimes referred to as "write receipt". Other transparency systems (such as CONIKS) use a prefix tree where the claims are indexed and stored in lexicographic index order, which means that if a claim is updated/deleted, the TS can issue a new receipt that shows that for the given ledger state the claim associated at the given index (issuer/feed) is also updated/deleted - sometimes referred to as a "read receipt". Unlike read receipts, it is not possible to tell with a write receipt if the registered claim is still up to date. However, it is possible to define more complex Merkle trees that support both read and write receipts on the same tree (see e.g. Merkle2 [2]). We are investigating an extension of the receipt draft to support read receipts, so that they can be used to verify the freshness or non-revocation of claims and plan to submit a new draft to that extent. Best, Antoine & Cedric [1] An Architecture for Trustworthy and Transparent Digital Supply Chains (ietf-scitt.github.io)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fietf-scitt.github.io%2Fdraft-birkholz-scitt-architecture%2Fdraft-birkholz-scitt-architecture.html&data=05%7C01%7Cantdl%40microsoft.com%7Cbd829ba6d5b44c9faef608da2907e8dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637867411187632292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xrd%2Bp9vrpulYRs3A5OSRvcE9D8WkOYxJS2ytuzp9i0I%3D&reserved=0> [2] https://eprint.iacr.org/2021/453.pdf<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Feprint.iacr.org%2F2021%2F453.pdf&data=05%7C01%7Cantdl%40microsoft.com%7Cbd829ba6d5b44c9faef608da2907e8dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637867411187632292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=235VTPIlrYdKdLdWxeFHIgkVq0SSajzJCF7kWGscXfg%3D&reserved=0>
- [SCITT] Claim revocation & freshness Antoine Delignat-Lavaud