Re: [SCITT] Constraints on unprotected data in receipt...
Ray Lutz <raylutz@citizensoversight.org> Sun, 14 May 2023 17:01 UTC
Return-Path: <raylutz@citizensoversight.org>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBE37C14CF1B for <scitt@ietfa.amsl.com>; Sun, 14 May 2023 10:01:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.085
X-Spam-Level:
X-Spam-Status: No, score=-2.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=citizensoversight.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9UEyxH54Lq0E for <scitt@ietfa.amsl.com>; Sun, 14 May 2023 10:00:57 -0700 (PDT)
Received: from vps5.cognisys.com (vps5.cognisys.com [69.73.173.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D9F7C14F747 for <scitt@ietf.org>; Sun, 14 May 2023 10:00:56 -0700 (PDT)
Received: from [192.168.123.225] (ip174-65-13-111.sd.sd.cox.net [174.65.13.111]) by vps5.cognisys.com (Postfix) with ESMTPSA id 96A30251A9 for <scitt@ietf.org>; Sun, 14 May 2023 13:00:54 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citizensoversight.org; s=default; t=1684083654; bh=NY1o//Bc6jvUQ+bK5YKdryBPDCXo4zqveMJuTtH7yYI=; l=25754; h=Subject:To:From; b=fTCQyK8J0N5W6I+Set/usVJnhmef0YhmJOCnPVi+okn4s8Y97Tsl1Xz11gzWQjatI sEKMNjJurD9kd4/oVpSsHcAH/VY7eIUlOMQkBIoCJXEAAXKRs00WhCXVKoe5sE+Y9s 7q/ndK5u76zvscrtbE5G0NHU9EDo/ObdX+/+SvDw=
Content-Type: multipart/alternative; boundary="------------lePTVr4JJBD5RSLaffoappQL"
Message-ID: <c679387d-f8f3-af4d-cc4f-33ee75890965@citizensoversight.org>
Date: Sun, 14 May 2023 10:00:53 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1
Content-Language: en-US
To: scitt@ietf.org
References: <5b797713-0618-1eb2-1b74-ecee65af423b@citizensoversight.org> <70a90ae7-7460-262b-ec47-9b59fae757c5@gmx.net>
From: Ray Lutz <raylutz@citizensoversight.org>
In-Reply-To: <70a90ae7-7460-262b-ec47-9b59fae757c5@gmx.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/xjnZzjykdVPsloT4yQoZEquyhbU>
Subject: Re: [SCITT] Constraints on unprotected data in receipt...
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 May 2023 17:01:01 -0000
Hi Hannes et al: The question being asked was regarding whether the entire public key should be included in the receipt or just the key id. There are several fields identified in either COSE or JOSE/JWK/JWS etc. IETF docs that can provide either the public key(s) and/or x.509 certificate reference URI or entire encoded x.509 certificate. I think the answer to this depends on the use case, esp for cases where there is rapid interaction, then perhaps the COSE data can be minimized and so then the "kid" may be okay. But for the use case I am interested in, and I believe the use case for SW and general data, then it is better to have the full public keys as used (and it could be from the submitter or the scitt machine) should be provided. My conclusion is: I would see a lot of value in providing the full public key in the receipt. Whether it is protected or not, I can't see that it actually matters, and could easily be placed in either location. It is essentially already protected because if it is altered, then the whole block won't be consistent. I think it does not matter too much, because both can be easily read, and it seems to do no harm to sign the public key as well. The rule I proposed is that if you have the receipt, you will be able to check it for internal consistency without any other information, and to do that you need the actual public key. But I will also allow that the rule may not apply to all uses cases. In the use case I am interested, and I daresay this is true for the SW use case, space is not a constraint and it is better to be compete rather than rely on established state. So to comply with this rule, then it cannot be the hash of the public key and it can't be an id of the public key, because the recipient may not be able to get any further information, i.e. in an air-gapped environment. If the public key is sent, then the recipient, or anyone in the future, can check the consistency of the receipt, and prove that the receipt was signed by the associated private key. Once a connection is re-established, then the validity of the public key can be checked. So I am for including the link to the X.509 certificate that is associated with the key, if that is available. But then again, I may have misunderstood what Henk was asking me because my mind was wandering at the time and he had to repeat it to me so I could have a chance of getting it. I had to do some study of some of the docs. I include that here in case it is helpful to anyone else. (please also tell me if I am barking up the wrong tree!) I see the JWK --JSON Web Key (RFC7517) provides a set of public keys used to verify any JSON Web Token (JWT). For the purposes of a receipt, I would guess just a single key used to create the signature of the receipt is necessary, so it would be like this JSON: {"keys": [ {"kty":"RSA", "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", "e":"AQAB", "alg":"RS256", "kid":"2011-04-29"} ] } (I took this directly from RFC7517 so it may have to be adjusted slightly). There is a "kid" i.e. key id field in this key. RFC7517 says: 4.5. "kid" (Key ID) Parameter The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. Use of this member is OPTIONAL. When used with JWS or JWE, the "kid" value is used to match a JWS or JWE "kid" Header Parameter value. So this ID is not guaranteed to be unique or very useful. I can imagine that Henk maybe was considering that it could be used to refer to this public key by the SCITT receipt but I don't see that as being very reliable. But then I definitely could have misunderstood what his question was. I notice that in the COSE literature, the kid is commonly an email address. It is worth reviewing how this would be used in conjunction with a JWS JSON Web Signature (RFC 7515). I apologize for probably repeating what is well known among the IETF community but it is helpful for my understanding. I am repeating the example from RFC 7515: {"typ":"JWT", "alg":"HS256"} <-- protected header (payload -- any content, but commonly expressed as JSON) signature The protected header is encoded by BASE64URL(UTF8()) The payload is encoded by BASE64URL() And then, these two strings are joined by '.' and converted to ASCII(), and then the signature is created. So the entire signature block looks like this: eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk The protected header can include the jwk parameter and also the kid: But it seems that the kid is only useful for specifying which one of the provided public key should be used. 4.1.3. "jwk" (JSON Web Key) Header Parameter The "jwk" (JSON Web Key) Header Parameter is the public key that corresponds to the key used to digitally sign the JWS. This key is represented as a JSON Web Key [JWK]. Use of this Header Parameter is OPTIONAL. 4.1.4. "kid" (Key ID) Header Parameter The "kid" (key ID) Header Parameter is a hint indicating which key was used to secure the JWS. This parameter allows originators to explicitly signal a change of key to recipients. The structure of the "kid" value is unspecified. Its value MUST be a case-sensitive string. Use of this Header Parameter is OPTIONAL. When used with a JWK, the "kid" value is used to match a JWK "kid" parameter value. And we also see that they define several other items in the protected header, including "x5u" the X.509 parameter that is actually a URI to the certificate. The certificate is available at that URI. This is not very useful unless you can access the URI, of course. But more importantly for us (perhaps) is the "x5c" parameter which provides the actual X.509 public key certificate which corresponds to the public key used to sign the JWS. But in my review of this, it seems like this has a lot of crud in it that maybe we don't need for immediate review, and the "jwk" header would be enough, and it would be perhaps acceptable to just have a reference to the x.509 cert. Regarding the protected and unprotected headers. Apparently, you can't use the _compact serialization_ if you use unprotected headers. I see this: JWS Protected Header JSON object that contains the Header Parameters that are integrity protected by the JWS Signature digital signature or MAC operation. For the JWS Compact Serialization, this comprises the entire JOSE Header. For the JWS JSON Serialization, this is one component of the JOSE Header. JWS Unprotected Header JSON object that contains the Header Parameters that are not integrity protected. This can only be present when using the JWS JSON Serialization. And further: JWS Compact Serialization A representation of the JWS as a compact, URL-safe string. JWS JSON Serialization A representation of the JWS as a JSON object. Unlike the JWS Compact Serialization, the JWS JSON Serialization enables multiple digital signatures and/or MACs to be applied to the same content. This representation is neither optimized for compactness nor URL- safe. So with all this said, it appears that this same structure has been re-applied using CBOR (RFC-8949) and that results in COSE (RFC-8152). In particular, we find the kid described here: kid: This parameter identifies one piece of data that can be used as input to find the needed cryptographic key. The value of this parameter can be matched against the 'kid' member in a COSE_Key structure. Other methods of key distribution can define an equivalent field to be matched. Applications MUST NOT assume that 'kid' values are unique. There may be more than one key with the same 'kid' value, so all of the keys associated with this 'kid' may need to be checked. The internal structure of 'kid' values is not defined and cannot be relied on by applications. Key identifier values are hints about which key to use. This is not a security-critical field. For this reason, it can be placed in the unprotected headers bucket. I look through the COSE doc and there are many ways this can be used that differ substantially from what I see as the need for securing fairly static chunks of data, like sw code files or binaries, that are hashed and ultimately the merkle root is the item in the payload. So in the end, I would see a lot of value in providing the full public key in the receipt. Whether it is protected or not, I can't see that it actually matters, and could easily be placed in either location. It is essentially already protected because if it is altered, then the whole block won't be consistent. --Ray On 5/12/2023 3:38 AM, Hannes Tschofenig wrote: > Hi Ray, > > > before I share my view I have a few questions > > > The question is: Should the public key appear in the unprotected > portion of the receipt, or can it be an id of the public key. > > > Which public key are we talking about? The receipt is signed by the > transparency service. Are you talking about the public key of the > transparency service? It could also be the public key of the issuer? Or > both? > > > What do you mean by "id of the public key"? Are you trying to stay that > there could also be a reference to the public key (in comparison to > sending the public key directly)? > > > Why would the public key be included in the receipt? Convenience for the > recipient? Does it need to be the public key? Could be the hash of the > public key? Could be a certificate or even a certificate chain? > > > Ciao > > Hannes > > -- ------- Ray Lutz Citizens' Oversight Projects (COPs) http://www.citizensoversight.org 619-820-5321
- [SCITT] Constraints on unprotected data in receip… Ray Lutz
- Re: [SCITT] Constraints on unprotected data in re… Orie Steele
- Re: [SCITT] Constraints on unprotected data in re… Hannes Tschofenig
- Re: [SCITT] Constraints on unprotected data in re… Orie Steele
- Re: [SCITT] Constraints on unprotected data in re… Dick Brooks
- Re: [SCITT] Constraints on unprotected data in re… Ray Lutz
- Re: [SCITT] Constraints on unprotected data in re… Ray Lutz
- [SCITT] Fwd: Constraints on unprotected data in r… Ray Lutz