IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-netconf-zerotouch-22

Kent Watsen <kwatsen@juniper.net> Fri, 10 August 2018 00:23 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D1EC130FEE; Thu, 9 Aug 2018 17:23:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ydwFaxM-sPS3; Thu, 9 Aug 2018 17:23:33 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 944E0130FE6; Thu, 9 Aug 2018 17:23:32 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7A0Jf9e029078; Thu, 9 Aug 2018 17:23:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=6TyDIezMljcIMogfojuzZBVf7v51URP1NlSED2wsgjo=; b=noTX0z9Xrg9mTcmvi4Vs23SmO9zGojVIh/yc9l+jrXlfp0raR9n7S2lepKpVFdGr7MLB SJ/ai78H/k6ivaY+PpzOFcOJGHCsIz5nEaQnhMGG1BwvPIaV45FPWGQvC/GmMOh7Mtn2 KtSrXTzHMVFywZ0pMN/iwFHHvKednb0KeEqL+m/UVflIPTJOFlc/c1MVwglU/G1aRNaB YPWW6dV8dG8Ow9+1uHjvG6GXUjOAATaSjf8yHD3aEqUhmAV+Xb3WzXMD0NJGu1DT/eOv bhvPX0uVjCWddzMqrICpTIyM/GZs15dMTvOAqHP6bfbp60dS+mfXUsjafLcDbpE73iGX 9Q==
Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp0054.outbound.protection.outlook.com [216.32.181.54]) by mx0b-00273201.pphosted.com with ESMTP id 2krv988cqt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 09 Aug 2018 17:23:30 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4250.namprd05.prod.outlook.com (20.176.78.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1038.13; Fri, 10 Aug 2018 00:23:27 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::e0bc:6a82:571d:258]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::e0bc:6a82:571d:258%2]) with mapi id 15.20.1059.010; Fri, 10 Aug 2018 00:23:27 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: David Mandelberg <david+work@mandelberg.org>, "draft-ietf-netconf-zerotouch.all@ietf.org" <draft-ietf-netconf-zerotouch.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: secdir review of draft-ietf-netconf-zerotouch-22
Thread-Index: AQHUI6TomGkNAzmsB0eB34I+6n1ia6SiHHoAgAeQwACADkkdgA==
Date: Fri, 10 Aug 2018 00:23:26 +0000
Message-ID: <51E98D22-1DBF-4069-A750-90987EB96B0D@juniper.net>
References: <361393b0-6666-08ff-bdf4-3ba3bf4323c7@mandelberg.org> <47EEE9B6-5BC2-4A1F-ABB2-2ACB1C494545@juniper.net> <4579f9bf-0ead-a6af-dc80-a841527414eb@mandelberg.org>
In-Reply-To: <4579f9bf-0ead-a6af-dc80-a841527414eb@mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4250; 6:qWfI4vaayKZHI2WWQOndX0IO5yLknzZ7OC7GILHu6bdwxLG3S5IuwcAP5RiIp3CuBbRuIBUTn2tGLouVmXS3IvYANZnqr4QhokJvNBT4GI/DCSv6s1vwDtGrK1JDu7abP9hFxOm+SKIekDeQnIUHXJ5SWX08bwu+Kyt70YouF3nn6CK8m2enrgLbiB3M/cPUnN7bDSxUAjTbKp0oUQmyTESbaxRsslmbqseQh+9DveKj5LGH1TuNaF9bt3uXUX344txUHEK2lRcdGqX/l0xjRL2sEo+tml0OMtx/5ecKU8lrr29BNx78+TYovkVOLaRlXkdoTEDzNSrW0nNFzuL4mm+j60Ik/AQdJ0qmm716cudih+c6I7+RswfasXrloK3wmyT6mh5rxXvNRhDrpVfubHrBaVXwyYkCWtKBooo+OaS7xy5lhEq5Y8DSVEuEA/895w03kj2iSiT0LuMNr0qRVw==; 5:1uK8yP70aKHHJPojhr1J3ea8zigDSwGLQJOntXc0cSzhMkwOy8UceZR80+BkTfZIGCQEi5FyO9XxP9v9M1m9XcoczkC77k7T5Toe1y+Dz8D4yUnLpbbGokvIGJpjjmpwOvTeGOXX8KF/eCY6lpGK/otrk+4ZmVf/vubO1qYMPuI=; 7:y29QTj5+PBDmXj/dgMkczy65YqEL9VAMzURWcWOdcgWnHLYrmWMzecw5vdt7So9eOoNP1BgA5HUIVFCzZM/iCRX0AtFXvudkUNaGI6JhUKUUKPfgFbT8PsS74UxJiJ8dFq/WSHiyK2TZrk7fU94Z7zVDMxLyTmABnjFzpP2l7q3VTQWQYTV3xvDE2enGWmubLDaCBXck4H/djL4x+R0IvK5fEvCSG4lCIcV7yXEVxD/dmFcS4V1yp4ieZkX1xqIS
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7b324a11-fca6-45d3-ce5a-08d5fe577dee
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(49563074)(7193020); SRVR:DM6PR05MB4250;
x-ms-traffictypediagnostic: DM6PR05MB4250:
x-microsoft-antispam-prvs: <DM6PR05MB42501E80A79A133B378AB08FA5240@DM6PR05MB4250.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(60795455431006)(158342451672863)(209352067349851)(192374486261705)(788757137089)(176510541525296);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(102415395)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:DM6PR05MB4250; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4250;
x-forefront-prvs: 07607ED19A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(396003)(136003)(366004)(199004)(189003)(478694002)(51444003)(446003)(11346002)(83716003)(102836004)(476003)(3846002)(99936001)(66066001)(6116002)(229853002)(5660300001)(6306002)(68736007)(5250100002)(6246003)(6512007)(36756003)(82746002)(33656002)(2616005)(53946003)(25786009)(53936002)(186003)(2201001)(86362001)(2906002)(81156014)(26005)(8676002)(81166006)(966005)(478600001)(6436002)(7736002)(106356001)(76176011)(99286004)(97736004)(8936002)(2501003)(6486002)(486006)(2900100001)(110136005)(58126008)(6506007)(305945005)(14454004)(105586002)(14444005)(316002)(256004)(5024004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4250; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 8RfghRFaUr/QNYA8R4MD2jMy4E3ucOEg1po1eqPskVD28NFI6D2LtTRtGKW19aJBL/WmQXLlKTrz6By8FpnJ3CeFppu1QWFK5aX5/lsWG+PkeMTaVK3EUe7sRZwVaaLDokPVjiFeegvHJHyf49R3jHEjFXK2zJ/PNWKoB2Z4rgNSxAyHbjOTWtPWfxxvgsqR0JhcO+UYtNhpVZBF3C7gyrkyqDAtpZGAwz2lyvULZ4FuLx1OfsVhZSIObf2OnMZNk9rWkWiHSLv4N8jjdk9y6YDH6aEm7+4UADGSfeZSUHH5fMiUUuGC5wCNY7+YqOQkDfeGjlYFFdfGrm5ROv/ksKnTXcX5Cm/p4mO5sm8FBJs=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_002_51E98D221DBF4069A75090987EB96B0Djunipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b324a11-fca6-45d3-ce5a-08d5fe577dee
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2018 00:23:27.0124 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4250
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-09_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808100002
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/u69EyOGzzWF21d0pcePSzqxoDqI>
Subject: Re: [secdir] secdir review of draft-ietf-netconf-zerotouch-22
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2018 00:23:45 -0000

Hi David,

Sorry for the delay.  I've been busy with work and travel.

I'm keeping the entire history for posterity, but please
trim down to remaining points if you like.

Thanks,
Kent



>>> Is there any protection against old signed Zero Touch Information? I see
>>> that Ownership Vouchers and Owner Certificates both have mechanisms for
>>> expiration (and for certs, revocation), but I don't see anything
>>> comparable for redirect or onboarding information. If an owner creates a
>>> valid redirect or onboarding object and discovers a bug in it, is there
>>> any way for the owner to make that object no-longer-valid without
>>> getting an entirely new owner certificate and revoking the old cert? Is
>>> that intentional?
>> 
>> No, as you say, it is not possible to revoke signed data, other than
>> to revoke the Owner Certificate associated with the private key that
>> signed it.
>> 
>> I wouldn't say that this was/is intentional, other than note that
>> it seems consistent with assumptions made when the bootstrapping
>> device obtains unsigned data from a trusted bootstrap server, in
>> that the data is only protected by the bootstrap server's TLS
>> certificate; the device can check that the certificate hasn't been
>> revoked, but that doesn't say anything about the current validity
>> of the data.
>
> I think the TLS case and the case of signed objects transmitted
> over insecure channels/mediums are different, because of TLS's 
> replay protection.
>
>
>> Do you think a Security Consideration would cover it?  Something
>> like:
>> 
>>     Zerotouch information, regardless of how obtained or how
>>     trusted, does not have a validity assertion beyond the PKI
>>     used to authenticate it.  Zerotouch information neither
>>     expires nor can be revoked.  When provided by a trusted
>>     bootstrap server, the validity of the zerotouch information
>>     is implied by its availability.  However, when zerotouch
>>     information is provided outside the purview of a bootstrap
>>     server (i.e., signed data on a removable storage device),
>
> I'd suggest adding a word to make that "a trusted bootstrap server". 
> (Bootstrap servers can be untrusted, right?)
>
>>     its current validity is less certain.  Operators are advised
>>     to ensure only accurate zerotouch information is ever
>>     published.  In case inaccurate zerotouch information is
>>     published, or otherwise deemed no longer valid, and it is
>>     deemed a security risk, the signing certificate SHOULD be
>>     revoked and a new one created having a chain to trust
>>     leading to the same 'pinned-domain-certificate' provided
>>     in the Ownership Voucher for the device.  However, doing
>>     so, will necessarily affect the validity of any other
>>     previously published zerotouch information artifacts
>>     signed using the just-revoked certificate.  It the need
>>     to do this is fairly common, operators can define an
>>     Owner Certificate per device.
>
> Owner certs can be valid for years, right? My intuition (which might be 
> wrong) is that it's hard enough to remember every old configuration used 
> in the past few years, that operators won't really know if any of the 
> old configurations should be "deemed a security risk". You probably have 
> a better understanding of the operational environments this protocol 
> will be used in though. If you don't think there's a significant 
> operational security risk from this, then I'm happy with your text.

Yes, owner certs could be valid for years, though, in practice, I 
optimistically imagine that they'd be refreshed annually.

I was writing the Security Considerations for this when it seemed
that the better thing to do here is to instead add "not-before" and
"not-after" leafs to the zerotouch information artifact.  The draft
would then explain that devices MUST ensure the current time is in
between.

Would such an addition resolve this issue for you?



>>> It seems like this protocol places more trust in device manufacturers
>>> than was previously required, but I don't see any discussion of that in
>>> the security considerations. If necessary, is there any way to disable
>>> zero touch, and configure a device manually? E.g., if the supply chain
>>> is presumed-secure, but the manufacturer's well-known bootstrap server
>>> is compromised, is there any way to securely provision a new device?
>> 
>> Regarding placing more trust in device manufacturers, and a
>> potential Security Considerations statement, I'm trying to
>> determine what statements you're looking for.
>> 
>> But first, I think you mean "well-known bootstrap servers" more
>> so than "manufacturers".  AFAIK, the draft never says in normative
>> text that the well-known bootstrap servers are hosted by the
>> manufacturer (though entirely possible and somewhat likely).
>
> Correct, sorry for the assumption.
>
>> So maybe a couple Security Consideration statements related to:
>> 
>> 1) the security issue that the well-known bootstrap server may have
>>     been compromised.  Though, it seems that this is a statement that
>>     any TLS-protected resource could make.
>> 
>> 2) the privacy issue that the information provided to the well-known
>>     bootstrap service may be visible to others (e.g., admins of the
>>     bootstrap server) if not encrypted.
>> 
>> Are these what you had in mind?  If not, can you please jot down a
>> few lines capturing what you hope to see?
>
> Those are part of what I had in mind, but I'm looking for something at a 
> higher level. It seems that the nature of this protocol is to shift some 
> control of initial configuration away from the owner and towards the 
> manufacturer (or whoever picks the list of well-known bootstrap servers) 
> and/or the well-known bootstrap server operators. That's not a problem 
> at all, it would just be nice to see some discussion of that shift in 
> control. It would be even greater to see a discussion of how that shift 
> in control matches up with a threat model.
>
> Does that make sense? I'm not sure how much that's in scope for this 
> particular document, it just seems like there's some major stuff going 
> on with owners needing to trust others more in ways that they did not 
> without zerotouch, so it would be good to see an explanation of the 
> extent of that somewhere.

Is this what you had in mind?

   9.9.  Increased Reliance on Manufacturers

   The zero touch bootstrapping protocol presented in this document
   shifts some control of initial configuration away from the rightful
   owner of the device and towards the manufacturer and its delegates.

   The manufacturer maintains the list of well-known bootstrap servers
   its devices will trust.  By design, if no bootstrapping data is found
   via other methods first, the device will try to reach out to the
   well-known bootstrap servers.  There is no mechanism to prevent this
   from occurring other than by using an external firewall to block such
   connections.  Concerns related to trusted bootstrap servers are
   discussed in Section 9.10.

   Similarly, the manufacturer maintains the list of voucher signing
   authorities its devices will trust.  The voucher signing authorities
   issue the vouchers that enable a device to trust an owner's domain
   certificate.  It is vital that manufacturers ensure the integrity of
   these voucher signing authorities, so as to avoid incorrect
   assignments.
 
   Operators should be aware that this system assumes that they trust
   all the pre-configured bootstrap servers and voucher signing 
   authorities designated by the manufacturers.

   9.10.  Concerns with Trusted Bootstrap Servers

   Trusted bootstrap servers, whether well-known or discovered, have the
   potential cause problems, such as the following.

   o  A trusted bootstrap server that has been compromised may be
      modified to return unsigned data of any sort.  For instance, a
      bootstrap server that is only supposed to return redirect
      information might be modified to return onboarding information.
      Similarly, a bootstrap server that is only supposed to return
      signed data, may be modified to return unsigned data.  In both
      cases, the device will accept the response, unaware that it wasn't
      suppose to be any different.  It is RECOMMENDED that maintainers
      of trusted bootstrap servers ensure that their systems are not
      easily compromised and, it case of compromise, have mechanisms in
      place to detect and remediate the compromise as expediently as
      possible.

   o  A trusted bootstrap server hosting either unsigned or signed but
      not encrypted data may disclose information to unwanted parties
      (e.g., an administrator of the bootstrap server).  This is a
      privacy issue only, but could reveal information that might be
      used in a subsequent attack.  Disclosure of redirect information
      has limited exposure (it is just a list of bootstrap servers),
      whereas disclosure of onboarding information could be highly
      revealing (e.g., network topology, firewall policies, etc.).  It
      is RECOMMENDED that operators encrypt the bootstrapping data when
      its contents are considered sensitive.



>> Regarding "is there any way to disable zero touch, and configure a
>> device manually", I think that this is outside the scope of the
>> document.  Some vendors may lock down a device such that it can
>> only activate thru the bootstrapping process, while other devices
>> simultaneously enable console access.
>
> ACK. I think those have significant effects on security, but it's fine 
> if it's out of scope.
>
>
>> Regarding "is there any way to securely provision a new device"
>> when a well-known bootstrap server is known to be compromised.  My
>> first thought is, if it's known to be compromised, then it's also
>> likely patched.  But let's say the issue is more like an operator
>> not trusting a particular well-known bootstrap server for some
>> other reason, and would like to never allow devices to obtain
>> bootstrapping data there...then the options are slim, an external
>> firewall policy blocking access to that bootstrap server may be
>> needed.
>
> That type of remedy sounds out of scope, but to my initial point above, 
> I think it might be worth saying something along the lines of "this 
> system assumes that owners trust all pre-configured well-known bootstrap 
> servers to configure their devices".

Done, factored into the text above.



>>> Section 3.4 mentions a device identify certificate. I assume the
>>> public keys in those certificates are unique per-device? If not,
>>> I want to think a bit more about possible attacks where the
>>> attacker correlates encrypted artifacts without being able to
>>> decrypt them.
>> 
>> Yes, probabilistically/cryptographically unique keys per device.
>
> ACK, I have no concern here then.
>
>
>>> Section 5.4 says what to do "if the revocation status is not
>>> attainable". What does that mean precisely? E.g., I assume failure to
>>> download a CRL, absence of a CRL in the CMS data, and failure to contact
>>> an OCSP server all count. But what if the device acquires a valid CRL
>>> that is stale (nextUpdate < now)?
>> 
>> Yes, exactly, it meant to cover those cases, as well as the "stale"
>> case, though I admit the text doesn't exactly say it.  How about this?
>> 
>>    OLD
>>       if the revocation status is unattainable
>>    NEW
>>       if suitably-fresh revocation status is unattainable
>
>Looks good.
>
>
>>> If I'm understanding correctly, the intent of well-known bootstrap
>>> servers is that the manufacturer can redirect devices to customer
>>> bootstrap servers that have the actual onboarding information. But I
>>> also don't see any reason that a (potentially compromised) trusted
>>> manufacturer's bootstrap server couldn't provide the onboarding
>>> information directly. It's probably easier to secure the (potentially
>>> offline) private keys used to sign ownership vouchers than it is to
>>> secure the (presumably highly available, online) well-known bootstrap
>>> servers. So it seems like the system as a whole could be more secure if
>>> well-known bootstrap servers could only provide untrusted redirects.
>> 
>> First, let's replace "manufacturer" with "well-known bootstrap server"
>> above.  But, to your main point, absolutely, any bootstrap-server could
>> return either redirect or onboarding information, and perhaps it is a
>> feature for some well-known bootstrap servers to do so.  And yes again,
>> the keys for an online service are potentially more easily compromised,
>> perhaps a Security Consideration for the use of HSMs similar to [1]
>> would help?  While I agree with your conclusion, it brings into question
>> what "trusted" means.  What about an OCSP server with its online key?
>> If the manufacturer no longer deems (through audits or whatever) that
>> a well-known bootstrap server is no longer trusted, it can revoke the
>> bootstrap server's certificate.  Just wondering, is this really a
>> problem?  Can a Security Consideration be used to address this to
>> your satisfaction?
>> 
>> [1] https://tools.ietf.org/html/draft-ietf-anima-voucher-07#section-7.2
>
> Since it's intentional that a well-known bootstrap server can return 
> onboarding information, then I think this is just another part the high 
> level discussion of the shift in control that I asked for above.

I believe that this is addressed in text above (s9.10), good?


>>> I don't understand the error cases around the "flag to enable zerotouch
>>> bootstrapping" in section 5.1. How exactly is that flag set to false? Is
>>> it by the initial configuration step in section 5.6? If that's where the
>>> flag is set to false, won't some owners forget to include that in their
>>> config? Also, how atomic is the application of initial configuration? Is
>>> there any possible case in which some of the initial configuration can
>>> be applied without touching the flag, so that the device appears to be
>>> correctly configured, but will try to bootstrap again on the next
>>> reboot? Conversely, can the flag be set to false without the device
>>> being fully configured? (I don't think that's a security issue, just
>>> potentially a management headache.)
>> 
>> Yes, the initial-step in Section 5.6.  Yes, some operators may forget
>> (though they will learn).  The config is intended to either be applied
>> completely or not at all.  The second paragraph in section 5.6 says
>> "If the device encounters an error at any step, it MUST NOT proceed
>> to the next step."  Perhaps the 6th paragraph in that section could
>> could state that an "error" constitutes anything less than 100%?
>
> Do you think it's worth adding a warning to operators somewhere to 
> remind them to change the flag? Or maybe the "device SHOULD report a 
> warning if the bootstrapping completes successfully but zerotouch 
> bootstrapping is still enabled"?
>
> I think it's already clear what an error in paragraph 6 is. What I found 
> unclear was what to do with errors in paragraphs 6 or 7. Yes, don't go 
> on to the next step, but what about: In paragraph 6, should the device 
> rollback any partial config update if there's an error? In paragraph 7, 
> should the device rollback all config from paragraph 6 if there's an error?

This very same issue was raised to me separately and my response has been
to essentially rewrite section 5.6 to be crystal clear on how errors are
handled, especially with regard to state retained.  Please see attached
for a preview of -23.


>>> Section 9.4 says to assume owner certificates "are not revokable" if
>>> there's no accurate clock. Is there no value in checking for a CRL or
>>> OCSP response, even without the ability to determine if it's recent? It
>>> seems to me that checking with an active server (CRL Distribution Point
>>> or OCSP server, as opposed to a stapled CRL or OCSP response) would make
>>> it significantly harder (not infeasible, just harder) for an attacker to
>>> use a revoked cert against a device with no clock.
>> 
>> Okay, fair point, a live response sort of reflects "now", regardless
>> what the device clock says.  That said, without an accurate clock, the
>> device wouldn't be able to validate the signing certificate and, if
>> provided over an HTTPS transport, it wouldn't be able to validate the
>> server's end-entity certificate either.  In fact, certain device bad
>> clock values might actually block the TLS connection due to it being
>> outside the end-entity cert's validity period.  Ugh.  Currently the
>> text says that device "implementations should assume [things]  are not
>> revocable" - do you want to add a text like "but MAY check 'current'
>> revocation using on online CRL Distribution Point or
>> OCSP server"?
>
> Good points. I'm not sure what the right answer is, so I'll defer
> to you on this.

I think the current text is good.  Anymore and we risk messing something
up.



>> BTW, the end of this section says "Implementations SHOULD NOT rely on
>> NTP for time, as NTP is not a secure protocol." - any thoughts on this
>> statement?
>
> I know very little about the security of time synchronization, sorry.

Okay.



/kw

v2.23.0 | Report a Bug | By Email