IETF Logo Mail Archive

Re: [Secdispatch] [lamps] IDevID considerations document to secdispatch

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 28 June 2020 20:51 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B7653A0F3B; Sun, 28 Jun 2020 13:51:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2WNrxdtWPaM; Sun, 28 Jun 2020 13:51:31 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 192873A0F39; Sun, 28 Jun 2020 13:51:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 9C04A3898C; Sun, 28 Jun 2020 16:48:43 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id A1X3nlNBCMPW; Sun, 28 Jun 2020 16:48:42 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 68F3338988; Sun, 28 Jun 2020 16:48:42 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 9116F137; Sun, 28 Jun 2020 16:51:27 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Tomas Gustavsson <tomas.gustavsson@primekey.com>, secdispatch@ietf.org
cc: spasm@ietf.org
In-Reply-To: <092308c1-dc44-4989-e3a5-1a248a3c361e@primekey.com>
References: <159176190855.9169.7350787463977998504@ietfa.amsl.com> <10463.1591763623@localhost> <13107.1591804306@localhost> <f7cdd360-7ab7-28f6-86b9-9f8c4ae04aaf@primekey.com> <5843.1591897975@localhost> <092308c1-dc44-4989-e3a5-1a248a3c361e@primekey.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 28 Jun 2020 16:51:27 -0400
Message-ID: <20595.1593377487@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/5dGsZtcJN1qupllAXk-9QGF-5I4>
Subject: Re: [Secdispatch] [lamps] IDevID considerations document to secdispatch
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jun 2020 20:51:34 -0000

Thank you again for reviewing the document!

I know that primekey is involved in creating Birth Certificates for many
product lines. (Your website's term, not mine, but a good one)

I wonder if you can comment on which of the three methods you support?
Do you have any suggestions on names for the three methods?
To me, just getting three good names is 90% of the value of this document.

Thinking about "birth" concept, I am trying to think if this helps with terms.
Invivo  <- self-generated private key, with enrollment.
Invitro <- private key generated in test-tub, deployed to device.

I also feel that I want to leverage the "digital twin" terminology a bit for
the third case.

I suspect that there might also be some hybrid/fourth case that uses
Threshold Modes in Elliptic Curves, draft-hallambaker-threshold-02
and while I think this would be an improvement on the security side of
things, I also am concerned that it may make the manufacturing process worse.

In particular, the self-generated (_invivo_) key suffers because the device
needs to do a write/read operation from the infrastructure.  That involves
the highest possible latency for interaction with the CA and therefore would
slow the assembly line the most.

The invitro and shared-secret methods allows the infrastructure to generate a
few keys in advance (and get them signed, assigning DN-serialNumber at the
same time), and then injecting that key via JTAG at the same time as the
firmware.  This overlaps the CA interaction with other steps.


Tomas Gustavsson <tomas.gustavsson@primekey.com> wrote:
    > On 2020-06-11 19:52, Michael Richardson wrote:
    >>
    >> Tomas Gustavsson <tomas.gustavsson@primekey.com> wrote:
    >>> The notion of serialNumber in the document, for me, reads as it's
    >>> not clear what is the certificate serial number (9-19 bytes in
    >>> your document) and the device serial number. There don't have to
    >>> be the same. What I have seen commonly used is that the subjectDN
    >>> field is used to carry the device serial number, while the
    >>> certificate serial number is random, and only used to uniquely
    >>> identify the certificate in the PKI (issuer/serial).
    >>
    >> Your assumption is entirely correct.  I wish that certificates
    >> hadn't used "serial Number" in it's terminology, as it's really
    >> "certificate Identifier", and we have learnt the hard way that it
    >> should not be sequential.
    >>
    >>> In such a case I would assume that the manufacturing execution
    >>> system (MES) and it's database controls the device serial number,
    >>> while the PKI controls the certificate serial number, and there
    >>> does not have to be any synchronization between these two.
    >>
    >> Agreed. Do I say something different here?  I would love to clarify
    >> things.

    > This section confused me at first read:
    > -----
    > In all cases the serialNumber embedded in the certificate must be
    > unique across all products produced by the manufacturer. This suggests
    > some amount of structure to the serialNumber, such that different
    > intermediate CAs do not need to coordinate when issuing certificates
    > -----

    > At first read I thought about certificate serial number, but now
    > realize it's the device serial number that is meant. I think that
    > section can be clarified somewhat.

okay, I will do that. I wish I had a good way to distinguish things.

"serialNumber" (in that case), is a used in RFC5280 as the field name of the
               "CertificateSerialNumber",
               I sure wish we could go back and change the name of the field
               to be "certificateIdentity"

The same document mentions "id-at-serialNumber" and X520SerialNumber!
And in section 4.1.2.4 (Issuer) and 4.1.2.6 (Subject), it uses the term
"serial number"... and the usual rendering in a DN is that it is "serialNumber"
(OID 2.5.4.5, I think it is)!

I will call it the "product DN-serialNumber". How does this strike you?

    > Some additional nitpicking...
    > I think this section is missing an 's'?

Do you mean the title? that it should be:
   ## Public Key infrastructure for IDevID
-> ## Public Key infrastructure for IDevIDs

    > -----
    > The intermediate CA will have a private key, likely kept online, which
    > is used to sign each generated IDevID. Once the IDevID are created,
    > the private key is no longer needed and can either be destroyed, or
    > taken offline.
    > -----

    > In the line preceding this section it talks about "some number of
    > IDevIDs". Then that the CAs private key can be destroyed after
    > generating that number if IDevIDs. Hence, just ad an s:



    > "Once the IDevID are created, the private key is no longer needed and
    > can either be destroyed, or taken offline."
    ->
    > "Once the IDevIDs are created, the private key is no longer needed and
    > can either be destroyed, or taken offline."

I think I found all the missing s, and one case where it should be CAs'
rather than CA's.

see commit/diff:
https://github.com/mcr/idevid-security-considerations/commit/84fa9fad74d9b2d950b061a4fa5bf3fe99443472?short_path=77f5cdf#diff-77f5cdfefb38aca78416645deaa3310e


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email