[Secret] related works and problems
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 10 February 2022 17:40 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: secret@ietfa.amsl.com
Delivered-To: secret@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC9CB3A0EF8 for <secret@ietfa.amsl.com>; Thu, 10 Feb 2022 09:40:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I8oQyLRAg-lF for <secret@ietfa.amsl.com>; Thu, 10 Feb 2022 09:40:13 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E0FC3A0ED7 for <secret@ietf.org>; Thu, 10 Feb 2022 09:40:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id BCAAC389CD for <secret@ietf.org>; Thu, 10 Feb 2022 12:47:56 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HwfoobJbYQAW for <secret@ietf.org>; Thu, 10 Feb 2022 12:47:54 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A759F389BD for <secret@ietf.org>; Thu, 10 Feb 2022 12:47:54 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1644515274; bh=M5IG5h1tBuIpR1YsaUMyVy3uZyY86F/qf1+G0MbSFDk=; h=From:To:Subject:Date:From; b=XQO/vCeOak045A6vdVRsLn1MhE5NlArkg8czrFj0s0v1Q7W4uNWcn76IV5gLi5t/+ +S56vDIcVNttTDULWyyoiPtB5NperFnf+yNApkLmXhB9D7li7rADN3xh2nnVNu93xB bsmIVNhyvfOWq23uzYiJJNJVQo0rn1qE2wvBVD7uREqXlUvGuQbsfMk2XyuZc9KHQq lWohROUT0ldWsZePZsLRtWFJjHgKQ05q9wxPW5ZXL/NfBAEfugmZ4JsWZcjuNRuwPx 5Mlc67twD9/6zzYFjVnaWhhwPz4UGyAsmojg9WGLacsBpIVG1LKGmlNpwqltkRkmdL jjQN+cJKeRIcg==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 215FF74E for <secret@ietf.org>; Thu, 10 Feb 2022 12:40:09 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: secret@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 10 Feb 2022 12:40:09 -0500
Message-ID: <30549.1644514809@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secret/-2Bh5K0vBdvC1a7Usbp2jz6wJYw>
Subject: [Secret] related works and problems
X-BeenThere: secret@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Credential Transfer <secret.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secret>, <mailto:secret-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secret/>
List-Post: <mailto:secret@ietf.org>
List-Help: <mailto:secret-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secret>, <mailto:secret-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Feb 2022 17:40:26 -0000
The meeting is just beginning, but I've browsed the slides with the use cases. When I read the document quickly this morning, I got the impression that what was going to be transfered was the credential *itself* That is, I thought that this was primarily about sharing my credentials among my devices. Specifically, when I replace my phone and I have credentials hidden inside a TEE, that I could transfer them to my new phone, or my tablet. (New phone yesterday.... fortunately my old phone isn't dead yet, just unable to keep a charge very long even with new battery, but I still have to 2FA into every site I use Authenticator for and setup a new 2FA) Another use case that I care about is backup: my phone could get destroyed and I need to restore the credentials from a backup. Then I read the use cases, and learnt that this is really about delegation, and then it seemed like this was about, essentially, sharing a password/private-key, and I got very concerned. As the session clarified, this is about delegating to another key pair (generated by the sender), and we need to transfer access to *that* keypair to the receiver. We need to do it this way because we don't want an extra round trip to ask the receiver for their public key. I guess that some CCC credential protocol exists that supports delegation with constraints. I didn't know CCC was working on that. I don't think that any of this can work without the replying party (the hotel door, the car, the house door) supporting the delegation protocol. As such it really is very specific to those delegation protocols. Almost all of the topics discussed in this have been discussed in the IOTOPS WG. https://datatracker.ietf.org/meeting/112/materials/slides-112-iotops-iot-midlife-crisis-00 https://datatracker.ietf.org/meeting/111/materials/slides-111-iotops-involuntary-ownership-transfer-problem-statement-00 https://datatracker.ietf.org/meeting/interim-2021-iotops-01/materials/slides-interim-2021-iotops-01-sessa-iotdevice-lifecycle-thoughts-about-ownership-changes-00 In my involuntary ownership transfer concern, where I say that we need to be able to delegate things to others, I was searching for a protocol that would deal with the various kinds of delegation. It seems that this proposed work is exactly inline with what I had in mind. I think that a failure is that none of the things used by hotels or car vendors have figured out that they have to deal with delegation. Convince me otherwise? It's not optional, it's required, otherwise, private keys wind up getting shared. ==== I did go though the draft, and from a technical point of view, it seems like what is desired is an Authenticated Key Exchange, along with some mailbox mechanism to deal with asymmetries and ubiqutious NAT. We have multiple AKEs: IKEv2, TLS, cTLS, EDHOC, and specifically MLS. Most of these involve at least one round trip in order to establish nonces. I don't really know how the sender manages to identify the recipient in a cryptographically strong manner. This seems like the global PKI problem again, and I'd like to be convinced otherwise. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [Secret] related works and problems Michael Richardson