IETF Logo Mail Archive

[Secret] Follow up on Michael's Comments

Matthew Byington <mbyington@apple.com> Fri, 18 February 2022 16:41 UTC

Return-Path: <mbyington@apple.com>
X-Original-To: secret@ietfa.amsl.com
Delivered-To: secret@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C93653A11E6 for <secret@ietfa.amsl.com>; Fri, 18 Feb 2022 08:41:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.674
X-Spam-Level:
X-Spam-Status: No, score=-7.674 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6UkSal07XZR4 for <secret@ietfa.amsl.com>; Fri, 18 Feb 2022 08:41:11 -0800 (PST)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 663A73A11E2 for <secret@ietf.org>; Fri, 18 Feb 2022 08:41:11 -0800 (PST)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.42/8.16.0.42) with SMTP id 21IGcgsR031049; Fri, 18 Feb 2022 08:41:08 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : content-type : mime-version : subject : message-id : date : cc : to; s=20180706; bh=xurPCDGBk4yPbPO7pKdBEnMzSUtaG/bEzYMB20GVUCM=; b=rs/CjgfXyI4yNSkZcY3MCTgcplK0vO9Hlv/QMYytzDzofDyS58ux/YEP9EE31YfigmvB 5sbhMfOz/JY1NHLz1oHbaFY8/Qp5Y7ZrxJCmawJwguhrG/DNJpujd7dSFt7yFkSJaRQm GXXyVNoEcsjtqzJImUnjNiB2FNZ+UVc8qPBqOPCqyh+0YvTs0yp25SPXyRKy3n71qCEg 7s/a2Ldrv4sGjKw4N3uO6O/ZyqG1EEnUedC8CZd+KwE309xJZP5L2B9MKb6I5poTwMou Nr8GegUt+oKfck/9AKICjFApUv9NkYgZ59TTmpVZZK4cNRZ5hjGpvZ5n9Z8D54rYnPZM EQ==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 3e8n5madft-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 18 Feb 2022 08:41:08 -0800
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPS id <0R7I007XXECJ8440@rn-mailsvcp-mta-lapp01.rno.apple.com>; Fri, 18 Feb 2022 08:41:08 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) id <0R7I00B00E8OCZ00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 18 Feb 2022 08:41:07 -0800 (PST)
X-Va-A:
X-Va-T-CD: 4d989079a3c3403a53309e2374bf128b
X-Va-E-CD: 069537aff5b6b58f76387d36f44d2020
X-Va-R-CD: 146ed1fd132c8a28ed4de2e1461d352d
X-Va-CD: 0
X-Va-ID: fe9e2089-0a3d-4be2-9c52-7557e6d6ad54
X-V-A:
X-V-T-CD: 4d989079a3c3403a53309e2374bf128b
X-V-E-CD: 069537aff5b6b58f76387d36f44d2020
X-V-R-CD: 146ed1fd132c8a28ed4de2e1461d352d
X-V-CD: 0
X-V-ID: 4c02f4a6-bcc4-4444-9684-197ca09f4885
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-02-18_07:2022-02-17, 2022-02-18 signatures=0
Received: from smtpclient.apple (unknown [17.150.223.144]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPSA id <0R7I00272ECI5400@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 18 Feb 2022 08:41:06 -0800 (PST)
From: Matthew Byington <mbyington@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_DB735156-BF8B-48A1-908A-3755CC409C24"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Message-id: <E527F102-93E5-439B-836B-695039E6E416@apple.com>
Date: Fri, 18 Feb 2022 08:41:05 -0800
Cc: secret@ietf.org, Sean Turner <sean@sn3rd.com>, Leif Johansson <leifj@sunet.se>, Francesca Palombini <francesca.palombini@ericsson.com>
To: mcr+ietf@sandelman.ca
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-02-18_07:2022-02-17, 2022-02-18 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secret/NYpUjT07uvIs2irzZmyJ8ZSKDk8>
Subject: [Secret] Follow up on Michael's Comments
X-BeenThere: secret@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Credential Transfer <secret.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secret>, <mailto:secret-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secret/>
List-Post: <mailto:secret@ietf.org>
List-Help: <mailto:secret-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secret>, <mailto:secret-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Feb 2022 16:41:14 -0000

Hi Michael,

Apologies for the delay in getting back to you! 

I wanted to thank you for your comments and feedback.

I’m going to do two things today:

1) Type up a bit of a longer email here in an effort to do a better job explaining how this might work, because it sounds like it really isn’t that clear yet.
2) Modify the charter text per your feedback to make it clear that we are *not* *ever* sharing any private key material.

Apologies in advance for the length of this email but I wanted to make sure that I explained it fully.

Context & Background

So, there are typically two types of credentials that you run into in the mobile digital credential space: symmetric credentials and asymmetric credentials.

An example of a symmetric credential is a MiFare DESFire credential (commonly used in transit application, hotels, and corporate settings).

An example of an asymmetric credential would be digital car key credentials adhering to the CCC standard, or asymmetric credentials used in Home or MFH (multi-family home) that adhere to the ISO18013 open standard.

The WG that we will establish aims to solve the sharing of both of these types of credentials. 

In _no_ circumstance shall a private key, nor a symmetric secret key, ever, ever be transferred to anyone else.

Symmetric

In the symmetric case, typically these are issued by remote credential authorities to your point in the email - for example if it’s a Hyatt credential that opens a hotel, Hyatt would be the one that issues the credential.

In the case of a digital key that lets a corporate employee enter a physical space such as a work building, the employer has an ACS (Access Control System) that is integrated into typically a third party provider (such as HID for example) and HID is the one issuing the credentials.

In these cases, to your point, the third party would absolutely have to issue the credential for the intended recipient.

The transfer protocol that we endeavor to standardize would simply facilitate that.

I don’t want to get into the solutioning here too much (let’s save that for the WG) but you can almost think about it like:

1) Sender (with existing provisioned credential from remote credential authority) asks the RCA for a “bearer token”
2) RCA issues bearer token (could be a signed piece of data, could be a UUID, etc) and on their backend, ties that to the access rights/levels specific to a subset of what the sender has, based on the sender’s existing rights and the sender’s desired rights for the recipient
3) The RCA returns this BT to the sender.
4) The sender sends this BT to the receiver thru the transfer protocol we’d define in the WG
5) The recipient calls the credential authority and “redeems” this for a valid provisioned credential with key material completely separate from the sender’s.

The security of (5) is well-established today with protocols like JCOP platform running on a  device, SCP03 (secure channel protocol encryption) etc etc that exist on most mobile devices today. That is completely out of the scope of the transfer work flow.

Asymmetric

In this case, typically the credential authority (the entity that is issuing the credential) is actually *local*.

For example for Cars - the owner of the vehicle has an asymmetric key pair that is paired with the vehicle.

When that person shares, the exchange is basically:

1) The sender initiates sharing to a recipient
2) The recipient generates an asymmetric key pair on their device with some form of attestation covering the public key, that proves it was generated on specific hardware (all of this is specific to CCC protocols)
3) The recipient sends the public key + attestation to the sender
4) the sender signs the receiver’s public key with their existing (paired with the vehicle) private key
5) Sender sends their signature back to the recipient
6) The recipient can then get into the vehicle because the vehicle trusts the owner’s signature which is covering the receiver’s public key.

obviously this is a gross simplification but hopefully helps illustrate that _no_ private keys are ever shared.

Next Steps

I will work on modifying the charter text today to make it more clear but I did want to provide some context over email.

Again, thanks so much for all of your comments!

Cheers,
Matt

v2.23.0 | Report a Bug | By Email