Re: [Secret] Follow up on Michael's Comments
Matthew Byington <mbyington@apple.com> Tue, 22 February 2022 19:16 UTC
Return-Path: <mbyington@apple.com>
X-Original-To: secret@ietfa.amsl.com
Delivered-To: secret@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 377A33A13AD for <secret@ietfa.amsl.com>; Tue, 22 Feb 2022 11:16:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.672
X-Spam-Level:
X-Spam-Status: No, score=-2.672 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTTFgcj_T7Ux for <secret@ietfa.amsl.com>; Tue, 22 Feb 2022 11:16:37 -0800 (PST)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8311A3A13BB for <secret@ietf.org>; Tue, 22 Feb 2022 11:16:37 -0800 (PST)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.42/8.16.0.42) with SMTP id 21MJ8r6j023359; Tue, 22 Feb 2022 11:16:33 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : content-type : mime-version : subject : date : references : to : in-reply-to : message-id; s=20180706; bh=KNNGtoC3JweJmO6FLqE2cf9N+M90da21qvJGi3T5KB4=; b=BkYEEF2+9NCRDK+8V/waxDqvRIK1JtJC5W1ZGMwCNLfCISRy5AqB5yjkGqJ6WjLDJyXw 2ohLP/Bd6ZoBrCkPNh4/KWHQteDbBR7m4suxjKqbL4sc0GOvdtJZUlwNESfIT28RuYYt m5IQ8F/6U6a7e7XKFQeG+VMJtgXgJQ69rIMGdt/OV+hlLK40kPrDV16SRaGvGMHWXuo5 VdBvyimlJFtSI1RiQa9jy8Ct8ws1OW7AkoS1y3Ix7B4ZRrJlSN5u3kISldMj7NurE50R FKh4/JqzNpnxsUcrL7VvKPdv7lkid0863NkZrvH83bUn67pR2zSZwKl99F72JFFHKSd/ 0w==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 3eb0e0ax3t-11 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 22 Feb 2022 11:16:33 -0800
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPS id <0R7Q008RC07J93E0@rn-mailsvcp-mta-lapp01.rno.apple.com>; Tue, 22 Feb 2022 11:16:31 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) id <0R7P00R00ZPMQF00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Tue, 22 Feb 2022 11:16:31 -0800 (PST)
X-Va-A:
X-Va-T-CD: 91e56a859fd568c2db015ad8b9997390
X-Va-E-CD: 9ce4f09d0ff8dddcecc0d71733f2c75a
X-Va-R-CD: 69c38437f2c93a737410e18d640ad0dd
X-Va-CD: 0
X-Va-ID: b105158e-552e-4a33-8e34-d8fa5969651d
X-V-A:
X-V-T-CD: 91e56a859fd568c2db015ad8b9997390
X-V-E-CD: 9ce4f09d0ff8dddcecc0d71733f2c75a
X-V-R-CD: 69c38437f2c93a737410e18d640ad0dd
X-V-CD: 0
X-V-ID: 25be07e9-dd23-43de-ab0e-448bd98f886c
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-02-22_06:2022-02-21, 2022-02-22 signatures=0
Received: from smtpclient.apple (unknown [17.150.220.11]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPSA id <0R7Q00FNG07JMI00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Tue, 22 Feb 2022 11:16:31 -0800 (PST)
From: Matthew Byington <mbyington@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_67239E28-EE04-4304-9948-431CB8BDDE15"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Tue, 22 Feb 2022 11:16:30 -0800
References: <E527F102-93E5-439B-836B-695039E6E416@apple.com>
To: mcr+ietf@sandelman.ca, Francesca Palombini <francesca.palombini@ericsson.com>, Leif Johansson <leifj@sunet.se>, Sean Turner <sean@sn3rd.com>, secret@ietf.org
In-reply-to: <E527F102-93E5-439B-836B-695039E6E416@apple.com>
Message-id: <8CA5A7B6-D520-4AF2-A982-CA79DD7D9F31@apple.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-02-22_06:2022-02-21, 2022-02-22 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secret/YIkfPpCi_NQxvTw-bfkXaLhxpIQ>
Subject: Re: [Secret] Follow up on Michael's Comments
X-BeenThere: secret@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Credential Transfer <secret.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secret>, <mailto:secret-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secret/>
List-Post: <mailto:secret@ietf.org>
List-Help: <mailto:secret-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secret>, <mailto:secret-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2022 19:16:40 -0000
Hi all, I’ve put up a Pull Request adding clarifying text to the Charter in response to this discussion: https://github.com/dimmyvi/secure-credential-transfer/pull/27 <https://github.com/dimmyvi/secure-credential-transfer/pull/27> This was the last piece of feedback that came out of our BoF meeting a couple of weeks ago, so as soon as we can get some eyes on that PR to get it reviewed and merged, I think we should be good to go with regard to the Charter definition. Thanks! Matt > On Feb 18, 2022, at 8:41 AM, Matthew Byington <mbyington=40apple.com@dmarc.ietf.org> wrote: > > Hi Michael, > > Apologies for the delay in getting back to you! > > I wanted to thank you for your comments and feedback. > > I’m going to do two things today: > > 1) Type up a bit of a longer email here in an effort to do a better job explaining how this might work, because it sounds like it really isn’t that clear yet. > 2) Modify the charter text per your feedback to make it clear that we are *not* *ever* sharing any private key material. > > Apologies in advance for the length of this email but I wanted to make sure that I explained it fully. > > Context & Background > > So, there are typically two types of credentials that you run into in the mobile digital credential space: symmetric credentials and asymmetric credentials. > > An example of a symmetric credential is a MiFare DESFire credential (commonly used in transit application, hotels, and corporate settings). > > An example of an asymmetric credential would be digital car key credentials adhering to the CCC standard, or asymmetric credentials used in Home or MFH (multi-family home) that adhere to the ISO18013 open standard. > > The WG that we will establish aims to solve the sharing of both of these types of credentials. > > In _no_ circumstance shall a private key, nor a symmetric secret key, ever, ever be transferred to anyone else. > > Symmetric > > In the symmetric case, typically these are issued by remote credential authorities to your point in the email - for example if it’s a Hyatt credential that opens a hotel, Hyatt would be the one that issues the credential. > > In the case of a digital key that lets a corporate employee enter a physical space such as a work building, the employer has an ACS (Access Control System) that is integrated into typically a third party provider (such as HID for example) and HID is the one issuing the credentials. > > In these cases, to your point, the third party would absolutely have to issue the credential for the intended recipient. > > The transfer protocol that we endeavor to standardize would simply facilitate that. > > I don’t want to get into the solutioning here too much (let’s save that for the WG) but you can almost think about it like: > > 1) Sender (with existing provisioned credential from remote credential authority) asks the RCA for a “bearer token” > 2) RCA issues bearer token (could be a signed piece of data, could be a UUID, etc) and on their backend, ties that to the access rights/levels specific to a subset of what the sender has, based on the sender’s existing rights and the sender’s desired rights for the recipient > 3) The RCA returns this BT to the sender. > 4) The sender sends this BT to the receiver thru the transfer protocol we’d define in the WG > 5) The recipient calls the credential authority and “redeems” this for a valid provisioned credential with key material completely separate from the sender’s. > > The security of (5) is well-established today with protocols like JCOP platform running on a device, SCP03 (secure channel protocol encryption) etc etc that exist on most mobile devices today. That is completely out of the scope of the transfer work flow. > > Asymmetric > > In this case, typically the credential authority (the entity that is issuing the credential) is actually *local*. > > For example for Cars - the owner of the vehicle has an asymmetric key pair that is paired with the vehicle. > > When that person shares, the exchange is basically: > > 1) The sender initiates sharing to a recipient > 2) The recipient generates an asymmetric key pair on their device with some form of attestation covering the public key, that proves it was generated on specific hardware (all of this is specific to CCC protocols) > 3) The recipient sends the public key + attestation to the sender > 4) the sender signs the receiver’s public key with their existing (paired with the vehicle) private key > 5) Sender sends their signature back to the recipient > 6) The recipient can then get into the vehicle because the vehicle trusts the owner’s signature which is covering the receiver’s public key. > > obviously this is a gross simplification but hopefully helps illustrate that _no_ private keys are ever shared. > > Next Steps > > I will work on modifying the charter text today to make it more clear but I did want to provide some context over email. > > Again, thanks so much for all of your comments! > > Cheers, > Matt > -- > Secret mailing list > Secret@ietf.org > https://www.ietf.org/mailman/listinfo/secret
- [Secret] Follow up on Michael's Comments Matthew Byington
- Re: [Secret] Follow up on Michael's Comments Matthew Byington
- Re: [Secret] Follow up on Michael's Comments Michael Richardson
- Re: [Secret] Follow up on Michael's Comments Matthew Byington