IETF Logo Mail Archive

Re: [lamps] New drafts available - non-composite hybrid authentication, and binding certs

Ryan Sleevi <ryan-ietf@sleevi.com> Thu, 24 March 2022 14:57 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 622253A0E9C for <spasm@ietfa.amsl.com>; Thu, 24 Mar 2022 07:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.412
X-Spam-Level:
X-Spam-Status: No, score=-1.412 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wc-ikv8dp4A2 for <spasm@ietfa.amsl.com>; Thu, 24 Mar 2022 07:57:40 -0700 (PDT)
Received: from mail-ua1-f52.google.com (mail-ua1-f52.google.com [209.85.222.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CF683A0F29 for <spasm@ietf.org>; Thu, 24 Mar 2022 07:57:40 -0700 (PDT)
Received: by mail-ua1-f52.google.com with SMTP id t40so2153250uad.2 for <spasm@ietf.org>; Thu, 24 Mar 2022 07:57:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DsXkgshx3HoMYIoZYzqp/F0/CTfQD3fnvdYdRQkyMm4=; b=fxEy5S+Z6cdJO3+J9bH2ljluB5ALP1FQzl4sv9fQ00p3fc/Ix0fewFzOdKn8QIg1uZ FrsFGLfAxTaw5KSDW6zt4xbKmEqNzm3NeQ03vOyE3BBgZUPhBxws5gq3Xo0ubIz4zCaW SG5dgP/SX2ZoTLsyfNKAzJFnP3pSeV1lP4LvnODK+5gbxI8tHUBJdfwWwXLjlKQVw3lf M6do4LEBzq6Bj5878VRg6iHNWqsJCnOlCcn69p7KjzmRkRsXbblC5ZYGKM+CYQRuBO1e +uurjWdz6Iy4EULSjO5z7U1V8qGqmzw8sXTv/CK6b8y/GH0y1vqDG5G2L85vizCicQGc i++Q==
X-Gm-Message-State: AOAM532huGML2Mw4zoVAzhrLmzLYP8zGyBwzUu9EqNxFsyb3qx4DzH1S gB2urolCtbsO2v0EH9LHxzv3QG5DxEY=
X-Google-Smtp-Source: ABdhPJyvQG//DO6TX6exXjtP16iait+/14A512X+GPtG2ckB1QmCNHtVZ1i8GzBjMyttk1Q3JtIJwA==
X-Received: by 2002:a9f:2467:0:b0:352:9bc:989d with SMTP id 94-20020a9f2467000000b0035209bc989dmr2574156uaq.25.1648133858802; Thu, 24 Mar 2022 07:57:38 -0700 (PDT)
Received: from mail-vk1-f173.google.com (mail-vk1-f173.google.com. [209.85.221.173]) by smtp.gmail.com with ESMTPSA id i41-20020a0561220c6900b0033dde06ac10sm435412vkr.43.2022.03.24.07.57.38 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 24 Mar 2022 07:57:38 -0700 (PDT)
Received: by mail-vk1-f173.google.com with SMTP id d7so2669282vkd.11 for <spasm@ietf.org>; Thu, 24 Mar 2022 07:57:38 -0700 (PDT)
X-Received: by 2002:a05:6122:992:b0:33f:d0b0:1968 with SMTP id g18-20020a056122099200b0033fd0b01968mr1006873vkd.6.1648133858148; Thu, 24 Mar 2022 07:57:38 -0700 (PDT)
MIME-Version: 1.0
References: <SA0PR09MB72412B7DA4F1DDA68A40AD1EF1179@SA0PR09MB7241.namprd09.prod.outlook.com> <CAErg=HHCo_SSNmq111oUZjw-L+445jQrARUHDzjZExQZr02SJw@mail.gmail.com> <SA0PR09MB7241116708E9B97F14319E21F1199@SA0PR09MB7241.namprd09.prod.outlook.com>
In-Reply-To: <SA0PR09MB7241116708E9B97F14319E21F1199@SA0PR09MB7241.namprd09.prod.outlook.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Thu, 24 Mar 2022 10:57:21 -0400
X-Gmail-Original-Message-ID: <CAErg=HET4kn+zQvYp2thoMsV=GozugsPVRnRmpFxr551=6gwHA@mail.gmail.com>
Message-ID: <CAErg=HET4kn+zQvYp2thoMsV=GozugsPVRnRmpFxr551=6gwHA@mail.gmail.com>
To: "aebecke@uwe.nsa.gov" <aebecke@uwe.nsa.gov>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, "spasm@ietf.org" <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000284db405daf811a1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/3CAkvgime3aIklu5QPDOLZwJtK0>
Subject: Re: [lamps] New drafts available - non-composite hybrid authentication, and binding certs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 14:57:45 -0000

On Thu, Mar 24, 2022 at 9:18 AM aebecke@uwe.nsa.gov <aebecke@uwe.nsa.gov>
wrote:

> There is no presumption that all certificates are issued within the same
> PKI. There is a presumption that the endpoint will not accept certificates
> that it doesn't have a trust anchor for. This mechanism probably doesn't
> work well for endpoints with liberal trust anchor inclusion policy.
>

Right, but to clarify, if I have one PKI that I use for, say, meat-person
identity, and one PKI that I use for machine-identity, then those are
functionally different PKIs as they're asserting different things. If I try
to bind the machine-identity to the meat-person identity, then I can get
into awkward situations depending on the ordering. That is, if I bind
machine-to-meat, I may be in a good place, but if I bind meat-to-machine,
then every time my machine identity changes, I'd need to reissue my
meat-person credential.

In the context of the non-composite PQ, the ambiguity here is whether or
not it's expected that both certificates are validated according to the
same policies (e.g. CP/CPS and identities expressed). If my client has
trust anchors for both meat and machine identity in the same protocol,
things get messy, don't they? My uncertainty in the goal of this was in
understanding whether the assumption here was that in the non-composite
pair, whether one of the certificates undergoes less validation than the
other. If not, wouldn't both certificates asserting the same identifier be
sufficient, and the need for the binding disappear entirely?


> Concerning renewal, each certificate is valid on its own. The newer
> certificate would only need renewal on the expiration of the older
> certificate if a relying party still needed what that older certificate
> represented. The extension is just a hint to relying party that some care
> has been taken during issuance that the new cert is being issued to the
> same entity as the old cert. It is no stronger a hint than any PKI the
> relying party dares to trust.
>

Well, not just expiration - revocation as well. That is, functionally, if I
bind cert B to cert A, and Cert B's validity requires the assertions from
Cert A, then by revoking Cert A, I've functionally made Cert B unusable. If
I revoked Cert A because I was replacing it, then it means every time I
replace A, I also need to replace B.

The goal of this draft is to aid in multiple authentication (particularly
> for PQ migration) by ensuring that all certificates provided by a peer for
> authentication purposes are in fact owned by the same entity.
>

I think "entity" is getting overloaded here. If Cert A is bound to a given
identity (whether you express that in SAN or DN), and Cert B is also bound
to that same identity, and the Issuer of A and B both follow the same
policies, why is there a need for an explicit binding? The main use case I
can see is if the Issuer of A and the Issuer of B are subject to different
policies, and thus either the semantics of the identity expressed, or the
level of assurance of the identity expressed, are expected to be different.
And if that's the case, then it seems they couple security assumptions that
the Issuer of A needs to consider, because the Issuer of B may be dependent
upon A's assumptions/expressions.

Does that make more sense?

v2.8.7 | Report a Bug | By Email