IETF Logo Mail Archive

Re: [lamps] Fwd: New Version Notification for draft-stjohns-csr-attest-00.txt

Carl Wallace <carl@redhoundsoftware.com> Thu, 18 May 2023 14:35 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F07A0C14E513 for <spasm@ietfa.amsl.com>; Thu, 18 May 2023 07:35:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pedPDN-_FMUO for <spasm@ietfa.amsl.com>; Thu, 18 May 2023 07:35:16 -0700 (PDT)
Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9BC8C14CE33 for <spasm@ietf.org>; Thu, 18 May 2023 07:35:16 -0700 (PDT)
Received: by mail-qt1-x833.google.com with SMTP id d75a77b69052e-3f4c8d78a18so21978551cf.2 for <spasm@ietf.org>; Thu, 18 May 2023 07:35:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; t=1684420516; x=1687012516; h=mime-version:in-reply-to:references:thread-topic:message-id:to:from :subject:date:user-agent:from:to:cc:subject:date:message-id:reply-to; bh=Qsx6H3B1mbektDdCplPcSDdOJCmLlB2+WDkCvvn8nxQ=; b=mrGryh54tbMS+j0yqB3EI5tHkl1CZ1u2AIn10XZbIps06zyH/La7AY7t5qdfPV+3Wn edTAthyyU1y3BjKwUNgW7pV+kuiEw4XpXN0VvdC6O1eBsrNyhPBmiamhEQqxls8BG2vX 1kqhVLXQkFRywVpnWIdTMFwqknEJvBCwVFbUI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684420516; x=1687012516; h=mime-version:in-reply-to:references:thread-topic:message-id:to:from :subject:date:user-agent:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Qsx6H3B1mbektDdCplPcSDdOJCmLlB2+WDkCvvn8nxQ=; b=QA90FhttiqAjHY0U7bWteX+vG78LoRg85uSOB+YTChqr59hOOy+Mt1jfTu5MHd67dU hZojybiNjeoMlok2ZihcQKliAkr3F3pB8QwfOb1VSGYJKaTZUidXrQ2PwoULloAr92Mn Gpz288FKBdol6cecJR7nMHp3Y2LD/iIaywqpHwltM07bQFFxMbN0OmrchVXvMho7Rdsm rv4MABb9FlU5GV5mPHkPibmVY6DB/u1Ol6yeH2Q67/jQXA8qTzztCDKkzBu28e4rUX97 XYsPcaMxYp7lVpK5Vk+V1Z3qKhT4ssCGZe1jbOXqNapjVBNCfZyujdxnlUyPaBSYZJjO hfoQ==
X-Gm-Message-State: AC+VfDzeUCfe2yXIWFDb6aBK3onD5RP6GKMBu/WJV7EjvoNiJgQO8PJn 6qocEuL8OXlFw870lKN29o7AvuUgHq1Dc5t7RK8=
X-Google-Smtp-Source: ACHHUZ4hQs7y54RyZDU3K8EtBdxMqas3JKl+rXoC3BPJQyuIGGioOhLJam3RnhEObcW+TmsGwOLwdw==
X-Received: by 2002:ac8:59cf:0:b0:3f5:315f:5c19 with SMTP id f15-20020ac859cf000000b003f5315f5c19mr6101976qtf.62.1684420515607; Thu, 18 May 2023 07:35:15 -0700 (PDT)
Received: from [192.168.2.16] (pool-96-255-232-167.washdc.fios.verizon.net. [96.255.232.167]) by smtp.gmail.com with ESMTPSA id d11-20020ac847cb000000b003edf043048bsm549206qtr.9.2023.05.18.07.35.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 May 2023 07:35:14 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.73.23051401
Date: Thu, 18 May 2023 10:35:14 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Michael StJohns <msj@nthpermutation.com>, "spasm@ietf.org" <spasm@ietf.org>
Message-ID: <3174C876-371F-4CB1-B185-1AEB6178443D@redhoundsoftware.com>
Thread-Topic: [lamps] Fwd: New Version Notification for draft-stjohns-csr-attest-00.txt
References: <168331537984.50127.1942970699665334403@ietfa.amsl.com> <3f1aadc9-90df-6399-8e58-6acf308badaf@nthpermutation.com>
In-Reply-To: <3f1aadc9-90df-6399-8e58-6acf308badaf@nthpermutation.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3767250914_360102057"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ruBEVXkIMQfS-jI7Lz-WHYuaJ1k>
Subject: Re: [lamps] Fwd: New Version Notification for draft-stjohns-csr-attest-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2023 14:35:21 -0000

I reviewed the draft. Below are some comments, questions and suggestions.

 

General

 

- Somewhere in this specification there should be a rule that governs the relationship between the public key that appears in the AttestAttribute and the public key that appears in the certificate request containing the AttestAttribute.

 

- One complaint from some regarding draft-ietf-lamps-key-attestation-ext-00 was that it used CBOR. One alternative that has been discussed is to use an ASN.1 structure that contains a type value and a bit bucket. Why are the structures in this spec preferable to something simple like the below? You could even dispense with a wrapper structure like this and just define OIDs for various key attestation formats.

 

AttestationStatement ::= SEQUENCE {

                type OBJECT IDENTIFIER,

                statement OCTET STRING

}

 

Section 1

 

First paragraph

 

- I am assuming the two specifications you are offering a counter proposal to are draft-ietf-lamps-key-attestation-ext-00 and draft-ounsworth-pkix-key-attestation-02. These are really two different things and it is not obviously clear how this obviates both. The former has expired and, as a co-author, I am not aware of any plans to continue with it. More generally, I think a specification is needed to address conveyance of key attestations to RAs/CAs but I don't like the idea of defining a key attestation format in the same spec. These should be separate specs, in my opinion, but I'd expect the conveyance spec to support any format spec.

 

Third paragraph

 

- This spec supports a blob (possibly containing a blob and type) and a signature. I suppose this can be viewed as "any type of certificate imaginable" but it's just a signature and some data. I'd drop this verbiage.

 

Section 2.2

 

- I think this section aims to serve as an alternative to draft-ounsworth-pkix-key-attestation-02. That should be made clear if so. The spec also includes a third significant unstated goal, i.e., defining new means to convey public keys to verify signed data. It's not clear to me that we need/want alternative certificate types in a spec that in its simplest form would define how to convey key attestations to a CA.

 

- There is already a CertificateChoices structure in CMS (that the structure in this spec imitates but conflicts with). If this structure is needed, refashioning as an extension of CertificateChoices might make sense, i.e., by using context specific tags that don't conflict, or by simply defining a few new "certificate" types for conveyance via the other field in the existing CertificateChoices.

 

- The Certificate field is not "more or less" an X.509 certificate. It is an X.509 certificate. I would drop this verbiage.

 

- I agree with Russ' comments re: the lack of need for typedCert and typedFlatCert (but, as noted above, think all of this could be replaced with a type and statement object). If object reuse was a goal, one could simply use a degenerate SignedData object with EncapculatedContentInfo playing the role of the AttestationStatement structure above and the certificates field playing the role of your AttestCertsAttribute. Under this approach, no new structures would be needed, but we'd need words to define how existing key attestations fit (and an IANA registry for those types).

 

- The statement "it is possible to use this field to convey a bare public key as well" is at best confusing. It invites a common issue that crops up with current attestation formats (i.e., folks sticking random binary data into field that should feature ASN.1-defined structures). I think the least you could get away with here would be an OCTET STRING that contains a bare public key. I would drop the reference to "bare public key."

 

- Re: "think compact of implicit certificates", there is no need to be abstract here. You could give draft-ietf-cose-cbor-encoded-cert-05 as a concrete example.

 

Section 2.5

 

- Why do we want key attestations that are inextricably bound to a CSR? Most of the structure here goes away if we discount that as a goal.

 

- There seems to be several aspects of processing this structure that will rely on external knowledge to know what to do. For example, if the signature algorithm is absent in this structure then it may be encoded inside the type field or it may just be a fixed value. The format of the type field used for signature generation/verification is also left open ended with no way for the verifier to know. Similarly, the format of ancillary data is not signaled to a relying party.

 

- The term "attestation engine" is not defined. It may be best to use vocabulary from the RFC9334.

 

Section 2.6

 

- Why do we need a CHOICE for signature encoding? 

 

- What does "be consistent with" mean here? Does this mean the OBJECT IDENTIFIER used to identify the structure of the value field also indicates the structure of the signature field (and/or structure of the ancillary data field)? That makes the type field less like a type identifier and more like a profile identifier that describes the type of attestation, the algorithm and the signature format.

 

Section 3

 

- As written, I think you only need one registry, i.e., for attestation statement types. This draft defines the CSR attribute and does not contemplate peer attributes or alternative attributes. The attribute in the spec could likely be registered in an existing PKIX registry. 

 

 

From: Spasm <spasm-bounces@ietf.org> on behalf of Michael StJohns <msj@nthpermutation.com>
Date: Friday, May 5, 2023 at 3:37 PM
To: "spasm@ietf.org" <spasm@ietf.org>
Subject: [lamps] Fwd: New Version Notification for draft-stjohns-csr-attest-00.txt

 

FYI



-------- Forwarded Message -------- 

Subject: New Version Notification for draft-stjohns-csr-attest-00.txt
Date: Fri, 05 May 2023 12:36:19 -0700
From: internet-drafts@ietf.org
To: Michael StJohns <msj@nthpermutation.com>




A new version of I-D, draft-stjohns-csr-attest-00.txt
has been successfully submitted by Michael StJohns and posted to the
IETF repository.

Name: draft-stjohns-csr-attest
Revision: 00
Title: Attestation Attributes for use with Certificate Requests
Document date: 2023-05-05
Group: Individual Submission
Pages: 8
URL: https://www.ietf.org/archive/id/draft-stjohns-csr-attest-00.txt
Status: https://datatracker.ietf.org/doc/draft-stjohns-csr-attest/
Html: https://www.ietf.org/archive/id/draft-stjohns-csr-attest-00.html
Htmlized: https://datatracker.ietf.org/doc/html/draft-stjohns-csr-attest


Abstract:
This document describes two ASN.1 Attribute definitions that may be
used to carry key attestation data in PKCS10 certificate requests and
in other circumstances.



The IETF Secretariat


_______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email