Re: [SPICE] Why "The Entity Attestation Token" is inappropriate in the context of SPICE
"Tschofenig, Hannes" <hannes.tschofenig@siemens.com> Mon, 18 September 2023 07:23 UTC
Return-Path: <hannes.tschofenig@siemens.com>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95606C14CE2F for <spice@ietfa.amsl.com>; Mon, 18 Sep 2023 00:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SHIaQgmOV2Q6 for <spice@ietfa.amsl.com>; Mon, 18 Sep 2023 00:23:02 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on2044.outbound.protection.outlook.com [40.107.14.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A84CBC14CE2C for <spice@ietf.org>; Mon, 18 Sep 2023 00:23:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AqYrh8ZXNNQ2As9kTrVtn4TW6Zb3CSbr4iVRv/gPcGgQidKlqmm5zTF8w4uxJH3aLOwGxAoK/QQjxZFm36UGDoUnyK9MHYYuyRN+Xtkmh/NK+P4Ca+UuXKfeZ4kM+EA6ACqAsXunNk1HzjdRONx0qslxXp4MoB0HWo7iJIoAnM8rA29MG6N6dt1w/srz4LeLSgHZ2MHXvy9WIuZdWDa7Lms+9C0JESBpAxmYDjIsI0T3LBuyOC7SmdU8KnVuXzT5crKd9l1I1txofFtH5917WOuaqFWmStdKkEw8Xi5BYTEEx4Yda8bD7PfspM8plrX2IvGsfrjgxFR/ATME2xBIQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3k6TFW9rGmHJttfecx25b2SPMYuURjqVxtFWL0qVhx4=; b=FE87oYb2Hn9FzwcMRYxTrGBwKcamOtr07zDywX5aUcnHHsfOY6s249NH/N6w6WgQhiSrTWvsiKkd2UyFUPJQGbWvVNGgPAyQwBlgHCw1CiOcHcwt2n9Q0FKXyxucNTFVfjnXpffQtA9k0/radZHMvAwMGtXwQtnsjaQZ9j+XhG4jzsDPc7Ryy4PYKZbv8F5fHVW1nSqSLWc/6y/aaDgQFGI50uQ3+5yQC1hooBalzbKYY3Uzc6+dTjO3QqLpjNEB1jk7PshtP0KCBdk4otAAOwA5w9iR7sps0/ZWM/i2Su256ZOmphu1bFdZfVu5USEc+2oyRRMI8sBujP6PNlB9Xg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3k6TFW9rGmHJttfecx25b2SPMYuURjqVxtFWL0qVhx4=; b=ouoPexI/AfTO5jJ8p54VH1VupA9JZMWb4n7umkGphejM0xncfNlmTQtmMVZcKu4z8Ve2PGIbzuY8A+kakHBjxRU3/ADQnFoi7+tmFjBO1kadhDK5vlZxmY20ld96bllbG3fV7j50FnzGHCHBCb9Iq+hqEYpsQJw5uyATBOjuXWC5VlKH9AXoV8DYmZUwj5iEiD2+3QZnl8Y2doqDoDaPJlcAAVgofea3ta6TbTkeSOO9ce4rhOBeAnkUsOkEoZOeuIElCrAySkCZB8O8xTHv32qmY+2yEQNfDee7WtI7APG469YN4evNgvT6PGBPHyMKQvBUd9f+ivz+BZnitiwr0Q==
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5ab::22) by AS4PR10MB6332.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:51d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.26; Mon, 18 Sep 2023 07:22:57 +0000
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::ab86:5707:9f3c:87dd]) by AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::ab86:5707:9f3c:87dd%4]) with mapi id 15.20.6792.026; Mon, 18 Sep 2023 07:22:57 +0000
From: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
To: Denis <denis.ietf@free.fr>, Orie Steele <orie@transmute.industries>
CC: "spice@ietf.org" <spice@ietf.org>
Thread-Topic: [SPICE] Why "The Entity Attestation Token" is inappropriate in the context of SPICE
Thread-Index: AQHZ57V6G+TFEfvxY0ipD3jb/XqnlrAgMaEg
Date: Mon, 18 Sep 2023 07:22:57 +0000
Message-ID: <AS8PR10MB742799A7FD532AA08B749A82EEFBA@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
References: <bf5f80f6-4b85-cd22-81b2-9df72db375b4@free.fr> <CAN8C-_Jkp-qQn5YP4Pt=hxyhnSBCU7w=SBE+Y65gzoa5C0XjDg@mail.gmail.com> <0d4691a0-cbf1-c782-c42b-8d4f6c10bfa4@free.fr>
In-Reply-To: <0d4691a0-cbf1-c782-c42b-8d4f6c10bfa4@free.fr>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=9f7c0b74-7150-461a-a0eb-d120621bffdb; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2023-09-18T07:19:55Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS8PR10MB7427:EE_|AS4PR10MB6332:EE_
x-ms-office365-filtering-correlation-id: 4e384221-5980-4c66-cf55-08dbb8181502
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rqlTZcPIYt2ipCUbevqLLGCOWz24z4GrzDu5XhXN5/g3eh31T2z4I6zoW7ogcweJGBZKbwlj4tMuc0rSNbeO7ZPYmhVSQufOPvDlkALKZBpinLMVvoig3HSyupGd27Te0IcNV2tuwd72z7yZCg1cygjVLItkm1frwnWX9A6Cp9u/KxzDGFvi24VlFHvGI6ulOlI4x49rnxQCS6ICMKnYxNvxg3iOPy/JtrtdNBMsgXdKOFp5FkY9lICx1xyrVpoj2HbWuiSIPRiifOeXyuHd+F02QirPBhqkbDcYpU2CrF2d+ELcz7kp+tyLkFX+Szl0hyf/k0lQbutYN47QjnA6CP/FIjguRMsaYlkpAAB7yRNe1hOr07n9nFLUYoaCtDQDe5xrASg6DgvFp5hlvMXGqvuwgLnHaffTNU/CIm7T6RXaMDFYNX3tz2NWcwfWHlF273bs1pF5VyI1yaD8/9GSYIg7vg0Dg5CUNI5QROb1cTvyKg/O3VIZXmGBO6GSmyLR/efT4o1awtPdkzN/+3+zs/A7blTeYE6QGZ5PwRnfXkEL83Bcg4ZOz5ruJKcGOIZlWh/jXc1FpeYU1PQRLl8VFyfO1ccyHX4oCU0G4Hg8RtBR5ztOnIBXGXAg6RUfhoOkLwL0y4lZeUrhNF0AUJsUForss0cYAkRYH5XbEPvpA1E=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(346002)(39860400002)(396003)(136003)(366004)(376002)(186009)(451199024)(1800799009)(66556008)(55016003)(66899024)(26005)(2906002)(82960400001)(33656002)(5660300002)(38070700005)(38100700002)(86362001)(99936003)(4326008)(8676002)(8936002)(122000001)(166002)(316002)(41300700001)(76116006)(66946007)(66446008)(66476007)(64756008)(478600001)(71200400001)(966005)(83380400001)(110136005)(55236004)(52536014)(6506007)(53546011)(9686003)(7696005)(41080700001)(15866825006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 78eTbDeTon57IesIZaRbXURjm/LvBB+IxTRoCNYryjmQxUdYw6S3qjTLVwLzYGw9w6E3IEyU5nbXqwPHlmwEMDocgnnTg0uCtAoET/XqQyDKOa+rcEOgG3q23+AMhs909QQpnYFhe+nTjXoph23S+Y2+ySEdSRV9Y/oYWsqOorXja7cJmNqxdiEUxmiZlAtc0sE2fXsJ8nOsrAoMpj3aZB1VHD02wEnX+99wsFyZ3e2dM96NM2wyMQOG4bytjDEEYq4Dclt82Lz1uhWofd3Kj8Zkr30dZKVkPNwo0DeKUsWQ7b9ahGzwiw4stCP8ejDmacacrko3mrfdVKBEtFmeuP7MWeB4PZxl+0579T2xSZ9JqwiknF9p1F+6vQBP4H/YJpbvBkAZpxoLcl+zkkTHMfEbSC/TzOxa38MRQfv6KmOoDDTvv3qdO2WzVOnDGYpbboJFxLvqds2vvTpe6g3uIKqvVvM9qOynQmX5K0/t1tIgg4MqEuGT6w4A85054yvYxPuFO5CMQI2+SLAvjSyXzEWGohi4El+6qKRjZd8tUCUkQRkXuq61GgU+Mrk2BtdSCecKtn9Tt2rtiU026uWFka5lOkIdnTAJAlBLwOdNaZQMGGiYUdrNsZ9vahgMWYQySf6Znxh29rv7Jh1E+pqiswc5+lW2jclHFIAvTlZzkylYHZVGDcvZWZhkiw7uMFJXbZ1H8OiuJxnRzV85cxKLvX57nw+Ix30hX2gp3QZtERUIznjPUvOYpgKi1dR+mWCf5NhGVErxFOY/FPgwtMjzpf4lc6zG8b2S0zZypG3Be0TBYjFS3pFjPciHXQm45ZDwGWGahHanPDgs/ZrLCTO0wmJCBkP9PyjXCxAvyTlR5Lu+CJ0s1ChGccK8l2y6S/jwL7VXhjCpIPba2Et6BPDkFtN6Q8R5C8dUKCzZgmsILAEsac3KSkOemjrL17HV5FB71KLQ2SCIu9EECJ5pKX5bEw7ieF0UF7ACJPmeCKQH13xewZD/+XItvEijuuBCMuQNk9QRTQ20GJ5htniOi/U6ViWWWcCaChiLT0t5u53RTJOAaNunmWYtE8+N66oOXn0PDynEJ8uhkzV0/WAPI+LN+fYeKOMqswSCOFXH9z5JkFNST1DXcBLVRJBXEHR0dQQTF6mBHzA6u8jk+vsJamHNnUp7wlXq+bC2BuEaR/1/a49kYCLLadsxy7Y67fDVc9jMfpi0Dd1OlcLEFhgB/z9yoX0VlpBG5lzoVDx6NXfNLQClROEgHfsL9mTTWRXBHEupqG4hQkdXV/1uIx2N2caAiAyMqZr+53G/8O3XPe39c3GdnOv+tXWe7j5fvxK3xokIqUbf7Ka+Pgjiq7BNqaCs2RrY4pChM3AOio/UxGxjnrMjR47ydGBR9GbmqpmeVeNnTlkpgLAuDMNWQYpP9P5ZBsG4VA2rGLQa9leT0zZ7b4knQDyfBAHGAGWjdvVQAFVobRWmSGs36A6N5giL5qYS9jL3W5R33L8wjo9BgfMRrtgWZqV+//2r4vB3tl3RDa9eUDkHsPd/2zrEYMWZ6AbjJjVrhBWt66Q0ftrR3P4/xNqYcpOzlYi4XTPqt9J84zORD9moRfnhOJsb723jlQx5Nw==
Content-Type: multipart/related; boundary="_004_AS8PR10MB742799A7FD532AA08B749A82EEFBAAS8PR10MB7427EURP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e384221-5980-4c66-cf55-08dbb8181502
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2023 07:22:57.4172 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wSxnFB0wml6Pk1FOeToBjz23rQV81hoDbA1a3YZKScgHgd39iLYtUyOZSQtiBA/4bXiSosz7XIbrNSTuSmcgpUL0T23ipokXGJH7fw2Gfeg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB6332
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/_LPTYevhQDHSX1fzuLu000MIkFw>
Subject: Re: [SPICE] Why "The Entity Attestation Token" is inappropriate in the context of SPICE
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2023 07:23:06 -0000
Hi Denis, the use of attestation is not irrelevant in the context of SPICE since you want to be aware of what the security state of the hardware is. This is not a new concept - it has, for example, also been used by FIDO for their password-replacement protocol. Additionally, there is the question about what attestation even means in the context of a human in the first place. I would recommend you read through the RATS architecture draft to get a better understanding of what attestation is supposed to accomplish. Ciao Hannes Von: SPICE <spice-bounces@ietf.org> Im Auftrag von Denis Gesendet: Freitag, 15. September 2023 11:17 An: Orie Steele <orie@transmute.industries> Cc: spice@ietf.org Betreff: [SPICE] Why "The Entity Attestation Token" is inappropriate in the context of SPICE Hi Orie, Thanks! This highlights one of the original distinguishing characteristics we had for SPICE, which was "machine / organization credential exchange at scale" and not "personal credential presentations via mobile phones". Please don't pick a new thread topic that is unrelated to your concern to re-open once again to address your concern about a mediator. Hence, I changed the topic of this thread into: Why "The Entity Attestation Token" is inappropriate in the context of SPICE The W3C VCDM 2.0 Abstract starts with : "Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable". It is quite clear that this document does not address "machine / organization credential exchange at scale", nor "business-to-business / supply chain related credential use case". It is quite clear that "The Entity Attestation Token" (draft-ietf-rats-eat-21) addresses a different topic. Its Introduction states: "An Entity Attestation Token (EAT) is a message made up of claims about an entity. An entity may be a device, some hardware or some software". Hence, EAT does not consider human beings. I recognize there could be a lot of overlap here, especially regarding JWT / CWT... but I think it's important not to limit digital credential solutions to ones that work only on mobile devices, especially for business-to-business / supply chain related credential use cases. Perhaps mDoc would have looked differently if https://datatracker.ietf.org/doc/draft-ietf-rats-eat<https://datatracker.ietf.org/doc/draft-ietf-rats-eat/> and https://datatracker.ietf.org/doc/draft-prorock-cose-sd-cwt<https://datatracker.ietf.org/doc/draft-prorock-cose-sd-cwt/> had come sooner. Maybe it's ok to have a unique claims oriented data model for mobile (personal?) credentials that is not interoperable or aligned with the data models we have for id_token's and access_tokens. I'm not an ISO contributor, so I can't tell what they are doing... Are they trying to make a credential format that only works for mobile devices and personal credential use cases, where the subject of the credential is some kind of human who owns or shares a smartphone? ISO is a large organization and it is difficult to be aware of what each SC (Standardization Committee) is doing. The ISO/IEC 23220 series which is currently under development by ISO/IEC JTC 1/SC 17 (Cards and security devices for personal identification) intends to be backwards compatible with the mDL. However, the mDL has serious limitations. IMO, the most critical one is that it cannot support the Unlinkability privacy property between verifiers. Denis OS On Thu, Sep 14, 2023 at 3:16 AM Denis <denis.ietf@free.fr<mailto:denis.ietf@free.fr>> wrote: Hi everyone, I open a new thread to indicate that ISO is currently working on six topics which are closely related to the possible scope of SPICE: ISO/IEC 23220 series: Building blocks for identity management via mobile devices The first one has been published this year as an IS, while the other parts which are targeted to be TSs rather than ISs are "under development". ISO/IEC 23220-1:2023 : Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 1: Generic system architectures of mobile eID systems ISO/IEC CD TS 23220-2: Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 2: Data objects and encoding rules for generic eID systems ISO/IEC CD TS 23220-3: Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 3: Protocols and services for issuing phase ISO/IEC CD TS 23220-4: Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 4: Protocols and services for operational phase ISO/IEC CD TS 23220-5 : Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 5: Trust models and confidence level assessment ISO/IEC CD TS 23220-6 :Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 6: Mechanism for use of certification on trustworthiness of secure area The ISO site provides information about the published Part 1: https://www.iso.org/obp/ui/en/#iso:std:iso-iec:23220:-1:ed-1:v1:en The ISO/IEC 23220 series inherits and enhances the functionality that was adopted by mobile driving licence applications whereby ensuring backward compatibility with ISO/IEC 18013-5. Other parts in the ISO/IEC 23220 series specify the following: — generic data formats (see ISO/IEC TS 23220-2); — protocols and services for issuing phase (see ISO/IEC TS 23220-3); — protocols and services for operational phase (see ISO/IEC TS 23220-4); — trust models and confidence levels (see ISO/IEC TS 23220-5); — mechanism for use of certification on trustworthiness of secure area (see ISO/IEC TS 23220-6). Denis -- SPICE mailing list SPICE@ietf.org<mailto:SPICE@ietf.org> https://www.ietf.org/mailman/listinfo/spice -- ORIE STEELE Chief Technology Officer www.transmute.industries<http://www.transmute.industries/> [cid:image001.png@01D9EA11.B61D7DF0]<https://transmute.industries/>
- [SPICE] Information on ISO/IEC 23220 series : Bui… Denis
- Re: [SPICE] Information on ISO/IEC 23220 series :… Orie Steele
- [SPICE] Why "The Entity Attestation Token" is ina… Denis
- Re: [SPICE] Information on ISO/IEC 23220 series :… Michael Richardson
- Re: [SPICE] Information on ISO/IEC 23220 series :… Orie Steele
- Re: [SPICE] Why "The Entity Attestation Token" is… Orie Steele
- Re: [SPICE] Information on ISO/IEC 23220 series :… Michael Richardson
- Re: [SPICE] Information on ISO/IEC 23220 series :… Orie Steele
- Re: [SPICE] Why "The Entity Attestation Token" is… Tschofenig, Hannes
- Re: [SPICE] Why "The Entity Attestation Token" is… Denis
- Re: [SPICE] Why "The Entity Attestation Token" is… Tschofenig, Hannes
- Re: [SPICE] Why "The Entity Attestation Token" is… Denis