Re: [stir] Questions on the draft-ietf-stir-passport-rcd-04 integrity mechanism
Ben Campbell <ben@nostrum.com> Mon, 09 September 2019 22:07 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7327012003F for <stir@ietfa.amsl.com>; Mon, 9 Sep 2019 15:07:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IIGqLA0xGi5P for <stir@ietfa.amsl.com>; Mon, 9 Sep 2019 15:07:13 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BF6D120013 for <stir@ietf.org>; Mon, 9 Sep 2019 15:07:13 -0700 (PDT)
Received: from [10.72.10.6] (ip-54-232-239-173.texas.us.northamericancoax.com [173.239.232.54]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x89M76Nv073984 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 9 Sep 2019 17:07:08 -0500 (CDT) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1568066828; bh=0aXsPxW2xakMu/6Wdq92tmdBn6CThzCUd13seDJkD2g=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=dewSjeuyDDzO/48sO+EYEu8b1e5cCJnk8Rm3ADvIuaC3KHA2Pb0cDFGtK4H6UWZY5 6dqRuYqlGAiReki4H+dMMcnP5ku1jLHNNJyJrFf3nwa4GHpBDm3YDwkLMyU27nEzMR /s+kZGWFwbCeJxQY4wQCX6nYsVoE9SyHnlTvzqZ4=
X-Authentication-Warning: raven.nostrum.com: Host ip-54-232-239-173.texas.us.northamericancoax.com [173.239.232.54] claimed to be [10.72.10.6]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <5A3DFEE8-60E0-4870-9689-FEAAFA0D7BE8@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_1C6E4BA3-D9A3-403B-80C5-5F2597E4C47A"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 09 Sep 2019 17:07:05 -0500
In-Reply-To: <9DA8A5FC-866B-4DF3-BA76-68AF733EAF4D@chriswendt.net>
Cc: stir@ietf.org
To: Chris Wendt <chris-ietf@chriswendt.net>
References: <D0D57997-56AC-4E68-BC12-2CE07C52B711@nostrum.com> <0CCCD3F6-B0A5-4B0C-B563-2E85AC3E3B3A@nostrum.com> <9DA8A5FC-866B-4DF3-BA76-68AF733EAF4D@chriswendt.net>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/vvtxqTCzAaHCeVlxBwAbrhfpL4g>
Subject: Re: [stir] Questions on the draft-ietf-stir-passport-rcd-04 integrity mechanism
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 22:07:17 -0000
Hi Chris, Please see inline. Also, I forgot one comment unrelated to the integrity mechanism: in section 5.1, the wikimedia folks would probably appreciate it we do not include a link to content hosted there in an example in an RFC :-) Thanks! Ben. > On Sep 9, 2019, at 2:02 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote: > > Hi Ben, > > For 1, simple answer is yes the intention was to make the content tied to the cert. My experience is that calling name and other info is not changed often, however, assuming your premise, why would that be a problem? If you want to be changing your RCD info once a year, once a month, or once a day then why is it a problem to push everything through the integrity mechanism and generate a new cert each time? I think this is pretty logical. If you don’t do that, what is the alternative to keep the properties of integrity of the information protected by a signature? I agree that tying the content to the cert makes sense for some use cases where there is a content policy “authority” either as part of the CA, or that easily fits in the workflow for issuing the cert (perhaps via some ACME-ish token) But I think there will also be use cases where it does not. In particular, cases where either there is no such authority, or the signer of the RCD PASSporT _is_ the authority. For example, the policy authority could be a third-party signer as described in section 7. Why would such an authority need to tie content to the signing certificate? It would just make life more complicated for them. (I started to ask why a 3rd party signer would need the integrity mechanism at all, but perhaps they need to protect referenced content.). I don’t object to having the _ability_ to tie content to the cert. But I think making that a MUST when using the integrity mechanism is too strong. I’d argue for a MAY, along with motivating text on why/when you might want to use it. For similar reasons, I lean towards thinking the SHOULD for using the rcdi claim in the first place might be a bit strong. For example, it would serve little purpose in the third-party example above if the policy authority simply did not allow referenced content. > > For 2, yes the intent was to iterate at each level of the URLs. I suspect the number of nested URLs for most of the “common” cases, like name, logo and address, would be limited, but would need a framework that supports multiple levels of nesting or limit the number of levels or something if we are concerned. I don’t think there is a lot of reason to be concerned but maybe i’m missing a case that would actually use a ton of nesting in any practical way. If that is the intent, it needs to be clarified. I read 4.1.1 as iterating across all the URLs in the RCD input. I assume from your response that step 7 was intended to apply to retrieved content, but I initially assumed you mean to iterate over additionally identified URLs in the RCD claim itself. Given the intent to recurse over multiple layers of indirect content, I think some operational guidance is even more important. My concerns were not so much around legitimate use cases for long URI chains so much as for more nefarious use cases (e.g. trying to sneak in uncontrolled web content, DOS attacks, etc.) (Basically the concerns that Eric stated separately.) > > -Chris > >> On Sep 7, 2019, at 12:50 PM, Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>> wrote: >> >> Minor correction below: >> >>> On Sep 6, 2019, at 4:31 PM, Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>> wrote: >>> >>> Signed PGP part >>> Hi, >>> >>> I have a couple of high level questions about the new integrity mechanism in draft-ietf-stir-passport-04. Apologies if these have already been discussed. >>> >>> 1) Do I understand correctly that the certificate used to sign a PASSporT with an rcdi claim MUST include a constraint for the _value_ of the digest? That is, if someone makes any change to any of the information they would normally include in an rcd claim, the signing party must get a new cert? >>> >>> My concern is that, for good or bad, commercial callers really like to control the customer experience. Many like to change things up all the time. I can imagine things like special date-specific logos (e.g. Google doodles), “sale” badges on logos, distinctive branding for different “campaigns”, etc. I realize things like ACME make the process of getting a new cert lighter weight than it used to be, but is it reasonable to require a new cert for any change? >>> >>> This might be worse for third-party signers who may sign on behalf of many callers, each of which keeps changing things. >>> >>> 2) If I understand correctly, if anything in the rcd claim includes a URL, the rcdi claim incorporates the associated content. What about URLs? >> >> Uhm, I meant to say additional URLs >> >>> For example, lets say a jcl key links to a jCard, and that jCard has a LOGO element with a URI? Is the alleged logo content at that URI protected? >>> >>> I assume the answer is that the answer is no; otherwise it could be URLs all the way down and we have to stop somewhere. This is probably a matter of signer or issuer) policy. If so, it might be worth having some operational guidance that they need to think about such things. >>> >>> >>> >>> >>> >> >> _______________________________________________ >> stir mailing list >> stir@ietf.org <mailto:stir@ietf.org> >> https://www.ietf.org/mailman/listinfo/stir <https://www.ietf.org/mailman/listinfo/stir>
- [stir] Questions on the draft-ietf-stir-passport-… Ben Campbell
- Re: [stir] Questions on the draft-ietf-stir-passp… Ben Campbell
- Re: [stir] Questions on the draft-ietf-stir-passp… Ben Campbell
- [stir] draft-ietf-stir-passport-rcd-04 Russ Housley
- Re: [stir] Questions on the draft-ietf-stir-passp… Chris Wendt
- Re: [stir] draft-ietf-stir-passport-rcd-04 Chris Wendt
- Re: [stir] Questions on the draft-ietf-stir-passp… Ben Campbell
- Re: [stir] Questions on the draft-ietf-stir-passp… Ben Campbell
- Re: [stir] Questions on the draft-ietf-stir-passp… Peterson, Jon
- Re: [stir] Questions on the draft-ietf-stir-passp… Ben Campbell
- Re: [stir] Questions on the draft-ietf-stir-passp… Chris Wendt
- Re: [stir] Questions on the draft-ietf-stir-passp… Eric Burger