IETF Logo Mail Archive

Re: [Suit] Surprising push back on the need for a customer to verify the trust relationship between a software supplier and software signer during digital signature validation on signed code

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 11 June 2021 18:39 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A9C3A0E77 for <suit@ietfa.amsl.com>; Fri, 11 Jun 2021 11:39:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gKzgutsPyAei for <suit@ietfa.amsl.com>; Fri, 11 Jun 2021 11:39:25 -0700 (PDT)
Received: from mail-yb1-f171.google.com (mail-yb1-f171.google.com [209.85.219.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D524C3A0E76 for <suit@ietf.org>; Fri, 11 Jun 2021 11:39:24 -0700 (PDT)
Received: by mail-yb1-f171.google.com with SMTP id p184so5621349yba.11 for <suit@ietf.org>; Fri, 11 Jun 2021 11:39:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AeqRU/4lfKORP789mOsLGrkkqIa75w/VntlB+gi+ZMs=; b=jnXJG7Czs2LMkrPL5KZf7mr8ChjuIwb94+/a7+5xCZK6tuXKkNadi9GOPDqqxGRlXk htTTUEspXZsIQQ7Mx2nzjOVT4TwyPeM1vkUwb75ObWQpBfvcwtqj2nlI6fy+1DL1EUkv zSf2S8WoWuAqG8wAVOsrU8oDHlpV75eypHomAVYxg0Q1NpvTPLFGd1GmKn+L2YHwmMWv /Elp8b0LZTaYcLjZf9+lQT4tsTgvJSG74L+xs1Ob9nBi76+2k7rd3YB+OsOD0OTibfb+ bz+7zOpXPwjhBn2Gh5GPg0Gw8Bb0cT7alHvcIRqGOswgkFkDlKm+tXTrJGfo5+CFVAhT 2a4A==
X-Gm-Message-State: AOAM530tebKmM9rSl4IJwvGUYUhvqrQtsmTXEQqUWy6Z/bVNbCDh48d/ QBt8PPt39Uwjc2Me8u8beXW/zn5cUPiGmt/gitU=
X-Google-Smtp-Source: ABdhPJyZU9AAPBgcNPQRT0bCEF7PKCyHkGl7NvztFrR2Z9tthoGGKuH8TMnPKPoGqFnuBThFPLC4RGlEhLkzVxRtBI4=
X-Received: by 2002:a25:a08d:: with SMTP id y13mr7606819ybh.522.1623436763761; Fri, 11 Jun 2021 11:39:23 -0700 (PDT)
MIME-Version: 1.0
References: <0f9601d75adf$5856cf50$09046df0$@reliableenergyanalytics.com> <DBBPR08MB59155DB5DBE123F55B25894BFA359@DBBPR08MB5915.eurprd08.prod.outlook.com> <CAMm+Lwg36Y-tpB+XTwYYpC3psCNEj3O33BzrnzzC8gtMjgkD3Q@mail.gmail.com> <DBBPR08MB5915A4EAB8B59778AD9DCAD9FA349@DBBPR08MB5915.eurprd08.prod.outlook.com>
In-Reply-To: <DBBPR08MB5915A4EAB8B59778AD9DCAD9FA349@DBBPR08MB5915.eurprd08.prod.outlook.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 11 Jun 2021 14:39:11 -0400
Message-ID: <CAMm+LwjOttzKEA8=BkLJw1-n8RthEtYwToiUkix8=83c-TnkQw@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "dick@reliableenergyanalytics.com" <dick@reliableenergyanalytics.com>, Brendan Moran <Brendan.Moran@arm.com>, suit <suit@ietf.org>, Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="0000000000009e923a05c481d3c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bQPWidumYK0V2hMX_UcMjF89JAE>
Subject: Re: [Suit] Surprising push back on the need for a customer to verify the trust relationship between a software supplier and software signer during digital signature validation on signed code
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2021 18:39:30 -0000

On Fri, Jun 11, 2021 at 2:34 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com>
wrote:

> Hi Phil,
>
>
>
> a few clarifying questions.
>
>
>
>    - What is a “trustworthy credential” for you?
>    - Who is the “provider” here?
>    - What do you mean by “Must identify such machines”? Are you saying
>    that the software / firmware update must identity the machine it applies to?
>    - When you say “Every software distribution MUST be signed without
>    exception” are you trying to distinguish between the signing the software
>    vs. securing the distribution? With regards to the exception you are not
>    talking about what happens during manufacturing.
>
>
I am distinguishing between Sign ( Zip (files) , k) and Sign (files, k).

Authenticode only signed the software distribution package, most of what
has followed has done the same. That is a useful control of course because
an installer is an executable that runs on the machine. But it is necessary
but not sufficient: Every executable, every piece of installed data should
be signed without exception.

On the other issues, well it totally depends on your application and your
regulator. In the aftermath of Diginotar we had a lot of discussions of
what should be subject to audit. My position was that is actually something
the CA decides. Basically, the CA can define their boundary to be anywhere
they like, that is purely a matter for them to decide.

The catch here is that if you are going to show that your practices meet
your policy, then you have to show that all your cert issuing machinery is
subject to audit. Contrawise, the more of your machinery you stick within
the audit boundary, the harder time you are going to have showing it is
secure.

I would apply the same approach here. The pipeline provider etc. has to
show that its operations are secure. I am not going to write a list of what
they have to pur inside or outside of their security perimeter, I am merely
saying that they have to define one, they have to show that all the
necessary operations are inside it and that everything inside it is
sufficiently secure.

If we are talking about a pipeline then CABForum EV certs are probably
sufficient. For civil nuclear, I would consider that a starting point, I
would want all software to be signed under a cert that was individually
enumerated and credentialed.

It is worth pointing out that the reason colonial pipeline was affected so
badly was probably that they were sending multiple types of fuel down the
same pipe in batches. That game is only going to work if you can absolutely
guarantee that you aren't going to put the load of tar into a tank full of
top grade aviation fuel. So their problem probably wasn't on their actual
operations side itself, the thing they were looking at. They had not
understood that the database of what fuel is where was actually critical to
operations.


On provider, I am being deliberately vague because sometimes the provider
is going to be the developer, other times it isn't. A large amount of
Ubuntu packages are signed by the people who are putting the packages
together who are not the actual developer. This third party work does have
value in that there is a curation process going on there and it is possible
to imagine mechanisms whereby detected insertion of malware could be
revoked. But we don't have those at this point of course.

v2.8.7 | Report a Bug | By Email