IETF Logo Mail Archive

Re: [Suit] Surprising push back on the need for a customer to verify the trust relationship between a software supplier and software signer during digital signature validation on signed code

Dick Brooks <dick@reliableenergyanalytics.com> Sat, 12 June 2021 11:09 UTC

Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58EBE3A08FE for <suit@ietfa.amsl.com>; Sat, 12 Jun 2021 04:09:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.595
X-Spam-Level:
X-Spam-Status: No, score=-2.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChUZ-mtSdATx for <suit@ietfa.amsl.com>; Sat, 12 Jun 2021 04:09:05 -0700 (PDT)
Received: from forward2-smtp.messagingengine.com (forward2-smtp.messagingengine.com [66.111.4.226]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90ACF3A08FA for <suit@ietf.org>; Sat, 12 Jun 2021 04:09:05 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailforward.nyi.internal (Postfix) with ESMTP id 642FB1940319; Sat, 12 Jun 2021 07:09:04 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Sat, 12 Jun 2021 07:09:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:reply-to:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=rNpNA+PkbhLfgaFVQiG/P6AoQ4HTzGDv/ld3Tl7jC88=; b=HNH9TYMf BN27ttIkI7PPfrHE6/w2GOeAOnXu01JvSVkpPeyGVxzesQLKVPILZ9UYZ80gjqdQ n+/C0guU2mKA47D66lJKZ5DbHCGgfw0hK75dQhP8Zrf824Ob/j6ybnZEjvyFjOAN QJhK+RFHPO70KozPOQ30CagGfnUrpY0Ni2cWZDGESf/UOmHWqwMMZsHQn9sUxQWt V8LFQ08wcjviw44l4PD0maoqIaqIYA5Ffz69R7kk1sFrIDLV54ynClRYaK6O87Bz 5eYfRdv/H1F8fLtYDJVyVGkrbo3UoQU2f95BjQOJbqpUFFEYQntIuwGDIuxU/c5L Ey+kGwoRQdi6Pw==
X-ME-Sender: <xms:zpXEYOSKFNokOYXekK3Y-wHUt_G-aPFGnIIDf2gsEvyS58AuPARVmg> <xme:zpXEYDwXrln47_ZEXhj9uLVz9c5W63Wi1oj3tI-PnXhu-HUso64PSo6yFS3UBP469 NXERK-Hl3TRr-GPyw>
X-ME-Received: <xmr:zpXEYL0ksAIF4_5NMBDbD_i1GRF02B5GNtcApGuhYS7rxJidWGvQ3eM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfedvtddgfeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheprhfhvfhfjgfuffhokfggtgfothesrhdtghepvddtjeenucfhrhhomhepfdff ihgtkhcuuehrohhokhhsfdcuoeguihgtkhesrhgvlhhirggslhgvvghnvghrghihrghnrg hlhihtihgtshdrtghomheqnecuggftrfgrthhtvghrnhephfelleehveeiudehveeufeeg vefgleeiieethfefkeegjeeugfevhedutdegleffnecuffhomhgrihhnpehrvghlihgrsg hlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhmpdhivghtfhdrohhrghenucevlhhu shhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeguihgtkhesrhgvlh hirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomh
X-ME-Proxy: <xmx:zpXEYKDeIG97GTBFFAPcXavU_UgVkKQsn7V0jEQeI3JowE8UjJRVkQ> <xmx:zpXEYHhOxhAqLPUBud_wW7-gGFsdbKYM8fDutVf2881rZ9ZgkI1XGA> <xmx:zpXEYGrVdTbMKCSsr7e2qTaNnE785WOZYQPyufMXRQv_pbAOiiK-Rg> <xmx:0JXEYEu-t8hXotvmYknUvqWxrWxk7Ci3yVnq2PwBxsrueml8Y0DUXw>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 12 Jun 2021 07:09:02 -0400 (EDT)
Reply-To: <dick@reliableenergyanalytics.com>
From: "Dick Brooks" <dick@reliableenergyanalytics.com>
To: "'Phillip Hallam-Baker'" <phill@hallambaker.com>, "'Toerless Eckert'" <tte@cs.fau.de>
Cc: "'Hannes Tschofenig'" <Hannes.Tschofenig@arm.com>, "'suit'" <suit@ietf.org>, "'Russ Housley'" <housley@vigilsec.com>, "'Brendan Moran'" <Brendan.Moran@arm.com>
References: <0f9601d75adf$5856cf50$09046df0$@reliableenergyanalytics.com> <DBBPR08MB59155DB5DBE123F55B25894BFA359@DBBPR08MB5915.eurprd08.prod.outlook.com> <CAMm+Lwg36Y-tpB+XTwYYpC3psCNEj3O33BzrnzzC8gtMjgkD3Q@mail.gmail.com> <DBBPR08MB5915A4EAB8B59778AD9DCAD9FA349@DBBPR08MB5915.eurprd08.prod.outlook.com> <CAMm+LwjOttzKEA8=BkLJw1-n8RthEtYwToiUkix8=83c-TnkQw@mail.gmail.com> <20210611231907.GA12022@faui48e.informatik.uni-erlangen.de> <CAMm+Lwh5BETzwzXEQnGc99VR9fBuTfg8d0jBARy3v1Fz5uF6Ww@mail.gmail.com>
In-Reply-To: <CAMm+Lwh5BETzwzXEQnGc99VR9fBuTfg8d0jBARy3v1Fz5uF6Ww@mail.gmail.com>
Date: Sat, 12 Jun 2021 07:08:59 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <2a3501d75f7b$5a4b9d40$0ee2d7c0$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_2A36_01D75F59.D33C6E40"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGWV7HWN1UFe48pVCqNOvWTpeLidgI50GCWAkrvsgUBigw1lQIT8q1VAoU+DLQBLIJ5aqsznnyQ
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/iAV51sEyiz3YrdsH68JhcDLZtTM>
Subject: Re: [Suit] Surprising push back on the need for a customer to verify the trust relationship between a software supplier and software signer during digital signature validation on signed code
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2021 11:09:11 -0000

There are two distinctly different use cases (schemes) where digital signatures are used today in the Energy industry:

 

1.	Peer-Peer trust using PGP keys and private exchange/verification (Natural Gas)
2.	CA issued X.509 certificates, where no a-priori trust relationship exists and a trusted 3rd party provides the trust needed to link the identity tied with the key pair via a certificate

 

Both approaches work well to satisfy the trustworthiness “bar” needed to conduct a business transaction.

 

Phillip, I agree: All software MUST be signed, by a trustworthy party that has been authorized to sign software on behalf of the authorized software supplier/licensor, which a software customer can verify as part of digital signature verification. 

 

This can work under both schemes, IF:

*	The signing credentials can be trusted, meaning the customer has a way to verify trust using scheme 1 or 2
*	The signature on software can be trusted, meaning the customer has a method to verify that the signature uses a trusted credential, and now for the hard part, the customer can verify that the signing party has been authorized by a software supplier to sign code on their behalf, under schemes 1 and 2. This can happen with scheme 1, but I don’t see how this can happen with scheme 2 without supporting infrastructure, that doesn’t seem to exist today. 

 

Thanks,

 

Dick Brooks



 <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™

 <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com

Email:  <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com

Tel: +1 978-696-1788

 

From: Phillip Hallam-Baker <phill@hallambaker.com> 
Sent: Friday, June 11, 2021 8:18 PM
To: Toerless Eckert <tte@cs.fau.de>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>om>; suit <suit@ietf.org>rg>; Russ Housley <housley@vigilsec.com>om>; dick@reliableenergyanalytics.com; Brendan Moran <Brendan.Moran@arm.com>
Subject: Re: [Suit] Surprising push back on the need for a customer to verify the trust relationship between a software supplier and software signer during digital signature validation on signed code

 

When writing a specification, it is always important to decide on what problems you intend to solve and which you plan to leave for others.

 

Unauthenticated signatures have real proven value in anti-Virus protection. As Marcus Rannum argued over a decade ago, looking for badness is a failing strategy because the badness is infinite. If every copy of Adobe software is signed with a software key that chains to a self signed cert created by adobe, that provides a vast amount of leverage for AV systems even without TTP validation.

 

That is not a theoretical approach, it is precisely how Comodo Default Deny Protection (TM) works. If you build databases of signatures of known good software, spotting the bad or the corrupted software is much easier. 

 

That is why I want all software signed without exception. If you try to gate software signing on a CA issued key you are making exactly the same mistake that keeps S/MIME at 0.00001% of email traffic. As I argued in the SSL cert space since 2000 or so, Web browsers should accept self-signed certificates without complaint or notification to the user. Just drop the padlock icon telling them the site is secure. 

 

I don't think that the answer to the problem of validation is to set up a mickey mouse CA that provides certificates without any validation of organization existence, accountability, proof of right, etc. giving out rubbish certs for free. Gresham's law applied to the WebPKI: the bad certs drive out the good. If you try to make CA issued certs mandatory, someone will come along and reduce the issue criteria to the point where they have no value over self-signed.

 

 

Yes, I am proposing a callsign registry that could be adapted to code signing. But to be honest, that is not one of the primary motivations for it nor is it something I have given a lot of thought to in the design of callsign.

 

My rough notion is this: @alice, @bob, @carol work for @threshold As they are developing code, every build they create is signed under their personal software developer key bound to their Mesh profile by means of a connection assertion and thus their callsign. So Alice isn't going to run any developer build not signed by any of the three of them.

 

When it comes to the general public trusting the signature, they are not going to know Alice or Bob or Carol and they probably don't know Threshold so the call sign alone really isn't enough to convince J. Random User to install and run it. So @Threshold gets a TTP validation of their key and that is maybe gated so that two out of the three of them have to sign. 

 

 

 

On Fri, Jun 11, 2021 at 7:19 PM Toerless Eckert <tte@cs.fau.de <mailto:tte@cs.fau.de> > wrote:

Phil,

a) Let me see if i get your high level point correctly and/or expand correctly:

   - We want signatures on all pieces of software/data loaded onto systems.
     These signatures allow to authenticate who (signer) says what
     about the signed software/data. Not sure if there is a framework
     for the "what" there is, but i could think of more "what" than
     just an implied "authentic" binary flag implied by the presence of
     the signature.
   - What to make out of those signatures should be different policy decision. 
     As in: just because its signed doesn't mean i trust the software to run
     on my system. Trust policies depend on signatures but would embody
     additional critera such as specific CA for specific software purposes
     or the like.

b)  Wrt to CA policy freedom (" Basically, the CA can define their boundary
    to be anywhere they like, that is purely a matter for them to decide")

    This reminds me a bit of ISO9000 and how uneducated customers are. As in:
    There can be thousands of software companies out there that customers
    trust to be reliable because the software company is ISO9000 certified,
    and none of those customers ever looked up what that means.

    As in "Our software company ISO-9000 process: before we start coding,
    every day, we dance on the tables and drink 3 beers to get into the mood.
    End of ISO-9000 process". The ISO-9000 auditors also got free beers,
    everyone was happy. Worst part: that process might lead to more reliable
    software than some other ISO-9000 audits i have seen.

    Aka: I don't think you get around having some standards for the
    security boundary you describe and whoever defines that boundary/audit
    standard could make nice money from e.g. also getting involved
    into the software signing.

Cheers
    Toerless

On Fri, Jun 11, 2021 at 02:39:11PM -0400, Phillip Hallam-Baker wrote:
> On Fri, Jun 11, 2021 at 2:34 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com> >
> wrote:
> 
> > Hi Phil,
> >
> >
> >
> > a few clarifying questions.
> >
> >
> >
> >    - What is a ???trustworthy credential??? for you?
> >    - Who is the ???provider??? here?
> >    - What do you mean by ???Must identify such machines???? Are you saying
> >    that the software / firmware update must identity the machine it applies to?
> >    - When you say ???Every software distribution MUST be signed without
> >    exception??? are you trying to distinguish between the signing the software
> >    vs. securing the distribution? With regards to the exception you are not
> >    talking about what happens during manufacturing.
> >
> >
> I am distinguishing between Sign ( Zip (files) , k) and Sign (files, k).
> 
> Authenticode only signed the software distribution package, most of what
> has followed has done the same. That is a useful control of course because
> an installer is an executable that runs on the machine. But it is necessary
> but not sufficient: Every executable, every piece of installed data should
> be signed without exception.
> 
> On the other issues, well it totally depends on your application and your
> regulator. In the aftermath of Diginotar we had a lot of discussions of
> what should be subject to audit. My position was that is actually something
> the CA decides. Basically, the CA can define their boundary to be anywhere
> they like, that is purely a matter for them to decide.
> 
> The catch here is that if you are going to show that your practices meet
> your policy, then you have to show that all your cert issuing machinery is
> subject to audit. Contrawise, the more of your machinery you stick within
> the audit boundary, the harder time you are going to have showing it is
> secure.
> 
> I would apply the same approach here. The pipeline provider etc. has to
> show that its operations are secure. I am not going to write a list of what
> they have to pur inside or outside of their security perimeter, I am merely
> saying that they have to define one, they have to show that all the
> necessary operations are inside it and that everything inside it is
> sufficiently secure.
> 
> If we are talking about a pipeline then CABForum EV certs are probably
> sufficient. For civil nuclear, I would consider that a starting point, I
> would want all software to be signed under a cert that was individually
> enumerated and credentialed.
> 
> It is worth pointing out that the reason colonial pipeline was affected so
> badly was probably that they were sending multiple types of fuel down the
> same pipe in batches. That game is only going to work if you can absolutely
> guarantee that you aren't going to put the load of tar into a tank full of
> top grade aviation fuel. So their problem probably wasn't on their actual
> operations side itself, the thing they were looking at. They had not
> understood that the database of what fuel is where was actually critical to
> operations.
> 
> 
> On provider, I am being deliberately vague because sometimes the provider
> is going to be the developer, other times it isn't. A large amount of
> Ubuntu packages are signed by the people who are putting the packages
> together who are not the actual developer. This third party work does have
> value in that there is a curation process going on there and it is possible
> to imagine mechanisms whereby detected insertion of malware could be
> revoked. But we don't have those at this point of course.

> _______________________________________________
> Suit mailing list
> Suit@ietf.org <mailto:Suit@ietf.org> 
> https://www.ietf.org/mailman/listinfo/suit


-- 
---
tte@cs.fau.de <mailto:tte@cs.fau.de>

v2.8.7 | Report a Bug | By Email