IETF Logo Mail Archive

Re: [Teep] Scalability of nonce-based freshness

Thomas Fossati <Thomas.Fossati@arm.com> Fri, 19 March 2021 09:30 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF993A090B for <teep@ietfa.amsl.com>; Fri, 19 Mar 2021 02:30:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=YyuK2uet; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=YyuK2uet
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZvWsHMDfxtr7 for <teep@ietfa.amsl.com>; Fri, 19 Mar 2021 02:30:55 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2046.outbound.protection.outlook.com [40.107.20.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 208543A0905 for <TEEP@ietf.org>; Fri, 19 Mar 2021 02:30:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ur1/3vh4EdSKUrUs2yhDLdVwf379kpmuppS/hb21aew=; b=YyuK2uet90sySVNwt47Fj0f5e6+r58yPNS7Q5Oz9mn1dHe5V7X2Ns7ZHQL0IBNuMNysB3W0ZaBo1IGdcH6h39CgRiv0fL8zhqqtJ2vABLehbVhx+utbl2ePdHMQdwiXr/T1yq7awxoyzFReBlB0JbGuGFX45kqGTut2NZSgHVC4=
Received: from AM6PR0202CA0057.eurprd02.prod.outlook.com (2603:10a6:20b:3a::34) by PAXPR08MB6543.eurprd08.prod.outlook.com (2603:10a6:102:12f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Fri, 19 Mar 2021 09:30:52 +0000
Received: from AM5EUR03FT008.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:3a:cafe::8b) by AM6PR0202CA0057.outlook.office365.com (2603:10a6:20b:3a::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Fri, 19 Mar 2021 09:30:51 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT008.mail.protection.outlook.com (10.152.16.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Fri, 19 Mar 2021 09:30:51 +0000
Received: ("Tessian outbound 259fb7427a57:v87"); Fri, 19 Mar 2021 09:30:51 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 876979b7efaac941
X-CR-MTA-TID: 64aa7808
Received: from ccfcad4f74ad.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id D7DD09EB-C5A0-4CC0-B82C-03199796602A.1; Fri, 19 Mar 2021 09:30:38 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ccfcad4f74ad.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 19 Mar 2021 09:30:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NA3niTmNpgED84EaAtA3VjNHzEnK0LZIo08hrIUHn5o7qv44QL4VoJhbyEpoGDOoTbI7RaEtpmFJw2fGQlCu17ArRNB4Tg9jGfl1A8xSsdxLpfn0fzbW1q8zBYJkRB5uCwwOE9VZHqFKs6yY3Nly7kle0sqy9uQRwZQ+yFQf4nF5V9WkOHoIg9nAKbHe2xXC9VXV0Zc15GKnghndUS40GFS9Q6V/WyUAzv2w39sBsT9xPpO5aRoLobtg/fh0jlExvo3ol9amOWXSi9asxfuYP/kKZUb9w5aCWAOL5HGfq/KogBq+TBBRPCeSBZQ1zBgVQuWb3OnqB925vin8nua13g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ur1/3vh4EdSKUrUs2yhDLdVwf379kpmuppS/hb21aew=; b=fL7BTcvLZeJDGDaAn/2Khzmyjkgjf72qxjW42cgFsovvjuFEBYlptDsuRUdIEY5+p3B7bu06HQZ1sCE8QZI57yPR/h9yrmIztKTXqkm/ZUmBq6SM8qOXR7LUqyyyZp9o1zdCH1ssqCKOPBSiRmMBnkLkDTr27wtlGu9DQrBVnFWTz60H4NKIt/vajc22Bmy8lQl6gEjF7gFNyBbiwmqD/koDOVl1UepaiazL7JRHMKBKLyPxAHlpYhsNw72Qv60+JZEzqzdvvdZ8efIEk3VyOkr0pyO1fav1jNs3hktBC9OWQXuPXkhSk5qtiOQRDUB2JOf4oIZ2847gQXnSPiSxMw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ur1/3vh4EdSKUrUs2yhDLdVwf379kpmuppS/hb21aew=; b=YyuK2uet90sySVNwt47Fj0f5e6+r58yPNS7Q5Oz9mn1dHe5V7X2Ns7ZHQL0IBNuMNysB3W0ZaBo1IGdcH6h39CgRiv0fL8zhqqtJ2vABLehbVhx+utbl2ePdHMQdwiXr/T1yq7awxoyzFReBlB0JbGuGFX45kqGTut2NZSgHVC4=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by DB7PR08MB3291.eurprd08.prod.outlook.com (2603:10a6:5:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Fri, 19 Mar 2021 09:30:37 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::1f5:375c:310f:7df5]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::1f5:375c:310f:7df5%4]) with mapi id 15.20.3955.023; Fri, 19 Mar 2021 09:30:37 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Göran Selander <goran.selander@ericsson.com>, "TEEP@ietf.org" <TEEP@ietf.org>, Dave Thaler <dthaler@microsoft.com>
CC: Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Teep] Scalability of nonce-based freshness
Thread-Index: AQHXF4P+HIop/qsalEeISWuq+4TOqqqEvPGAgAA7ZoCABONwgIABOjkA
Date: Fri, 19 Mar 2021 09:30:37 +0000
Message-ID: <E3D6C787-456E-44D6-B108-90A422E59985@arm.com>
References: <8B31EDA0-20DB-4611-B5D8-F7A60B390684@arm.com> <574A6462-E805-4CFD-99F6-67E42C5C7220@ericsson.com> <20DA68C3-1855-4A91-9CB8-6F0FE66958EC@arm.com> <C22F51C3-34C7-4F9C-AE88-E46FEDE7D58A@ericsson.com>
In-Reply-To: <C22F51C3-34C7-4F9C-AE88-E46FEDE7D58A@ericsson.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.46.21021202
Authentication-Results-Original: ericsson.com; dkim=none (message not signed) header.d=none; ericsson.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.12.10.179]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: a983d170-cc77-468f-30d4-08d8eab9b033
x-ms-traffictypediagnostic: DB7PR08MB3291:|PAXPR08MB6543:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <PAXPR08MB6543613807FBE7FFFEDACC979C689@PAXPR08MB6543.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: wNy2MyguUzn2Q0A6/gYA8VOuTgGgn+ijGtSSdenQWWvTk/esZt4nsWZhgXdav53yP7fSK4whQoGvhadThEv3IfNSBseqbL+3mI2i7aF74EEwncKNfqpRrre1R9QTXRw3jqkocTudU9mITFAqNJue+UcadY7u8IifG9MZea5hIPhFYXWPkB38TwfQOIOgubSsd6C6dgoMIxBvDBhOVwbDSDYObVZe/N9mZRKorGM73q6focnSdnV2kEvIAf1SORD17e4GU64zqIcuEfOl4YOThqgj2ubV2hi1Tu5BNHo1oEtO9CxjqXEAXXK3W8d3S5j6Ky3nv1h5qenW22aRX+l9cNZyDSq+aVn0bZzkfmeTcubXrVPaOTP1mB5k9e/oP/VT/1bb8AY1gCD3k6SkGWmvnU+tFP8fkjx1G8yDQZDDbnPXm1fJZQWhVbz52nLT02lSjPHmk5N2h0VtVlpttciXNkfci9JMTRVSs4UcwyX+yNHa+w/RQjmJi4+3sOUcePvA3qi6TzMmyJwD3zJt6xXevopE2hqogFHEjZ4Nkt4KOlUoMHMbiG1FQzxjDdalN/GwrQESZbBgn9mj15SYVURtPQOdFwlWzuIdnSQQ4hDOhdn2jhQCT/F4lbUEOTe6kNcw8CPivtSjC+fi8QrsWHf3SyGfuy/VGBrendrKgXmdFp9vlKxK/cCGyNcyVXjzcfKC
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(346002)(396003)(136003)(376002)(8676002)(316002)(36756003)(33656002)(4744005)(8936002)(91956017)(76116006)(5660300002)(26005)(4326008)(83380400001)(38100700001)(110136005)(2906002)(66574015)(2616005)(6486002)(86362001)(6512007)(478600001)(71200400001)(66556008)(66446008)(64756008)(6506007)(186003)(66476007)(53546011)(66946007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: DsgyiOSP3BTpt5cRysifgOJP/wfFSMcUVwyGFzW99gXLM5fF2qhPa/CaZW5NP3geDYVX88TyroYcdWQUw2kNJhlz3kYQ9C2JUZCbhTrWVbmz23cURkxrDkyMSiCbwnsrYuvxlQUkVG50gE4C/XcfXaksP1/VFJGhe2Kxf1CrZ5llH9Bv8N9PD2h3kr7iPTbkvIfsyjqu88RATVodo/pKgoGKtf3jzbAwl3ILw8you9Ffw6V6W98gS/tyAolIGUyhmNXy7ZAHKyaJSngjzN74pS5JVvaXo8RcF0gq+G9VZsBLPJovIjI6HbUk5yMzpMqP9fyqV/kxSCsmbByPZwLTXKjymA9pZMJpo6gMEHYpJUxsK5Ipkq3WfP5HBhDvscvPwQklCBikwEtry3AGobSwrHxXlW+XXA+d6xZqW17zvqyxNtdqv1UskZCDi3Ypklgw+COgfORtjOVULFgAAxPBDJvP4oiNmye4xq6gSMsij9NHpMAEHP3WtWF6eGdDHD4ZrDryonCFlhN/2ov417sYIzpBGm6g+KbDW23IHtEQkbH2pAK1QKu66hZ18t2XFEbA+KFFYSckH3i4dFTc85smNadeduIlMTx5PEAnCu8kj5bMVf5vrUfXS8NPbc4CoS4m9XLtESEZ9LC4NW8abt/CsLlFlNXZibOFxQbcYATc4KEfKRVvYNepm4fpyuzc3oMLBx0RC84QdvZw+WcpwXUYEkwCBv3mHMv8eh5SxzsiUVpuJECSbJazOZY23xPNoVZZbFlJPpXq7pyuFWV/2gzJpyUgImP4JQT69AVsLbt6+geyZU+goPdK0cmqQ8+np9GH6BAt3aGDlDSMoy7ZOK9sMN19SEs0NMK5pQraEullMFsFtdi2xIdsHmSHKjINHz5DngN+E6B4xIaQTHBKB3rTOU/kxfSjnD4A1tvDiSA06xgeK4lwYq6pjRl1nlsMN/fVP1d8pl9K587JV2d4ChLbk+9Lw5MmHNKipsj0TpLb9UGAsZBorchiHrVqF50TaEa1mxf5ZiL39tyL8azixVXJCmjrYU+ENUCC0kg18zq8s9N4loJnMa7I9Qt7UCCniBTr3pYi74fiQOwI0KoQbpGlpQjXWdX9hk67MowDVCmJzBD6LWPd4Qh5timFq7V8cG4EROMgFJ1YGF/2VBjKWKCbLvhtr16OwhZIn0RkMijqlDEUZk3R6kelGMiftmWAAM82c0fBgqPqEh36zGMbgQ9iG+rRxgpok+gESIvl8Yd4EYCpu794nGs0NIBiY2CALcFg4nNnoZRZYrjxCg6pLMjOcAwyfDwcQDr9g2lf1NDwnpA34kRWFni0WyPA2h54jM6a
Content-Type: text/plain; charset="utf-8"
Content-ID: <AD9EF31965884945A6AEBDD37338581E@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3291
Original-Authentication-Results: ericsson.com; dkim=none (message not signed) header.d=none; ericsson.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT008.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 72325207-c76c-4933-506d-08d8eab9a7c8
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HzBGpX1Mqn1TO1YtdQjH+R3ESj4MzObEgSkFCWEbWetO7mpEGWbNN0RXw8arYbMB+g/rRVHE64KiT0ocTE3gdjeD54vYpDHUrv4IcPmBVBNpKZxqVgwdwAD1fBs6baB7AIWnx28YT9eUDkjipzbTN4sg4oHfEXT4W1AjwVxK76HnRLH5JhJn1jtdJsznGITPhsKmsgQi1vE13QMNEwFpJXTN+zhqtDchM/c3PrVBzFKSDexAFPpBMo0YJ7gcyd969bWEAeQDDjot21gE9Fi117s86OvOfLyshAWwmNbqQNyfadEBo4FOfYAmC7O1w8F3PIzdcfUh3DQYfo7DRScvu1qHB5Qq15un0k6tgDWJbEgRnSyAj7/TBeKAqgS3PLlqVwp2bviCRetxrG43PApZm4MrV5wU32AteTHgJ3qGM+Bn1+E9j/SBPzcQ8DaSxosseBtyeQ1dBPQ5s9tqwswSy4AIOdWd3iBwaCaAyDwnRvsxxjFa2kL6ydtRhGlqM8pQO9WrkjWknblRIbItoG29UyBYhbl63rAondiua/CxKB4z53gKp3h3/OQSlT94jWMnLk0V3DCTXzh+iQ+EkITQ/6QhJop5yEEhNOqMvsTFcb3/KR+6Y8GV+ykV8vFLZ8qJdVXKoKOKIEU823E6pZwz/xYQ+K7pdfiXDqPe88O/s9I=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(39860400002)(136003)(376002)(346002)(46966006)(36840700001)(2616005)(6506007)(4744005)(336012)(110136005)(81166007)(316002)(70586007)(8676002)(47076005)(53546011)(83380400001)(33656002)(36860700001)(82740400003)(6512007)(70206006)(82310400003)(86362001)(5660300002)(36756003)(26005)(2906002)(8936002)(66574015)(478600001)(356005)(4326008)(6486002)(186003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Mar 2021 09:30:51.8369 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a983d170-cc77-468f-30d4-08d8eab9b033
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT008.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6543
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/e1rUwFj_wmKSpLrJRAfSIkJmyGc>
Subject: Re: [Teep] Scalability of nonce-based freshness
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 09:30:58 -0000

On 18/03/2021, 13:46, "Göran Selander" <goran.selander@ericsson.com> wrote:
> Wrapping up this discussion: we had an offline discussion and Thomas
> suggested the use of a time stamp concatenated with a MAC as the nonce,
> which makes sense to me. So, the nonce-based method should allow for
> scalable deployment, e.g. with a pool of verifiers assuming a fixed size
> state (shared key used in MAC) and reasonably synchronized clocks.

And just to reiterate one important point: this all works fine only if
replay attacks are not a threat, i.e.: either they have no impact on the
protocol outcome, or they can be prevented at some other layer.

cheers, t






IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email