Re: [Anima] [Iot-onboarding] EXTERNAL: Re: OPC and BRSKI

[Michael Richardson]

Randy Armstrong (OPC)  wrote:
> 1) As it stands today BRSKI is pull model only and the push model is
> out of scope but I don't see why that has to be the case once you allow
> for different protocols between the Device and the Registrar. With our
> proposed OPC mapping we would define a Registrar that supports both
> models. Is this of any interest to the IETF or would it be an OPC only
> thing?

There are a number of reasons to think a push model is also workable.
I'm unclear if OPC needs to onboard devices into a wireless network or if
everything is wired.  This matters because the new device has to announce
its presence to the Registrar for push to work.

For instance, you could take a look at:
  https://tools.ietf.org/html/draft-richardson-6tisch-dtsecurity-secure-join-01

which is an old version of the constrained-BRSKI mechanism.
Section 3, (3.2) explains how the Registrar would reach out to the
Pledge using the 6tisch 6p protocol (when it ran over IPv6).

> 2) Perhaps the most value from BRSKI comes not from the MASA per se but
> the voucher format (i.e. a digitally signed document with a standard
> format). We could meet a lot of our requirements if we had a voucher
> which has a list of nonce-less or bearer vouchers shipped to a
> particular location for use by a particular end user. We could create
> workflows where the manufacturer/distributor has to create this
> document when devices are delivered. The document could be delivered
> via the MASA or via some other B2B exchange or even on a USB
> stick. However it is delivered it can then be read by the Registrar and
> use it to build a whitelist of Devices allowed on the network.

RFC 8572 -- Secure Zero Touch Provisioning (SZTP)
may suit you better. It also uses RFC8366 vouchers.

> I am also thinking that this voucher would be a good application for
> block chain where instead of a bearer voucher we define a mechanism
> where the owner the device could append a "block" to the original
> voucher which authorizes the transfer to new owner.

We considered distributed ledgers for the audit log.
In all distributed ledgers, you have to ask:
  1) are there mutually distrusting parties?
  2) what do they need to agree upon?
  3) what is the incentive for a third party to validate the chain?

What you have described above, however, is just a certificate chain.
No Block Required.
  
https://mailarchive.ietf.org/arch/msg/6tisch-security/2kObJLkLlhuI-HU9s5yqfRm0n00

Describes an early notion of how vouchers work, and notice how it delegates
at each step.  Subsequent sales just extend the chain.  We didn't go this
way because:
  1) it mandates sales channel integration, and we think that this will be
 rare at the beginning.
  2) any party in the chain can issue a new sale certificate, effectively
 stealing the device from the current owner.

--
Michael Richardson , Sandelman Software Works
 -= IPv6 IoT consulting =-


signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

[Michael Richardson]

https://tinyurl.com/yylruorn contains an updated diff against -24.

Benjamin Kaduk via Datatracker  wrote:
> Section 5.2

> application/voucher-cms+json  The request is a "YANG-defined JSON
> document that has been signed using a CMS structure" as described
> in Section 3 using the JSON encoding described in [RFC7951].  This

> Section 3 does not describe any "sign[ing] using a CMS structure"
> operation.

Yes, I see, the sentence structure is wrong.  I have changed it:


-   application/voucher-cms+json  The request is a "YANG-defined JSON
-  document that has been signed using a CMS structure" as described
-  in Section 3 using the JSON encoding described in [RFC7951].  This
-  voucher media type is defined in [RFC8366] and is also used for
-  the pledge voucher-request.  The pledge SHOULD sign the request
-  using the Section 2.3 credential.

+   application/voucher-cms+json  [RFC8366] defines a "YANG-defined JSON
+  document that has been signed using a CMS structure", and the
+  voucher-request described in Section 3 is created in the same way.
+  The media type is the same as defined in [RFC8366].  and is also
+  used for the pledge voucher-request.  The pledge MUST sign the
+  request using the Section 2.3 credential.


> To be clear, this is MUST sign, but SHOULD use IDevID (vs. some other
> credential) to sign?

It was SHOULD, because we supported unsigned voucher requests, but we removed
that option.  It is now MUST.

> constrained voucher formats are expected in the future.  Registrar's
> and MASA's are expected to be flexible in what they accept.

> nits: no apostrophes for plurals.

done.

> proximity-registrar-cert:  In a pledge voucher-request this is the
> first certificate in the TLS server 'certificate_list' sequence
> (see [RFC5246]) presented by the registrar to the pledge.  This
> MUST be populated in a pledge voucher-request if the "proximity"
> assertion is populated.

> [same comment as above about "end-entity certificate"]

done.

> The registrar validates the client identity as described in EST
> [RFC7030] section 3.3.2.  The registrar confirms that the 'proximity'
> assertion and associated 'proximity-registrar-cert' are correct.

> what 'proximity' assertion?
> Does verifying proximity-registrar-cert just mean checking that it's the
> same leaf certificate that the registrar presented?  What happens if the
> validation fails?

Yes, it means confirming that the pinned certificate is one's own.
If it fails, then there is a MITM, and the connection should be closed.
{I will use "MITM" until someone tells if me we are using a different term}

I've split that paragraph up, as there are two thoughts, one is about the
ClientCertificate, and the other is about the pinned certificate.

The registrar validates the client identity as described in EST
-   [RFC7030] section 3.3.2.  The registrar confirms that the 'proximity'
-   assertion and associated 'proximity-registrar-cert' are correct.
+   [RFC7030] section 3.3.2.
+
+   The registrar confirms that the assertion is 'proximity' and that
+   pinned 'proximity-registrar-cert' is the Registrar's certificate.  If
+   this validation fails, then there a On-Path Attacker (MITM), and the
+   connection MUST be closed after the returning an HTTP 401 error code.

> Section 5.3

doc> A Registrar accepts or declines a request to join the domain, based
doc> on the authenticated identity presented.  Automated acceptance
doc> criteria include:

> I suggest "for different networks, examples of automated acceptance
> criteria may include".

doc> If these validations fail the registrar SHOULD respond with an
doc> appropriate HTTP error code.

> Similarly, "If validation fails".

done.

> Section 5.4

doc> The BRSKI-MASA TLS connection is a 'normal' TLS connection
doc> appropriate for HTTPS REST interfaces.  The registrar initiates the
doc> connection and uses the MASA URL obtained as described in Section 2.8
doc> for [RFC6125] authentication of the MASA.

> I'd consider mentioning  the implicit trust anchor database as well as
> the MASA URL.

edits for another review changed this to:
   The BRSKI-MASA TLS connection is a 'normal' TLS connection
   appropriate for HTTPS REST interfaces.  The registrar initiates the
   connection and uses the MASA URL obtained as described in
   Section 2.8.  The mechanisms in [RFC6125] SHOULD be used
   authentication of the MASA.  Some vendors will establish explicit (or
   private) trust anchors for validating their MASA; this will typically
   done as part of a sales channel integration.  Registars SHOULD permit
   trust anchors to be pre-configured on a per-vendor basis.

doc> The MASA and the registrars SHOULD be prepared to support TLS client
doc> certificate authentication and/or HTTP Basic or Digest aut