search

ietf-teep / teep-protocol

TEEP Protocol Specification
12 stars 9 forks source link

[hackathon] How to store Verifier's nonce in Attestation Results? #324

Closed kentakayama closed 1 year ago

kentakayama commented 1 year ago

At IETF116 Hackathon, we demonstrate Passport Model Remote Attestation. The situation is both the TAM and the Verifier use eat_nonce. There is Verifier's nonce for the Verifier to check the freshness of the Evidence apart from TAM's challenge.

sequenceDiagram

participant TAM
participant Agent
participant Verifier

TAM ->> Agent : QueryRequest({challenge: TAM's challenge})
Agent ->> Verifier : GET Verifier's nonce
Verifier -->> Agent : Verifier's nonce
Agent ->> Verifier : POST Evidence({eat_nonce: TAM's challenge, ???: Verifier's nonce])
Verifier -->> Agent : Attestation Results({eat_nonce: TAM's challenge, ???: Verifier's nonce])
Agent ->> TAM : QueryResponse(Attestation Results)

Issue: The Verifier may store Verifier's nonce in Attestation Results eat_nonce .

Current draft says,

When a challenge is provided in the QueryRequest and an EAT is returned with a QueryResponse message then the challenge contained in this request MUST be used to generate the EAT, such as by copying the challenge into the eat_nonce in the EAT profile {{eat}} if using the Nonce freshness mechanism. For more details see {{freshness-mechanisms}}.

The Attestation Results({eat_nonce: Verifier's nonce, ???: TAM's challenge} is also allowed, but it may make the TAM difficult to check the validity of the EAT claim.

sequenceDiagram

participant TAM
participant Agent
participant Verifier

TAM ->> Agent : QueryRequest({challenge: TAM's challenge})
Agent ->> Verifier : GET Verifier's nonce
Verifier -->> Agent : Verifier's nonce
Agent ->> Verifier : POST Evidence({eat_nonce: Verifier's nonce, ???: TAM's challenge})
Verifier -->> Agent : Attestation Results({eat_nonce: Verifier's nonce, ???: TAM's challenge})
Agent ->> TAM : QueryResponse(Attestation Results)

Questions

  1. Do we need to write like below in EAT Profile for Attestation Results?

    challenge contained in this request MUST be the value of eat_nonce in the EAT profile {{eat}} if using the Nonce freshness mechanism

  2. Should we limit the type of eat_nonce value single bstr ? draft-ietf-rats-eat-19 says the value of eat_nonce is single bstr or array of bstr. The TAM can easily check the validity of eat_nonce.

    
$$Claims-Set-Claims //=
(nonce-label => nonce-type / [ 2* nonce-type ])

nonce-type = JC< tstr .size (10..74), bstr .size (8..64)>

dthaler commented 1 year ago
  1. Do we need to write like below in EAT Profile for Attestation Results?

    challenge contained in this request MUST be the value of eat_nonce in the EAT profile {{eat}} if using the Nonce freshness mechanism

Compare https://www.rfc-editor.org/rfc/rfc9334.html#appendix-A.2 In that model, the TAM's challenge (Relying Party's Nonce2) is not sent to the Verifier and does not appear inside the Attestation Results. Instead it is sent alongside the Attestation Results. I think we should do the same, which would mean using the token field instead of the challenge field when using the passport model.

Next question:

Should we limit the type of eat_nonce value single bstr ? draft-ietf-rats-eat-19 says the value of eat_nonce is single bstr or array of bstr.

Yes I think we should. I will create a PR shortly.

dthaler commented 1 year ago

Fixed in draft -13