Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of Evidence generating key material for AE identification #399

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Use of Evidence generating key material for AE identification #399

wants to merge 5 commits into from

Conversation

henkbirkholz
Copy link
Member

fixes #156

yogeshbdeshpande
yogeshbdeshpande reviewed Feb 24, 2025
View reviewed changes
draft-ietf-rats-corim.md Outdated

The integrity of public and private key material and the secrecy of private key material must be ensured at all times.
This includes key material carried in attestation key triples and key material used to verify the authority of triples (such as public keys that identify trusted supply chain actors).
For more detailed information on protecting Trust Anchors, refer to {{Section 12.4 of -rats-arch}}.
As it is possible to use the public part of an asymmetric key pair for Evidence generation to be used to identify an Attesting Environment, this method of potentially identifying unique instances of Attesting Environments (and profiling their respective owners) can come with privacy considerations that have to be carefully weighed.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The text here is not clear to me?

Are we saying:

  1. Asymmetric Key Pair used to sign the Evidence OR
  2. Public Part of Asymmetric Key pair is part of Evidence Claim used to identify the Attesting Env?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Public keys are PII unless they are for group signing (where the size of the group is privacy preserving).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we saying:

Asymmetric Key Pair used to sign the Evidence OR
Public Part of Asymmetric Key pair is part of Evidence Claim used to identify the Attesting Env?

Yes. That happens and is a PII issue.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Public keys are PII unless they are for group signing (where the size of the group is privacy preserving).

Yes. Is the DAA scenario relevant here?

yogeshbdeshpande
yogeshbdeshpande reviewed Feb 24, 2025
View reviewed changes
Copy link
Collaborator

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

request please review the comment

thomas-fossati
thomas-fossati reviewed Feb 24, 2025
View reviewed changes
Copy link
Collaborator

@thomas-fossati thomas-fossati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! A couple of quick comments.

nedmsmith
nedmsmith reviewed Feb 24, 2025
View reviewed changes
draft-ietf-rats-corim.md Outdated

The integrity of public and private key material and the secrecy of private key material must be ensured at all times.
This includes key material carried in attestation key triples and key material used to verify the authority of triples (such as public keys that identify trusted supply chain actors).
For more detailed information on protecting Trust Anchors, refer to {{Section 12.4 of -rats-arch}}.
As it is possible to use the public part of an asymmetric key pair for Evidence generation to be used to identify an Attesting Environment, this method of potentially identifying unique instances of Attesting Environments (and profiling their respective owners) can come with privacy considerations that have to be carefully weighed.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Public keys are PII unless they are for group signing (where the size of the group is privacy preserving).

@yogeshbdeshpande yogeshbdeshpande mentioned this pull request Feb 25, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nedmsmith nedmsmith nedmsmith left review comments

@thomas-fossati thomas-fossati thomas-fossati left review comments

@yogeshbdeshpande yogeshbdeshpande yogeshbdeshpande left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security Considerations on using key material (or kid) to identify environments
4 participants
@henkbirkholz @nedmsmith @thomas-fossati @yogeshbdeshpande