Check if there's a requirement on Registrar to cross-check PVR-signer against DTLS-handshake-IDevID

[EskoDijk]

A Registrar should check maybe that the signer of the PVR is the same entity / certificate as the one that created the DTLS session.
Is this already in?

[mcr]

Esko Dijk ***@***.***> wrote: A Registrar should check maybe that the signer of the PVR is the same entity / certificate as the one that created the DTLS session. Is this already in? I think it's already in 8995. I'll check.

[EskoDijk]

I looked in 8995: there seems to be no such check. It may not be really needed for security.

There are some related checks done:

1. Registrar copies serial-number from Pledge IDevID cert into its RVR, so that MASA can verify that the DTLS connection was made by a Pledge with the same serial-number as the serial-number included in the prior-signed-voucher-request = PVR.

• in theory, a Pledge could use 2 different IDevID identities with the same serial-number to spoof the system. However, it seems not much could be gained by such a spoofing 'attack'. The identity in the PVR + signature is used anyhow as the "true" Pledge identity.

2. Registrar verifies that the pinned proximity-registrar-cert in the PVR, is equal to the registrar's EE certificate.

• this is just to exclude on-path attackers. It doesn't check against a spoofing Pledge.

So overall it seems not needed for cBRSKI to require such security check in addition to BRSKI. If we think this needs to be checked, it's for a BRSKI update.

Created the issue anima-wg/anima-bootstrap#152 to remind future authors of a "8995-bis" document to consider it.
Proposing to close the issue here for cBRSKI!