Re: Security Working Group meeting - Wednesday August 4

[Patrick Williams <patrick@stwcx.xyz>]

[-- Attachment #1: Type: text/plain, Size: 1776 bytes --]

On Tue, Aug 03, 2021 at 05:57:52PM -0500, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday August 4 at 10:00am PDT.
> 
> We'll discuss the following items on the agenda 
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, 
> and anything else that comes up:
> 
>  1. (Joseph): IBM ACF design (2FA authentication for the special IBM
>     service account) is in review -
>     https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/45201
>     <https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/45201>

I still feel like the "Alternatives considered" are pretty weak in this
document.  Rather than paint broad brushes ("Other were considered.  They were
not suitable.") I think you should enumerate _which_ alternatives were
considered and _why_ they don't fit the problem at hand.

```
- Takes four parameters: machine serial number, expiration date, password, and
  private key.
- Algorithm:
   - Hashes the password.
   - Creates the ACF from the hashed password, serial number, and expiration date.
   - Digitally signs the ACF using the private key.
   - Returns the ACF to the caller.
```

This sounds a lot like U2F.  The "4 parameters" are the challenge, IBM's key
signing server is the U2F device, and PAM is the "Relying Party".  There are
already PAM modules for some aspects of U2F and the token you need to exchange
is reasonably short (my Yubikey output is 33 characters).

https://developers.yubico.com/U2F/Protocol_details/Overview.html

The nice aspect if you can reuse portions of the U2F protocol is that you go a
long way towards enabling others to add more typical 2FA like Yubikeys.

-- 
Patrick Williams

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]