during caution verify, unencrypted http is used on port 80 to connect, just after Requesting attestation... is printed.
To see this:
-
be logged into
caution -
checkout my http_demo branch which includes logging (and includes a
cargo update) -
run
cargo clean && ./http_demo.sh
Though the nonce should protect against replay attacks, IIUC, an attacker could intercept the HTTP response and replace an attestation report with a modified or forged report, or, minimally, eavesdrop during verification.
Besides eavesdropping and DoS (dropping packets for attestation if in-line on the network path) I think this could lead to undesirable states like: a user can verify the deployed software is running somewhere, but not necessarily on the machine they are intending to connect with. That is, a user could unknowingly accept a report from an attacker's machine.
This is the line in the code I believe is hard-coding http, via this line that sets attestation_url, and later seeing the print from this line makes me believe self.verbose must be false (no error) and the received attestation must have been decoded.
I am not certain it is entirely relevant to this issue, but this IETF informational RFC document section 5.2 deals with "Prevention of Spoofing and Person-in-the-Middle Attacks" for attestation schemes.