IETF Logo Mail Archive

Re: [Anima] remote attestation Epoch ID distribution in IPv6 and GRASP

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Sat, 20 August 2022 10:27 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349A6C14CF06; Sat, 20 Aug 2022 03:27:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gw2cvnhRLhmq; Sat, 20 Aug 2022 03:27:27 -0700 (PDT)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 192C4C14F74F; Sat, 20 Aug 2022 03:27:25 -0700 (PDT)
X-IPAS-Result: A2EmAABMtgBj/xmnZsBaHAEBAQEBAQcBARIBAQQEAQFAgTsHAQELAYIjgQGBWYRPiB+Fa4JULgObV4EsgSUDGDwLAQEBAQEBAQEBCAE7BwQBAQMEggyCdAKEYyY0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBgEBAQEBAQYEAgKBGIUvOQ2DU007AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBQJBRwwyAQEBAyMPAQUIAQE3AQ8JAhIGAgImAgIyFw4GAQwBBQIBAYJ5AYJtAzITjGycFIExgQGCCAEBBgQEhREYXIFcAwYJAYEHLAGDJIwtFyCBVUSBFScPgkQwPoJiAgEBgUCDdIJlmXAmBA4DGiseQgIBC0MFCAkXEhAQAgQRGgsGAxY+CQIEDgNACA0DEQQDDxgJEggQBAYDMQwlCwMFDwwBBgMGBQMBAxsDFAMFJAcDGQ8jDQ0EGAcMAwMFJQMCAhsHAgIDAgYVBgICGDY5CAQIBCsjDwUCBy8FBC8CHgQFBhEIAhYCBgQEBAQVAhAIAggnFwcTGBsZAQUyJxAJIRYGCgQaCgYFBhMDIEkmBQo7DygzNTwrHxsKgRIqCSAVAwQEAwIGEwMDIgIQLjEDFQYpExItByt1CQIDImkFAwMEKCwDCT4HCSImPQUFWxIoAQQDAxMiPQYDCQMCLDkClnuCBoFATl8HOAsOAi+CAwkkjwqDIIMbiyCfMX80B4IWgT+BPwYMnj4GEy6DdoxPhi6SAZcHIKcWAgQCBAUCDgiBYYIWTSSDNlEZD44gDBaDUIUUhUxzAjkCBgEKAQEDCYpcAQE
IronPort-PHdr: A9a23:1AlVXRwSEQXuNxvXCzPRngc9DxPP8534PQ8Qv5wgjb8GMqGu5I/rM 0GX4/JxxETIUoPW57Mh6aLWvqnsVHZG7cOHt3YPI5BJXgUO3MMRmQFoCcWZCEr9efjtaSFyH MlLWFJ/uX+hNk0AA8fiIVPIq2C07TkcFw+5OQcmTtk=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.93,251,1654552800"; d="scan'208";a="44560358"
Received: from mail-mtadd25.fraunhofer.de ([192.102.167.25]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Aug 2022 12:27:22 +0200
IronPort-SDR: gf975SilcKy+N2R9yyyNC9DsANL408PUFETaqaYws5TyQskCfFm0IYwncrwyet5oh7niSXmdom QStX/6t5lF3NbEE/ifx9d4DsISRKD1p/M=
X-IPAS-Result: A0BAAAB9tgBj/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACYEyBwEBCwGBUVIHelkpV4ROg00BAYRQX4UMXoIkAzgBmx6BLIElA1QLAQMBAQEBAQgBOwcEAQGCE4J0AoRgAiY0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQknBl4GaIFPgWETCzQNhkMBAQEDEhEPAQUIAQEUIwEPCQISBgICJgICMgcQDgYBDAEFAgEBHoJbAYJtAzICAQEPjG6POQGBPwKLGYExgQGCCAEBBgQEhREYXIFcAwYJAYEHLAGDJIwtFyCBVUSBFScPgkQwPoJiAgEBgUCDdIJlmXAmBA4DGiseQgIBC0MFCAkXEhAQAgQRGgsGAxY+CQIEDgNACA0DEQQDDxgJEggQBAYDMQwlCwMFDwwBBgMGBQMBAxsDFAMFJAcDGQ8jDQ0EGAcMAwMFJQMCAhsHAgIDAgYVBgICGDY5CAQIBCsjDwUCBy8FBC8CHgQFBhEIAhYCBgQEBAQVAhAIAggnFwcTGBsZAQUyJxAJIRYGCgQaCgYFBhMDIEkmBQo7DygzNTwrHxsKgRIqCSAVAwQEAwIGEwMDIgIQLjEDFQYpExItByt1CQIDImkFAwMEKCwDCT4HCSImPQUFWxIoAQQDAxMiPQYDCQMCLDkClnuCBoFATl8HOAsOAi+CAwkkjwqDIIMbiyCfMX80B4IWgT+BPwYMnj4GEy6DdoxPhi6SAZcHIKcWAgQCBAUCDgEBBoFhPIFZTSSDNk4BAgECDQECAgMBAgECCQEBAo4dDBaDUIUUhUxBMgI5AgYBCgEBAwmKXAEB
IronPort-PHdr: A9a23:eK54OB2FkN10wVzYsmDPp1BlVkEcU/3cMg0U788hjLRDOuSm8o/5N UPSrfNqkBfSXIrd5v4F7oies63pVWEap5rUtncEfc9AUhYfgpAQmAotSMeOFUz8KqvsaCo3V MRPXVNo5Te1K09QTd3/exvcuHSv6z4VFBjlcwZ4dYzI
IronPort-Data: A9a23:z8XWs6k8vrJowxHSWTrOTyno5gwxJkRdPkR7XQ2eYbSJt1+Wr1Gzt xIaXWrQa62NZDehKN5+btng/EwPupSEnd81SAU4rS81FltH+JHPbTi7wugcHM8ywunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuOU5NXsZ2YgHmeIdA970Ug5w75j2tYy6TSEK1rlV e3a85W31GCNhmYc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pDTU2FFEYUd6EPdgKMq 0Yv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOjzAazhHe3JrXO9I+Tx4G2xTRw+t/i +wW66WtZyduDrPTzbF1vxlwS0mSPIVd/aPfZ3WvuszVwVfPbn3sxPtjFgc6MOX0+M4uXDoIp KNecW9cKEnZ2Ipaw5rjIgVorsQuKsqtNoIFuXFnySPxFvc6B57ZSrjM5dhW0S12is0m8fP2P pdBN2E0NkSfC/FJEn0bLrtmu9iMukLEMCV4pG3O+PYM7WeGmWSd15CoarI5YOeiQM5P3UeVu mzu5G3/DhweMdWZjzGMmlqlgO7KlAv6VZ4cUrqi+ZZCmlSP3UQSBQEYE1yhrpGRjVKkXNtZA 0ER4i4pvKU/7wqsVNaVdxeioXeC+BNaUNNKC+A89AyX4qXR6gedQGMDS1Zpbt0tt+cwXCErz F6PkNboAzB09raSTBqgGqy89G7pfHlKaDZdNGpdF1RD/dylq8c9lBvSSNZkHqOvyNH4cd3t/ w23QOEFr+17paY2O2+TpDgrWhqg+crESBAb/ALSUj735w91ftf6NZep9R7V9/9dKoaeQFSb+ nQJwpDM4OcLBJCLtSqMXORUQOD3vanYamWEjA49BYQl+hSs52WnI9Ja7gZ+E0E1YMwKTjnkP R3IsgRL6Z4PZ3anNPclY4+4B8kw47LnENDpCqLdYtZUO8cjbw6bui90bFOW32fjnVJqnaxmY cWXdsOlDHA7D6V7zWPqFrlHjuJxnngznDqBS4r6whKr1aulSESUEbpVYkGTau0Z7b+fpFuH+ dhoN/yMl0dVXtr4b3SF6oUUN10LcSM2CJ2q+cxacumPflhvFG07UaSD2rY9Y8poj69V0OnS9 2y7WkhWxUC5iXCecVeGbXVqabXOW5djrCtnbHJ2YgvygyAuMdS18aMSV5orZr17puZt+vh5E qsecMKaD/UTFznKp2YHYZ/moNAwfRinn1nVbXP4O31uINs5GF2Mo4W7OBXqsiJIADC+qM0+p LOtzEXXTMNbFQhlCc/XbtOpzk+w5CRMxrgtAhGQetQDKl/x9IVKKjDqiqNlKc87LxielCCR0 BybAEtFqOTAy2PvHAIlWUxZQ1+VLtZD
IronPort-HdrOrdr: A9a23:6ziOdqABZ6A0zmTlHehNsceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6Ki90dq7MBXhHPlOkPYs1NaZLXXbUQ6TQr2KgrGSpgEIdxeOjNK1kJ 0QDpSWa+eAfWSS7/yKgjVQeuxIqLLskNHKuQ6d9QYXcegDUdAQ0+4TMHf9LqQZfng+OXN0Lu v52iIRzADQB0j/I/7LTkUtbqzmnZnmhZjmaRkJC1oO7xSPtyqh7PrfHwKD1hkTfjtTyfN6mF K12TDR1+GGibWW2xXc32jc49B/n8bg8MJKAIiphtIOIjvhpw60bMBKWqGEvhoyvOazgWxa2+ XkklMFBYBe+nnRdma6rV/E3BTh6i8n7zvYxVqRkRLY0LvEbQN/L/AEqZNScxPf5UZllsp7yr h302WQsIcSJQ/cnQzmjuK4GC1Cpw6Rmz4PgOQTh3tQXc81c7lKt7ES+0tTDdMpAD/60oY6C+ NjZfusqMq+SWnqLkwxg1MfgOBFBh8Ib1S7qwk5y4GoOgFt7T5EJxBy/r1cop8CnKhNP6Wsqd 60d5iAr4s+PPP+XZgNd9vpfvHHf1AlYSi8Rl56cm6XXZ3vfUi976LK3A==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.93,251,1654552800"; d="scan'208";a="150633287"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaDD25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Aug 2022 12:27:15 +0200
Received: from XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Sat, 20 Aug 2022 12:27:15 +0200
Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.170) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Sat, 20 Aug 2022 12:27:15 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z6B9+djI7l83qxsnBLzBQJqEaj1+JTyKtJyk5bAudyRg9nc7FXiQIkgLWh1EyAxcZwsmJCn3AAl3/YjtqSJr5JqW41MEAPXgQ1Pd+ztZDtT+a7OlfBgObpv2eaQ4WSWalNEAXrQNlyR8vKt9ePUAS5AWjCThX1y2rE25OmqJeHsqiAT1430EkNahOw1dn9IxWPJCflen8pKtZA3WDBuv8Bi50QxfQ+q+lfAqqfZCVIGStWPRGfWon15rl6jbDv+ldIlhF9vrrD18+bDFjiIBQMhVl98z/9Ql5/FkyWuq73xVkDLfgCLHey8nS8E8kNnOyVCg7rqLwrebO1Hv0Uk+Jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ejBiiXfxUo9ZVbYp6mNRkl2Gv/dG2m0Q4ZrImiiozLA=; b=m2CYDXS2W7tFMmqGY4qFOrmG9Ad8djLkHHRGRd9ClM76G3eNUDNbEOyiz6+WxICa8eMNVRql2fJ9cmGTLdE4PllxTR+5qV/y1bG601UrcdJwFlQJJT3++PC4alAJwHeyLopn1xYSt9/Mitnov7b6oA0SzvpDbu0OIEEVSyat71h/9WKlzSqgeArVwag527JnznwjlgfCMaL1CHTPwv29x+NlgFNYFSMxgN+pr8virglnhkpG/PmurKpq4xvscTY2M28QgLgdK/D7hJfWEOLqqrV4rv7aes04EhAMxtBKLsajdFO0Q9XqmnT8VNzkg6GYMeGzFS7dwA1QwFsm8AUUZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ejBiiXfxUo9ZVbYp6mNRkl2Gv/dG2m0Q4ZrImiiozLA=; b=q7p52jKerf7N/lXWkRvLjkPTPzqng2tfWwH6+WWzWh96rN6oxfJu6TJJsd3iqPFCNQSqmH/6Gn6Jm6GoppUVQHkHrNbYhgWB2EK+BEmBENaXSDZJTITPXHGW21Yb0BR2ms/bUWE6lolngpqOxnV3oUskgZMjMCLOpZsiFFjoZWk=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8) by BE1P281MB3080.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:61::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.8; Sat, 20 Aug 2022 10:27:09 +0000
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::d868:3a9:523d:367a]) by FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::d868:3a9:523d:367a%3]) with mapi id 15.20.5566.009; Sat, 20 Aug 2022 10:27:08 +0000
Message-ID: <c59c6c7a-310a-c863-2ad5-d8248e5e29b5@sit.fraunhofer.de>
Date: Sat, 20 Aug 2022 12:27:07 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Michael Richardson <mcr+ietf@sandelman.ca>, anima@ietf.org, rats@ietf.org
CC: otroan@employees.org, "Brian E. Carpenter" <brian.e.carpenter@gmail.com>, Nick Allott <nick@nquiringminds.com>
References: <18007.1660927278@localhost>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <18007.1660927278@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: FR3P281CA0016.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::21) To FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d4a22fa1-b82d-41d7-059f-08da8296885a
X-MS-TrafficTypeDiagnostic: BE1P281MB3080:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: tVSY4l1ccd24E+DF8O15WbRDs6nMMhZitqfCPwbdT11ZcVR15XxoiJRc2Fvk/VxKMBPuHArudzedXzn2J/leqcyiJOfllqyGunw2LC5MDGd4AsYoU3R6sSXmKO+5R/lFRlYvcmWA/SsCaZbaGw0kss8LkrIEwxW8NEdMeGHyU3sDwkUPOHAwwQy78ald1ufMKhsMJvyBCFeqAvAs2HmCfM/IpxODKnLUKLCL9MzeXSkuG1VaEIEd8Rxda19JQdzNhyo//5GlGhXAsWmeq2iKZ2Dd09noHKLnYpPiOiTqvxhivpBWBtpT6vqK9RDANTKVQbmQgyrfo2BfiDBetzZZT30+CHAQ+e2Xmd9Ws8SSsw82xFPhb09OvpQxvdI8Lc9OhOyoIlMXES0Khu1a+iIVtLQ2hYZ9MzYxl1E8WNhZw7qq7fCTAvAuY/fZ3MlGladIxOLs5jMWsd4vvwz0Qrb1z24odF9R1iIJVEUh6ArGvYigv0/sA3R9C+0KXpviKTkbrgjo6KVVmGf8W5Vm5JaUXOTD9cavOY/TztHCb2Yyu6fOyIXDmItCbl//sz6LgXcAPhzXfr/O6YYbMLV7NyOfU7EststBWY1UGgqe6W7cu/HWPMYjqrqaVaTAH33RZd2AF2hzJJMX9JtKzNRrhvzsPNjWNzpYSpTCZnGMQr+Q78+Z5+M9CwPBkr+T6QT6eQ5U1vubOm+qeoAu8rN2EubpZFUFpX/cik92YgtSvQ2xwwH1ar8vhHFfX8tpp+GlUPJZ77W3e8wgyuVz0RnWpnSf3nsEYHoyc9nPzdsu6f6SQ2v1DQ/6scvkfuhmAleLuBdf
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(366004)(39860400002)(396003)(136003)(346002)(376002)(8676002)(53546011)(6486002)(52116002)(478600001)(6512007)(5660300002)(2616005)(66476007)(4326008)(66946007)(66556008)(86362001)(31686004)(186003)(44832011)(41300700001)(966005)(6506007)(2906002)(38100700002)(82960400001)(66574015)(54906003)(31696002)(8936002)(316002)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: oTl7Efet/LVyI5vPVzS26n75kkbomHYWfsQPoPpLwu3eVjgndxo5Ec4gQ/KHqZXevcCo/Yaq4FUc/KntR8wqvlAc59vgg9SUQeQ7MwJk6Ax1il8kKM3ZmOMLDUzlakK/dE+f5+IFltJVPWeLMEnrDFOcedah47OyEQyiRne8H+Cch0PZOz+hRYH4jr2GU4iR/NJ1fw/flTZJy28cHCd73L9wQPaQJTH9MPbu60q0ES4/ehZFr3nUcVbWKWQYKWY1iFmEf3inPq832dYcUrZJ1CiF4eCFM4IPhhth3HeNN38UMvUvqQWcJ0HExubN0tevdB4iv2rMjRFnKJETTPa5RwsiT3lEkm3ILp2doRPkWh76yZ5+6lcEh/sO2zfWIBiXTx3EJx7mqcYEAuM7p1ucXXGohd7BvyN2ExsBn9M/lWI3OznNm9dPZJZyh8cbGmQ4gEP+88gZH88qWYrNTprP4auzs4CV6eqsoD0oNLg6KX1urlNVIIu4kY6elVpWApydSn4g/Hc3IgGZS1Px60uhxY0iAF8w4eUWbKZTu3kIuAxFBMZV+iAjK03l/r2kDi6fdwZ1alnBc5Lp0QyquU5enzia/AdduzKb5ZuvA4GmoJ+vm7qoc7XgpSxjcl8pUtumun03Kjk2rRIcXRxdCmb3eqcLWMJTlojNsliCrxcFiLDo8eMkYy9+wZeuNAEahmt5mOg8TP9tChvXoPGUIz1rHImZWLxi4YBFk5+S4cq3isQji2ml9NZvhG6B5bnHcvCHdXQZkUbkn2ikPTImA9gxDUwXxnpZ4zk6DpQX9z0WRlmaYoUejHgkhXzsVlTx8uDOH/+DjT6LX+hsVZpthHZA1Xh+8LQYm/v8TThlto9UIGnM7mJKAO5C68YaygtiaWIrnEhNF8m3TQp1VnRRPU2vWDZ7EJquRkSAo6wIu2YY0EOtI6eLZrl1yxIO58jawHN3KOUUHYXYjpwVECclbRuSr9BvwcFYc8IAEjW1hz7SfjsbimBVeMSlzStxzmWB+YkyphzaS9RHea2/NJDXpoI+0rreU0fmWXXBXhYMQbtT8FQWHB4QTpCbe62D4Yz5tgnC+0vTAokmhgFzxLno1arI5FIh9g6ymcGileg5G9Sk0xBA+vIjc0VoW2MYoiK/8BQl1QpHuTXJkdx2+mZ8VPxaPV21zKxQj0MhCG0lKPptsNPbLitsnHE5f7IX/S/4VGWJoVvYTqYXJCSyNYguiYEWGdtFo+FideNGSyG/2Zbv3q7uzy53mFCNI55QV0dADAB8E2j2RHquc0H4X4oB+ay61aqTa8tbhydv0/lmkxKk9L8oplaSToNgcCeFX45Zr/rygLlWNFFKUl2n5dbyLfyYp+g7ts99jYoAL3K1hPrTL2yaECCx7aCo15kBt1CQoG5EMbvGGwq1clqHcnBJ3cfwGNFCIUamwO8oKyGJ5D+vLgSHpIGf0u7HkF953AVp+0VKN2alsXSs6caFKhdHxOttVxYOCWGis5P7y0q8SmDpeWaJVo9zf7OlIWeCFLGK+ZR7jLmBZNVduB2XAImyUJm1ZVsSaUHPNHxF3RObWndwmbLPKCKdGWZUvSwEaQiKjT6PD+1s+FBD/l3fZCqkdXcFU/D9Xk6DzwN5/23p+W8bZgMIjLvs9NuBd+J4756SkV4gQ3AcIq5HBjnlBEfddPxK9bMwtF7k3n7P/JGq4bzDhuI=
X-MS-Exchange-CrossTenant-Network-Message-Id: d4a22fa1-b82d-41d7-059f-08da8296885a
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2022 10:27:07.3934 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: usZw3RO/yLT/QtoWG50gZ3Ys7JABid+/jvI6LZFUOrN6OWbXxetchVNzrEsOC4tfhUEFLUT2T3HzK8z7PirW6lAnkE0iW5HYTWC0lJhR0zc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE1P281MB3080
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/T9svzU4ndYyCouPvnftLxMXiD3o>
Subject: Re: [Anima] remote attestation Epoch ID distribution in IPv6 and GRASP
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Aug 2022 10:27:32 -0000

Hi Michael,

similar to a MUD URL, an Epoch ID (or epoch marker, see: 
https://www.ietf.org/id/draft-birkholz-rats-epoch-markers-01.html) can 
be conveyed via many vehicles. As MUD URLs can, for example, be included 
in LLDP payload, it seems like a low hanging fruit to me to distribute 
Epoch IDs via router advertisements or M_FLOOD.

If there is interest in this application of a source for freshness, we 
can certainly make that happen.

And while we are at it: If ANIMA has any requirements on potential 
payloads of an epoch marker, please say so :-)

Viele Grüße,

Henk

On 19.08.22 18:41, Michael Richardson wrote:
> 
> As explained at:
>    https://www.ietf.org/archive/id/draft-ietf-rats-reference-interaction-models-05.html#name-uni-directional-remote-atte
> 
> and also referenced at:
>    https://www.ietf.org/archive/id/draft-ietf-rats-architecture-21.html#name-example-3-epoch-id-based-pa
>    (which has a cool SVG diagram)
> 
> one of the key ways to get freshness for remote attestation mechanisms is to have
> some entity send a series of Epoch IDs to all parties.  They are
> non-repeating, non-deterministic nonces that wind up being included in the
> signed Evidence produced by Attesters.
> draft-birkholz-rats-epoch-markers imagines reuse of RFC3161 TimeStampTokens
> as one example.
> 
> In bilateral systems where TLS is used as a transport (such as in BRSKI
> onboarding), then it possible to use tls-unique^WTLS Exporter to get
> something which is fresh.  In other scenarios where Evidence will be
> shared with a Verifier that did not participate in the TLS connection (such
> as in background check model, which is what BRSKI would need to use) then
> the Epoch ID mechanism may be a better way.
> 
> When working on this freshness model in the RATS architecture, one
> distribution mechanism that we envisioned was some kind of rain from
> ("heaven") above of Epoch IDs.  Such as having them embedded in a GPS or 3G
> signal/beacon.  This has advantages for uni-directional attestation where no
> signals are allowed into the nuclear power plant, yet fresh attestations need
> to be emitted.
> 
> Much more mundane scenarios just need to have the EpochID distributed in an
> efficient manner.
> 
> One thought is an RA option. The universal RA option comes to mind, but the
> EpochID is not a constant, so it does not entirely fit into one concept of
> universal RA where it's something that can just get inserted verbatim into a
> router configuration.
> (I was going to CC 6man, but I'm not doing that yet)
> 
> A second thought is to do this via GRASP (RFC8990) M_FLOOD.
> ANIMA's ACP operators will want to do regular attestation of routing
> platform, so we will need such a thing.  A GRASP M_FLOOD could be forwarded
> through the ACP, and if an Enterprise situation, could be then multicasted on
> the normal links for hosts that need the EpochID.
> 
> As GRASP is just CBOR over UDP, sometimes multicast on IPv6-LL, it's not
> more complicated than an RA.  As draft-birkholz-rats-epoch-markers seems to
> be defining a signed EpochID in CBOR format, the match seems quite good.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>             Sandelman Software Works Inc, Ottawa and Worldwide
> 
> 
> 
>

v2.23.0 | Report a Bug | By Email