Re: [EAT] {RATS] Introduction
"Diego R. Lopez" <diego.r.lopez@telefonica.com> Thu, 13 September 2018 21:29 UTC
Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1C1A130E89; Thu, 13 Sep 2018 14:29:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telefonica.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c-rv22ZjK-8R; Thu, 13 Sep 2018 14:29:15 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60104.outbound.protection.outlook.com [40.107.6.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02764130E80; Thu, 13 Sep 2018 14:29:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telefonica.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TfiWCfMghVVcWCt5UBdOhb/mOwnszbqQAJWlQGrNekg=; b=teS+04PvEiNZQ0N2pbOwsV9ufu3lmrmR0gCRKBdSiOqP8SqtO+7l0QD1HWCcIkY7Tl4MrHQOlaEIpy3TAqKdxvPWIJ/PGh+Uqdeu8Na6syhDVJXPG5vtn5R5x/A7tI1WrU/Ok3e3fTj5L3koVXnZNYmdB8ceKZBOKqa3/WoV3Vo=
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com (52.134.70.148) by DB3PR0602MB3804.eurprd06.prod.outlook.com (52.134.70.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.19; Thu, 13 Sep 2018 21:29:11 +0000
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::f98c:de95:f78:6396]) by DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::f98c:de95:f78:6396%5]) with mapi id 15.20.1122.021; Thu, 13 Sep 2018 21:29:11 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: Carl Wallace <carl@redhoundsoftware.com>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, Shawn Willden <swillden=40google.com@dmarc.ietf.org>, "Smith, Ned" <ned.smith@intel.com>
CC: "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org>
Thread-Topic: [EAT] {RATS] Introduction
Thread-Index: AdRK1ZstPcHxxutnT72dokwlGBYmnwAa/qwAAAM344AADxHpgA==
Date: Thu, 13 Sep 2018 21:29:10 +0000
Message-ID: <314C1690-524E-41D0-A222-36F0B13ECAC9@telefonica.com>
References: <c307729682c24fd18aea18551c2233ff@XCH-RTP-013.cisco.com> <233A8B51-343B-4859-9108-1CA862267274@telefonica.com> <D7BFB4C1.C0D9F%carl@redhoundsoftware.com>
In-Reply-To: <D7BFB4C1.C0D9F%carl@redhoundsoftware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.2.180910
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-originating-ip: [88.6.228.46]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB3PR0602MB3804; 6:MNGoe/evPJeITJYu54HCmTc0AZ73LxG1wP8kSNr8yZyDugXhav9Tf9JBFXiOIGAjxNugtmSQWAonz/f7vb5bPMvPJjAG1c3WbOMNIHtWSlSUcINrGrzE3tjRWmZcY+VzftyhyoMCFXiLsjvybxTBXHn4TMAAJGREPJLwb+1Tf5Brk7463FyKlsiT8PpqY8Z7G2svloo4XKX7dsUUhIVL6mFhsqUgdIv83Yu/NIfmjIUsm5Cmpqf9TVQ8SCpR7jSlWYAPOUScaafJt5HPDNm/Fg1ZEZUTNhwQeJiq0mtbm4qa9eO6tMa9SNGrbhXOT4nc2IfAFurEZslTiBJdNm/j74YuCAqj9gTrkeadkGeP09VQTuLaJUmL3zCbcuYhzIhus5vMWKUUp1pdsf1OQ5rpg2VMlrDMEkRMfkN8Tb1qbm+rs9NDvAOKlwasDBvGYUDMcorENaN4v241W+GiTnqtJQ==; 5:FFoNUlVqK+1FnvPNML/n+VerZVin/lMKPBR6SDCOaAUo9GbGq1ZttoGkUvpK1OBSrnXFUfyRpsUahB3zyPe9Nn6xUa59k/6proHIltTgoywSwyLbR59X4cw+zlRbPRsuYf6ARMDY6mABMh7jHGdxxPNIQVegxFDB513yF8gjpik=; 7:RpVvmt6xfphXE/ztdmr+U2BzoRlHU1aXyDfLD4YBiZP4bmcPhR1kTALtsLIbD9bAucfz+LtHSYRFry77Z+vZ49S9KN+e6hM3HuAdgg+u17ewZ6yCXLAUmGbfPs8j1UsbsdpVibYIktt5+3dfSqbTung1m5J18nyEhAbwt6Sxg6kOVt/jHzHKTilr89ZD9yND/l2jMfzQtTr+Scfy8R3qKKgHDkVoQO+uvmHefLMsL1lwsdOFC25U6TCGmuyrwyoL
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e037c237-18f3-46ac-f02e-08d619bff27d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB3PR0602MB3804;
x-ms-traffictypediagnostic: DB3PR0602MB3804:
x-microsoft-antispam-prvs: <DB3PR0602MB380488CFFBE2635A9128296DDF1A0@DB3PR0602MB3804.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(40392960112811)(103651359005742)(128460861657000)(21748063052155)(81160342030619)(163750095850)(228905959029699);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231311)(944501410)(52105095)(3002001)(10201501046)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201708071742011)(7699050); SRVR:DB3PR0602MB3804; BCL:0; PCL:0; RULEID:; SRVR:DB3PR0602MB3804;
x-forefront-prvs: 07943272E1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(136003)(346002)(366004)(376002)(252514010)(25724002)(199004)(189003)(40134004)(36756003)(102836004)(83716003)(236005)(11346002)(2616005)(6512007)(6306002)(54896002)(476003)(4326008)(99286004)(786003)(58126008)(76176011)(81166006)(81156014)(316002)(110136005)(8936002)(8676002)(7736002)(14444005)(66066001)(256004)(68736007)(53546011)(6506007)(82746002)(186003)(2906002)(54906003)(26005)(229853002)(2900100001)(6486002)(86362001)(6436002)(606006)(5660300001)(790700001)(6116002)(3846002)(486006)(446003)(478600001)(33656002)(97736004)(6246003)(105586002)(53936002)(106356001)(5250100002)(966005)(14454004)(45080400002)(25786009)(561944003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR0602MB3804; H:DB3PR0602MB3788.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: WO7qqb7d/nF/jeGw8MgdmhRYw5G11cKppagWkSIqM7xyNNp+GaFWK7YCW2biN+elf0Vubd7ELUqWsulQVxonLNcnRVDBhKEWI/HkqT7MaCI2djiHzKAsiHpSbHNyCwMdoVC6jlz++Plwa/snTvrnHB3nNjkuaV2p7Hq7fgN0LFH1cQKsJODWfrgWUN6795KjyaBsJ87wUTiiuOt6IQfn5B56BR7KlrDNe1w0oju7HeLyUNhxmmMf8KKFJFH9sBVHQac3cruv7olIjfKpbDtoa0amGry9AxTpw7XixbkBbzVGdeZMqpeQ5B1A/9z79ArxqH5gVDPub9uyoVFqu274SC5fMywPEV2O1eoiTjn8CdA=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_314C1690524E41D0A22236F0B13ECAC9telefonicacom_"
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e037c237-18f3-46ac-f02e-08d619bff27d
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2018 21:29:10.5062 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0602MB3804
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/2vIcHWZb9Dr95OFRMal_5I3hkxA>
Subject: Re: [EAT] {RATS] Introduction
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2018 21:29:19 -0000
Agreed. You always need a root of trust to start with… -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D https://www.linkedin.com/in/dr2lopez/ e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com> Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- On 13/09/2018, 12:42, "Carl Wallace" <carl@redhoundsoftware.com<mailto:carl@redhoundsoftware.com>> wrote: From: "Diego R. Lopez" <diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>> Date: Thursday, September 13, 2018 at 3:10 AM To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org<mailto:evoit=40cisco.com@dmarc.ietf.org>>, Carl Wallace <carl@redhoundsoftware.com<mailto:carl@redhoundsoftware.com>>, Shawn Willden <swillden=40google.com@dmarc.ietf.org<mailto:swillden=40google.com@dmarc.ietf.org>>, "Smith, Ned" <ned.smith@intel.com<mailto:ned.smith@intel.com>> Cc: "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>, "eat@ietf.org<mailto:eat@ietf.org>" <eat@ietf.org<mailto:eat@ietf.org>> Subject: Re: [EAT] {RATS] Introduction Hi, If I am correctly following your proposal, this is connected with the idea of a trusted channel we experimented with in the SECURED project, and described in draft-pastor-i2nsf-vnsf-attestation: “A trusted channel is an enhanced version of the secured channel. It adds the requirement of integrity verification of the contacted endpoint by the other peer during the initial handshake to the functionality of the secured channel. However, simply transmitting the integrity measurements over the channel does not guarantee that the platform verified is the channel endpoint. The public key or the certificate for the secure communication MUST be included as part of the measurements presented by the contacted endpoint during the remote attestation. This way, a malicious platform cannot relay the attestation to another platform as its certificate will not be present in the measurements list of the genuine platform.” This only works if the public key/certificate associated with the remote endpoint can be obtained initially such that it is known to be correct. It's common to see artifacts that aim to demonstrate that something is a genuine product from Example Co without being able to demonstrate that something is a particular genuine product from Example Co. The latter is often necessary. Bootstrapping trust is hard, especially where it intersects with privacy concerns. ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
- Re: [EAT] {RATS] Introduction Eric Voit (evoit)
- Re: [EAT] {RATS] Introduction Diego R. Lopez
- Re: [EAT] {RATS] Introduction Carl Wallace
- Re: [EAT] {RATS] Introduction Eric Voit (evoit)
- Re: [EAT] {RATS] Introduction Diego R. Lopez