Re: [EAT] [EXTERNAL] Re: [Rats] Attestation BoF charter updates?

Denis <> Mon, 15 October 2018 13:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EB8EC130E62 for <>; Mon, 15 Oct 2018 06:04:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lie1nGQ8XrXa for <>; Mon, 15 Oct 2018 06:04:39 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 34523130E4D for <>; Mon, 15 Oct 2018 06:04:39 -0700 (PDT)
Received: from [] (unknown []) by (Postfix) with ESMTP id C029B780340 for <>; Mon, 15 Oct 2018 15:04:36 +0200 (CEST)
To: "" <>
References: <> <> <> <> <>
From: Denis <>
Message-ID: <>
Date: Mon, 15 Oct 2018 15:04:35 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------E17842023061A92B01580DBF"
Content-Language: en-US
Archived-At: <>
Subject: Re: [EAT] [EXTERNAL] Re: [Rats] Attestation BoF charter updates?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Oct 2018 13:04:42 -0000

Hello Jeremy,

In your reply, you have deleted many of my sentences, in particular you 
have deleted:

    The simplest cases should also be part of the framework.

I don't deny that complex cases may need to be taken into consideration, 
but simple cases should also be taken into consideration.

You wrote:

    having the entity creator/manufacturer provide a set of claims which
    can be verified is more flexible than requiring a certificate.

May be it might be "more flexible", but certainly more complex to check. 
The provenance of the device is not the most important information to get.
The most important information to get is a guarantee of the support of a 
set of required functions and features.


> On 12 Oct 2018, at 14:33, Denis < 
> <>> wrote:
>> The "Problem Statement" continues as follows:
>> (2) Today, there is no common, standard way for Relying Parties to 
>> know the provenance and characteristics of a device (e.g., an 
>> end-user device,
>> platform or endpoint, servers, IoT devices, device subsystems and 
>> sub-modules) that may be requesting services.
>> Knowing the provenance of the device is not always necessary. What is 
>> important is to know that a specific set of functions is (securely) 
>> supported by the device.
>> There already exists a common way to know the characteristics of a 
>> device by issuing to the device a public key certificate which will 
>> only be issued to the device
>> if it fulfills an expected set of functionalities. In such a case a 
>> syntax for a trusted claim sets**is not needed.
> This is indeed a possible way to address the problem, but suffers from 
> challenges which come down to:
> - Who issues such certificates. An option is that there is some form 
> of security certification behind this issuance otherwise it is of very 
> limited value.
> - In order to capture the wide variety of different devices (I prefer 
> "entity" here as it is more general than "device"), many different 
> forms of such certificates would be required. This ends up being much 
> the same thing as a set of claims.
> Given the multiplicity of entities for which attestation might be 
> useful, it seems to me that having the entity creator/manufacturer 
> provide a set of claims which can be verified is more flexible than 
> requiring a certificate. It seems likely to me that where a formal 
> security certification is needed there will be a certificate issued by 
> the Certifying Body as one of the claims about an entity, but I can 
> think of many cases (supply chain management, to take just one 
> example) where provenance is by far the most useful information.
> I'm not in favour of changes to the charter in this direction.
>> The simplest cases should also be part of the framework.
>> Note: I personally appreciate that privacy is an aspect that 
>> will/should be taken into consideration.
>> Denis
>>> As with the earlier draft, there are many references to verify and
>>> verifier in the lead up to the deliverable but no deliverables describing
>>> verification rules. I'd like to see rules in one of these documents and
>>> think it worth citing in the deliverables. Are bindings to certificate
>>> management protocols out of scope?
>>> On 10/11/18, 9:49 AM, "RATS on behalf of Henk Birkholz"
>>> < on behalf of>  wrote:
>>>> Hi all,
>>>> sorry for the delay. Please find an updated charter proposal here:
>>>> The BoF proponents tried to merge all comments and proposals on
>>>> keystores, existing solutions, provenance & device characteristics, etc
>>>> that were raised on the list - and align them in homogeneous fashion.
>>>> This draft is intended to focus the discussion and improve the wording.
>>>> Viele Grüße,
>>>> Henk
>>>> On 10/06/2018 08:23 AM, Laurence Lundblade wrote:
>>>>> Hi Henk,
>>>>> Bangkok IETF is getting close, will you be able to update the charter
>>>>> for the attestation BoF to properly include EAT?  I sent you some text
>>>>> that just needs to be pasted along with some comments. It doesn’t look
>>>>> like there’s been any updates.
>>>>> LL
>>>> _______________________________________________
>>>> RATS mailing list
>>> _______________________________________________
>>> EAT mailing list
>> _______________________________________________
>> EAT mailing list
>> <>