Re: [EAT] [Rats] [EXTERNAL] Re: Attestation BoF charter updates?

Giridhar Mandyam <mandyam@qti.qualcomm.com> Tue, 16 October 2018 16:11 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 756EE130DEF; Tue, 16 Oct 2018 09:11:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oG0bMtrCDzSs; Tue, 16 Oct 2018 09:11:51 -0700 (PDT)
Received: from alexa-out-sd-01.qualcomm.com (alexa-out-sd-01.qualcomm.com [199.106.114.38]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55A71130DEE; Tue, 16 Oct 2018 09:11:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1539706311; x=1571242311; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=yRn/u6xbU/f9MuFbJh2Jd0o0n3eS4IJ1BYAxUdD7y8A=; b=LT+GZMZcJ3t2xkKkfEf0D4aIqNR5G+pm8x97zGeciduVUZ+ONYVXfd1T WfFwrWSA5UZiXaP4R6ndt8bmM3r3gktiOAPzjuSaOm4wUmGjQTw+NiE0f Z+SprJJRpBAa2cyzisJwtmhh9y0/lshSKYoOn6mGNXs9DbMQBk8gclltc I=;
X-IronPort-AV: E=Sophos;i="5.54,389,1534834800"; d="scan'208";a="11152557"
Received: from unknown (HELO ironmsg02-sd.qualcomm.com) ([10.53.140.142]) by alexa-out-sd-01.qualcomm.com with ESMTP; 16 Oct 2018 09:11:50 -0700
Received: from nasanexm01g.na.qualcomm.com ([10.85.0.33]) by ironmsg02-sd.qualcomm.com with ESMTP/TLS/AES256-SHA; 16 Oct 2018 09:11:50 -0700
Received: from NASANEXM01C.na.qualcomm.com (10.85.0.83) by NASANEXM01G.na.qualcomm.com (10.85.0.33) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 16 Oct 2018 09:11:49 -0700
Received: from NASANEXM01C.na.qualcomm.com ([10.85.0.83]) by NASANEXM01C.na.qualcomm.com ([10.85.0.83]) with mapi id 15.00.1365.000; Tue, 16 Oct 2018 09:11:49 -0700
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "rats@ietf.org" <rats@ietf.org>
CC: "eat@ietf.org" <eat@ietf.org>
Thread-Topic: [Rats] [EAT] [EXTERNAL] Re: Attestation BoF charter updates?
Thread-Index: AQHUZUtHtQOj2fDprkm7d1bHLCIs4aUiCkvg
Date: Tue, 16 Oct 2018 16:11:49 +0000
Message-ID: <7f7a4f37cb0c4a6b8f3dab25b76acba6@NASANEXM01C.na.qualcomm.com>
References: <5D773C02-5083-4B10-A705-782E28FD8ADB@island-resort.com> <f84515dd-2e1a-7e66-7c23-b16f8f425d2a@sit.fraunhofer.de> <D7E5069D.C2E65%carl@redhoundsoftware.com> <c72a3b6c-88f2-d452-96be-947a4be1d9c8@free.fr> <73EF502E-B68C-4106-8311-4897B4F2DF8C@qti.qualcomm.com> <b6c9ff4a-cc35-8175-3294-4e6ec366409f@sit.fraunhofer.de> <615BB1D3-29E3-468B-B988-84852F47742C@intel.com> <VI1PR0801MB211230882A5B0D594D66DCFDFAFD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <d769ed085e6a4d9b970b9027c0e7d3d3@NASANEXM01C.na.qualcomm.com> <b08020aa-6607-ca2f-9b23-21921ff758b3@sit.fraunhofer.de>
In-Reply-To: <b08020aa-6607-ca2f-9b23-21921ff758b3@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.80.80.8]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/672ZA8C3J_RkCDMbpbydk_aS1GE>
Subject: Re: [EAT] [Rats] [EXTERNAL] Re: Attestation BoF charter updates?
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 16:11:55 -0000

Hi Henk,
The RC2 version is certainly more broadly applicable than the Master branch.  I have created another PR.  Note the following:

a) I don't understand why we would say that "secure boot" is deprecated.  I would prefer to avoid any mention of this in the charter.

b) I don't know why we explicitly call out GDPR compliance.  There are many privacy regulations beyond the EU.  I also wonder whether we should even try to address all regulatory privacy regimes - it could easily bog down the work of the group.

-Giri

-----Original Message-----
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de> 
Sent: Tuesday, October 16, 2018 5:25 AM
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>om>; rats@ietf.org
Cc: eat@ietf.org
Subject: Re: [Rats] [EAT] [EXTERNAL] Re: Attestation BoF charter updates?

Hello Giridhar,

I totally agree that attestation procedures do not always use network protocols as conveyance methods. In a composite device, e.g. a network equipment chassis, there can be a component hierarchy in which each component can be associated with an attester role and/or verifier role; enabling (mutual) attestation between each component/sub-component relationship using various kinds of interconnects (and none of them have to be IP). Keeping that in mind when designing data models and corresponding serializations is important. For remote attestation via network protocols it might not be the most important thing, though.

There are most certainly "on behalf" roles, provided that there is a "trusted path" relationship (quoting orange book here) via which the attestation procedure could be behave like a local one.
I am not sure, if I see a "verifiers on behalf of a remote relying party" scenario, but in general, I'd agree with the concept.

In summary, if the attester and the verifier are connected via a "trusted path" then it is essentially local attestation.

Unfortunately, you issued the pull request on master, the current version is in the RC2 branch:

> https://github.com/ietf-rats/charter/blob/RC2/ietf-rats-charter.md

We are currently trimming the text, refactoring the content by using more generic terminology, and cut out about half of the content (wrt to the master branch) in order to segregate problem statements and goals into phases. The current version referenced above is intended to be become phase one.

Viele Grüße,

Henk

On 10/15/2018 09:33 PM, Giridhar Mandyam wrote:
> Sorry to switch topics.
> 
> Just posted my requested changes at https://github.com/ietf-rats/charter/pull/1.
> 
> 2 areas to consider:
> 
> a) Many resource-constrained devices will not support Internet Connectivity.  This does not mean that remote attestation is not possible.  It just means that this effort will be more broadly applicable if an interoperable format for 'Attestation Evidence' results that can be conveyed over multiple protocols, not just the internet.  EAT was designed with this goal in mind.
> 
> b) Local attestation is more than just on-device.  We have seen gateways in the market that allow for remote administration of devices in a local network that may only communicate via short-range protocols such as Bluetooth or Zigbee.  Such gateways may very well also serve as verifiers on behalf of a remote relying party.
> 
> -Giri Mandyam
> 
> -----Original Message-----
> From: EAT <eat-bounces@ietf.org> On Behalf Of Hannes Tschofenig
> Sent: Monday, October 15, 2018 10:50 AM
> To: Smith, Ned <ned.smith@intel.com>om>; Henk Birkholz 
> <henk.birkholz@sit.fraunhofer.de>de>; rats@ietf.org; Jeremy O'Donoghue 
> <jodonogh@qti.qualcomm.com>om>; Denis <denis.ietf@free.fr>
> Cc: eat@ietf.org
> Subject: Re: [EAT] [EXTERNAL] Re: [Rats] Attestation BoF charter updates?
> 
> Here are my 5 cents on the term 'identity'.
> 
> I have been working on identity management for many years (partially because of my OAuth co-chair role) and I have noticed that the use of the term "identity" tends to confuse more than it helps (even more so when the term is applied to devices and software rather than humans).
> 
> I believe we could get away with describing what we want without ever using the term.
> 
> In this context I would argue that we are about identifying different components, such as hardware and software.
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: EAT <eat-bounces@ietf.org> On Behalf Of Smith, Ned
> Sent: Monday, October 15, 2018 9:00 AM
> To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>de>; rats@ietf.org; 
> Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>om>; Denis 
> <denis.ietf@free.fr>
> Cc: eat@ietf.org
> Subject: Re: [EAT] [EXTERNAL] Re: [Rats] Attestation BoF charter updates?
> 
> I agree with Henk's observation that there is opportunity to find common ground on identity as identity can be a collection of attributes, that if signed, becomes a set of verifiable claims (about identity attributes). Attestation has a similar structure in that it consists of a set of attributes, that if signed becomes a set of verifiable claims. The main difference between identity and attestation attributes is whether the attribute semantically relate to trust (vs. identity). For example, claims of security certification compliance resonates as attestation.
> 
> It may be possible to combine a set of attestation attributes in such a way that the combination uniquely identifies an entity. But that doesn't make it an identity system per se and shouldn't cause a conflict in charter goals with respect to other identity focused efforts in IETF.
> 
> Also, inclusion of attributes that don't have semantics that reasonably relate to trust should not be of interest to a working group focused on attestation.
> 
> -Ned
> 
> On 10/15/18, 3:53 PM, "EAT on behalf of Henk Birkholz" <eat-bounces@ietf.org on behalf of henk.birkholz@sit.fraunhofer.de> wrote:
> 
>      Hi Jeremy & Denis,
> 
>      all these points of view have merit, I think.
> 
>      Please have a look at these quotes:
> 
>      > knowing the provenance of the device
> 
>      > having the entity creator/manufacturer provide a set of claims 
> which can be verified
> 
>      > to know the characteristics of a device by issuing to the device a public key certificate which will only be issued to the device if it fulfills an expected set of functionalities.
> 
>      To me, these descriptions seem to have different intents, scope or
>      audience and require most certainly different work-flows, but
>      semantically and in consequence representation-wise they also seem quite
>      related.
> 
>      If you think of an identity document as a set of claims (potentially
>      including a public key), that is signed and that can match one or more
>      things, maybe all three types highlighted above are actually covered by
>      the same identity document concept?
> 
>      With respect to identity documents, I think it is safe so say that we
>      can find common ground here rather easily. That said, the way how these
>      identity documents come into existence, when and how they are deployed
>      on the thing or associated with multiple things is another question. We
>      most certainly do not want to end up with a "signing fool" that does not
>      add value to the level of confidence (I am quoting Ned Smith here).
> 
>      This has to be fleshed out explicitly for each scenario and the parts
>      that are reused in every scenario should get special attention in the
>      upcoming RATS architecture draft.
> 
>      Identifying claims aggregated in an identity document most certainly can
>      include device characteristics, public key(s), or claims about the
>      intended functions and capabilities of the thing. Claims can even
>      originate from Claimants that are not the thing itself, but external
>      entities providing an assertion (e.g. these things are CC-certified).
> 
>      All different composites of identifying claims have a specific shared
>      intend in this context though, I think: expressing Attestation
>      Provenance (again - one for one or more things of the same kind). And
>      all of them originate from Claimants and therefore use a root of trust
>      of measurement, I think.
> 
>      That said, establishing trustworthy knowledge about attestation
>      provenance is only the first step and provides the foundation for more
>      complex attestation procedures. In any case, this seem to be required by
>      every scenario that was highlighted so far and therefore will most
>      certainly be covered in a deliverable.
> 
>      IHTH,
> 
>      Henk
> 
> 
>      On 10/15/2018 12:22 PM, Jeremy O'Donoghue wrote:
>      > On 12 Oct 2018, at 14:33, Denis <denis.ietf@free.fr
>      > <mailto:denis.ietf@free.fr>> wrote:
>      >> The "Problem Statement" continues as follows:
>      >>
>      >> (2) Today, there is no common, standard way for Relying Parties to
>      >> know the provenance and characteristics of a device (e.g., an end-user
>      >> device,
>      >> platform or endpoint, servers, IoT devices, device subsystems and
>      >> sub-modules) that may be requesting services.
>      >>
>      >> Knowing the provenance of the device is not always necessary. What is
>      >> important is to know that a specific set of functions is (securely)
>      >> supported by the device.
>      >> There already exists a common way to know the characteristics of a
>      >> device by issuing to the device a public key certificate which will
>      >> only be issued to the device
>      >> if it fulfills an expected set of functionalities. In such a case a
>      >> syntax for a trusted claim sets**is not needed.
>      >>
>      > This is indeed a possible way to address the problem, but suffers from
>      > challenges which come down to:
>      >
>      > - Who issues such certificates. An option is that there is some form of
>      > security certification behind this issuance otherwise it is of very
>      > limited value.
>      > - In order to capture the wide variety of different devices (I prefer
>      > "entity" here as it is more general than "device"), many different forms
>      > of such certificates would be required. This ends up being much the same
>      > thing as a set of claims.
>      >
>      > Given the multiplicity of entities for which attestation might be
>      > useful, it seems to me that having the entity creator/manufacturer
>      > provide a set of claims which can be verified is more flexible than
>      > requiring a certificate. It seems likely to me that where a formal
>      > security certification is needed there will be a certificate issued by
>      > the Certifying Body as one of the claims about an entity, but I can
>      > think of many cases (supply chain management, to take just one example)
>      > where provenance is by far the most useful information.
>      >
>      > I'm not in favour of changes to the charter in this direction.
>      >>
>      >> The simplest cases should also be part of the framework.
>      >>
>      >> Note: I personally appreciate that privacy is an aspect that
>      >> will/should be taken into consideration.
>      >>
>      >> Denis
>      >>
>      >>> As with the earlier draft, there are many references to verify and
>      >>> verifier in the lead up to the deliverable but no deliverables describing
>      >>> verification rules. I'd like to see rules in one of these documents and
>      >>> think it worth citing in the deliverables. Are bindings to certificate
>      >>> management protocols out of scope?
>      >>>
>      >>> On 10/11/18, 9:49 AM, "RATS on behalf of Henk Birkholz"
>      >>> <rats-bounces@ietf.org on behalf of henk.birkholz@sit.fraunhofer.de>  wrote:
>      >>>
>      >>>> Hi all,
>      >>>>
>      >>>> sorry for the delay. Please find an updated charter proposal here:
>      >>>>
>      >>>>> https://github.com/ietf-rats/charter/blob/RC2/ietf-rats-charter.md
>      >>>> The BoF proponents tried to merge all comments and proposals on
>      >>>> keystores, existing solutions, provenance & device characteristics, etc
>      >>>> that were raised on the list - and align them in homogeneous fashion.
>      >>>>
>      >>>> This draft is intended to focus the discussion and improve the wording.
>      >>>>
>      >>>> Viele Grüße,
>      >>>>
>      >>>> Henk
>      >>>>
>      >>>> On 10/06/2018 08:23 AM, Laurence Lundblade wrote:
>      >>>>> Hi Henk,
>      >>>>>
>      >>>>> Bangkok IETF is getting close, will you be able to update the charter
>      >>>>> for the attestation BoF to properly include EAT?  I sent you some text
>      >>>>> that just needs to be pasted along with some comments. It doesn’t look
>      >>>>> like there’s been any updates.
>      >>>>>
>      >>>>> LL
>      >>>>>
>      >>>> _______________________________________________
>      >>>> RATS mailing list
>      >>>> RATS@ietf.org
>      >>>> https://www.ietf.org/mailman/listinfo/rats
>      >>> _______________________________________________
>      >>> EAT mailing list
>      >>> EAT@ietf.org
>      >>> https://www.ietf.org/mailman/listinfo/eat
>      >>
>      >>
>      >> _______________________________________________
>      >> EAT mailing list
>      >> EAT@ietf.org <mailto:EAT@ietf.org>
>      >> https://www.ietf.org/mailman/listinfo/eat
>      >
>      >
>      >
>      > _______________________________________________
>      > EAT mailing list
>      > EAT@ietf.org
>      > https://www.ietf.org/mailman/listinfo/eat
>      >
> 
>      _______________________________________________
>      EAT mailing list
>      EAT@ietf.org
>      https://www.ietf.org/mailman/listinfo/eat
> 
> 
> _______________________________________________
> EAT mailing list
> EAT@ietf.org
> https://www.ietf.org/mailman/listinfo/eat
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> EAT mailing list
> EAT@ietf.org
> https://www.ietf.org/mailman/listinfo/eat
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>