IETF Logo Mail Archive

Re: [EAT] [Rats] Rats and EAT

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sun, 08 July 2018 13:39 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CB9A13102A; Sun, 8 Jul 2018 06:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rzhyekpf47ib; Sun, 8 Jul 2018 06:39:35 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40087.outbound.protection.outlook.com [40.107.4.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78884126DBF; Sun, 8 Jul 2018 06:39:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ne1UMLzRSF/RXAYed0oN1t9n/e8sexhvX7fyd8EcFaM=; b=CeVAwXMM09mIUnuR8XaOM6cfmjr94FjWxBNzneEDUeuDEkyJazwDWpsEkTtTNMk1ptAlMyZ+nuRTbQNc54kB996wmFk3MFe/H4eVWYjpys5PkOKUfwkpCrNgB8shDDUK6dm/+vm+Y3M9LWKEIP/Osz9MfU6JbCoUOVQn8V/3AUY=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1887.eurprd08.prod.outlook.com (10.173.73.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.930.18; Sun, 8 Jul 2018 13:39:31 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db%10]) with mapi id 15.20.0930.016; Sun, 8 Jul 2018 13:39:31 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org>
Thread-Topic: [EAT] [Rats] Rats and EAT
Thread-Index: AQHUFjyzrG9yq+BMKU+gVmEYx6X886SFVXSg
Date: Sun, 08 Jul 2018 13:39:31 +0000
Message-ID: <VI1PR0801MB21120C46E4870A35228E83EEFA450@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <0236DCF5-8B9D-4721-B169-8DCBC6B4CFBC@island-resort.com> <f81f30bd-28c4-f915-18d7-028f0e3cb2da@gmail.com>
In-Reply-To: <f81f30bd-28c4-f915-18d7-028f0e3cb2da@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [110.8.254.2]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1887; 7:FhVvmiiAXzqzX+u/4nDHpDcjUQOXcdPAiSPwYZlGkIojKFc8Yvynd7YuKlwMLLlE16+kgdykY3l37ezcCpEsV8BQyksYIwg82p2Ki8J58P8t85rLhdqfPQpQw2wkhD322VbHmONrZjONmE18dXJrlOfle5diXdSJ8xFZwTKoMUZb/sz1qLnV6kEopIkONNz6bQDbf/amnBGdUGFCy61+jai1ueVZUUKkWMXyEY9odmoOe/BY12xNJ0T2hPMHvfC/
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: b1b2792b-8401-4c1b-23d3-08d5e4d83c37
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1887;
x-ms-traffictypediagnostic: VI1PR0801MB1887:
x-microsoft-antispam-prvs: <VI1PR0801MB1887AD4AAA57CD7E70913132FA450@VI1PR0801MB1887.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(120809045254105)(223705240517415)(21748063052155)(5213294742642)(262304522455115);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:VI1PR0801MB1887; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1887;
x-forefront-prvs: 0727122FC6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(346002)(136003)(39850400004)(376002)(396003)(366004)(69234005)(40434004)(189003)(199004)(66066001)(966005)(2201001)(14444005)(14454004)(5024004)(7696005)(606006)(5250100002)(76176011)(26005)(446003)(97736004)(256004)(2501003)(72206003)(99286004)(53546011)(102836004)(5660300001)(6506007)(316002)(110136005)(486006)(11346002)(478600001)(186003)(86362001)(476003)(6116002)(6306002)(790700001)(8936002)(33656002)(54896002)(81156014)(68736007)(81166006)(25786009)(8676002)(9326002)(39060400002)(6246003)(3846002)(7736002)(74316002)(105586002)(53936002)(6436002)(229853002)(55016002)(236005)(2900100001)(106356001)(9686003)(2906002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1887; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: i4+EH5oTcHzxoRELwGZ+qjHI5zujaxcAwXyJg3O+I9QpF+EhhdEo92fWTmjviAfdR3iRMMh4jweOjvMuZVWazuKv0B6SUmSffWDa56SksF8lWN1oLzBHJDkuWQGSNqv0Atl0ZtnZ2p735zfgELL5Z9dviy0vhFb3ZcfZ+hieuvhLKMxCCZPhaGHDGiXNtpUinS7Mf1HD/uLQl74LSrX0nWsQjbQOdThpEA6CqgUWjc2jRPTMTRUc0GwMLzWwdTgSfVEFqq0r43Q9vR41lgOFETVJFvnhSApoR8LgVQhWfhXpAgEqLX25XjSL5Mrriiv3TDWOKVKf+GQY6FkKXa1JlIY55wjiEi4Q8jXk28wic0w=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB21120C46E4870A35228E83EEFA450VI1PR0801MB2112_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b1b2792b-8401-4c1b-23d3-08d5e4d83c37
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jul 2018 13:39:31.5497 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1887
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/7YpoYVz4EadHLO_FlIhV-ZctNYU>
Subject: Re: [EAT] [Rats] Rats and EAT
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jul 2018 13:39:39 -0000

Hi Yaron,

Eliot mentioned NEA on the mailing list. It would be interesting to hear what lessons can be learned from NEA.

Ciao
Hannes

From: EAT [mailto:eat-bounces@ietf.org] On Behalf Of Yaron Sheffer
Sent: 08 July 2018 06:51
To: Laurence Lundblade; rats@ietf.org; eat@ietf.org
Subject: Re: [EAT] [Rats] Rats and EAT


I'm a bit surprised that nobody's mentioning the work done by the IETF NEA working group<https://datatracker.ietf.org/wg/nea/about/>. Yes, it's been some time ago, but the people involved were (to the best of my knowledge) involved with the TCG community.

NEA was about desktop machines and NAC rather than mobile devices, but hey, by now we should be looking for solutions that encompass both technologies!

See this diagram<https://wiki.strongswan.org/projects/1/wiki/trustednetworkconnect> on how the complex NEA/TNC architecture fits together, including the TPM.

Thanks,

    Yaron

On 06/07/18 22:20, Laurence Lundblade wrote:
Hey EAT and Rats folks, just became aware of IETF attestation work running in parallel. Seems like EAT is focused more on an independent signed, self-secured data structure with a lot of clams. Rats, seems more TPM and full protocol centric, but I’m still reading.

Here’s a list of attestation work that Diego and Henk made:
https://datatracker.ietf.org/doc/draft-pastor-i2nsf-nsf-remote-attestation/
https://datatracker.ietf.org/doc/draft-birkholz-i2nsf-tuda/
https://datatracker.ietf.org/doc/draft-mandyam-eat/
https://datatracker.ietf.org/doc/draft-mandyam-tokbind-attest/
https://datatracker.ietf.org/doc/draft-birkholz-reference-ra-interaction-model/
https://datatracker.ietf.org/doc/draft-birkholz-yang-basic-remote-attestation/
https://datatracker.ietf.org/doc/draft-birkholz-attestation-terminology/

A couple of other interesting non-TPM “attestation" technologies:
- FIDO<https://www.w3.org/Submission/2015/SUBM-fido-key-attestation-20151120/> does attestation of FIDO authenticators
- Android KeyStore<https://developer.android.com/training/articles/security-key-attestation> uses the term to mean proving the provenance of a stored key
- IEEE 802.1AR is kind of an attestation too

FYI, the IETF attestation events I know of so far are:
 - I’ll present EAT at HotRFC Sunday around 18:00
 - Secdispatch discussion of EAT (and Rats?) Monday at 15:30 (At least I hope; no confirmation yet)
 - EAT BarBof Monday at 18:00
 - Rats BarBof Thursday after dinner

I will attend them all :-)

LL

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email