Re: [EAT] Introduction

Shawn Willden <swillden@google.com> Fri, 07 September 2018 11:45 UTC

Return-Path: <swillden@google.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA26130E66 for <eat@ietfa.amsl.com>; Fri, 7 Sep 2018 04:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.51
X-Spam-Level:
X-Spam-Status: No, score=-17.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n81bSpZFWbzH for <eat@ietfa.amsl.com>; Fri, 7 Sep 2018 04:45:32 -0700 (PDT)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE3FE130E04 for <eat@ietf.org>; Fri, 7 Sep 2018 04:45:31 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id q13-v6so11814575lfc.2 for <eat@ietf.org>; Fri, 07 Sep 2018 04:45:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vya9e6pqHnmvwpE2+r7NzcO9HDi055yOhw99/RcWV6Q=; b=cSMe0xFPC5oU8/6iQr466UTCqzPr8sgdmLkuogbpE2QBcRGXDg2loso/hViy6/nvuw ZBdFUQzDOFRfNLXS+z+f/B2wrN0TXqaMr1801t4fcyARSVr33EGPPlDAPXNjsxBzQXpZ CDmjN8/u5FoXP97X72x0XhRtvlm/sNMITgH+/kAHcuFySSx4eAk1FEuP8o7MPlTP0gmF JiXw1aE8k0G1YcEv0Us50vnIva1haMA3SMo5q6gcmcjW4EqRrE7GwvyoaYrwtrEUDb/9 it0TFbqwISLSWbBbnTLF9yRZUbfTgT7HOfXn2ciU61IM9ZQR4TbmaWV5TVCVB9OUwqq9 D7tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vya9e6pqHnmvwpE2+r7NzcO9HDi055yOhw99/RcWV6Q=; b=l0GL6xdEuLTRB222LPSGn4m/9T2k4H0JkSXghWWIMc93ujLwsTaTXOKaK7+3DJq/p/ EW+1giEtc0uZMymUTtsYCfWGfus4Jbrprq9rb+ELYwbsM+XWXmPgvGoEcGimGOv1Mhd1 sl5kJ6zS1lCBM/9504S43hjv95xUf4fmSye6fXnfr4H04DB6+IKJV5VKD2OesMANU+xk SOYD9trNgLCI7wWyY6Zdde9SUlngKJ0b4IEkYy10qlPe4+F9ak5fJj5spshkHQeNep2K IqZL4Y7jxMt6rvgYW/yRUERXhXDkgn3FhGZeovKJ6nkTz+vo2bRUP8rxs3pH0oOvANRv 7Q+w==
X-Gm-Message-State: APzg51CbHtzfvS6vEnU/KI9FB+4Ieg5T+uSrg8BKW4nUkMd2gSNBgmQ/ aDqAQ+7oC6Fji51fkD+EEgqxTxosPQflemuv0pcO2Q==
X-Google-Smtp-Source: ANB0VdYm1KuFVeO7RD10dCMgn43FuCBNuRqn0iB+0XQ9zVE+pV6NoQRrwzyh4t+W/IPKWZI2Y4fuWdtLV+guBfb/R3I=
X-Received: by 2002:a19:5517:: with SMTP id n23-v6mr5036675lfe.101.1536320729549; Fri, 07 Sep 2018 04:45:29 -0700 (PDT)
MIME-Version: 1.0
References: <C5900D6C-256C-409C-AEA1-407AD1EF4FEF@contoso.com>
In-Reply-To: <C5900D6C-256C-409C-AEA1-407AD1EF4FEF@contoso.com>
From: Shawn Willden <swillden@google.com>
Date: Fri, 7 Sep 2018 05:45:16 -0600
Message-ID: <CAFyqnhUmbhccX+VwTm1A+dOe0Nfk=kKzQDznhGB+minuDdC-ow@mail.gmail.com>
To: "Smith, Ned" <ned.smith@intel.com>
Cc: "eat@ietf.org" <eat@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000594a1e0575468b78"
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/DxM8NcxqPsR6HZXDS1q24lUqMg8>
Subject: Re: [EAT] Introduction
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Sep 2018 11:45:47 -0000

Proof of protection is a good description of what Keystore attestation aims
to accomplish, and timeliness or "freshness" is important.  Keystore
achieves the latter with a challenge value supplied by the verifier.

On Thu, Sep 6, 2018 at 6:21 PM Smith, Ned <ned.smith@intel.com> wrote:

> |--- snip ---
>
> |So Keystore provides a valuable tool to authors of apps that require
> strong
>
> |security. For example, for a key used to authenticate an account holder to
>
> |a banking system. But this tool is much less valuable if the bank's server
>
> |can't verify that the secret is managed in a trusted environment. Hence,
>
> |Keystore attestation, which allows the trusted environment to prove that
> it
>
> |secures the key material, and specifies the authorizations that define how
>
> |it may be used.
>
> --- snip ---
>
> Right, the main objective of attestation is to provide evidence to a
> verifier regarding the trustworthiness properties of the environment that
> protects keys and other important things. It goes beyond traditional
> proof-of-possession. I think of it as proof-of-protection (PoPr) though
> that term isn’t widely used. Distinguishing between storage and use may be
> important since protection techniques differ for each. At the
> end-of-the-day, attestation expects there is a ‘verifier’ – some entity
> that wants to check attestation evidence – who engages with the ‘attester’
> following some sort of protocol to pass attestation evidence. Timeliness of
> evidence exchange can be important since, often, environments that protect
> key storage and use will change during deployment (after initial
> manufacturing). Attestation protocol is needed to facilitate a timely
> exchange of attestation evidence. I think these aspects are a primary area
> where IETF could add value to attestation infrastructure.
> _______________________________________________
> EAT mailing list
> EAT@ietf.org
> https://www.ietf.org/mailman/listinfo/eat
>
-- 
Shawn Willden | Staff Software Engineer | swillden@google.com | 801-477-4296