Re: [EAT] {RATS] Introduction

"Diego R. Lopez" <> Thu, 13 September 2018 07:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9DBE9130DD0; Thu, 13 Sep 2018 00:10:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yc6AZ7oBd5GE; Thu, 13 Sep 2018 00:10:22 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D38F612D7F8; Thu, 13 Sep 2018 00:10:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=am0zScXBS39wAhL+WhBpNv3uijkQ85bgWAXv/YUh43s=; b=tmjFlDw5NZHBA/djaNx//QU2N/JcJUcIBlivzKCClmoSyt/SJYmwKWkilomhJvRkAkNMxI6SXJ7WJHaMp/U0W80II0YlCRazXAglm4sKBci5FZP++eD3EL3nYHxwXCjQuGvlBvICZyqcx7MjFYAOrELunRucduBMm9Cahn+2dsM=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.15; Thu, 13 Sep 2018 07:10:19 +0000
Received: from ([fe80::f98c:de95:f78:6396]) by ([fe80::f98c:de95:f78:6396%5]) with mapi id 15.20.1122.021; Thu, 13 Sep 2018 07:10:19 +0000
From: "Diego R. Lopez" <>
To: "Eric Voit (evoit)" <>, Carl Wallace <>, Shawn Willden <>, "Smith, Ned" <>
CC: "" <>, "" <>
Thread-Topic: [EAT] {RATS] Introduction
Thread-Index: AdRK1ZstPcHxxutnT72dokwlGBYmnwAa/qwA
Date: Thu, 13 Sep 2018 07:10:19 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB3PR0602MB3803; 6:dYOUTVddp7/UywKr9JejQotwkADetFFTvQjwb/1ukGvZuW/TIr1TB8rCnxs6pYEECGvne5gOnatglPqPcbkmFucMH8bRaS8mB2WIyEeUO+IlnFKdFve5Ek40CI1MdTQM8QkgoqmGdexpVWK8MOyNH64bekJ5qqVYXyT5QAWEOZz79AIHjmiCWKpVqlgKykb2phBZenL5CeoAGTzjqlxMXf8mCdHGtVwWip0u818HhzjBkrxC1hoIl4cD0no6iDdtd+73k6YJ1zj7sR7RmhSk+6MCWFwX7r47omp9iNLnZRWGpXem1zabbqOn2TSaVtsjs1fEqnz/wmqo1CZcwJpszSYNi9zOqUkklH09SnG6+nu0O35mWrV0r9LAPY0oB5YnRea8JjcPm0Y4h4rCf2nQPTD6PqVy/r7VGUhoqKQ+Pm92AzJ3Q7SF85R5NolV7GnmYRsbBZh9CjTD/gRSqNOsoQ==; 5:4O9B7w73vXojOVQpm1NI/iXmJ2Bzj9Qj7sAMEy9OgmDXssXDKPi38ELMg/7wioBAUQtYEj+KiSeKESN+rU2FAhtBg/L39p2cHq9Ezas+X5VDrfWebmmwbhowpj0o3kVrYj5tJxcP39CX0Y+ZTJzPqYgEcXMHido1Hjhv0dFm+3Y=; 7:egwmvWMa0XSuKQzyB685DSt9i8jJONdHrkbJDUmMq2pxqC7lyaix16RjHweB5WZvYu/QNtLsXQ6jXBe7Bz6HIcBRfEui9L4PiHnjUd4HEp0KUnOum9aMccOjSm8osYZe3cfH/DoXQxZxzYwfhEbjt/3zf2FT8G1VznFNWpQj7m+dLoREzOIi3M3ZstzeA5ggnGBcG0nOGvT2N/1SH+ehHPYTY2TgolFGjGbDVCbvBj3ZsnPo8PWmWE2TTu/WpwY8
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: cff29cf2-d520-4de7-d9d8-08d61947f6d3
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB3PR0602MB3803;
x-ms-traffictypediagnostic: DB3PR0602MB3803:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(28532068793085)(40392960112811)(158342451672863)(103651359005742)(128460861657000)(21748063052155)(105169848403564)(81160342030619)(163750095850)(228905959029699);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699050); SRVR:DB3PR0602MB3803; BCL:0; PCL:0; RULEID:; SRVR:DB3PR0602MB3803;
x-forefront-prvs: 07943272E1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(136003)(376002)(346002)(39860400002)(40134004)(25724002)(252514010)(199004)(189003)(33656002)(68736007)(229853002)(99286004)(105586002)(106356001)(5250100002)(26005)(102836004)(53546011)(6506007)(82746002)(6486002)(186003)(97736004)(58126008)(3846002)(786003)(6116002)(790700001)(2900100001)(7736002)(54906003)(76176011)(316002)(6246003)(110136005)(25786009)(81156014)(81166006)(36756003)(2906002)(8936002)(8676002)(6306002)(478600001)(53936002)(4326008)(14444005)(606006)(83716003)(256004)(45080400002)(476003)(561944003)(66066001)(86362001)(5660300001)(486006)(54896002)(14454004)(966005)(236005)(11346002)(446003)(2616005)(6512007)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR0602MB3803;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: sEV5DCYVJ4lTLu6/pAloqa7s4zrffz8yBqbnm/LsvlmBy0EeriRvdX1/1iE+uS2XgKtweFmD1I174nZl5ZEb/VSLzrNCcCqx3O1z6suB90iDy8WtZJECdXq93IskuV+KL2FfJTMwQ4M6npRuUXDCk/JIVsALRBUgmzRIc2PvMVNxedu3NTVsHyX+ScVi58i8dJXAW+bKPWiq/aesFXN5cERBMfrKUwbN8xlNmP5Sp1Ya6hCE2aD9B6BBuv5mg7A+DnxD1iZYGEVMD6mvds/jdAlhsajfH8FqTfGlO83f1s73ZXwpbcmUPipCMEa6V9uO+QKZVugYh6bc0L7ppm6FbsnFezAZe7yw8lMyXI2Wrgc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_233A8B51343B485991081CA862267274telefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: cff29cf2-d520-4de7-d9d8-08d61947f6d3
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2018 07:10:19.1843 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0602MB3803
Archived-At: <>
Subject: Re: [EAT] {RATS] Introduction
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Sep 2018 07:10:26 -0000


If I am correctly following your proposal, this is connected with the idea of a trusted channel we experimented with in the SECURED project, and described in draft-pastor-i2nsf-vnsf-attestation:

“A trusted channel is an enhanced version of the secured channel. It adds the requirement of integrity verification of the contacted endpoint by the other peer during the initial handshake to the functionality of the secured channel. However, simply transmitting the integrity measurements over the channel does not guarantee that the platform verified is the channel endpoint. The public key or the certificate for the secure communication MUST be included as part of the measurements presented by the contacted endpoint during the remote attestation. This way, a malicious platform cannot relay the attestation to another platform as its certificate will not be present in the measurements list of the genuine platform.”

Be goode,

"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D

Tel:         +34 913 129 041
Mobile:  +34 682 051 091

On 12/09/2018, 22:17, "EAT on behalf of Eric Voit (evoit)" <<> on behalf of<>> wrote:

I think saving both the attestation data and the attested evidence is useful.  One RATS use case I have been interested in relates to proxy verification.  For example, what if changes in attested PCRs from one router’s TPM are provided both to an SDN controller (as part of a YANG Notification) and to a peer router (perhaps as EAP credentials over 802.1x).

This would allow the controller to use the same information to determine if a controlled device is trustworthy, as well as act as a RADIUS Server for the peer router.


From: Carl Wallace, September 7, 2018 7:55 AM

This gets at one difference between current attestation formats. Some require the generator to save the attestation if needed later, others are on demand.

From: EAT <<>> on behalf of Shawn Willden <<>>
Date: Friday, September 7, 2018 at 7:45 AM
To: "Smith, Ned" <<>>
Cc: "<>" <<>>
Subject: Re: [EAT] Introduction

Proof of protection is a good description of what Keystore attestation aims to accomplish, and timeliness or "freshness" is important.  Keystore achieves the latter with a challenge value supplied by the verifier.

On Thu, Sep 6, 2018 at 6:21 PM Smith, Ned <<>> wrote:
|--- snip ---
|So Keystore provides a valuable tool to authors of apps that require strong
|security. For example, for a key used to authenticate an account holder to
|a banking system. But this tool is much less valuable if the bank's server
|can't verify that the secret is managed in a trusted environment. Hence,
|Keystore attestation, which allows the trusted environment to prove that it
|secures the key material, and specifies the authorizations that define how
|it may be used.
--- snip ---
Right, the main objective of attestation is to provide evidence to a verifier regarding the trustworthiness properties of the environment that protects keys and other important things. It goes beyond traditional proof-of-possession.. I think of it as proof-of-protection (PoPr) though that term isn’t widely used. Distinguishing between storage and use may be important since protection techniques differ for each. At the end-of-the-day, attestation expects there is a ‘verifier’ – some entity that wants to check attestation evidence – who engages with the ‘attester’ following some sort of protocol to pass attestation evidence. Timeliness of evidence exchange can be important since, often, environments that protect key storage and use will change during deployment (after initial manufacturing). Attestation protocol is needed to facilitate a timely exchange of attestation evidence. I think these aspects are a primary area where IETF could add value to attestation infrastructure.


Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição