Re: [EAT] [Rats] Rats and EAT
Laurence Lundblade <lgl@island-resort.com> Tue, 10 July 2018 23:01 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42A6D130E97 for <eat@ietfa.amsl.com>; Tue, 10 Jul 2018 16:01:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PO5SrkrMkfje for <eat@ietfa.amsl.com>; Tue, 10 Jul 2018 16:01:07 -0700 (PDT)
Received: from p3plsmtpa09-05.prod.phx3.secureserver.net (p3plsmtpa09-05.prod.phx3.secureserver.net [173.201.193.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BE1E124BE5 for <eat@ietf.org>; Tue, 10 Jul 2018 16:01:06 -0700 (PDT)
Received: from [192.168.1.82] ([76.192.164.238]) by :SMTPAUTH: with ESMTPSA id d1d3fqLWt05Msd1d4f3d6H; Tue, 10 Jul 2018 16:01:06 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <0FE06C34-D430-451C-834B-0A39082160BA@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_ED3BF256-D65A-42FF-85E3-003D238F09EE"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Date: Tue, 10 Jul 2018 16:01:05 -0700
In-Reply-To: <eb1d952b-1e73-4c41-bf12-82299b44ff3d@me.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, "eat@ietf.org" <eat@ietf.org>, "rats@ietf.org" <rats@ietf.org>
To: Diego Lopez <dr2lopez=40icloud.com@dmarc.ietf.org>
References: <eb1d952b-1e73-4c41-bf12-82299b44ff3d@me.com>
X-Mailer: Apple Mail (2.3445.8.2)
X-CMAE-Envelope: MS4wfCMOwSEYajBovadV71E5VUNv+b2kL5avhcR6I+R0YbdEYkDBHAX50+5hS3o5Iu6DUeQCNN06+9IazvmA5vPT4j1Wa9RuFo/GmREMHax7f2dKqvAGB7Em +/3YFCDc9H37mX/NmhiaVEm6uSg+8Lejo3tLczLDi6uArBrr0nQI7ikBn08m9+hkedtB5wCWIIjOsWPpj2ugEfuLC/GOOQ8pdVnlToInHZ7672flzr6MqTUm 8CrqGgzyqoLf4KXJb5KxnvwHEHiShJRkxIka3tcb1ZKuqTQW5ynb+JC3TLi3GZD25/8h6WTgla1ORbxaj7aNBQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/KGx6WCi7BCWEEPqhOfWlAm3i_qY>
Subject: Re: [EAT] [Rats] Rats and EAT
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 23:01:12 -0000
Here’s a little compare-contrast between EAT and NEA. Please correct and forgive incorrect characterizations I might have made about NEA. EAT uses CBOR and wants to accommodate translation to JSON and compatibility with web infrastructure, NEA used TLV. EAT signs and possibly encrypts the claims with COSE so they form a self-secured token that can be transported by any other protocol. NEA defines a back-and-forth protocol and is more of an end-end solution. EAT orients around key material provisioned to the entity by the manufacturer that is to be used for signing the token. This signing of a nonce by an entity serves to prove the device is not a fake. EAT wishes to accommodate different signing schemes including privacy-preserving schemes like ECDAA. NEA seems to assume some secured transport (e.g., TLS) will be available. NEA is oriented around network management, trying to track the security posture of devices in an enterprise's network. EAT is broadly targeted at establishing trust between entities, often consumer devices (phones, refrigerators, cars...) and servers/services (online banking, IoT services, enterprise authentication…). LL > On Jul 8, 2018, at 12:46 PM, Diego Lopez <dr2lopez=40icloud.com@dmarc.ietf.org> wrote: > > Hi Hannes, > > I was not deeply involved in the work, but NEA seemed to be focused on a particular use case (that of user devices attaching to a network) and not to the more general problem of mutual attestation in more P2P relationships, that I think are the most relevant right now. And it seems to me that at the moment NEA produced its work, user devices were not that much able of performing the procedures defined by the WG... > > Anyway, I think there are several of these procedures that are applicable to P2P environments, once adequately adapted. > > Be goode, > > -- > Eih bennek eih blavek! > > Dr Diego R. Lopez > dr2lopez@icloud.com > https://es.linkedin.com/in/dr2lopez > > On Jul 08, 2018, at 06:54 PM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > >> Hi Diego, >> >> what do you think are the lessons we can learn from NEA? >> It clearly wasn’t as successful as hoped. I am sure there are reasons for that. >> >> Ciao >> Hannes >> >> >> From: Diego Lopez [mailto:dr2lopez@icloud.com] >> Sent: 09 July 2018 01:45 >> To: Hannes Tschofenig >> Cc: Yaron Sheffer; Laurence Lundblade; rats@ietf.org <mailto:rats@ietf.org>; eat@ietf.org <mailto:eat@ietf.org> >> Subject: Re: [EAT] [Rats] Rats and EAT >> >> And the use of NEA results is mentioned at least in one of the drafts on remote attestation referred in a previous message. Using NEA’s findings is certainly in our aim. >> >> Be goode, >> >> -- >> Likely to be brief and not very >> elaborate as sent from my mobile >> Diego R. Lopez >> >> On 8 Jul 2018, at 15:39, Hannes Tschofenig <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com>> wrote: >> >> Hi Yaron, >> >> Eliot mentioned NEA on the mailing list. It would be interesting to hear what lessons can be learned from NEA. >> >> Ciao >> Hannes >> >> From: EAT [mailto:eat-bounces@ietf.org <mailto:eat-bounces@ietf.org>] On Behalf Of Yaron Sheffer >> Sent: 08 July 2018 06:51 >> To: Laurence Lundblade; rats@ietf.org <mailto:rats@ietf.org>; eat@ietf.org <mailto:eat@ietf.org> >> Subject: Re: [EAT] [Rats] Rats and EAT >> >> I'm a bit surprised that nobody's mentioning the work done by the IETF NEA working group <https://datatracker.ietf.org/wg/nea/about/>. Yes, it's been some time ago, but the people involved were (to the best of my knowledge) involved with the TCG community. >> >> NEA was about desktop machines and NAC rather than mobile devices, but hey, by now we should be looking for solutions that encompass both technologies! >> >> See this diagram <https://wiki.strongswan.org/projects/1/wiki/trustednetworkconnect> on how the complex NEA/TNC architecture fits together, including the TPM. >> >> Thanks, >> >> Yaron >> >> >> On 06/07/18 22:20, Laurence Lundblade wrote: >> Hey EAT and Rats folks, just became aware of IETF attestation work running in parallel. Seems like EAT is focused more on an independent signed, self-secured data structure with a lot of clams. Rats, seems more TPM and full protocol centric, but I’m still reading. >> >> Here’s a list of attestation work that Diego and Henk made: >> https://datatracker.ietf.org/doc/draft-pastor-i2nsf-nsf-remote-attestation/ <https://datatracker.ietf.org/doc/draft-pastor-i2nsf-nsf-remote-attestation/> >> https://datatracker.ietf.org/doc/draft-birkholz-i2nsf-tuda/ <https://datatracker.ietf.org/doc/draft-birkholz-i2nsf-tuda/> >> https://datatracker.ietf.org/doc/draft-mandyam-eat/ <https://datatracker.ietf.org/doc/draft-mandyam-eat/> >> https://datatracker.ietf.org/doc/draft-mandyam-tokbind-attest/ <https://datatracker.ietf.org/doc/draft-mandyam-tokbind-attest/> >> https://datatracker.ietf.org/doc/draft-birkholz-reference-ra-interaction-model/ <https://datatracker.ietf.org/doc/draft-birkholz-reference-ra-interaction-model/> >> https://datatracker.ietf.org/doc/draft-birkholz-yang-basic-remote-attestation/ <https://datatracker.ietf.org/doc/draft-birkholz-yang-basic-remote-attestation/> >> https://datatracker.ietf.org/doc/draft-birkholz-attestation-terminology/ <https://datatracker.ietf.org/doc/draft-birkholz-attestation-terminology/> >> >> A couple of other interesting non-TPM “attestation" technologies: >> - FIDO <https://www.w3.org/Submission/2015/SUBM-fido-key-attestation-20151120/> does attestation of FIDO authenticators >> - Android KeyStore <https://developer.android..com/training/articles/security-key-attestation> uses the term to mean proving the provenance of a stored key >> - IEEE 802.1AR is kind of an attestation too >> >> FYI, the IETF attestation events I know of so far are: >> - I’ll present EAT at HotRFC Sunday around 18:00 >> - Secdispatch discussion of EAT (and Rats?) Monday at 15:30 (At least I hope; no confirmation yet) >> - EAT BarBof Monday at 18:00 >> - Rats BarBof Thursday after dinner >> >> I will attend them all :-) >> >> LL >> >> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. >> _______________________________________________ >> EAT mailing list >> EAT@ietf.org <mailto:EAT@ietf.org> >> https://www.ietf.org/mailman/listinfo/eat <https://www.ietf.org/mailman/listinfo/eat>IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.. >> _______________________________________________ >> EAT mailing list >> EAT@ietf.org <mailto:EAT@ietf.org> >> https://www.ietf.org/mailman/listinfo/eat <https://www.ietf.org/mailman/listinfo/eat> > _______________________________________________ > EAT mailing list > EAT@ietf.org > https://www.ietf.org/mailman/listinfo/eat
- Re: [EAT] [Rats] Rats and EAT Russ Housley
- Re: [EAT] [Rats] Rats and EAT Yaron Sheffer
- Re: [EAT] [Rats] Rats and EAT Henk Birkholz
- Re: [EAT] [Rats] Rats and EAT Henk Birkholz
- [EAT] Rats and EAT Laurence Lundblade
- Re: [EAT] [Rats] Rats and EAT Diego Lopez
- Re: [EAT] [Rats] Rats and EAT Yaron Sheffer
- Re: [EAT] [Rats] Rats and EAT Hannes Tschofenig
- Re: [EAT] [Rats] Rats and EAT Diego Lopez
- Re: [EAT] [Rats] Rats and EAT Hannes Tschofenig
- Re: [EAT] [Rats] Rats and EAT Laurence Lundblade
- Re: [EAT] [Rats] Rats and EAT Hannes Tschofenig
- Re: [EAT] [Rats] Rats and EAT Laurence Lundblade
- Re: [EAT] [Rats] Rats and EAT Diego R. Lopez
- Re: [EAT] [Rats] Rats and EAT Michael Richardson
- Re: [EAT] [Rats] Rats and EAT Michael Richardson
- Re: [EAT] [Rats] Rats and EAT Laurence Lundblade
- Re: [EAT] [Rats] Rats and EAT Yaron Sheffer
- Re: [EAT] [Rats] Rats and EAT Henk Birkholz