Re: [EAT] [Rats] Real EAT implementations
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sun, 07 October 2018 11:44 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70DE8130E02; Sun, 7 Oct 2018 04:44:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id faPmFXtVriaj; Sun, 7 Oct 2018 04:44:30 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20075.outbound.protection.outlook.com [40.107.2.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E743E130DD2; Sun, 7 Oct 2018 04:44:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v/DxN16QZPKbXfivUuPSgEoNiFWKAMIPuX83fAu6HSs=; b=JG3DzZh8S78fsL/R1s9iXpxPn5hBjr8N3Z6YitbnAfm+onF2ZWGqm6J/V+qJxfL63U92tmvhj7IBnm/rEanxy1T7RbpiJPxUhsjoZcWmMSMmwUNem2IMbL21tLE/cDxqS4SvPyv7MbLGXPL87jPfJvQHFVcKE0Iyx2v7jxzkfSo=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1437.eurprd08.prod.outlook.com (10.167.210.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.23; Sun, 7 Oct 2018 11:44:22 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::ed81:d01e:32bf:6116]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::ed81:d01e:32bf:6116%8]) with mapi id 15.20.1207.024; Sun, 7 Oct 2018 11:44:22 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "eat@ietf.org" <eat@ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [EAT] [Rats] Real EAT implementations
Thread-Index: AQHUXZpWKsrAp4epP0uRiQySN5VuqaUTodrg
Date: Sun, 07 Oct 2018 11:44:22 +0000
Message-ID: <VI1PR0801MB21123D7488BFD97AA44F17CBFAE50@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <7871DF5D-01E4-496A-B35D-82D1397B55AA@island-resort.com> <30469.1538847042@localhost>
In-Reply-To: <30469.1538847042@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [83.175.123.202]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1437; 6:/RFPZW8xEK+N2MZGBNMFdHHmgvrZpFjhXlnF/bxyzSGKPw5wxEWVHfccNjEXevdLWE73NwIBC9BBuzaZorFhIUCT1JeUAddjNFn87AtH0s5a4jSUCoimqPP4B8MWtXyQHf4XkD38KJZDeZgAbUeD+dnHNRNxFWihwe3wnx6fHm7QXOKGDZs8NBaeOrswjmtn92cQwdbGY/DoLwXckYHEHSHDHM+tf/bpUM9GSDF4zxpxtK4TmQwaCT0tYZV4xC/motkI3iuSovbT1Vf0vZg/RMWMs4xEtX2LTA5xr0WiBgS23uNFmKJ+2rgbUFHjHXQ+w51UmE2KuRISknMrtA6ix7f1dv1ZBFbo20ac6NajGHhSaW8XZIlmd6se1GjRGCMjXDi/76f+D4Q1ItnmuXC4uvkpMGUMgvEE+w5cR78cYca+IYVLhpnQzCQTcppEbJUubvlmcwYb60gikleixea+mQ==; 5:/l0RrUHQUw8+YQzmQdb+u1gvIe8+I06++7p8w35/x3danuw3DP/CsRVvi9b8pmJZisswFmFRn6YLLCbJy55kPyLDFwy67rDu+C5Bm1HIQsMG+c6i3fL4+2wgB8vcrOJgG01SiJH7iOxxXBiuspn3TZtC+jjJGgDbBlTTcrQVUCc=; 7:SPrcxwWDzfY03PnGF2RJHjsj1iobbj2dAwOhN4qZsEP5MuRW1kWvXJ1ySsoI4slAuVwZZaNEHYTGETVKQL1HgQYgfasJnT8HcnwC6s7N9keF1Qb/pQUH98emLze0QLxHmwk7uiu4ZHgYnSqpwYCWg35Ryu4V2DrqMxuQavW9ca7IzWlxAM5yS3xRqnOXcSR34TAP3briPfQdtNLXqLsAwqLV1jj/eo9bQGvo/0NASVVXOuqIDvGmcRUiGfxbkxWn
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: a921d842-234f-4938-da7a-08d62c4a39ce
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1437;
x-ms-traffictypediagnostic: VI1PR0801MB1437:
x-microsoft-antispam-prvs: <VI1PR0801MB1437195570AECD95C5D45644FAE50@VI1PR0801MB1437.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(11711142671493)(180628864354917);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(201708071742011)(7699051); SRVR:VI1PR0801MB1437; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1437;
x-forefront-prvs: 0818724663
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(376002)(346002)(136003)(39850400004)(13464003)(40434004)(199004)(189003)(966005)(305945005)(14454004)(74316002)(66066001)(2900100001)(110136005)(81166006)(81156014)(99286004)(7696005)(8676002)(478600001)(68736007)(71200400001)(71190400001)(72206003)(6506007)(6116002)(3846002)(5250100002)(7736002)(2501003)(53546011)(8936002)(76176011)(5024004)(14444005)(256004)(106356001)(5660300001)(316002)(6246003)(86362001)(105586002)(33656002)(97736004)(102836004)(26005)(486006)(25786009)(53936002)(6306002)(9686003)(55016002)(446003)(11346002)(476003)(186003)(6436002)(229853002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1437; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: E/FSwgXJo4L8ThEx3FCJ2u++XmR+eKhKJjAef/3nZ/OPHO4t+FuemvX19Z9PF4CWojklKBDOrWuI0g5cTXARX1HUBvSkoS3lW87O8gN/kcjJRpwIsYgDUrV50k/7Wlu/CnoF/eb4NySlGjTn8kFjG+VXs+XscbUyL+bxPHyie73qLRgTcBHmTvLK8ea/0d69ZB/BzW1ra7m2/gok5zNZRTFn4xVYlJ98Adw5YF/+O7+mg6QtPMfnmlCR4GHbfQh5WFI+/8VzE8sA2YF1K0Ai7RvOKN0Hh+B8ZyEMF7w15hFBDk3EM8rofGMkOF7gLpbSRh96OF3NMcbbd2F7RehIFg58E83pRvyVf78aiLdZkzo=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a921d842-234f-4938-da7a-08d62c4a39ce
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2018 11:44:22.7502 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1437
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/-hgI9UeEtdo70c7tpKN7XlJH9oA>
Subject: Re: [EAT] [Rats] Real EAT implementations
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Oct 2018 11:44:34 -0000
Hi Michael, Arm has launched the Platform Security Architecture (PSA) at Arm TechCon 2017 with the goal to improve IoT security. It is a fairly broad effort clustered into three areas, namely an analysis, architecture and implementation phase. For the first phase we provide templates for threat analysis to derive security requirements. For the architecture phase we offer hardware specifications. For the third phase we offer code. The Linaro foundation has started a project for firmware development on these Cortex M-class devices (called Trusted Firmware M, or TF-M), see https://community.arm.com/iot/b/blog/posts/the-next-step-for-psa-and-a-secure-iot-future. The TF-M is the place where we are implement the EAT token functionality (as part of the attestation API). There are also other APIs, such as crypto and secure storage. Since the attestation API not only allows an application to access attestation functionality locally on the device but also to expose these attestation tokens to other services there is an interoperability problem. The Qualcomm-developed token format, which re-uses existing IETF technology, showed up at the right time for us and we believe it is a good approach. For this reason we support draft-ietf-mandyam-eat. The TF-M implementation and the work we do on attestation feels pretty real to me. We hope that many companies implementing IoT products want to make use of the TF-M code as a foundation to make their devices more secure. Ciao Hannes PS: More details about the PSA can be found at https://pages.arm.com/psa-resources.html. If you happen to be in San Jose in the week of 16th - 18th October Arm and its partners will talk about the recent developments around the PSA (and IoT security in general) at Arm TechCon. -----Original Message----- From: EAT <eat-bounces@ietf.org> On Behalf Of Michael Richardson Sent: Saturday, October 6, 2018 7:31 PM To: eat@ietf.org; rats@ietf.org Subject: Re: [EAT] [Rats] Real EAT implementations Laurence Lundblade <lgl@island-resort.com> wrote: > I believe one of the area directors asked who’s going to implement > these attestation schemes we standardize. One answer is Qualcomm’s > already commercialized precursor implementation of EAT which is > described very briefly in official marketing material on Qualcomm’s > web site as “Hardware Token”. I see this as evidence: 1) the market doesn't need/want a standard 2) Qualcomm isn't going to implement our standard, they already have their own. Now that could be trivially be refuted if we saw clear participation from qualcomm, but I haven't seen it yet. But, maybe I missed it. I await the charter. So far I haven't seen something that is concrete enough to be useful on its own. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [EAT] Real EAT implementations Laurence Lundblade
- Re: [EAT] [Rats] Real EAT implementations Michael Richardson
- Re: [EAT] [EXTERNAL] Re: [Rats] Real EAT implemen… Jeremy O'Donoghue
- Re: [EAT] [Rats] Real EAT implementations Hannes Tschofenig
- Re: [EAT] [Rats] Real EAT implementations Carl Wallace
- Re: [EAT] [Rats] Real EAT implementations Suresh Marisetty