Re: [EAT] {RATS] Introduction

Carl Wallace <> Thu, 13 September 2018 10:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 33F57130EC4 for <>; Thu, 13 Sep 2018 03:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lvsLeRbCkxRO for <>; Thu, 13 Sep 2018 03:42:33 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 107B912008A for <>; Thu, 13 Sep 2018 03:42:33 -0700 (PDT)
Received: by with SMTP id g13-v6so2883601qki.9 for <>; Thu, 13 Sep 2018 03:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=AEy0G3cnJg3/zRYRCLJj1NV9nWB7UsEMizula/iW5bo=; b=ykDRHTAeBWPeovaCfQg8BwlgHezUCvg50AoZftS+hlsaRZNr+j8juVyf347t/YFB2l o3V45H0tdyEI8nog3q7/IpBFJTKCu2oJ6/NOX5P2/M76oKsgsNuOdc2quSfPZ4fMVLG8 PMe4ry3DU2+1OBMdbWSqMHDjwE7cx08SDUaZ0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=AEy0G3cnJg3/zRYRCLJj1NV9nWB7UsEMizula/iW5bo=; b=q6w6zvw5K/maAWy/MbZhnMSe+v1eXoocUFv486DQxznu1AafGo27+ZQ7mwPyHlzh1l XQHXix/m4v58N7SpoxZRuF46w4zlQmiLeIUxiGFl1yOxt5pmY5P9w3OKmXqvkFA920Xu OoevH+lfEXpCugxRI5lh1EkjWh8hxu8IvqfFjB//fSr9x7WdnmdW1dHeqqO1CNNzgphe WX5fBLba+kEK8TrRpZistMgA80Sckw3FiTxPtTk87IFx4AC8/P/YYuZCWK7NpUzhCvG5 jdyS+8q1MWIgl3MmqoYKPOc05UDf9XNyDsKn/V2LRZIiTX2cvav76BI/JKPFukJUpOoC ADxA==
X-Gm-Message-State: APzg51AI/3FdI/eautub24W1m9cURN4jBUBkGp3eSWIXRrDpu2lej1ru JSrlkSYdUK+Khp7sLsp/OPFuew==
X-Google-Smtp-Source: ANB0VdbIns/1uTUTZbjSA2SwNRPvvMS23K6CEG1T0xhN+itCF2pSHjgihDtOxKmmQQsf6SOoLysKSg==
X-Received: by 2002:a37:21cf:: with SMTP id f76-v6mr4637852qki.263.1536835352155; Thu, 13 Sep 2018 03:42:32 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id s41-v6sm2261395qta.88.2018. (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 13 Sep 2018 03:42:31 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/
Date: Thu, 13 Sep 2018 06:42:25 -0400
From: Carl Wallace <>
To: "Diego R. Lopez" <>, "Eric Voit (evoit)" <>, Shawn Willden <>, "Smith, Ned" <>
CC: "" <>, "" <>
Message-ID: <>
Thread-Topic: [EAT] {RATS] Introduction
References: <> <>
In-Reply-To: <>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3619665751_25479362"
Archived-At: <>
Subject: Re: [EAT] {RATS] Introduction
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Sep 2018 10:42:35 -0000

From:  "Diego R. Lopez" <>
Date:  Thursday, September 13, 2018 at 3:10 AM
To:  "Eric Voit (evoit)" <>rg>, Carl Wallace
<>om>, Shawn Willden
<>rg>, "Smith, Ned" <>
Cc:  "" <>rg>, "" <>
Subject:  Re: [EAT] {RATS]  Introduction

> Hi,
> If I am correctly following your proposal, this is connected with the idea of
> a trusted channel we experimented with in the SECURED project, and described
> in draft-pastor-i2nsf-vnsf-attestation:
> “A trusted channel is an enhanced version of the secured channel. It adds the
> requirement of integrity verification of the contacted endpoint by the other
> peer during the initial handshake to the functionality of the secured channel.
> However, simply transmitting the integrity measurements over the channel does
> not guarantee that the platform verified is the channel endpoint. The public
> key or the certificate for the secure communication MUST be included as part
> of the measurements presented by the contacted endpoint during the remote
> attestation. This way, a malicious platform cannot relay the attestation to
> another platform as its certificate will not be present in the measurements
> list of the genuine platform.”

This only works if the public key/certificate associated with the remote
endpoint can be obtained initially such that it is known to be correct. It's
common to see artifacts that aim to demonstrate that something is a genuine
product from Example Co without being able to demonstrate that something is
a particular genuine product from Example Co. The latter is often necessary.
Bootstrapping trust is hard, especially where it intersects with privacy