Re: [EAT] {RATS] Introduction

Carl Wallace <carl@redhoundsoftware.com> Thu, 13 September 2018 10:42 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33F57130EC4 for <eat@ietfa.amsl.com>; Thu, 13 Sep 2018 03:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvsLeRbCkxRO for <eat@ietfa.amsl.com>; Thu, 13 Sep 2018 03:42:33 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 107B912008A for <eat@ietf.org>; Thu, 13 Sep 2018 03:42:33 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id g13-v6so2883601qki.9 for <eat@ietf.org>; Thu, 13 Sep 2018 03:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=AEy0G3cnJg3/zRYRCLJj1NV9nWB7UsEMizula/iW5bo=; b=ykDRHTAeBWPeovaCfQg8BwlgHezUCvg50AoZftS+hlsaRZNr+j8juVyf347t/YFB2l o3V45H0tdyEI8nog3q7/IpBFJTKCu2oJ6/NOX5P2/M76oKsgsNuOdc2quSfPZ4fMVLG8 PMe4ry3DU2+1OBMdbWSqMHDjwE7cx08SDUaZ0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=AEy0G3cnJg3/zRYRCLJj1NV9nWB7UsEMizula/iW5bo=; b=q6w6zvw5K/maAWy/MbZhnMSe+v1eXoocUFv486DQxznu1AafGo27+ZQ7mwPyHlzh1l XQHXix/m4v58N7SpoxZRuF46w4zlQmiLeIUxiGFl1yOxt5pmY5P9w3OKmXqvkFA920Xu OoevH+lfEXpCugxRI5lh1EkjWh8hxu8IvqfFjB//fSr9x7WdnmdW1dHeqqO1CNNzgphe WX5fBLba+kEK8TrRpZistMgA80Sckw3FiTxPtTk87IFx4AC8/P/YYuZCWK7NpUzhCvG5 jdyS+8q1MWIgl3MmqoYKPOc05UDf9XNyDsKn/V2LRZIiTX2cvav76BI/JKPFukJUpOoC ADxA==
X-Gm-Message-State: APzg51AI/3FdI/eautub24W1m9cURN4jBUBkGp3eSWIXRrDpu2lej1ru JSrlkSYdUK+Khp7sLsp/OPFuew==
X-Google-Smtp-Source: ANB0VdbIns/1uTUTZbjSA2SwNRPvvMS23K6CEG1T0xhN+itCF2pSHjgihDtOxKmmQQsf6SOoLysKSg==
X-Received: by 2002:a37:21cf:: with SMTP id f76-v6mr4637852qki.263.1536835352155; Thu, 13 Sep 2018 03:42:32 -0700 (PDT)
Received: from [192.168.2.27] (pool-108-28-91-61.washdc.fios.verizon.net. [108.28.91.61]) by smtp.googlemail.com with ESMTPSA id s41-v6sm2261395qta.88.2018.09.13.03.42.28 (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 13 Sep 2018 03:42:31 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Thu, 13 Sep 2018 06:42:25 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, Shawn Willden <swillden=40google.com@dmarc.ietf.org>, "Smith, Ned" <ned.smith@intel.com>
CC: "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org>
Message-ID: <D7BFB4C1.C0D9F%carl@redhoundsoftware.com>
Thread-Topic: [EAT] {RATS] Introduction
References: <c307729682c24fd18aea18551c2233ff@XCH-RTP-013.cisco.com> <233A8B51-343B-4859-9108-1CA862267274@telefonica.com>
In-Reply-To: <233A8B51-343B-4859-9108-1CA862267274@telefonica.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3619665751_25479362"
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/X6TmYzmLk-gwfC2YY41tQOhIVyM>
Subject: Re: [EAT] {RATS] Introduction
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2018 10:42:35 -0000


From:  "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Date:  Thursday, September 13, 2018 at 3:10 AM
To:  "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>rg>, Carl Wallace
<carl@redhoundsoftware.com>om>, Shawn Willden
<swillden=40google.com@dmarc.ietf.org>rg>, "Smith, Ned" <ned.smith@intel.com>
Cc:  "rats@ietf.org" <rats@ietf.org>rg>, "eat@ietf.org" <eat@ietf.org>
Subject:  Re: [EAT] {RATS]  Introduction

> Hi,
>  
> If I am correctly following your proposal, this is connected with the idea of
> a trusted channel we experimented with in the SECURED project, and described
> in draft-pastor-i2nsf-vnsf-attestation:
>  
> “A trusted channel is an enhanced version of the secured channel. It adds the
> requirement of integrity verification of the contacted endpoint by the other
> peer during the initial handshake to the functionality of the secured channel.
> However, simply transmitting the integrity measurements over the channel does
> not guarantee that the platform verified is the channel endpoint. The public
> key or the certificate for the secure communication MUST be included as part
> of the measurements presented by the contacted endpoint during the remote
> attestation. This way, a malicious platform cannot relay the attestation to
> another platform as its certificate will not be present in the measurements
> list of the genuine platform.”

This only works if the public key/certificate associated with the remote
endpoint can be obtained initially such that it is known to be correct. It's
common to see artifacts that aim to demonstrate that something is a genuine
product from Example Co without being able to demonstrate that something is
a particular genuine product from Example Co. The latter is often necessary.
Bootstrapping trust is hard, especially where it intersects with privacy
concerns. 
>