Re: [EAT] Attestation Model
"Smith, Ned" <ned.smith@intel.com> Fri, 07 September 2018 00:50 UTC
Return-Path: <ned.smith@intel.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F0AA130DD9 for <eat@ietfa.amsl.com>; Thu, 6 Sep 2018 17:50:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MxM7J6TjEr26 for <eat@ietfa.amsl.com>; Thu, 6 Sep 2018 17:50:40 -0700 (PDT)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25F4212F295 for <eat@ietf.org>; Thu, 6 Sep 2018 17:50:40 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Sep 2018 17:50:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.53,340,1531810800"; d="scan'208,217"; a="86706762"
Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128]) by fmsmga004.fm.intel.com with ESMTP; 06 Sep 2018 17:50:30 -0700
Received: from orsmsx112.amr.corp.intel.com (10.22.240.13) by ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 6 Sep 2018 17:50:30 -0700
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.80]) by ORSMSX112.amr.corp.intel.com ([169.254.3.2]) with mapi id 14.03.0319.002; Thu, 6 Sep 2018 17:50:21 -0700
From: "Smith, Ned" <ned.smith@intel.com>
To: "eat@ietf.org" <eat@ietf.org>
Thread-Topic: [EAT] Attestation Model
Thread-Index: AQHURkS8jzcSFtvK10qTny+DFh0ZzA==
Date: Fri, 07 Sep 2018 00:50:12 +0000
Message-ID: <385CFC53-CE0C-4BE7-AFF3-7EDD6E613228@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.0.180812
x-originating-ip: [10.252.200.249]
Content-Type: multipart/alternative; boundary="_000_385CFC53CE0C4BE7AFF37EDD6E613228intelcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/Yx-W4sliPrag9g0S6B0jL4ZT5ik>
Subject: Re: [EAT] Attestation Model
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Sep 2018 00:50:41 -0000
|Here’s an attempt to move the EAT model slightly closer to the RATS model and terminology. |Actual ppt is on GitHub <https://github.com/eat-ietf-wg/eat-slides>;. The attestation flow is a good start. But it may be relevant to capture the flow of claims (aka token) begins with the manufacturer of the environment that protects the keys (both provisioned at mfg time and subsequently generated during deployment and onboarding). The mfg may be an ‘authoritative claimant’ regarding key protection properties of the environment, but there can be other claimants too. For example, a common criteria certification lab could also be an authoritative claimant that may assert the same claims as the manufacturer plus additional claims about the CC test results.
- [EAT] Attestation Model Laurence Lundblade
- Re: [EAT] Attestation Model Smith, Ned