Re: [EAT] Scope, Goals & Background for RATS

"Diego R. Lopez" <> Fri, 21 September 2018 22:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2EF91130E1A; Fri, 21 Sep 2018 15:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c2h-DQ-S-bi1; Fri, 21 Sep 2018 15:08:07 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CB61E120072; Fri, 21 Sep 2018 15:08:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ek34T0mw42Zqakd5+8R6F/tgzkzym90uLCVuz6EtPHY=; b=b+Z/QjPtynIjyPZVelh7l6AJYM+a/gdOZWL6CGDQK9ZbNPjCKx7qLPzt5HEk4VqeLohtWnfYLITUyWb2BuA4mvJVx0ASIdwM3qhbI7nFtaFGQuYb1I9G60c8Cl5zdXgFz2SLjZs109eZIwPD+b6ghosXdtmfxGesz96W7115gOM=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1143.18; Fri, 21 Sep 2018 22:08:04 +0000
Received: from ([fe80::f98c:de95:f78:6396]) by ([fe80::f98c:de95:f78:6396%5]) with mapi id 15.20.1143.017; Fri, 21 Sep 2018 22:08:03 +0000
From: "Diego R. Lopez" <>
To: Henk Birkholz <>, Laurence Lundblade <>
CC: "" <>, "" <>
Thread-Topic: [EAT] Scope, Goals & Background for RATS
Thread-Index: AQHUTylonUGZQhG/1kaWvO+5vdwhGaT5n+wAgAFQzACAAAp1AIAARGoAgAAyvQA=
Date: Fri, 21 Sep 2018 22:08:03 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB3PR0602MB3836; 6:sWsSsvCS0iSNH6+5/Z7oRt/y6tKUgPdhuH391W/RYbwRTIvAiCQzKdcr3B7yUuvrMJPfVt5uBaVYDMcch+9qj5QW1SpHvFJ3fd3ib+fhmfWHhtlK6EPK2SMY2f61tvy12k8ib/ovA/a9Rt7HJWaBEBMH88rFnqb0TXK+zohP4iBhdgI6MiTG/EkXDu6UijC3NWiqB4JNRTa7lGwZj/2CgAeNWvEmPpJy8bKJVpw+7t54HeRmp/FN5ZLSvGkdYDSAvNKLSTHYThkgU6tEYrD05Ae3au+6eGJREQorcGhUo8P1bF9D0Hg4olt5nzDg8zoEnetI8PRo7C2ww+kZYY21JB+XUsMWnDW5AlfkE/gshcHW81N6EBrrKBw1E52nnVudE8B7fyn3/JLH2pKyUDCREaD3Llof7D5o2VLESGwcjghiZ9xKvuSwnRx6VvswOqg2lJZeCdZqaj/a2IEtnjt81Q==; 5:8J0Nh6u5yCyUTEU5yKsRdWU0cnNkeNswWEc/LLocAYG6M7QqAPtnbSRHU2usZ6bvFDho3B6OngMkS4dFEj7rqrdzNUkHYU9zaMtJqekGluUun//wNake+CXICryAmitKxbz7LD3V+3NlA4Xn3UGSIhGGEuCmH2vkKRJEaVkyYOY=; 7:yzzOtITlzDo7ZianxzRJKNJXCOcAmyDhQJPwnnP/qkcSro+jzHF+CKINhHDqRCKOtgOCQ+8V2fvuYUtEpgAPGducNyytrUYYUworgn0P1UHqonkJ0XAzLUy86uahLhf5KL9YQSBHetCYJKSUjLHSs0SC7rE2fh/HFmM6TPbQdCy70GCjjUaQJDgOGWqnZfY3PC8xJZ8EVkOVLUFsDBatepZS7imGbvaQ0DjCUwJEJ69y5R/v4zV2VcWPIawXISJC
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c45e6699-9f4e-4701-6649-08d6200eb3e6
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB3PR0602MB3836;
x-ms-traffictypediagnostic: DB3PR0602MB3836:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(40392960112811)(128460861657000)(81160342030619)(163750095850);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231355)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(201708071742011)(7699051); SRVR:DB3PR0602MB3836; BCL:0; PCL:0; RULEID:; SRVR:DB3PR0602MB3836;
x-forefront-prvs: 0802ADD973
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39860400002)(396003)(376002)(136003)(366004)(199004)(189003)(40134004)(25724002)(252514010)(58126008)(2900100001)(6512007)(6306002)(6486002)(105586002)(4326008)(81156014)(5660300001)(6246003)(81166006)(45080400002)(6436002)(53936002)(68736007)(8676002)(8936002)(5250100002)(26005)(71190400001)(71200400001)(83716004)(66066001)(93886005)(106356001)(2906002)(33656002)(110136005)(186003)(54906003)(229853002)(316002)(102836004)(82746002)(786003)(36756003)(76176011)(86362001)(2616005)(476003)(14444005)(99286004)(966005)(6116002)(3846002)(486006)(97736004)(53546011)(446003)(305945005)(7736002)(11346002)(25786009)(6506007)(478600001)(14454004)(256004); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR0602MB3836;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: QbJf1u88BB5TdsJ7edbkGMY9FEoDIktxGM4nlpyxcl9EcQX3WSK3Gm4PgARNB2fYHZrlSMXml2o2chLMZNeZVUzAzCjnlCJzWg57iLD4GtG0rUkPEc2+BIFST+5ld5dbVbSiIwNxIZAtlNZSAYKQYL9imEjqiAOku3oZ9zcQ+HN9Dx6V3Vzmy7hMkoHzQE9SVNU4bu5Rjoy9ng5UGUyMK5zP+5bF7xHl1wculGufwrwZeSzxwm55VBtPOF8HiXDSw+aRqDR4i5aHIEi3KNB6/AaxpMfscmTWj/bAR9IWZk2Sip/LaNdib2ou+9onI9/4FFunZ9i1GWEl6VNksatDsP2Rn33SXHZJogooXYE70+Y=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c45e6699-9f4e-4701-6649-08d6200eb3e6
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2018 22:08:03.8085 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0602MB3836
Archived-At: <>
Subject: Re: [EAT] Scope, Goals & Background for RATS
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Sep 2018 22:08:11 -0000

Regarding the length, we could always aim at using the intersection rather than the union...

"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D

Tel:         +34 913 129 041
Mobile:  +34 682 051 091

On 21/09/2018, 17:06, "EAT on behalf of Henk Birkholz" < on behalf of> wrote:

    Hello Laurence,

    splintering emerging work on attestation in the IETF at the very
    beginning does not seem to be very productive to me, too. I
    wholeheartedly agree with that notion.

    I hear your assessment that EAT and RATS have distinct goals and -  as
    our slowly improving convergence of approaches shows - that is true to
    some extend, I think. But I also think that there is significant overlap
    and creating synergy via this overlap, while also creating a shared
    consistent terminology, is vital and I'd optimistically consider that

    I really am interested in the deployment scenarios that you envision for
    EAT. I am rather certain that we could identify more overlap there. The
    RATS charter covers deployment only in very specific detail at the
    moment. Some scoping had to be done to create a tangible set of
    realistic goals for chartering. That said, deployment is also an
    important aspect for RATS, just not at this very beginning.

    I am also rather certain that EAT can be used in a lot of places. I
    really like the approach, as I am a proponent of CWT. I also was under
    the impression that EAT does not exclude the option to be rooted in TPM?
    While that might only be a technical detail, I bring that up because the
    "non-exclusiveness" of both EAT and RATS wrt to specific hardware
    solutions was an overlap. But maybe I missed something obvious here.

    In summary, creating a common "middle ground" and working in concert in
    these shared domains (manifested in drafts) seems to be the optimal way
    to move forward, I think.

    My only actual concern remains to be the creation of a shorter charter
    :) Merging goals does not really sound like making it shorter - well, at
    least initially.

    Viele Grüße,


    On 09/21/2018 07:01 PM, Laurence Lundblade wrote:
    > RATS folks: Henk, Ned, Monty and Eric,
    > EAT has deployment scenarios and goals that are distinct from RATS. They don’t need new protocols in the same way as that RATS does. They will not be rooted in TCG and TPM work. There is precedence in the industry for these use as can be seen in FIDO and Android Keystore Attestation. EAT can not just be a subordinate part of RATS as you seem to imply below.
    > Even if our deployment goals and use cases are not the same, I would think we can have separate documents where we need to and do the work in one WG.
    > I think it would be bad to have two attestation working groups in the IETF, one for EAT and one for RATS.  Thus, I think the charter of this WG must explicitly include the EAT use cases and goals.
    > LL
    >> On Sep 21, 2018, at 9:24 AM, Henk Birkholz <> wrote:
    >> Hello Laurence,
    >> please find replies and comments in-line:
    >> On 09/20/2018 10:18 PM, Laurence Lundblade wrote:
    >>> It’s a bit buried, but I see you do intend that this include the EAT work. Thus the work would not be TPM/TCG centric. It would include use cases like FIDO and Android Keystore attestation that are often based on TrustZone. It could also include EPID-related use cases. Please confirm.
    >> I am not sure, if I am the authority to confirm this, as kickstarting RATS is a group effort. What I can do is to agree with the statement that RATS is abstracting from specific hardware solutions that provide, for example trust anchors and shielded locations (which keystores are a subset of, I think), or restrict secret key access (protection of execution, I think) based on system status (or more generic - system health).
    >> Conveyance of Attestation Claims is a big part of implicit attestation and the comparison of (amongst other information) claims wrt to appraisal of Attestation Evidence in explicit attestation. As EAT provides a data format to express these claim sets in a state-of-the art representation (and, if signed, via a state-of-the-art COSE envelope) they are compose a perfect option to address the data model part of conveyance.

    EAT mailing list


Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição