Re: [EAT] [Rats] Real EAT implementations

Suresh Marisetty <Suresh.Marisetty@arm.com> Mon, 08 October 2018 03:15 UTC

Return-Path: <Suresh.Marisetty@arm.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 072A6128766; Sun, 7 Oct 2018 20:15:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRc-JBmX26WC; Sun, 7 Oct 2018 20:15:46 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40062.outbound.protection.outlook.com [40.107.4.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 992071200D7; Sun, 7 Oct 2018 20:15:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NZmm66fJ9MzqBFrQOAwkPx80nAfiyzaNUiGuNy+QuQs=; b=LGcl/XWcjMG/1yNLK4lEsRZVdhWAmZyEBxtP9aLgIBy8G15C3Soqo6Z54Dfc0q1wYY29VY2hoWqAIfP7hoqy7Bi3wM0bXP9C5MhFh60i7gjEHuMtnd6e7ZBf/jGn7bKox3OeGWbYVGDBRLnsxoIntPe1EOkLIyQDNs13aW3GSdo=
Received: from DB7PR08MB3401.eurprd08.prod.outlook.com (20.176.238.94) by DB7PR08MB3098.eurprd08.prod.outlook.com (52.134.110.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.21; Mon, 8 Oct 2018 03:15:43 +0000
Received: from DB7PR08MB3401.eurprd08.prod.outlook.com ([fe80::f4d7:1902:be2f:c087]) by DB7PR08MB3401.eurprd08.prod.outlook.com ([fe80::f4d7:1902:be2f:c087%4]) with mapi id 15.20.1207.024; Mon, 8 Oct 2018 03:15:42 +0000
From: Suresh Marisetty <Suresh.Marisetty@arm.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "eat@ietf.org" <eat@ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [EAT] [Rats] Real EAT implementations
Thread-Index: AQHUXZpWDpOZ71LwM02HMmb6pZBuSqUTqvgAgAEDBYA=
Date: Mon, 08 Oct 2018 03:15:42 +0000
Message-ID: <DB7PR08MB340152CE1F061AEB70023DDA97E60@DB7PR08MB3401.eurprd08.prod.outlook.com>
References: <7871DF5D-01E4-496A-B35D-82D1397B55AA@island-resort.com> <30469.1538847042@localhost> <VI1PR0801MB21123D7488BFD97AA44F17CBFAE50@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB21123D7488BFD97AA44F17CBFAE50@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh.Marisetty@arm.com;
x-originating-ip: [107.196.102.252]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB7PR08MB3098; 6:tYndAIoFNZQoh1bpRPFsQrcwLU4SfN0A+WSkG1HuXaJMpY/b8CWsMGqLmTznhT+jK8yuVARhGP1a12HLURun07+0HubO+dE/dh9rXpDw6QnbLkodEPdt5tcO2uY0B+csb8sNeRtz7ZqcCT8aTsRSVOypkq5n7qYoYNXda11baOwURzUgJ1IMjiie5rJfkmRZz3Nbk3CqlTnrzK822QyODRDQXZjIVO0BWTbnvzVCmye4Dyn3U2YEuAWEPCs8yvude8m9Mn6drJ6StgLB01T+d6yNABifW3IS6ylhZj55oeHmpNbZgQfKgrbcD9hfacYJkvceb8IyT/0nDuS+xSkDMfj7/JkG9g+ELtdkOcrwcgynC3omH/Oat6pC2uJ2IKEMeddWPyBemHVZm4yefvR9Op284um9+qFdT9EScU2d1kHHXRvZHqS2hx8Mi9xtVE6gJb+Fw0hQlvYOepF3psgscg==; 5:ex994y/nhjhj+XKs9FZfJpvimmsYfyzCBArTCksE9ObjglrwsAfFtEPVF37F4EBDE/EzpZTw87KRUthQm755yE8GOVy45E+1VTvhQq64nTppN5AeqnlTltCKFVuDYrFaSHqcDJecCT0xQ/K2DY79ywdKxBwC5rRxWbCnWn/bDlw=; 7:3WEfwSdACb0YQ9gw6ruvUGuj5B22ct0dDDH0aL84lNL61BOiQIBouQ1/XATYP7x6dPUP9tE4wVIlYzRj/IC/ItueH4957TQMtPi6nPPXH/WY95EgB8nP0tPWmq42zEY8bg+l37P6/Q68QDI3aiyyVPrSs8NVKLCgKhJQKJhoqWI3mxmPVog7w1Uy+77aMMvGNnGKL+r+dDjMf+d+YotTAyenvzdlWEtXk59UjP+qgh5O6cMRKGmVclgTircLc4Oo
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-ms-office365-filtering-correlation-id: 79aa3c48-3746-484a-42b9-08d62ccc54e4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB7PR08MB3098;
x-ms-traffictypediagnostic: DB7PR08MB3098:
x-microsoft-antispam-prvs: <DB7PR08MB3098868451C1D23A36C943B597E60@DB7PR08MB3098.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(11711142671493)(180628864354917);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231355)(944501410)(52105095)(10201501046)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(201708071742011)(7699051); SRVR:DB7PR08MB3098; BCL:0; PCL:0; RULEID:; SRVR:DB7PR08MB3098;
x-forefront-prvs: 081904387B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39850400004)(136003)(376002)(396003)(346002)(40434004)(199004)(189003)(13464003)(110136005)(316002)(8676002)(486006)(229853002)(74316002)(7736002)(305945005)(14454004)(256004)(2900100001)(7696005)(33656002)(6436002)(966005)(478600001)(53936002)(71200400001)(66066001)(68736007)(14444005)(99286004)(72206003)(9686003)(76176011)(5024004)(11346002)(476003)(2906002)(71190400001)(6306002)(55016002)(81166006)(81156014)(26005)(106356001)(105586002)(8936002)(5250100002)(102836004)(2501003)(3846002)(6116002)(5660300001)(53546011)(6246003)(186003)(86362001)(6506007)(25786009)(446003)(97736004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR08MB3098; H:DB7PR08MB3401.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: qf/KFXEh3zXqJ5aql79rTtF66W/bkggYZZFJNqZW+z0THrwUziWcGMSYeq7WqM/7ho9QxIvwP8+/1W7cD5/y/ZVY5GgLa6Cyic+446vtXIXtKymV+Z4yHsUJrMP10rPlFml9jNhIUCIdek1sGI4BiShEh0xIQeAUVBlBAfoSHDZ89siNUbw/WSAkBWiluHz1unJjXt8b9EOytx3JwCHBnri/8DHQv+nIvrjq31e5mvMbsz/YLM7nNkcbR8fE9Bgi+s/28sARB3GsnqcqY51npRvC1Yw0ZgL5YZEaT55+jkTsSjgub4X8VIEXL0lyWoFmm0aO04qJsvy3YvtmOy4Js0vkiQ3woy4dv21//Zc3udQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 79aa3c48-3746-484a-42b9-08d62ccc54e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2018 03:15:42.8074 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3098
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/90RfvJJnbi8RDsvpOrtspurthXw>
Subject: Re: [EAT] [Rats] Real EAT implementations
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Oct 2018 03:15:49 -0000

HI,

Like Jeremy informed in another thread, GlobalPlatform is aligning with these standard claims and working on API definition as well as part of the Trusted Platform Services committee.

In synch up with above, Arm Platform Security Architecture is also aligning with it.

Defining the base claims and standardizing them is a win-win in the IoT space specifically, to reduce market fragmentation and promote interoperability with Cloud Relying Parties/Verifiers.

Thanks
Suresh Marisetty


-----Original Message-----
From: EAT <eat-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Sunday, October 7, 2018 4:44 AM
To: Michael Richardson <mcr+ietf@sandelman.ca>; eat@ietf.org; rats@ietf.org
Subject: Re: [EAT] [Rats] Real EAT implementations

Hi Michael,

Arm has launched the Platform Security Architecture (PSA) at Arm TechCon 2017 with the goal to improve IoT security.
It is a fairly broad effort clustered into three areas, namely an analysis, architecture and implementation phase. For the first phase we provide templates for threat analysis to derive security requirements. For the architecture phase we offer hardware specifications. For the third phase we offer code.

The Linaro foundation has started a project for firmware development on these Cortex M-class devices (called Trusted Firmware M, or TF-M), see https://community.arm.com/iot/b/blog/posts/the-next-step-for-psa-and-a-secure-iot-future. The TF-M is the place where we are implement the EAT token functionality (as part of the attestation API). There are also other APIs, such as crypto and secure storage.
Since the attestation API not only allows an application to access attestation functionality locally on the device but also to expose these attestation tokens to other services there is an interoperability problem. The Qualcomm-developed token format, which re-uses existing IETF technology, showed up at the right time for us and we believe it is a good approach. For this reason we support draft-ietf-mandyam-eat.

The TF-M implementation and the work we do on attestation feels pretty real to me. We hope that many companies implementing IoT products want to make use of the TF-M code as a foundation to make their devices more secure.

Ciao
Hannes

PS: More details about the PSA can be found at https://pages.arm.com/psa-resources.html. If you happen to be in San Jose in the week of 16th - 18th October Arm and its partners will talk about the recent developments around the PSA (and IoT security in general) at Arm TechCon.

-----Original Message-----
From: EAT <eat-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Saturday, October 6, 2018 7:31 PM
To: eat@ietf.org; rats@ietf.org
Subject: Re: [EAT] [Rats] Real EAT implementations


Laurence Lundblade <lgl@island-resort.com> wrote:
    > I believe one of the area directors asked who’s going to implement
    > these attestation schemes we standardize. One answer is Qualcomm’s
    > already commercialized precursor implementation of EAT which is
    > described very briefly in official marketing material on Qualcomm’s
    > web site as “Hardware Token”.

I see this as evidence:
  1) the market doesn't need/want a standard
  2) Qualcomm isn't going to implement our standard, they already have their own.

Now that could be trivially be refuted if we saw clear participation from qualcomm, but I haven't seen it yet.  But, maybe I missed it.

I await the charter.
So far I haven't seen something that is concrete enough to be useful on its own.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
EAT mailing list
EAT@ietf.org
https://www.ietf.org/mailman/listinfo/eat
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.