Re: [EAT] Naming (was Re: Scope, Goals & Background for RATS)

"Diego R. Lopez" <diego.r.lopez@telefonica.com> Tue, 25 September 2018 21:35 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C133F130E50; Tue, 25 Sep 2018 14:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telefonica.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pwbeINLwrYiF; Tue, 25 Sep 2018 14:35:24 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on0724.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::724]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EFC3130DD2; Tue, 25 Sep 2018 14:35:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telefonica.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d2DXqSMQkqMBl2ZIlauoCfJ/bKETuwRZeAI2PXVCopo=; b=TnqRv9NBAb2ER/PL7YQfltJ+c82yCdWs7WEVR9LrjmXpmnby96iQNxWldofL5MyN07oBwUmXuOKYPnO/fm2KlTiS4pQmalOhalRrCa8WGkmxatql2vhN9NtMTZQ8vzD3IEKEECFMu/J0TNnfb4FABkGE57urthJM96tkEoj9x6Q=
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com (52.134.70.148) by DB3PR0602MB3754.eurprd06.prod.outlook.com (52.134.67.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1164.22; Tue, 25 Sep 2018 21:35:20 +0000
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::1df0:efe8:3e5:7acb]) by DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::1df0:efe8:3e5:7acb%3]) with mapi id 15.20.1164.024; Tue, 25 Sep 2018 21:35:20 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org>
Thread-Topic: Naming (was Re: [EAT] Scope, Goals & Background for RATS)
Thread-Index: AQHUVPsQun7xV+nNMkaCCy7f0E2FhaUBpt6A
Date: Tue, 25 Sep 2018 21:35:20 +0000
Message-ID: <9D0BEEB9-B725-40B6-8848-555B56CB61D1@telefonica.com>
References: <710df01c-c45f-9d26-b578-e4baa53c6de8@sit.fraunhofer.de> <000D27F1-C5C0-4F14-A628-42A321077A52@island-resort.com> <53CD22A1-DFD2-48DA-8668-2744CCDB6BD5@telefonica.com> <07ADA0A9-DDF6-4B32-BE45-A99A2587DC16@island-resort.com>
In-Reply-To: <07ADA0A9-DDF6-4B32-BE45-A99A2587DC16@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.2.180910
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-originating-ip: [5.255.146.80]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB3PR0602MB3754; 6:5UPOCRS1wdvzlP9kab93ToimZ2N9OqrcZy+Lb2n3ryJNjHOYObj8lQbB3mvQ6Ef52hhCvc9e7kB8BNIuK4PUObu0NqkK3+uPuJTwt4cy2npZWIECAJEerH22Lq6XtEmgVzFzwEbLumDnZMIek5aWhXB0cnTddfDvvHHrp1eqikD8TpWyoJrJft13h8Gh/gFCX2vjnWqNKWOB8K7oODscZoS7a11Q9+DhxK9sNMNaaRJG8CBkygTs3CbtuJos6rXy6J8bHCnoRcSNQX0vhxRT8cbAXo9cuHOKB4TNx0LdiPa2Yw/m6q4ymxrF+Jyf/4JDDvWgQmbEbRqOOt4LJwpsHPV3jjKxb+T0XG1pRdLvQmCfNAgmo6pm4TN0WiWsFbEKZ9k/FJt4hWEESqurdAfnGWWUw5CQ1tIMzwvakGMh1qVF+RWBm/l/vy2y//dR0zOTlm2aX7SOw307cAp+oF12vA==; 5:u60HTz4SlWJ7jX2UFlfeCP5F7BfsA1CzPd2PcMha+An8QZ7mm2zBgBqLsfm9k2U34BGJrQk7FMxi/IbYkh4iGhn8ju29NxWY+yIkb+XQNWLlkErip2W3hAtA2YbVbpSwMRsK2KGHCIawEnAAcB8hAazOht2zWPhaSACQ0WM0Anw=; 7:uj/sjwPxdhC8JtilgzmoWF/JE2vOPLj1WQjaU0O1GJs5eiOWebRHDrHnKDkbo+PIVtRn48mIUCdJfD8irzPP26pbw3WqOOvJm6Jfza4s8QOfUZ92715z9XSaIjyxVNaU1TOUc/abG0qpYXLChKn7ivm41bQrE1JaouEGiumIGD2otD3KMC1NFED61+Qkuy1tCUWOTikTCBhz3Q6pbHeKy9XSRDLjfunr2iPX7iS6EmLaQq4q8JQFSbuq6CTDT67J
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 025a1635-5757-4697-963d-08d6232ecb63
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB3PR0602MB3754;
x-ms-traffictypediagnostic: DB3PR0602MB3754:
x-microsoft-antispam-prvs: <DB3PR0602MB375495A5C88165B831EDA169DF160@DB3PR0602MB3754.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(163750095850)(128460861657000)(81160342030619)(40392960112811)(209352067349851)(158342451672863)(192374486261705)(166708455590820)(21748063052155)(28532068793085);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(3231355)(944501410)(52105095)(93006095)(93001095)(6055026)(149066)(150027)(6041310)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(201708071742011)(7699051); SRVR:DB3PR0602MB3754; BCL:0; PCL:0; RULEID:; SRVR:DB3PR0602MB3754;
x-forefront-prvs: 08062C429B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(136003)(39860400002)(376002)(346002)(53754006)(40134004)(25724002)(199004)(189003)(252514010)(68736007)(6116002)(790700001)(81166006)(5250100002)(71200400001)(106356001)(105586002)(5660300001)(83716004)(786003)(316002)(53546011)(6506007)(7736002)(71190400001)(97736004)(6486002)(76176011)(82746002)(71446004)(229853002)(53936002)(606006)(93886005)(99286004)(66066001)(236005)(54896002)(6512007)(6306002)(6246003)(14454004)(2616005)(8936002)(33656002)(102836004)(58126008)(476003)(478600001)(54906003)(45080400002)(25786009)(11346002)(26005)(486006)(446003)(6436002)(4326008)(966005)(6916009)(561944003)(81156014)(14444005)(2900100001)(36756003)(186003)(2906002)(86362001)(551934003)(3846002)(34290500001)(256004)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR0602MB3754; H:DB3PR0602MB3788.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 9G+Hq6ru/d6fjgL5jtEt9PChzQHPX1lo6QBN67L1Pcaga7gJtPwmaPWqsDimBWCr11IW9T8k/UaedWojWR3EkaGtqVBBSVpFBYQNeKdrGGgqDB6Q1isXQ+BtBsV12WbWv+pfxw4LJsLua7ZWDvbwpFqW8Tr5RUjiDnedi59KeIypxvBfiep61Dr4j6MCk/IjBtyrYJ/yhLjqE6MPNqz4pEJVIZ5I0sZIvc7TAB3XuhcJVOjcuCbutKuM/SUojD/08ZxxusSzca4IivT/HocOEa4VLbuGM4lioeuWtbd+zMeunnhUqq8RAMUncT3HsCfkjGYeExWPmIvhjfgvZu8LDjiFjLuor9W1i+it2dE/lsA=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_9D0BEEB9B72540B68848555B56CB61D1telefonicacom_"
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 025a1635-5757-4697-963d-08d6232ecb63
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2018 21:35:20.5866 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0602MB3754
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/k5xkh-S-U3bBOXcMb3pzYZzKEMs>
Subject: Re: [EAT] Naming (was Re: Scope, Goals & Background for RATS)
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2018 21:35:35 -0000

What if we add an E at the end (that could fit as “Enhancements”)?

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
https://www.linkedin.com/in/dr2lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Tel:         +34 913 129 041
Mobile:  +34 682 051 091
----------------------------------

On 25/09/2018, 20:10, "Laurence Lundblade" <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

One more attempt: CREAT — Common Remote Entity Attestation Technology

LL



On Sep 20, 2018, at 3:27 PM, Diego R. Lopez <diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>> wrote:

Hi,

I agree with you in the fact that the proposal is intended to address the proposed EAT work, and I think we agree in that this is a good way to go. Regarding the name, and given my dislike for cats, I’d propose to use CRAT, as in aristo-crat or demo-crat… (coming from the Greek god of strength and power)

And I tend to agree in your two final comments on public key, and the fact that circumscribing attestation to devices (of any nature, physical or virtual) need to be clearly stated.

Be goode,

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
https://www.linkedin.com/in/dr2lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Tel:         +34 913 129 041
Mobile:  +34 682 051 091
----------------------------------

On 20/09/2018, 16:18, "EAT on behalf of Laurence Lundblade" <eat-bounces@ietf.org<mailto:eat-bounces@ietf.org> on behalf of lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

It’s a bit buried, but I see you do intend that this include the EAT work. Thus the work would not be TPM/TCG centric. It would include use cases like FIDO and Android Keystore attestation that are often based on TrustZone. It could also include EPID-related use cases. Please confirm.

My preference would be to choose another name for the group that is neither EAT or RATS to help make this clear. I don’t really think there is a “procedure” with EAT. To be honest, I don’t really like “RATS” as a name. My suggestions are “RA” for Remote Attestation or “CAT” for Common Attestation Technology (and besides cats caused us to invent the Internet so we share pictures of them (securely)).

I propose a more high-level intro with examples:

The purpose of RA/CAT is to allow a Relying Party (e.g. a web service, network management center...) to securely receive Claims from an Entity requesting service (e.g. a phone, router, IoT device...) that allow the Relying Party to determine if and how that entity is trusted.  For example:
o    An IoT management back-end receives a signed nonce that proves the IoT device is the genuine article manufactured by the expected OEM and is not a Linux box or such emulating such a device.
o    A network management center receives a set of measurement claims from a router to know that the configuration has not been tampered with.
o    An online banking service receives many claims about the device including location, SW versions and measurements and determines that it will allow a higher-than-usual value transaction.
o    A government online document server receives claims indicating manufacture and location of the device, determines they are from the correct country and grants access to classified documents.
There are protocols for determining and securing the identity of a server or service (TLS and IPsec). There are many protocols for authenticating end users (SASL, TLS client auth, EAP…). There are no general protocols for managing the characteristics, security and identity of an end client device (an Entity). RA/CAT aims to address that gap.

There is no goal here to set criteria for what is trustworthy or not as that is an impossible task as it will vary widely from use case to use case. The goal here is to securely provide information (Claims) to the Relying Party so it can make that determination based on its own criteria and needs.


I don’t think the intro should mention public key crypto. I know of attestation solutions that do not use it.

I tend to prefer “attestation” when the goal is whether and how a device is to be trusted and “authentication” when the goal is how a human is to be identified. FIDO, OAuth, SASL are all about users and use the word authentication.

LL




On Sep 18, 2018, at 1:26 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>> wrote:

Hi all,

we pushed an initial document to the RATS github in order to focus the discussion about remote attestation procedures a bit.



https://github.com/ietf-rats/charter/blob/master/ietf-rats-charter.md<https://github.com/ietf-rats/charter/blob/master/ietf-rats-charter..md>

We included a background section to better highlight the meaning of the term "attestation" in general. Hence, there is a trade-off between clarity and conciseness, which is one of the things we would like to get feedback about.

Naturally, we are also very interested in feedback about the illustrated difference between explicit attestation and implicit attestation.

Viele Grüße,

Henk





_______________________________________________
EAT mailing list
EAT@ietf.org<mailto:EAT@ietf.org>
https://www.ietf.org/mailman/listinfo/eat


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição