Re: [EAT] Device Identity (was Re: [EXTERNAL] Re: [Rats] Attestation BoF charter updates?)

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Sat, 20 October 2018 09:49 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECCED130DFC; Sat, 20 Oct 2018 02:49:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oToeROhEujB; Sat, 20 Oct 2018 02:49:23 -0700 (PDT)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DB26126BED; Sat, 20 Oct 2018 02:49:20 -0700 (PDT)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w9K9nCvo004222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 20 Oct 2018 11:49:13 +0200
Received: from [172.20.8.9] (88.157.232.34) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sat, 20 Oct 2018 11:49:06 +0200
To: Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
CC: Guy Fedorkow <gfedorkow@juniper.net>, Denis <denis.ietf@free.fr>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Smith, Ned" <ned.smith@intel.com>, "Jeremy O'Donoghue" <jodonogh@qti.qualcomm.com>, "eat@ietf.org" <eat@ietf.org>
References: <5D773C02-5083-4B10-A705-782E28FD8ADB@island-resort.com> <f84515dd-2e1a-7e66-7c23-b16f8f425d2a@sit.fraunhofer.de> <D7E5069D.C2E65%carl@redhoundsoftware.com> <c72a3b6c-88f2-d452-96be-947a4be1d9c8@free.fr> <73EF502E-B68C-4106-8311-4897B4F2DF8C@qti.qualcomm.com> <b6c9ff4a-cc35-8175-3294-4e6ec366409f@sit.fraunhofer.de> <615BB1D3-29E3-468B-B988-84852F47742C@intel.com> <VI1PR0801MB211230882A5B0D594D66DCFDFAFD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <71A01CDA-380F-4A57-B601-02F9A2699471@intel.com> <6f28e6a4-1930-84b2-1399-8aed75e3a6b4@sit.fraunhofer.de> <FB52EAA1-21F9-4792-B6A2-B58BBFBB53D6@island-resort.com> <BN7PR05MB4097DAA623B0F77573982910BAFF0@BN7PR05MB4097.namprd05.prod.outlook.com> <04976C31-F18C-4F99-847D-110641DCDE80@island-resort.com> <9c73f9b7-9129-c273-254e-465f92ab3650@sit.fraunhofer.de> <09818298-9FE1-430A-8045-A9A7E76ED64C@island-resort.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <aaf49ef2-d161-aa9d-7b8a-fd852c5806c4@sit.fraunhofer.de>
Date: Sat, 20 Oct 2018 11:49:05 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <09818298-9FE1-430A-8045-A9A7E76ED64C@island-resort.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [88.157.232.34]
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/lK3tJ9bH-5-s7C6ajkDfW8hreFM>
Subject: Re: [EAT] Device Identity (was Re: [EXTERNAL] Re: [Rats] Attestation BoF charter updates?)
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Oct 2018 09:49:28 -0000

Hello Laurence,

unfortunately, I am traveling at the moment, but let me try to address 
an eclectically chosen topic.

In an attempt to answer your question "What is the definition of an 
“identity document” I will just reference

> https://tools.ietf.org/html/draft-birkholz-core-coid-00#section-1

for now (instead of writing a wall of text again. Sorry, if I do that 
sometimes, that does not always help...)

Based on the reference text, the important principle here is that an 
identity document is signed using secret keys issued by a (sub) 
certificate authority that one or more entities *can* put trust into.

In comparison, if a CWT is signed with key material deployed on the 
device in question, what you provide is proof-of-possession of that 
signing (most likely intended to be secret) key.

Again, you *can* put trust into that proof-of-possession, but the trust 
relationships here can have vastly different semantics. In both cases 
though, putting trust into, for example, CoID (via TVP) or EAT (via PoP) 
is a decision, I think. If you choose to put trust into the signature of 
these CWT, both are Trusted Claim Sets - to you.

This trust has unfortunately nothing to do with the actual 
trustworthiness of the thing in question. As Ned illustrated already, 
"in a closed ecosystem, the trust characteristics and properties may be 
implied". In consequence, if you choose to trust that possession of a 
key provides an appropriate level of confidence in trustworthiness - 
that is a decision you make.

This does not provide actual evidence that a thing is really 
trustworthy. And providing this evidence via interoperable network 
protocols is the gap that RATS intent to address - not only in closed 
ecosystems, but also the Internet in general.

IHTH,

Henk


On 10/20/2018 08:19 AM, Laurence Lundblade wrote:
> I consider /device identity/ an absolute critical part of our work. It 
> is a critical part of most EAT use cases such as enrollment of IoT 
> devices with IoT management systems. It is the first claim defined in EAT.
> 
> What is the definition of an “identity document”? Maybe you are thinking 
> of it specifically as what was defined for IEEE Dev ID. If I recall, the 
> identification claims for the device are in the subject DN of an X.509 
> certificate.
> 
> Seems like any EAT with an EUID in it could server well as an identity 
> document too. It provides signed, secured proof of the identity of the 
> device. It can include manufacturer info in addition to the EUID. The 
> EAT style identity could be as tiny as 150 bytes in CBOR syntax. All you 
> need to store on the device is the EUID and the signing key. Maybe they 
> are even deterministically KDF’d from the same seed so you maybe you 
> only need to store 32 bytes on the device.
> 
> EAT’s mention of X.509 in 1.4.2 is as one of many ways to establish key 
> material so the remote / relying / verifying party can verify the 
> signature. So yes, I think you have it correct below. (Technically 
> speaking the private key associated with the X.509 cert is used to sign, 
> not the X.509 cert or keys in the cert. The X.509 is only to help the 
> verifier find and verify the verification key. You might even have a 
> means to get it from some service based on a key ID and not even store 
> it on the device).
> 
> It is an EAT design goal to keep /all/ the claims in the signed payload. 
> That includes identity of the device, identity of the manufacturer and 
> so on. That way you can use many different signing schemes (ECDAA, 
> symmetric key, non-X.509 public key, X.509 pubic key, simple public key 
> with just a key id…) with the same claims.
> 
> LL
> 
> 
> 
> 
>> On Oct 17, 2018, at 5:49 PM, Henk Birkholz 
>> <henk.birkholz@sit.fraunhofer.de 
>> <mailto:henk.birkholz@sit.fraunhofer.de>> wrote:
>>
>> Hi Laurence,
>>
>> maybe I understand now where the general confusion is originating from.
>>
>> I dug through some parts of the EAT draft again and could it be that 
>> UIED are identifier and not an identities? They literally are claims 
>> (aka assertions) that can be signed as content of a CWT as illustrated in
>>
>>> https://tools.ietf.org/html/draft-mandyam-eat-00#section-1.4.2
>>
>> 1.4.2. talks about identity documents by mentioning "X.509 certificate 
>> chains or something similar but different". But as you highlighted 
>> anything with regard to that is explicitly intended _not_ to go into 
>> the EAT claim set as content, but is stored on the thing (or maybe on 
>> a thing that signs "on behalf of" the thing the EAT is about?) and 
>> consequently is only used to potentially sign the EAT claim set (via 
>> COSE). Is that correct?
>>
>> As a result, an EAT would never be able to act as an identity document 
>> itself, but the key material that comes along with an x.509 
>> certificate (as one example of many highlighted) could be used to sign 
>> the EAT.
>>
>> RATS are able to use the "X.509 certificate chains or something 
>> similar but different" and the corresponding key material comes along 
>> with a certificate (as one example amongst others) to establish 
>> Attestation Provenance.
>>
>> Viele Grüße,
>>
>> Henk
>>
>> On 10/17/2018 01:19 PM, Laurence Lundblade wrote:
>>> Wasn’t saying there was ambiguity in the TCG case. Not being a TCGer, 
>>> was just was trying to understand what the TCG definition is.
>>> Your mentioning 802.1AR DevID helps a lot as I have some knowledge of it.
>>> I see now that my speculation about SW / config version was wrong. 
>>> That’s fine. I only wrote it to try to get to clarity.
>>> Thanks for help clarifying.
>>> In EAT, we defined a UEID for what TCGer’s mean by “identity":
>>>    UEID's identify individual manufactured entities / devices such as a
>>>    mobile phone, a water meter, a Bluetooth speaker or a networked
>>>    security camera.  It may identify the entire device or a submodule or
>>>    subsystem.  It does not identify types, models or classes of devices.
>>>    It is akin to a serial number, though it does not have to be
>>>    sequential.
>>> See here 
>>> <https://tools.ietf.org/html/draft-mandyam-eat-00#section-3.1> for 
>>> more on UEID.
>>> In EAT there is a strong desire to separate the signing key material 
>>> from UEID to have flexibility in the signing scheme. For example FIDO 
>>> and Android both have privacy-preserving schemes were a signing key 
>>> is shared by 100,000 devices. (Some use cases need privacy, some 
>>> don’t, perhaps because of legal agreements with customers, and 
>>> correlation between use cases and privacy schemes can’t be counted on 
>>> for high-volume devices like mobile phones).
>>> I don’t know what the right answer(s) is(are) in the design yet...
>>> LL
>>>> On Oct 17, 2018, at 4:26 PM, Guy Fedorkow <gfedorkow@juniper.net 
>>>> <mailto:gfedorkow@juniper.net> <mailto:gfedorkow@juniper.net>> wrote:
>>>>
>>>> Hi Laurence,
>>>>  I don't think there's ambiguity in the TCG case...  current work in 
>>>> attestation focuses on using the 802.1AR DevID spec, which 
>>>> corresponds exactly to one of your cases below -- it's a vendor, 
>>>> model and serial number.
>>>>  It's true that TCG technology can be used to validate software 
>>>> integrity, but that's hardly the same as identity.
>>>>  Considerations of user privacy commonly accepted in TCG would 
>>>> preclude the inclusion of software state as part of identity, 
>>>> practicalities aside.  In general, privacy considerations lead TCG 
>>>> to carefully avoid unauthorized disclosure of either software or 
>>>> hardware based assertions.
>>>>  Let me know if I'm missing the point...
>>>> Thanks
>>>> /guy fedorkow, juniper networks
>>>>
>>>> -----Original Message-----
>>>> From: Laurence Lundblade <lgl@island-resort.com 
>>>> <mailto:lgl@island-resort.com> <mailto:lgl@island-resort.com>>
>>>> Sent: Wednesday, October 17, 2018 12:31 AM
>>>> To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de 
>>>> <mailto:henk.birkholz@sit.fraunhofer.de> 
>>>> <mailto:henk.birkholz@sit.fraunhofer.de>>
>>>> Cc: Smith, Ned <ned.smith@intel.com <mailto:ned.smith@intel.com> 
>>>> <mailto:ned.smith@intel.com>>; Hannes Tschofenig 
>>>> <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com> 
>>>> <mailto:Hannes.Tschofenig@arm.com>>; rats@ietf.org 
>>>> <mailto:rats@ietf.org> <mailto:rats@ietf.org>; Jeremy O'Donoghue 
>>>> <jodonogh@qti.qualcomm.com <mailto:jodonogh@qti.qualcomm.com> 
>>>> <mailto:jodonogh@qti.qualcomm.com>>; Denis <denis.ietf@free.fr 
>>>> <mailto:denis.ietf@free.fr> <mailto:denis.ietf@free.fr>>; 
>>>> eat@ietf.org <mailto:eat@ietf.org> <mailto:eat@ietf.org>
>>>> Subject: Re: [EAT] [EXTERNAL] Re: [Rats] Attestation BoF charter 
>>>> updates?
>>>>
>>>> I think the TCG has a certain developed notion of identity that is 
>>>> different from others.  A way to get sharper about what a particular 
>>>> identity means is to describe the space and how the identifier 
>>>> selects in the space.  Here’s a few examples:
>>>>
>>>> - The space is physical human beings with fingers. A fingerprint 
>>>> scanner select one of these humans. This is typical biometric auth.
>>>> - The space is humans that know a password. A password authenticator 
>>>> selects the humans that know the password. Typical authentication.
>>>> - The space is humans as legal entities / citizens with criminal 
>>>> records, passports and such. A national ID selects.
>>>> - The space is physical manufactured devices from one maker.  A 
>>>> serial number narrows it down to one physical device.
>>>> - The space is physical devices from one maker. A model number or 
>>>> version, narrows down to a subset of these devices.
>>>>
>>>> My understanding of the TCG world is that identities goes beyond any 
>>>> of the above because they include things like the version of the SW 
>>>> and configuration of the device. The identity is largely a hash of 
>>>> an identifier of the physical device, various SW components and 
>>>> various configuration states.  The point being that a change in any 
>>>> of these is a change in the security characteristics of the device 
>>>> and if it was trusted with a particular key or particular data in 
>>>> the past, that trust should be revoked until re established.
>>>>
>>>> - The space is physical devices from any maker
>>>>  + Measurement of the SW (the SW versions)
>>>>     + Measurements of some configuration
>>>>
>>>> Changing any of these change the identity of the device.
>>>>
>>>> I know I hardly need to ask, but TCG folks, did I describe this 
>>>> correctly?
>>>>
>>>>
>>>> So that said, many, perhaps most, use cases for EAT do not want this 
>>>> kind of device identity. It is not a prerequisite for trusting 
>>>>  claims coming from the device. In some cases this level of identity 
>>>> seems extremely disruptive as small SW upgrades could result in re 
>>>> enrollment of biometrics. We already are annoyed when we have to 
>>>> answer security questions when start using a service from a new device.
>>>>
>>>> I think this WG needs to address both this very tight TCG-style 
>>>> device identity and the more heuristic EAT-style 
>>>> claims-for-risk-engines. I could see multi-decade evolution where 
>>>> risk engine use cases want more and more of the tight TCG-style 
>>>> device identity as criminals become more adept at forging EAT-style 
>>>> claims. (Today risk engines work off of unsecured browser parameters).
>>>>
>>>> The Introduction in the charter seems entirely focused on the 
>>>> TCG-based identity use case. I think text should be added for 
>>>> EAT-style attestation. I will write some after some comments on this 
>>>> message.
>>>>
>>>> LL
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Oct 16, 2018, at 8:24 PM, Henk Birkholz 
>>>>> <henk.birkholz@sit.fraunhofer.de 
>>>>> <mailto:henk.birkholz@sit.fraunhofer.de> 
>>>>> <mailto:henk.birkholz@sit.fraunhofer.de>> wrote:
>>>>>
>>>>> To quote Carsten, there is "the usual terminology problem about 
>>>>> identity".
>>>>>
>>>>> Identifying vs. Identity brings back memories about an extensive 
>>>>> discussion in SACM that in the end resulted in using Profiles...
>>>>>
>>>>> Profiles are the "things" that you can aggregate identity claims in 
>>>>> (in SACM these claims are "Target Endpoint Characteristics", which 
>>>>> are pretty much the same thing as Device Characteristics) - and you 
>>>>> use the Profiles to (re-)identify target endpoints.
>>>>>
>>>>> In the scope of remote attestation procedures, I think that "just 
>>>>> not calling" claim sets that are composed (amongst others) of 
>>>>> identifying claims "identity documents" might just end up in making 
>>>>> up another name for something that is effectively composing 
>>>>> identity documents anyways. If calling the same thing something 
>>>>> else helps in some way, I am all for it. But I am really not sure.
>>>>>
>>>>> That said, Ned's elaboration on the relationship of identity and 
>>>>> attestation claims and corresponding claim semantics / trust 
>>>>> semantics is spot on, I think.
>>>>>
>>>>> Viele Grüße,
>>>>>
>>>>> Henk
>>>>>
>>>>> On 10/16/2018 03:51 PM, Smith, Ned wrote:
>>>>>> Agree with Hannes that identity discussion can lead to confusion 
>>>>>> as identity is often highly dependent on some sort of context 
>>>>>> (domain of interpretation).
>>>>>> In order to have productive conversation about attestation and 
>>>>>> identity, it may be important to understand that attestation 
>>>>>> semantics sets the context for identity.
>>>>>> * Attestation attributes have trust semantics (and trust semantics 
>>>>>> are interpreted through the eyes of the verifier). Identity 
>>>>>> attributes may also have trust semantics (in addition to identity 
>>>>>> semantics) hence can be regarded as playing a role in both 
>>>>>> identity and attestation. Since RATS should be interested 
>>>>>> primarily in trust semantics, it makes sense to understand, 
>>>>>> discuss and consider identity in terms of its trust semantics. 
>>>>>> Hence identity attributes are only interesting to RATS if they are 
>>>>>> useful for evaluating trust semantics.
>>>>>> * In a closed ecosystem, the trust characteristics and properties 
>>>>>> may be implied because there often exists out-of-band processes 
>>>>>> that ensure the characteristics are applied (for example, if an IT 
>>>>>> organization sets a policy that all asymmetric keys are to be 
>>>>>> hardened using a smartcard, they can apply a deployment process 
>>>>>> where the IT professional verifies the smartcard is used during 
>>>>>> enrollment.) But in a non-closed ecosystem, there isn't an 
>>>>>> assumption that out-of-band processes exist. Attestation attempts 
>>>>>> to make explicit what otherwise is implicit and therefore subject 
>>>>>> to misinterpretation if the verifier, relying party and attester 
>>>>>> are not part of the same closed ecosystem. Implicit attestation 
>>>>>> therefore can lead to semantic confusion if we're not careful. 
>>>>>> Therefore, the rigor of treating implicit attestation claims 
>>>>>> (assertions assumed to exist but not explicitly named) should 
>>>>>> nevertheless be defined explicitly. Then, if there is a need for 
>>>>>> implicit attestation, the specifications that describe them can 
>>>>>> describe them in terms of an explicit definition.
>>>>>> * In the context of asserting trust characteristics, the verifier 
>>>>>> needs to know that a set of characteristics applies to the 
>>>>>> instance of the endpoint being evaluated (aka the attester). 
>>>>>> (Otherwise a MITM could supply characteristics that may be valid, 
>>>>>> but don’t apply to the specific instance). Consequently, it makes 
>>>>>> sense to consider that *attestation* keys are needed to 
>>>>>> authenticate the endpoint being evaluated. This doesn't imply an 
>>>>>> identity key couldn't double as an attestation key. But if it 
>>>>>> does, we care about its relevance to the attester endpoint.
>>>>>> -Ned
>>>>>> On 10/15/18, 6:49 PM, "Hannes Tschofenig" 
>>>>>> <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com> 
>>>>>> <mailto:Hannes.Tschofenig@arm.com>> wrote:
>>>>>>    Here are my 5 cents on the term 'identity'.
>>>>>>         I have been working on identity management for many years 
>>>>>> (partially because of my OAuth co-chair role) and I have noticed 
>>>>>> that the use of the term "identity" tends to confuse more than it 
>>>>>> helps (even more so when the term is applied to devices and 
>>>>>> software rather than humans).
>>>>>>         I believe we could get away with describing what we want 
>>>>>> without ever using the term.
>>>>>>         In this context I would argue that we are about 
>>>>>> identifying different components, such as hardware and software.
>>>>>>         Ciao
>>>>>>    Hannes
>>>>>>         -----Original Message-----
>>>>>>    From: EAT <eat-bounces@ietf.org <mailto:eat-bounces@ietf.org> 
>>>>>> <mailto:eat-bounces@ietf.org>> On Behalf Of Smith, Ned
>>>>>>    Sent: Monday, October 15, 2018 9:00 AM
>>>>>>    To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de 
>>>>>> <mailto:henk.birkholz@sit.fraunhofer.de> 
>>>>>> <mailto:henk.birkholz@sit.fraunhofer.de>>; rats@ietf.org 
>>>>>> <mailto:rats@ietf.org> <mailto:rats@ietf.org>; Jeremy O'Donoghue 
>>>>>> <jodonogh@qti.qualcomm.com <mailto:jodonogh@qti.qualcomm.com> 
>>>>>> <mailto:jodonogh@qti.qualcomm.com>>; Denis <denis.ietf@free.fr 
>>>>>> <mailto:denis.ietf@free.fr> <mailto:denis.ietf@free.fr>>
>>>>>>    Cc: eat@ietf.org <mailto:eat@ietf.org> <mailto:eat@ietf.org>
>>>>>>    Subject: Re: [EAT] [EXTERNAL] Re: [Rats] Attestation BoF 
>>>>>> charter updates?
>>>>>>         I agree with Henk's observation that there is opportunity 
>>>>>> to find common ground on identity as identity can be a collection 
>>>>>> of attributes, that if signed, becomes a set of verifiable claims 
>>>>>> (about identity attributes). Attestation has a similar structure 
>>>>>> in that it consists of a set of attributes, that if signed becomes 
>>>>>> a set of verifiable claims. The main difference between identity 
>>>>>> and attestation attributes is whether the attribute semantically 
>>>>>> relate to trust (vs. identity). For example, claims of security 
>>>>>> certification compliance resonates as attestation.
>>>>>>         It may be possible to combine a set of attestation 
>>>>>> attributes in such a way that the combination uniquely identifies 
>>>>>> an entity. But that doesn't make it an identity system per se and 
>>>>>> shouldn't cause a conflict in charter goals with respect to other 
>>>>>> identity focused efforts in IETF.
>>>>>>         Also, inclusion of attributes that don't have semantics 
>>>>>> that reasonably relate to trust should not be of interest to a 
>>>>>> working group focused on attestation.
>>>>>>         -Ned
>>>>>>         On 10/15/18, 3:53 PM, "EAT on behalf of Henk Birkholz" 
>>>>>> <eat-bounces@ietf.org <mailto:eat-bounces@ietf.org> 
>>>>>> <mailto:eat-bounces@ietf.org> on behalf of 
>>>>>> henk.birkholz@sit.fraunhofer.de 
>>>>>> <mailto:henk.birkholz@sit.fraunhofer.de> 
>>>>>> <mailto:henk.birkholz@sit.fraunhofer.de>> wrote:
>>>>>>             Hi Jeremy & Denis,
>>>>>>             all these points of view have merit, I think.
>>>>>>             Please have a look at these quotes:
>>>>>>> knowing the provenance of the device
>>>>>>> having the entity creator/manufacturer provide a set of claims 
>>>>>>> which can be verified
>>>>>>> to know the characteristics of a device by issuing to the device 
>>>>>>> a public key certificate which will only be issued to the device 
>>>>>>> if it fulfills an expected set of functionalities.
>>>>>>             To me, these descriptions seem to have different 
>>>>>> intents, scope or
>>>>>>        audience and require most certainly different work-flows, but
>>>>>>        semantically and in consequence representation-wise they 
>>>>>> also seem quite
>>>>>>        related.
>>>>>>             If you think of an identity document as a set of 
>>>>>> claims (potentially
>>>>>>        including a public key), that is signed and that can match 
>>>>>> one or more
>>>>>>        things, maybe all three types highlighted above are 
>>>>>> actually covered by
>>>>>>        the same identity document concept?
>>>>>>             With respect to identity documents, I think it is safe 
>>>>>> so say that we
>>>>>>        can find common ground here rather easily. That said, the 
>>>>>> way how these
>>>>>>        identity documents come into existence, when and how they 
>>>>>> are deployed
>>>>>>        on the thing or associated with multiple things is another 
>>>>>> question. We
>>>>>>        most certainly do not want to end up with a "signing fool" 
>>>>>> that does not
>>>>>>        add value to the level of confidence (I am quoting Ned 
>>>>>> Smith here).
>>>>>>             This has to be fleshed out explicitly for each 
>>>>>> scenario and the parts
>>>>>>        that are reused in every scenario should get special 
>>>>>> attention in the
>>>>>>        upcoming RATS architecture draft.
>>>>>>             Identifying claims aggregated in an identity document 
>>>>>> most certainly can
>>>>>>        include device characteristics, public key(s), or claims 
>>>>>> about the
>>>>>>        intended functions and capabilities of the thing. Claims 
>>>>>> can even
>>>>>>        originate from Claimants that are not the thing itself, but 
>>>>>> external
>>>>>>        entities providing an assertion (e.g. these things are 
>>>>>> CC-certified).
>>>>>>             All different composites of identifying claims have a 
>>>>>> specific shared
>>>>>>        intend in this context though, I think: expressing Attestation
>>>>>>        Provenance (again - one for one or more things of the same 
>>>>>> kind). And
>>>>>>        all of them originate from Claimants and therefore use a 
>>>>>> root of trust
>>>>>>        of measurement, I think.
>>>>>>             That said, establishing trustworthy knowledge about 
>>>>>> attestation
>>>>>>        provenance is only the first step and provides the 
>>>>>> foundation for more
>>>>>>        complex attestation procedures. In any case, this seem to 
>>>>>> be required by
>>>>>>        every scenario that was highlighted so far and therefore 
>>>>>> will most
>>>>>>        certainly be covered in a deliverable.
>>>>>>             IHTH,
>>>>>>             Henk
>>>>>>                  On 10/15/2018 12:22 PM, Jeremy O'Donoghue wrote:
>>>>>>> On 12 Oct 2018, at 14:33, Denis <denis.ietf@free.fr 
>>>>>>> <mailto:denis.ietf@free.fr> <mailto:denis.ietf@free.fr>
>>>>>>> <mailto:denis.ietf@free.fr>> wrote:
>>>>>>>> The "Problem Statement" continues as follows:
>>>>>>>>
>>>>>>>> (2) Today, there is no common, standard way for Relying Parties to
>>>>>>>> know the provenance and characteristics of a device (e.g., an 
>>>>>>>> end-user
>>>>>>>> device,
>>>>>>>> platform or endpoint, servers, IoT devices, device subsystems and
>>>>>>>> sub-modules) that may be requesting services.
>>>>>>>>
>>>>>>>> Knowing the provenance of the device is not always necessary. 
>>>>>>>> What is
>>>>>>>> important is to know that a specific set of functions is (securely)
>>>>>>>> supported by the device.
>>>>>>>> There already exists a common way to know the characteristics of a
>>>>>>>> device by issuing to the device a public key certificate which will
>>>>>>>> only be issued to the device
>>>>>>>> if it fulfills an expected set of functionalities. In such a case a
>>>>>>>> syntax for a trusted claim sets**is not needed.
>>>>>>>>
>>>>>>> This is indeed a possible way to address the problem, but suffers 
>>>>>>> from
>>>>>>> challenges which come down to:
>>>>>>>
>>>>>>> - Who issues such certificates. An option is that there is some 
>>>>>>> form of
>>>>>>> security certification behind this issuance otherwise it is of very
>>>>>>> limited value.
>>>>>>> - In order to capture the wide variety of different devices (I prefer
>>>>>>> "entity" here as it is more general than "device"), many 
>>>>>>> different forms
>>>>>>> of such certificates would be required. This ends up being much 
>>>>>>> the same
>>>>>>> thing as a set of claims.
>>>>>>>
>>>>>>> Given the multiplicity of entities for which attestation might be
>>>>>>> useful, it seems to me that having the entity creator/manufacturer
>>>>>>> provide a set of claims which can be verified is more flexible than
>>>>>>> requiring a certificate. It seems likely to me that where a formal
>>>>>>> security certification is needed there will be a certificate 
>>>>>>> issued by
>>>>>>> the Certifying Body as one of the claims about an entity, but I can
>>>>>>> think of many cases (supply chain management, to take just one 
>>>>>>> example)
>>>>>>> where provenance is by far the most useful information.
>>>>>>>
>>>>>>> I'm not in favour of changes to the charter in this direction.
>>>>>>>>
>>>>>>>> The simplest cases should also be part of the framework.
>>>>>>>>
>>>>>>>> Note: I personally appreciate that privacy is an aspect that
>>>>>>>> will/should be taken into consideration.
>>>>>>>>
>>>>>>>> Denis
>>>>>>>>
>>>>>>>>> As with the earlier draft, there are many references to verify and
>>>>>>>>> verifier in the lead up to the deliverable but no deliverables 
>>>>>>>>> describing
>>>>>>>>> verification rules. I'd like to see rules in one of these 
>>>>>>>>> documents and
>>>>>>>>> think it worth citing in the deliverables. Are bindings to 
>>>>>>>>> certificate
>>>>>>>>> management protocols out of scope?
>>>>>>>>>
>>>>>>>>> On 10/11/18, 9:49 AM, "RATS on behalf of Henk Birkholz"
>>>>>>>>> <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> 
>>>>>>>>> <mailto:rats-bounces@ietf.org> on behalf of 
>>>>>>>>> henk.birkholz@sit.fraunhofer.de 
>>>>>>>>> <mailto:henk.birkholz@sit.fraunhofer.de> 
>>>>>>>>> <mailto:henk.birkholz@sit.fraunhofer.de>>  wrote:
>>>>>>>>>
>>>>>>>>>> Hi all,
>>>>>>>>>>
>>>>>>>>>> sorry for the delay. Please find an updated charter proposal here:
>>>>>>>>>>
>>>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ietf-2Drats_charter_blob_RC2_ietf-2Drats-2Dcharter.md&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=rPzmwhcwy8eob4eMiwWzDg5DY-mcC5HYgQqhUGCZ2RI&e=
>>>>>>>>>> The BoF proponents tried to merge all comments and proposals on
>>>>>>>>>> keystores, existing solutions, provenance & device 
>>>>>>>>>> characteristics, etc
>>>>>>>>>> that were raised on the list - and align them in homogeneous 
>>>>>>>>>> fashion.
>>>>>>>>>>
>>>>>>>>>> This draft is intended to focus the discussion and improve the 
>>>>>>>>>> wording.
>>>>>>>>>>
>>>>>>>>>> Viele Grüße,
>>>>>>>>>>
>>>>>>>>>> Henk
>>>>>>>>>>
>>>>>>>>>> On 10/06/2018 08:23 AM, Laurence Lundblade wrote:
>>>>>>>>>>> Hi Henk,
>>>>>>>>>>>
>>>>>>>>>>> Bangkok IETF is getting close, will you be able to update the 
>>>>>>>>>>> charter
>>>>>>>>>>> for the attestation BoF to properly include EAT?  I sent you 
>>>>>>>>>>> some text
>>>>>>>>>>> that just needs to be pasted along with some comments. It 
>>>>>>>>>>> doesn’t look
>>>>>>>>>>> like there’s been any updates.
>>>>>>>>>>>
>>>>>>>>>>> LL
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> RATS mailing list
>>>>>>>>>> RATS@ietf.org <mailto:RATS@ietf.org> <mailto:RATS@ietf.org>
>>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_rats&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=xThsQTXgadltVkHTYpOWknadi7puxZt8O6XOIUm_bzo&e=
>>>>>>>>> _______________________________________________
>>>>>>>>> EAT mailing list
>>>>>>>>> EAT@ietf.org <mailto:EAT@ietf.org> <mailto:EAT@ietf.org>
>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_eat&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=N7kKkDdCvl_MNmB3Guyg9HC-kQnMrX1cP5w44SbDsAw&e=
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> EAT mailing list
>>>>>>>> EAT@ietf.org <mailto:EAT@ietf.org> <mailto:EAT@ietf.org> 
>>>>>>>> <mailto:EAT@ietf.org>
>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_eat&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=N7kKkDdCvl_MNmB3Guyg9HC-kQnMrX1cP5w44SbDsAw&e=
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> EAT mailing list
>>>>>>> EAT@ietf.org <mailto:EAT@ietf.org> <mailto:EAT@ietf.org>
>>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_eat&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=N7kKkDdCvl_MNmB3Guyg9HC-kQnMrX1cP5w44SbDsAw&e=
>>>>>>>
>>>>>>             _______________________________________________
>>>>>>        EAT mailing list
>>>>>> EAT@ietf.org <mailto:EAT@ietf.org> <mailto:EAT@ietf.org>
>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_eat&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=N7kKkDdCvl_MNmB3Guyg9HC-kQnMrX1cP5w44SbDsAw&e=
>>>>>>              _______________________________________________
>>>>>>    EAT mailing list
>>>>>> EAT@ietf.org <mailto:EAT@ietf.org>
>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_eat&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=N7kKkDdCvl_MNmB3Guyg9HC-kQnMrX1cP5w44SbDsAw&e=
>>>>>>    IMPORTANT NOTICE: The contents of this email and any 
>>>>>> attachments are confidential and may also be privileged. If you 
>>>>>> are not the intended recipient, please notify the sender 
>>>>>> immediately and do not disclose the contents to any other person, 
>>>>>> use it for any purpose, or store or copy the information in any 
>>>>>> medium. Thank you.
>>>>>>
>>>>> _______________________________________________
>>>>> EAT mailing list
>>>>> EAT@ietf.org <mailto:EAT@ietf.org> <mailto:EAT@ietf.org>
>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_eat&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=sebUyXCidr_CEuZObmOub9NX0cE_5cRieGL_7VXhmfk&m=p5eO1iMTXM4ZfeXvFBU57-xCILnJh-EOaxl5AUwyWGM&s=N7kKkDdCvl_MNmB3Guyg9HC-kQnMrX1cP5w44SbDsAw&e=
>>>>
>>>> _______________________________________________
>>>> EAT mailing list
>>>> EAT@ietf.org <mailto:EAT@ietf.org> <mailto:EAT@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/eat
>>
>> _______________________________________________
>> EAT mailing list
>> EAT@ietf.org <mailto:EAT@ietf.org>
>> https://www.ietf.org/mailman/listinfo/eat
>