Re: [EAT] Preliminary RATS BoF Agenda

Laurence Lundblade <lgl@island-resort.com> Sun, 21 October 2018 14:32 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B219212F295 for <eat@ietfa.amsl.com>; Sun, 21 Oct 2018 07:32:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ryk0iNtcjp7 for <eat@ietfa.amsl.com>; Sun, 21 Oct 2018 07:32:15 -0700 (PDT)
Received: from p3plsmtpa08-06.prod.phx3.secureserver.net (p3plsmtpa08-06.prod.phx3.secureserver.net [173.201.193.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD63F130E50 for <eat@ietf.org>; Sun, 21 Oct 2018 07:32:14 -0700 (PDT)
Received: from [192.168.0.101] ([121.46.87.45]) by :SMTPAUTH: with ESMTPSA id EEm1gQwZR2sYoEEm2g6bsO; Sun, 21 Oct 2018 07:32:13 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <511F4AEC-F374-44D7-A0DE-FD1201732639@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_72C371AE-A79F-4FE9-9B0D-C00AF39BB564"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Sun, 21 Oct 2018 20:02:08 +0530
In-Reply-To: <45f29705a33140c58c03ddadf65f6a7f@XCH-RTP-013.cisco.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org>
To: "Eric Voit (evoit)" <evoit@cisco.com>
References: <d9f63399-5fa1-e220-22f3-3e85596a589f@sit.fraunhofer.de> <AM5PR0801MB209735CCC5CF80CCE96E9670FAFA0@AM5PR0801MB2097.eurprd08.prod.outlook.com> <45f29705a33140c58c03ddadf65f6a7f@XCH-RTP-013.cisco.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfJlepEoe3lO+SXBBLUNYoNxto/VFUUIV1H9X7ZpP3cT6MCvr210YC3+D209tbyhvPpwsWkXZuG5YwFahAKVQHmujyNq/+Rh/w75bU3k9TsVtPCnvwkZ3 Bir42iszijs406f4augtHHppp3E+E5pbyH9XwYCYDULZNq9GWCAeLYpoc5tLzLX1H0ZXzfzN6NxtY7vQDykckLnC+Xrl8N0XpOhPalibPwRbzlrdtf6F3Y+I nWTch8DmrIRH5+OJB7SQGcN+5CiNKirzzR1IWu+ssDMTwX/jbSdJkDG0ZzzNCsLd
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/mz6q4yYBLgqKjlzBz6gXNpef63M>
Subject: Re: [EAT] Preliminary RATS BoF Agenda
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2018 14:32:17 -0000

> On Oct 21, 2018, at 6:49 PM, Eric Voit (evoit) <evoit@cisco.com>; wrote:
> 
> To me the answer is yes.  For over a year Cisco has offered a controller based Integrity Verification application.  This application does remote attestation for routers.  See:
> https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/integrity_verification/user-guide/Cisco_Integrity_Verification_Application_APIC-EM_User_Guide_1_5_0_x.pdf <https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/integrity_verification/user-guide/Cisco_Integrity_Verification_Application_APIC-EM_User_Guide_1_5_0_x.pdf>

Eric, thanks for sharing that. I read it carefully and that helps me understand quite a lot in a more concrete way. Even looked at the KGV tar ball. In a lot of ways this isn’t too different some EAT uses on mobile phones where the idea is to use TrustZone, virtualization and other HW architectures to measure Android.

I’m guessing a lot of this is implemented with TPMs and TCG ideas.  Is that right? If you can share implementation HW specifics, then I won’t have to guess and have a lower probability of saying dumb things, but understand if that is highly proprietary. 

LL