Re: [EAT] Attestation BoF charter updates?

Laurence Lundblade <lgl@island-resort.com> Sat, 20 October 2018 05:55 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 545CD130E30 for <eat@ietfa.amsl.com>; Fri, 19 Oct 2018 22:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZR9ou5j5yNL for <eat@ietfa.amsl.com>; Fri, 19 Oct 2018 22:55:03 -0700 (PDT)
Received: from p3plsmtpa06-10.prod.phx3.secureserver.net (p3plsmtpa06-10.prod.phx3.secureserver.net [173.201.192.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39F071200D7 for <eat@ietf.org>; Fri, 19 Oct 2018 22:55:02 -0700 (PDT)
Received: from [192.168.0.101] ([121.46.87.45]) by :SMTPAUTH: with ESMTPSA id DkDyg7KGd6pq4DkE0gwCgy; Fri, 19 Oct 2018 22:55:02 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <3347AA26-3FA1-4067-8378-51B533BA77FB@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_84BA8467-B394-4993-9FF6-D1418515FEA0"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Sat, 20 Oct 2018 11:24:57 +0530
In-Reply-To: <f84515dd-2e1a-7e66-7c23-b16f8f425d2a@sit.fraunhofer.de>
Cc: "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
References: <5D773C02-5083-4B10-A705-782E28FD8ADB@island-resort.com> <f84515dd-2e1a-7e66-7c23-b16f8f425d2a@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfAXny0mCdxX24HOL/VQwVyRAMQdZ1pg3Lw6hunLJwbDDTMPg9qYBROlqMAvl7XJ9kB7D2rwI3mpJ+34tbfdjNpWItsitjXrmpPdo0ndYE7XZxehcyVk7 HDGmTSAyJaCkbw4dFFu+CiRdovpD8dbinxwtaxNPx+QVRDSrOx2luTqIjf7Lppb8b6Jl7J437iKrXvKXdFCqz2HaGfCpaPH/9vy/C9N20N33nej/SFajuqg3
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/xIsn4vGWUmQ_ArHd19YptygSKUU>
Subject: Re: [EAT] Attestation BoF charter updates?
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Oct 2018 05:55:06 -0000

I’d like to propose this for the Introduction in the charter. I tried pretty hard to write what I wanted through edits to the existing intro, but really couldn’t make it work, so this is mostly new text. Some phrases are re used. Apologies for not finding a better way to do this. I have tried to put all the ideas and concepts in Henk’s original charter intro in here, though I have gone for a more abstract conceptual level. A few more notes below.

RATS enables remote parties communicating with a device to evaluate the trustworthiness, device identity, origin of manufacture, system integrity, configuration, operational state and other characteristics of that device. Conceptually, the remote party ends up knowing a set of claims about the device and using them to make the evaluation. The claims may explicitly be transmitted or implicitly derived from other things known about the device. Various means are used to secure, or prove the security of, claims for the remote party. Signing of the claims is the most important but may not be the only means of securing the claims. These claims can provide evidence that a device supports a certain set of operations and functions and/or that it is actually the exact device it is supposed to be.

RATS includes the measurement of SW running on the device and securely conveying those measurements to the remote party.  These measurements enable tje remote party to evaluate device trustworthiness, that it operates as expected, does what is required and does not do other things.

RATS may include definition of procedures by which a remote party evaluates certain claims. For example, how some measurement or other claims are compared to expected values to evaluate trustworthiness of the device.

RATS may include the definition new protocols and/or definition of secured data structures (e.g., signed) that are carried in existing protocols.

RATS is general purpose and aims to address a broad range of uses cases including on-line banking, payment transactions, critical infrastructure, network security functions, constrained devices, business and government enterprises and management of end-user devices.

Notes:

I have avoided the use of the formally defined terms in the introduction so it can stand more on its own, is easier to understand and is less presumption about architectures and designs. Seems like it is work for the WG to define the terms and create the designs.
My use of the lower case “device”, “claim” and “remote party” are just as broad concepts to be able to get the general idea across. The WG documents should use the more formal and specific definitions.
Hope I’ve covered both EAT and RATS concepts here. It was my goal. 
While I used the term RATS, I still want the WG name change to CREATE.

LL


> On Oct 11, 2018, at 10:19 PM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>; wrote:
> 
> Hi all,
> 
> sorry for the delay. Please find an updated charter proposal here:
> 
>> https://github.com/ietf-rats/charter/blob/RC2/ietf-rats-charter.md
> 
> The BoF proponents tried to merge all comments and proposals on keystores, existing solutions, provenance & device characteristics, etc that were raised on the list - and align them in homogeneous fashion.
> 
> This draft is intended to focus the discussion and improve the wording.
> 
> Viele Grüße,
> 
> Henk
> 
> On 10/06/2018 08:23 AM, Laurence Lundblade wrote:
>> Hi Henk,
>> Bangkok IETF is getting close, will you be able to update the charter for the attestation BoF to properly include EAT?  I sent you some text that just needs to be pasted along with some comments. It doesn’t look like there’s been any updates.
>> LL
> 
> _______________________________________________
> EAT mailing list
> EAT@ietf.org
> https://www.ietf.org/mailman/listinfo/eat