Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by ietfa.amsl.com (Postfix) with ESMTP id 89906C169431
	for <lake@ietfa.amsl.com>; Wed,  5 Jun 2024 11:38:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.396
X-Spam-Level: 
X-Spam-Status: No, score=-4.396 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3,
	RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001,
	URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
	header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194])
	by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id A3UazQJZuw24 for <lake@ietfa.amsl.com>;
	Wed,  5 Jun 2024 11:38:10 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ietfa.amsl.com (Postfix) with ESMTPS id 17670C14CF0D
	for <lake@ietf.org>; Wed,  5 Jun 2024 11:38:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by tuna.sandelman.ca (Postfix) with ESMTP id 3F4EC38990
	for <lake@ietf.org>; Wed,  5 Jun 2024 14:38:08 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1])
	by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id S36Xd_C71epQ for <lake@ietf.org>;
	Wed,  5 Jun 2024 14:38:06 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21])
	by tuna.sandelman.ca (Postfix) with ESMTP id 2588D3898F
	for <lake@ietf.org>; Wed,  5 Jun 2024 14:38:06 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca;
	s=mail; t=1717612686;
	bh=ZOE+e6q+qr29QH1dA3pagf3NlDWlsM27gUBOMS8EuaM=;
	h=From:to:Subject:Date:From;
	b=bPz4phe5Yxs7mDEEg6+pbbM6AHCDbECqT6NaZ9ZYp2E+UYNlg59DaelpNmEoYsKIN
	 Lk6udzoIEcQIXwNgDK3Flk57DrOXL0WYGGULXsSsRtcSCXR42Ro95T5Nk0FkOVCtvp
	 +1Unx/awt09IiUgB+3zdtTz1zBrhMEj25N2KXcGOhFzk1GbUhR+JY774+w138wPF4z
	 VI4asNOVQ8r6IU4PF4RByZD+a/xlzNACD1YOpJgbw93UP6y2CiqGdoXeThwycAEqN2
	 OMPwUYZhyHATEAepbExl7KGPD2wWJKuqzmqKaRYVaUaPMt3EapfTOSibCOIdLEznYR
	 Ju8ns4LFsVJLQ==
Received: from obiwan.sandelman.ca (localhost [IPv6:::1])
	by sandelman.ca (Postfix) with ESMTP id 899E4375
	for <lake@ietf.org>; Wed,  5 Jun 2024 14:38:05 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: "lake@ietf.org" <lake@ietf.org>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: 
 $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub#
 z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Wed, 05 Jun 2024 14:38:05 -0400
Message-ID: <25805.1717612685@obiwan.sandelman.ca>
Message-ID-Hash: H3Y2TR3J6NJ7JS5JU7Z7RURBFAWZY544
X-Message-ID-Hash: H3Y2TR3J6NJ7JS5JU7Z7RURBFAWZY544
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: =?utf-8?q?=5BLake=5D_evaluation_of_attestation_results_by_EDHOC_=22clients?=
	=?utf-8?q?=22?=
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/lake/o2oujiDacHm2m9a5y7W50oUsY7o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


{sorry for the length}

Yuxuan Song explained her document draft-song-lake-ra to me with the help of
Goran and Malisa.  As I said on the list before, doing remote attestation as
part of an onboarding process makes a lot of sense.
Independant of that process, there are questions.   The documents' diagram:
     https://www.ietf.org/archive/id/draft-song-lake-ra-00.html#figure-1
does map very well to the U/V/W of:
     https://www.ietf.org/archive/id/draft-ietf-lake-authz-01.html#figure-2

{I did not see before that it is proposed to carry the Evidence in message-=
3.
I thought that would be too late, and it had to go in message-1}

(Except that re-using "V" for Verifier vs JRC is a problem we should avoid.)

My contention, which I think the group agreed with, is that one probably
wants to do continuous assurance, that is, to repeat the remote attestation.

Do you want to have two protocols and two code paths? (redundant code in a
constrained device?).  I suggested that *maybe* the remote attestation shou=
ld
use it's own /.well-known Path, and that it would just occur after
onboarding, and regularly onwards.  Maybe it's weird to onboard a device on=
ly
to kick it out again immediately because it failed remote attestation, but
given continuous assurance, this could happen at any time.
Anyway, if devices are being onboarded and then failing regularly, then I
think there are other, bigger problems.  (And if the battery on the device
gets run down because of this; well... that's one fewer attacker...)

We discussed the possibility that whenever doing a subsequent remote
attestation, that it could happen as part of a PSK-based EDHOC "rekey".
I can live with that.

We also discussed the opposite situation: where a constrained device needs =
to
consider the security posture of the (edge?) compute node which is going to
collect the sensor data.   This is a far more difficult situation.

In general, the situation is that the device needs to consider the
*Attestation Results*, since there is no reasonable way a constrained device
can competently evaluate the evidence directly.  This is, unlike the above
situation, a passport model.     Somewhere a Verifier has produced the right
results.  The question in this case is how is the U-device provisioned with
the right public key with which to evaluate the results?

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 I=C3=B8T consulti=
ng )
           Sandelman Software Works Inc, Ottawa and Worldwide

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQFKBAEBCgA0FiEEbsyLEzg/qUTA43uogItw+93Q3WUFAmZgsI0WHG1jcitpZXRm
QHNhbmRlbG1hbi5jYQAKCRCAi3D73dDdZdbfCACUK5eAC7P7XzCfyL2oshsraMOM
DkiDcnI+MXcIxS9WeF+tIR3bT1SNOBV8QyJLMtf8kD77Kp18y12jJin+m63R68rv
4y9bGW4Mp+uQMXGIJKW2QhjN8Vbf/XN7lUeaq2d/9vvCB76lKZkRz+vPFihmmxxZ
cZG/j8WReZ1iHBrzmZvE/KvEu5DsS5Hl2Qif+weKYk5NDog1s4DU6+8lLOA/Wq+y
ysk0Kwu8r8JNMqzS6pp764kFIK+8dKJccEwybEGSw61DXTJOEo+9nQhGEyK9m9f8
LpU2uHJe8ch6rFR2GCfi7XJ51DD7zn6BfYbLiDL1wgArnrMx3Z+HjFO6rI9d
=Ag1t
-----END PGP SIGNATURE-----
--=-=-=--