Re: [Rats] Call for adoption draft-moriarty-attestationsets
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 22 November 2021 20:34 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0D4B3A07A6 for <rats@ietfa.amsl.com>; Mon, 22 Nov 2021 12:34:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HGKCsQhH5C2m for <rats@ietfa.amsl.com>; Mon, 22 Nov 2021 12:34:10 -0800 (PST)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4628B3A0768 for <rats@ietf.org>; Mon, 22 Nov 2021 12:34:10 -0800 (PST)
Received: by mail-ua1-x934.google.com with SMTP id r15so39248384uao.3 for <rats@ietf.org>; Mon, 22 Nov 2021 12:34:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+XJZVzF9OMufMYZpOk3JclL03iBCbKoJO4EV0h/PX0U=; b=kIFgLO/O6uhK0jsOJLmU/de8y9rWkygCy7OOkajzB64+qT7L6CyBHnz58P77AzOF3D rEy5+5O0HGMiD8kvJdyLq6bOULjMI8GWXRTsw9PgNB8GODv9PIbHdHL9uV34R6/cAwHw nbuvjJuvW3Aaae1UkhgRnYA2vi2KRnGUAWREG8A+ri40UzQoV5knoTjJ3fRsNYn1Jctz lglCMXMqKmtfDmSBEcZ9ma0ypSOday9JSJpWKXLzT3stEKXyABDmTGimGdC+bB3wTxF3 BD48HThmnAQXb2ZnL8j276L7VkZPqLFJ7JukTEOY0EgQXrKbsaMRJ7ryArLKTwcVSXmq s0kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+XJZVzF9OMufMYZpOk3JclL03iBCbKoJO4EV0h/PX0U=; b=qzbwhOd0q6K54dUdwjtmBSPh7QCHdj259bfeZphbBtaFW2WMzNod/QUh5PFyKTzAWn 8q5qdHrHatRN8b0bwmUpFo7kXsDTcwQPmidRrI8qPW4G8r1JfCZo7cQmhzi9xYtIdOud gPuP8y4HL4v4yFeHc6npAGrIzN557KZton0wTEPAvohhLPxLNv1w1C1SmxX6E76sK0j4 E3SyGlO4VG+2fsdYzHQynVmoZB4l6cGE5jTd3j7MtCSSPM3uTifKaU+hvY1jJQLVYHow NdxZ3Douxlrog0fBuCIonoVSRCI3A/RgtC0lw2zAwPEycFEX8jSpBk3+js1OT5G3Q+jW 1whw==
X-Gm-Message-State: AOAM5339PC8U9DTGs1Y29iDNvM13UysrLgQPAz7L0pMjoDEQm5XCHJLs c5ZFYfRrHxvvj54zf+9ZOKHLvfgZO0DEfRboAq6ITycZ
X-Google-Smtp-Source: ABdhPJwtWDiTwQlr8rAB7OkH6c9WMXAHDC7gYE6JsVmmNIqTG9Em26KxVclBCI/Zb3hCHRYnX3QK0We5h3Fv7yGtjBI=
X-Received: by 2002:ab0:67d7:: with SMTP id w23mr89211760uar.3.1637613247556; Mon, 22 Nov 2021 12:34:07 -0800 (PST)
MIME-Version: 1.0
References: <35D9F8A8-45EA-420A-8F42-069EF54B3124@cisco.com> <175555.1637261741@dooku>
In-Reply-To: <175555.1637261741@dooku>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 22 Nov 2021 15:33:31 -0500
Message-ID: <CAHbuEH7YwqieEgLL6ycRQLyDZJo-seEHxKLn5ww9VK2r4HQEYA@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "rats@ietf.org" <rats@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e6701d05d1668b1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/-3_EqIzgY8DXt0u8hfenHZ3X61c>
Subject: Re: [Rats] Call for adoption draft-moriarty-attestationsets
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2021 20:34:20 -0000
Hi Michael, When grouping sets of attestations, they should align to something, that's in the sections you've listed as "nothing lost". How do you convey the set name if it's not part of what is conveyed? To reach scalable automation, where attestations are shared remotely, we'll indeed have some alignment to defined sets. CIS Benchmarks, NIST standards, TCG Reference Integrity measurements are all examples of defined sets with NIST SP 800-193 already fully attested in local hardware for traditional and hyperscaler vendors. What needs to be registered will become more clear as implementations flush out the details and there are a few vendors looking at this model to help with this problem set - making security simpler to manage. I hope that helps. Thanks, Kathleen On Thu, Nov 18, 2021 at 1:56 PM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > I think that the point of this document is to register five claims: > MPS, LEM, PCR, FMA, HSH > > I guess that I would expect to find a section on each claim? > > While the Introduction has been simplified a bit. > There are four paragraphs in the Introduction, some points, and a closing > paragraph: > -(*) posture automation > - CIS > - TPM/boot/NIST > -(*) PCR values + EAT > - some things to measure > - policy/conclusion > > I see how (*) relate to section 2's claims, but the rest I still find > irrelevant. If I skip those paragraphs, then I find that I've lost > nothing. > > Note that I am in favour of adopting documents early: as soon as the > problem > statement has been clearly articulated. I would support adoption of this > document. {I'm not sure what criteria this WG is using} > > I'd also like to understand how this document interacts with the many other > desktop TPM systems out there... the whole SACM/PA-TNC and related NEA > works. > It feels like a reset-to-blank, start over again. (I'm not opposed to > that) > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats > -- Best regards, Kathleen
- [Rats] Call for adoption draft-moriarty-attestati… Nancy Cam-Winget (ncamwing)
- Re: [Rats] Call for adoption draft-moriarty-attes… Michael Richardson
- Re: [Rats] Call for adoption draft-moriarty-attes… Kathleen Moriarty
- Re: [Rats] Call for adoption draft-moriarty-attes… Michael Richardson
- Re: [Rats] Call for adoption draft-moriarty-attes… Kathleen Moriarty