IETF Logo Mail Archive

[Rats] 答复: use case document updates on Roots of Trust

"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Tue, 17 September 2019 00:51 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5DC120144 for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 17:51:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5_AKDoJUTzhu for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 17:51:43 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF0521200D6 for <rats@ietf.org>; Mon, 16 Sep 2019 17:51:42 -0700 (PDT)
Received: from lhreml706-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 2708130A11CC0CF04131; Tue, 17 Sep 2019 01:51:40 +0100 (IST)
Received: from lhreml720-chm.china.huawei.com (10.201.108.71) by lhreml706-cah.china.huawei.com (10.201.108.47) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 17 Sep 2019 01:51:39 +0100
Received: from lhreml720-chm.china.huawei.com (10.201.108.71) by lhreml720-chm.china.huawei.com (10.201.108.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 17 Sep 2019 01:51:39 +0100
Received: from DGGEMM402-HUB.china.huawei.com (10.3.20.210) by lhreml720-chm.china.huawei.com (10.201.108.71) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1713.5 via Frontend Transport; Tue, 17 Sep 2019 01:51:39 +0100
Received: from DGGEMM511-MBX.china.huawei.com ([169.254.1.135]) by DGGEMM402-HUB.china.huawei.com ([10.3.20.210]) with mapi id 14.03.0439.000; Tue, 17 Sep 2019 08:51:33 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: Carl Wallace <carl@redhoundsoftware.com>, Laurence Lundblade <lgl@island-resort.com>, "Salz, Rich" <rsalz@akamai.com>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] use case document updates on Roots of Trust
Thread-Index: AQHVZkiAoyvOdUUcvE+GB+JTLAoWhqcjT1WAgAAfeQCAAAi6AIAABZQAgARrVYCAADiRgIAEmqqAgAEFdwCAAVVasA==
Date: Tue, 17 Sep 2019 00:51:33 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13E8F7836@dggemm511-mbx.china.huawei.com>
References: <4155.1567948986@dooku.sandelman.ca> <64BD12AA-951A-468A-9F08-D442054605AD@island-resort.com> <de6ff852-062d-805d-3eed-10aca60502b2@sit.fraunhofer.de> <CAN40gStH5jUCJeVggREr3ABoFw7K97F=KtoJOSR_X+LWNLB+JA@mail.gmail.com> <CAN40gSu13DKkyahHA3_Cbt5j7Gsh=uGh5ic7fS3AvDGP3K1cug@mail.gmail.com> <5276.1568315351@dooku.sandelman.ca> <92137679-7DEA-42AD-B8D1-F3B909C77459@akamai.com> <BAA4C3C3-C98B-4BA7-8C89-A169DD99EF86@island-resort.com> <D9A4F66D.EB1C1%carl@redhoundsoftware.com>
In-Reply-To: <D9A4F66D.EB1C1%carl@redhoundsoftware.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.159.76]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/015E10j7J98sQP1g2von2vFrSNg>
Subject: [Rats] 答复: use case document updates on Roots of Trust
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 00:51:45 -0000

Hi Carl,
The other big difference between them is the object they deal with: RoT is for integrity measurement value chain, CA is for certificate chain.

Hope it is helpful.

B.R.
Frank

-----邮件原件-----
发件人: RATS [mailto:rats-bounces@ietf.org] 代表 Carl Wallace
发送时间: 2019年9月16日 20:26
收件人: Laurence Lundblade <lgl@island-resort.com>; Salz, Rich <rsalz@akamai.com>
抄送: Michael Richardson <mcr+ietf@sandelman.ca>; rats@ietf.org
主题: Re: [Rats] use case document updates on Roots of Trust

I took Rich's statement to be more from a relying party perspective and your detail to be more what one might find in a policy describing nature of the root of trust, which is not that different from how one may describe a trust anchor/CA in a PKIX context in a policy that describes how a CA are operated, etc. Two sides of the same coin.

On 9/15/19, 4:50 PM, "RATS on behalf of Laurence Lundblade"
<rats-bounces@ietf.org on behalf of lgl@island-resort.com> wrote:

>On Sep 12, 2019, at 3:31 PM, Salz, Rich <rsalz@akamai.com> wrote:
>> 
>> I do not see a meaningful difference between "trust anchor" and 
>>"trust root" and "root(s) of trust."  All of them:
>> 	- Are pieces of data (certificate or key is not meaningful)
>> 	- Used to verify something such as a certificate or signature
>> 	- Are trusted by the application, based on actions that are "out of 
>>band" of the application itself
>
>This is not how I understand a root of trust, nor how I think it is 
>generally used in the TCG or TEE worlds. I think a root of trust 
>involves a CPU, memory and SW that actively does something like boot 
>and measure a device. There is usually a boundary around it so that 
>other software on the device, like the high-level OS, can’t corrupt it. 
>When it is doing reporting as in RATS it will have a private key that can do some signing.
>When it is doing trusted/secure boot, it will also have a public key to 
>verify the software it loads.
>
>LL
>
>
>_______________________________________________
>RATS mailing list
>RATS@ietf.org
>https://www.ietf.org/mailman/listinfo/rats


_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email