[Rats] Hint Discussion in CSR Attestation Draft
"Tschofenig, Hannes" <hannes.tschofenig@siemens.com> Mon, 17 June 2024 12:21 UTC
Return-Path: <hannes.tschofenig@siemens.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0497AC1DA2E8; Mon, 17 Jun 2024 05:21:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwDde-gTIQs3; Mon, 17 Jun 2024 05:20:58 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on2072.outbound.protection.outlook.com [40.107.14.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5F9FC1DA1DE; Mon, 17 Jun 2024 05:20:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OBWV4/PEF5ApToXvebxEqkcUg/J/0PFAsCpxTALd0FU35l5sN+LBGrJcqXGjx+5PzIJcFTppusXaEZk1suzZQ78VOeczSIcBnC/019r1Vv2uD3m2AY+0gmmeu4+8bU7qJjdiSglcjg5lUJEZkUuWUC+awbgCywyBp9NEFJC21zFNGdOb7HBvWMccesMFX0v+OXlcIEpUetm0HfLOAFy7Qp6AzCS+8+tw5hMA3JIdKA1++wonwYL+ntNTZHeDPG92uQbsPK1E3QMJyhXWAFAJ4/oN62h6zRi2R/n6fk97+LeFkcnyoNq9q+TiLqj4hd+UBsW9ObVojlg0k7xtmxu1JQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pBWWgohFI6CjN/iO5CAUb8MsPEDNUrhnKPnzEIsuw9w=; b=hgK9mOCTCADWB/FNCBavvHWNg1S+Xhf4HvIksCKtZ5u1t3ea/vOeelwdQSSXzForhLE0k3ED9WFpEUQL4YNkZgXRqZnfmzEFEu9Wp6AymaoEmZFFuBSSFZVqIFE6IaOkq7e2CbIirekPqFasfuPprwbuQMkoAG9Qln4po9Xf31wyJ0KysmI7izrz6Wcer0SzEXiRlo67PA5Zy0luFnnJjM7DcTiMWawS5tzUskK700lg2QVA2awzBU77GEKKUlUwnY6iloq5MqzbalUM5f0LO61+jF22dkOZFCkkzdJR2y0tuD86bnX3LPwQrEi08QAzgLZt1zOO+hbyHqmA+lIFWg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pBWWgohFI6CjN/iO5CAUb8MsPEDNUrhnKPnzEIsuw9w=; b=fsr7+19/UNH7nkoQgtyopxv3kOat4f6udup3Gj7SC6mtu79cBbf1X7KmUaBrPuTzqXlk+IqU9B7YYU2d5xp+MW8Omzxl2JtFMG0q2mWQhnHYRb2UWqzNhMBh+4F+zSCShH+Fjmf9mn8ghqjv6OolEhX0RZoyNcadGtTbH5wiztZ6+ZpytQc3kIlk8TekHwzpS8AbDtZakXQqynN2ASVg6TvhJJCRf0TbjTm0T5yJyH6wvfx7xR5hEaLWIX5rJUgUkGPyRk/Xkq8bg4ceW0Squ+jt5EzMvrbeeeNnjEsUF0Ag5Ws0v1cGH0JnRSUI3E5UP86C2M95ba2E0DJAgQvYZw==
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5ab::22) by DB9PR10MB5834.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:391::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.30; Mon, 17 Jun 2024 12:20:49 +0000
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::9172:20d1:3f36:a3d]) by AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::9172:20d1:3f36:a3d%6]) with mapi id 15.20.7677.026; Mon, 17 Jun 2024 12:20:49 +0000
From: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
To: "spasm@ietf.org" <spasm@ietf.org>, rats <rats@ietf.org>
Thread-Topic: Hint Discussion in CSR Attestation Draft
Thread-Index: AdrAsMkZUUbC/e3YQR6sNRs5aKPs/w==
Date: Mon, 17 Jun 2024 12:20:49 +0000
Message-ID: <AS8PR10MB742727BFEC71CB78468FB0E7EECD2@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=80d4d5d2-27c4-43bb-b93d-c47ef58476df;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-06-17T11:59:24Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS8PR10MB7427:EE_|DB9PR10MB5834:EE_
x-ms-office365-filtering-correlation-id: dcc2ae53-a8dc-485d-ddad-08dc8ec7ec77
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230037|376011|1800799021|366013|38070700015;
x-microsoft-antispam-message-info: GgB1kDoZF0oGvBkfLPYD9R/QCxJoaHNGhFkWLIjtTD9SojRzm8KB0PFOeH7yQTtiFjkMqDEeEo+oYySzjSZfi7ceFDVm7Iv2AkQlRm62iV3a6772FrvRY5BFUpA+gTV/es+jFx4GvAbQzJQLd2KKHuC9JJfQ2fyNd2Wn3/US7NXJr7egwHMkQO3IQc60JaMRgpDY0Vyag6hdlOlBy5/WHCPpfuAw9c2+E6SMvkKKpL+TgS3AkKXswBG24R9sGGoNxOQmletwdWgBtPS30OzXKCREDtnDDXVkWsTV4SjYhzlqrhnnL8EF31zQiAg8QhHUkFLbu2mLkXYwzUNa7PhPLstVv8glXyitjwQ4/WrIHXLBQicEGnJ1LOQWPfw9FwYzgaBvopCcwx3Sh15ABsJWSTLU6rkthWTPyDTmshdyR2ZZyihh419b2lGb/Lmh0Tm4sahMbf73rMITaNJflWJi4mIuTapCxYcGspfWMlRNUhQ3r5Y1NMljl5w0mMGcLzEPPEo+yiLESZEwmIYBjDBsHArWoevY5Kp3Dvj0+pAKwMc5UEFHnWUbPOxm1vMXh76SJDllUAISn5rOhYKXtVI0Vv5ifj3/CeOFQK4W5yRulyNBMV9q5ZlBgBoWVDZs8fjwGcn3h0BB3sU0gGbBySrvhlNf/54d5hlIiPj3wRKRZQ3KohRvXgpO+BwUeLAfzZ/yhBp0VOUnY3I5FCLmt0GO/fngAaYL3BxCBP1G5bfkGFqskjSDGRRmqQgv9S1kdgJKNS1O7hMZx39oZP/Xq2SJwwZqmw9emo4D43ZgtDr1IMkcH3IO7PUYESjvQBg/mmq00L/QPS1gZHucHsPOyrLpb0fFzlfPKD4gT3/Ie9/7qUZR3ulhf0ZhYChc0ZqGzEOi2uZl79Lym19mpvwSc4R9ffhVZR1c+/JnWoMfzLRJU3m2pbq46t2le6gxZhRVsyT9lH2BX+V/h1VgWVoujKaetqqREtkoutmQ4vNYlKtku4d0Pc1ZiuIQ0zXCMsK1HcEOIhBQxGVnd1zfTdfmEtfj2B74l2moDicItqB/S33Rwq4tbnX3NzWAgcmnj+sYWpBwzRxyn4duezzRa18mFPGIKuXjJn0VbvN1sUktMbtb18TFkdtZzDYZI5cTMk0j3g41spG8vMJHRzQ9D0IJq2Yck9XAEhj5MSxrEFSe/7bKlG2KLxTfBKAKQn67q6VbNtHcdyHjvZExX8DRfJmC2geJGgrCLVrQnWTcCBmnaeXPJW+LnUav6MD0E7ImKXk4dZrPHzcgVeuqmWOha3Nf3L/m0KkfhTd8oZcRTwAjfu4B6H2G9f5P2+4719/OhJPKsWu3QbbCSBpaWzj1+jiLQdd1fYaVrQ3Al/OY1kxomkMRux8=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230037)(376011)(1800799021)(366013)(38070700015);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: z6ltBHF8EXlzq5L6+7jrQlEq1Wq2RWKrDPdmhl0ZTFc9wBJki3uRUft2dtpzWBQF902rUuxLJTibtwTv9NQ2840TTswqE8MWkal4RWK1OhdapnJuTbV0TDo6xMljwuZRyORvQ4WqSC0jwSVmImgA78riqCK/2qzxZa2xltssGuHNgf2AZIrGQCMjCft9drpOWvpmmcol60jb8oVgOi1xZTdFN/LHXXmfX3B7L79RSkU6lDAcVEL4W1xPSzd2MQ5TbFiqjVCaxpr3PoT0qerPCtjzd5sJ9ZVzzYqvZPCZiomJ3mNTFsl4Mcauad/RuE4PsLszg5jFeOoNHcUjOfh4uJldZb5uAmbzg1gL9ccdM3sxk18fX6Hy5I0gqO8hJlibW1/h9PXVeyU4ANciJIkiDjncgUCdzJUUludxOGvRStm/gUilaC4JTcqrlJxjS2G71a4zLKnmixP4UX7H3yKpFvfmR45k/ol9BP0mefOlOnniHEHwkShHJ63D5Rzoi/HGQiEnaezwOJrS2Ni2c3FYgo2AvFB7xCrN0aBZ1t7oKS7WyXPuVtUeEA25yBf3DRwYUw7mnyxnKUt0EvlcnuMBEuEgKad4TbYIR95p7cwnTEV2eO1azWq16mcyDAdR5PFrKC+HaGG/5/574rLRg3Zax5gC9XvXpqbckS4w9toonvZj/kpB04AbbdDggn247QBA8ni7IpQ3V5BjwEQ0zAzzBPjrsRuyyD8Vsv6TADEudwzM5KF4Fj+ckx6AYOUkpC0ZuVrv+WEDZSYDD7uIqjv58Ls9ob5jGX6L34voSp5sP/lXDwmYokzKxXDoiHy+UPQeVWmMibfBmCBMn31Zig0C4T/H7rA4EFIfFVVZ4M00Vj5b80r4W8Lo26VSXY+ctxppAse7DEY7ngzxxwj53YamkH660nU7GBeLxzDkFelPfIJ//9caW04/U/K9wuvhdx9K6PLkKy0eDxwEhayX0Ci3QevSLP04wFYA/jssiUmw59jnwYNqLA6Grzxu5eE822Or9Xq8PmD6EwWDCC7nd1TrrUAgVMs4iFfSBAxKA8MqU3DJ7igH/D9mr6eCA2WtXBlQo5DExpp2O14mH+ykq0Ey93m5zy4vCO41fydot6IuIhpt8xNgr0QzpmpHAVoejJr4lkdlifj4lzkgMNQ/yB8QWfIkWKJcRRIjosrf/KUZlyMD040QDqFEt/VQcCEM1jd4bJYjCOB0aSqYCtsvPx1rq2wTBJuCYUi0uSz7JoP67brUXiiqqRsvWwJFmEatgDMZXsRMPsA96+QqRNjz2pe/DO1yQ5LCLrDE0ZVA27DDrfdkaAyqAhaZJ765gHdt+z4eRnFOj4wcCP93uxPU7MlYY1sznXWC6q4Vxxn5HKdGwXMF8MrnizkVgdi+bE5p+ZscTa/m9/Uo6Q7mvhls97T2weN643+u9b5ijbNSYAytjAeo+AOleYs75xlX6Z3aS5wErV5AVc9SHJoCWXPoD510H7H2ajsFgVVasUJ5JWXzMw6vffic7IBQbZEb3oaUxqhbOdcDj4dwP+vOk9fo07u3EjpKcaysHGaw1JDLE+m3o3ODKDJpPwv/RJOoRhVvEWVBgphpNDZRW74DrTQmcP+GcQ==
Content-Type: multipart/alternative; boundary="_000_AS8PR10MB742727BFEC71CB78468FB0E7EECD2AS8PR10MB7427EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: dcc2ae53-a8dc-485d-ddad-08dc8ec7ec77
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2024 12:20:49.6224 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: n2H9CiJEyGttYnuevGDd91DCRpsdTVnrwicLRTMDYumc8tY16n4Tu24qAPUXycZnKojSTCkDTsKlzd5kdX54ZIZ9n7DGKRH2AWlgCLa93uQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB5834
Message-ID-Hash: N52WIUBLWCIH4SCFH6VXACFVI6K2OTFW
X-Message-ID-Hash: N52WIUBLWCIH4SCFH6VXACFVI6K2OTFW
X-MailFrom: hannes.tschofenig@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Hint Discussion in CSR Attestation Draft
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/0HQQUUUpQMOCrEiZAiypnz_TYUg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi all, I would like to come back to the hint discussion. As Mike mentioned, we want to support use cases where the relying party and the verifier are separate roles. Note that two roles does not imply separate physical devices nor does it imply the verifier and the relying party to be operated by different operators. We also want to prevent the relying party from understanding the details of the evidence since this is what the verifier is supposed to do. If there is only a single verifier that handles all evidence types from all vendors then it is trivial for the relying party to make a routing decision. Even if two or more vendors implement TPM-based attestation there is no problem with routing the evidence to the verifier. (Note that OIDs are typically assigned to evidence formats and not to vendors unless they are vendor-proprietary evidence formats.) If there is more than one verifier then the story gets more interesting. If remote attestation will become more common, then we need to have a story of how to deploy such a system in a scalable way. The question is: how is going to work? Unfortunately, the RATS working group has not provided an answer in their architecture document. In the CSR attestation draft we suggested to use a hint, i.e. information that helps the relying party to select a verifier that can help process the evidence. Since this hint will not be used in all deployments, for example in deployments that only have a single verifier, this hint is optional. As such, those who do not want to use the optional hint do not need to look at it. For the other use cases it provides value. Hence, I don’t really understand the objections and I don’t want to remove the hint! Ciao Hannes
- [Rats] Hint Discussion in CSR Attestation Draft Tschofenig, Hannes
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Henk Birkholz
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Carl Wallace
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Thomas Fossati
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Thomas Fossati
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Carl Wallace
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Hannes Tschofenig
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Hannes Tschofenig
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Carl Wallace
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Hannes Tschofenig
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Henk Birkholz
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Carl Wallace
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Thomas Fossati
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Carl Wallace
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Thomas Fossati