Re: [Rats] RATS Digest, Vol 35, Issue 24
"Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com> Tue, 27 April 2021 06:21 UTC
Return-Path: <ian.oliver@nokia-bell-labs.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19A83A10F0 for <rats@ietfa.amsl.com>; Mon, 26 Apr 2021 23:21:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dldlv2phYjS0 for <rats@ietfa.amsl.com>; Mon, 26 Apr 2021 23:21:24 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60102.outbound.protection.outlook.com [40.107.6.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047013A10E8 for <rats@ietf.org>; Mon, 26 Apr 2021 23:21:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K25RUTrmNpPwLJ+DQ9ekFzrqPjjp8DwXy4yWGWgwioRyVf8rkO1Vh+KBtunK2eDANcoo2+vURnG7hLkOOuVaVE6YOplspMLF9k2ct5Iaso/MgvmvcGHUQQoBiQOzqkKImXZZIssKH2YP/kDF4MhvyI1OzrwpS8J7Go9tvxyaVg+1vBu2cA3yUePzfrpp5deXrsdqueB7vgFSQWGiLEVuYhKwmx/dmodssWW8q+HzJbd7Z9sndaQtanzt+gyf3FbSGLCzrSTtFRny+iWPwzNgep89NIAF8P5cdcoL6mVLRmW20kZHe3GT6+Cb0+UVGNkFTqJuW/xpwEx22aW2SkogCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EAuxep/cD2QQeNiIPP+fTSB93N4XEVG6G7nmZR0w/nk=; b=g3HXSr93qPLnLEoUSFT3zDsLcqAUaqGE6oJ0FMkEdqhjWa2KvLECVTB6jz9ZTqymuu36UaARyczagqoFYohDGIRPmi+cFhgHRO6/nSscnbkT87PeFHc5WEFr+oNGc5GMsurocMZGZaEXxrFT/daD5WwlTfvsjbzmaPnlTbC7dzbFxAb+9d7LVsQQsoPS3G8hGbczlOb12wMgtOM7QdYuku1vcftyAeSUkM2EBPn/pXjpj1nrX9/qSnw4J3ZOk2gHg3gIcEq9Q4olau2FyBIEodPDJXAoimBzOexVTHRnhqJuKz5O1YQqAeatqrXj+zN3sjxey1e/w1JFgofcPgNmzQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia-bell-labs.com; dmarc=pass action=none header.from=nokia-bell-labs.com; dkim=pass header.d=nokia-bell-labs.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EAuxep/cD2QQeNiIPP+fTSB93N4XEVG6G7nmZR0w/nk=; b=EWI78vV6B0Ub8pr4Qep6gmdWcDuLq3fBLcrODozKfP3SJ9RBF9rWSOOHgPTiPDcOUBq3lLx9o+2kLoJwM0SWYClRlTFsl0WitJSKpKkDBykliPV/gUXY/if3aK7xwUj1kriAA8AQRuNGB8uS0CPlT8hzo+8YKHqh+S4LNxPL0nk=
Received: from HE1PR07MB4252.eurprd07.prod.outlook.com (2603:10a6:7:9f::21) by HE1PR0701MB2604.eurprd07.prod.outlook.com (2603:10a6:3:97::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.19; Tue, 27 Apr 2021 06:21:21 +0000
Received: from HE1PR07MB4252.eurprd07.prod.outlook.com ([fe80::d8ce:2378:e916:6899]) by HE1PR07MB4252.eurprd07.prod.outlook.com ([fe80::d8ce:2378:e916:6899%7]) with mapi id 15.20.4087.025; Tue, 27 Apr 2021 06:21:21 +0000
From: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: RATS Digest, Vol 35, Issue 24
Thread-Index: AQHXOvalrqoLPmg/5E6lfsFPe4fXuarH4x2f
Date: Tue, 27 Apr 2021 06:21:21 +0000
Message-ID: <HE1PR07MB425209461EB472F69B15278A8F419@HE1PR07MB4252.eurprd07.prod.outlook.com>
References: <mailman.1374.1619480893.7119.rats@ietf.org>
In-Reply-To: <mailman.1374.1619480893.7119.rats@ietf.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nokia-bell-labs.com;
x-originating-ip: [131.228.2.16]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c31907b6-fdee-4484-a9a7-08d90944ad19
x-ms-traffictypediagnostic: HE1PR0701MB2604:
x-microsoft-antispam-prvs: <HE1PR0701MB2604EC4CB1CABFE9D46232AD8F419@HE1PR0701MB2604.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1PjJkXyyNFNjjs//JL82kvBXkBU4zLaaiIMyToYyAfjNzo2B1kC0y/FYo1SaapaWU5ug+qACxQTHd1bKOhHFCH4OwLvQJayErE+MTTA6bibl/YOPTaz4omU22l4O7eJ9PEg6AEmTSaRklEpNHACW+FF2237JihnCngK5hDKjJGIY+Cna9iAe3Am7pv9TDyZAfqW38fkoPXmTrI44XWC93oCi7ijR72faBRpYbQHFVKBVZahx+p3T22IcnHaig6ujrzE1Ey5CkG2424aPqLuw6g6toYx8+1/XlGWfVb6MVTjfyv4tJO2JE9dUrloc5PBdxLwq860+ILjCG96AqZ8Zryg2lBGSJJZzQ3sASCYRIWWteWc1vTHXedN+czMxFLEMGr74S2JkhPvBJFmzZrSwnq+0U53FkiewgP0dQIFM9q8D87igm6zpKE9ebrqdyjuce1BhfJINLLch4vaci86uiNTlvj0mx5BIAPyNChbYkgE9EowRK5ytnMmZyER63Xzwtd3A0IG75lCSPI3cF2TfmhQTovLGpWW5JMoQvK9E8qGRsDxBbdDRsRZI3machp5YUsDS8IWgUVLZ0ZZIwwu6jmzvNbT/yJ+5nMk1YtMDlrXdCGemYgxBJWaUZ+wkB64MOQ0GGs6Z5sNV9mvJJcqgjiVXoUdvKy1xC36w1pDGJcQBkHqFyBW4ywsxEKMb+H76
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4252.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(396003)(346002)(366004)(376002)(136003)(86362001)(8676002)(8936002)(2906002)(38100700002)(6506007)(19627405001)(122000001)(71200400001)(52536014)(76116006)(6916009)(966005)(5660300002)(478600001)(66946007)(26005)(66476007)(166002)(55016002)(66574015)(66556008)(33656002)(64756008)(7696005)(9686003)(53546011)(186003)(66446008)(316002)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 0q5OKBCX2U8sxC8NVXAyDtGub786wLNPAckEgl1ly8W7+Kx6UqDw/zaZI5pyQvenO81IVVW+rzwI3rN3VaJZ83KKsJnV+l3sP1NO/zKSd6apbml4J72aGEYTECbqzX6E2RvspuEYtEdatqazIuCrJkDZc6UKlDcjK610bIe171m1PTrX7kxWxAkfV9EryzoJZjKZZdw2MQ9WlzhF4in+eann3PsOU74au9Hlry7c4/l+MFlBxtBbzpuKwIT8dOm8VmN5nt65+iWGmILFMReLoqzhRr0qZ9tIfAOKuZnH8d9bdnlIBPi6ZjZ/qCuAiywO+LhnSrx97dX2ELXVrHkTWSq1FpkV2NhNiVaznwJ9Bp5MGvlpxceb8W5l+lw1WbQTCHZsWYVbzUCF1KDsmJji2FeYYrMrNp1pcwVTv8j0aQq0S32lhflLQX6YtB9f7i8gRXKUfc6higriE4SJKxmhy/YJyOWE+ohgGWh7QVIJvkQsarpi0Kl5s/I+ybO7GFdfROAmqqUI+w62zfY58W94CEJNpSfuwsynnjwbEXNFfp/YY5DVCI48GDwFgv5v7q/bb5PijFXL9G/0im7DKRWa7wzQFikd7ob+dWTheg9TK/fWMQlhhETdDS38rFH939MCjeRFY+6hetAxgiuESqtWT0RCjP/Il+fzEs+0G8OMYcGgtvqlsjW4b5nI98Tx+OUKVggm50XZl7T3bgGDO86QKIkabKNg2ydfqLLDbp1tuT3/IsvTymsvQ5IXpWgbjHkKawOLwgH2ICWJCx62+mfjC74GOUFdBoxfnH/wKN4HYo7c2iOz4Xw7PQs+gEgNKJY0IUyYHbCvGZGRkVVXoVvP22GR7QjCrgKbqtzwEplgjdVQpgfvYGrZoyXjNDaOznuIJyky+aturMHKx5KJXZNc0kXUcofre7ADTzZzpFyrGPasFZ9/QS407zywpH6in3tohH2cRUgv3JrvMSJkvZtuy+7UNdMKfI4KXCqKth1RmAm1bFXjuFUjkMD/g41YkmDjSfEtxTnhFTQOimqdS6dXXz5l4lZ499CsxVfBwYD6j9lP404eKhcCkGdj49Y3UPmRqg322Kd6MCNDdY4j7LF0agARzbHDi2x2AdTUVB43qdF3e8TwLOIiq9Bm4/00RB+1uV1mymYO2/d5WBneQq+VN/IkjWLi6QT+dW04889/bhYg8jSIPc6dTHdJTHf+dD+ADCxKmJnw/8PczDr/AMuNLgo0tCyT8GW/f9NAC4B/FhpEODivr+c12QkD0bNcMPyEzvYtSX63OsnpgQFXcPa16uMU4VhFWcDNYQ0GarAUlcA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB425209461EB472F69B15278A8F419HE1PR07MB4252eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia-bell-labs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4252.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c31907b6-fdee-4484-a9a7-08d90944ad19
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2021 06:21:21.4623 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /TCvyaq13S8lfhfrUFFSKICmf6OawLMEiGNao1YSk6y1SmR5Z2BX1t079KxFESqipA/XQxxWXK+8XzU6BV4NWaaA0227/d08H7hxOY14Fbg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2604
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/0P5X2sxqVi_1cuBDTSePFYDxC2M>
Subject: Re: [Rats] RATS Digest, Vol 35, Issue 24
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 06:21:27 -0000
Hi, very quick comments from me and also aid my (mis)understanding [DT7]: I'd argue that each Attesting Environment (e.g., each OS or firmware vendor) might similarly support a different set of claims so this is not unique to hardware chips. [EV7]: We can change 'hardware chip' to 'Attesting Environment'. Agree with this as hardware chip implies, eg: TPM, whereas "attesting environment" allows for a much broader implementation, eg: container etc. [DT9]: Does this mean that the Verifier can authenticate both the hardware and the firmware? [EV9]: In draft-voit-rats-trustworthy-path-routing, we broke out hardware and firmware. However I was unable to find a real case where a customer might be good with the hardware being ok, but they were not ok with the firmware being not ok. So from the perspective of the Relying Party + Verifier B, if Verifier A finds any issue here, then flag it. In general, it is useful to collapse failure states where the Relying Party + Verifier will take the same action no matter what. >From most practical perspectives F/W==H/W as the latter comes with implicit trust [DT12]: executables != files. Some executables can be dynamically downloaded and installed without ever being stored as files. (Javascript code running in a browser is one example, but there are many more, including ones running natively, not in an interpreter) [EV12] Good catch. Will change 'file' to 'executable'. Is there a reason for restricting this just to executable items? t. Ian ________________________________ From: RATS <rats-bounces@ietf.org> on behalf of rats-request@ietf.org <rats-request@ietf.org> Sent: 27 April 2021 02:48 To: rats@ietf.org <rats@ietf.org> Subject: RATS Digest, Vol 35, Issue 24 Send RATS mailing list submissions to rats@ietf.org To subscribe or unsubscribe via the World Wide Web, visit https://www.ietf.org/mailman/listinfo/rats or, via email, send a message with subject or body 'help' to rats-request@ietf.org You can reach the person managing the list at rats-owner@ietf.org When replying, please edit your Subject line so it is more specific than "Re: Contents of RATS digest..."
- Re: [Rats] RATS Digest, Vol 35, Issue 24 Oliver, Ian (Nokia - FI/Espoo)