Re: [Rats] [EAT] {RATS] Introduction
Carl Wallace <carl@redhoundsoftware.com> Thu, 13 September 2018 10:42 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A0D512008A for <rats@ietfa.amsl.com>; Thu, 13 Sep 2018 03:42:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0kxC0ahfYI6E for <rats@ietfa.amsl.com>; Thu, 13 Sep 2018 03:42:33 -0700 (PDT)
Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 176D3130E65 for <rats@ietf.org>; Thu, 13 Sep 2018 03:42:33 -0700 (PDT)
Received: by mail-qk1-x735.google.com with SMTP id d131-v6so2881781qke.11 for <rats@ietf.org>; Thu, 13 Sep 2018 03:42:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=AEy0G3cnJg3/zRYRCLJj1NV9nWB7UsEMizula/iW5bo=; b=ykDRHTAeBWPeovaCfQg8BwlgHezUCvg50AoZftS+hlsaRZNr+j8juVyf347t/YFB2l o3V45H0tdyEI8nog3q7/IpBFJTKCu2oJ6/NOX5P2/M76oKsgsNuOdc2quSfPZ4fMVLG8 PMe4ry3DU2+1OBMdbWSqMHDjwE7cx08SDUaZ0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=AEy0G3cnJg3/zRYRCLJj1NV9nWB7UsEMizula/iW5bo=; b=iTI0z5NXP4vquR10v5NCplmtXEvqmHBl4XYgtipOkU6gszfBrGj3jXJzXlTIlQwT76 mF4jvQsvgpAi/GdZAW/bi3wnx6bwBJFYEQ7TvuRTYcoaUDoczyqAWhIl+9G4zZYN34k9 CnZuW5W/oLPdRDQ7WXD12nuy8k7zdXADpQD0B3KaemQu2TBiIviyOL6/lPWbm9bdBdz5 IK+GeR3Mt37IWum3tWfAIw7goE6v1DQ4M/CjiL4X6AUF9ZKVEUm8qnsR0MAtSOYDN3/A AnO0HHrpAW2Xnfqxl2bss0GNlDFwC6uJm6br/NEC9pUdLQ2GOtK3u+/iUWDZ37b7jRqi DFkg==
X-Gm-Message-State: APzg51AsxghNU6rkWe0IA38JO/FrvI1lhufvoy7RVMj40JvlsYGpRFEr N18EaNcY6lq+U8I+U7uaDZqshw==
X-Google-Smtp-Source: ANB0VdbIns/1uTUTZbjSA2SwNRPvvMS23K6CEG1T0xhN+itCF2pSHjgihDtOxKmmQQsf6SOoLysKSg==
X-Received: by 2002:a37:21cf:: with SMTP id f76-v6mr4637852qki.263.1536835352155; Thu, 13 Sep 2018 03:42:32 -0700 (PDT)
Received: from [192.168.2.27] (pool-108-28-91-61.washdc.fios.verizon.net. [108.28.91.61]) by smtp.googlemail.com with ESMTPSA id s41-v6sm2261395qta.88.2018.09.13.03.42.28 (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 13 Sep 2018 03:42:31 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Thu, 13 Sep 2018 06:42:25 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, Shawn Willden <swillden=40google.com@dmarc.ietf.org>, "Smith, Ned" <ned.smith@intel.com>
CC: "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org>
Message-ID: <D7BFB4C1.C0D9F%carl@redhoundsoftware.com>
Thread-Topic: [EAT] {RATS] Introduction
References: <c307729682c24fd18aea18551c2233ff@XCH-RTP-013.cisco.com> <233A8B51-343B-4859-9108-1CA862267274@telefonica.com>
In-Reply-To: <233A8B51-343B-4859-9108-1CA862267274@telefonica.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3619665751_25479362"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/1bxRROF5NvMLJwaclxG2g3lwyM4>
Subject: Re: [Rats] [EAT] {RATS] Introduction
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2018 10:42:37 -0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com> Date: Thursday, September 13, 2018 at 3:10 AM To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, Carl Wallace <carl@redhoundsoftware.com>, Shawn Willden <swillden=40google.com@dmarc.ietf.org>, "Smith, Ned" <ned.smith@intel.com> Cc: "rats@ietf.org" <rats@ietf.org>, "eat@ietf.org" <eat@ietf.org> Subject: Re: [EAT] {RATS] Introduction > Hi, > > If I am correctly following your proposal, this is connected with the idea of > a trusted channel we experimented with in the SECURED project, and described > in draft-pastor-i2nsf-vnsf-attestation: > > “A trusted channel is an enhanced version of the secured channel. It adds the > requirement of integrity verification of the contacted endpoint by the other > peer during the initial handshake to the functionality of the secured channel. > However, simply transmitting the integrity measurements over the channel does > not guarantee that the platform verified is the channel endpoint. The public > key or the certificate for the secure communication MUST be included as part > of the measurements presented by the contacted endpoint during the remote > attestation. This way, a malicious platform cannot relay the attestation to > another platform as its certificate will not be present in the measurements > list of the genuine platform.” This only works if the public key/certificate associated with the remote endpoint can be obtained initially such that it is known to be correct. It's common to see artifacts that aim to demonstrate that something is a genuine product from Example Co without being able to demonstrate that something is a particular genuine product from Example Co. The latter is often necessary. Bootstrapping trust is hard, especially where it intersects with privacy concerns. >
- Re: [Rats] {RATS] [EAT] Introduction Eric Voit (evoit)
- Re: [Rats] [EAT] {RATS] Introduction Diego R. Lopez
- Re: [Rats] [EAT] {RATS] Introduction Carl Wallace
- Re: [Rats] [EAT] {RATS] Introduction Eric Voit (evoit)
- Re: [Rats] [EAT] {RATS] Introduction Diego R. Lopez