IETF Logo Mail Archive

[Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)

Laurence Lundblade <lgl@island-resort.com> Wed, 15 December 2021 19:01 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEB303A0E82 for <rats@ietfa.amsl.com>; Wed, 15 Dec 2021 11:01:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id anzj-BzG5b_C for <rats@ietfa.amsl.com>; Wed, 15 Dec 2021 11:01:18 -0800 (PST)
Received: from p3plsmtpa11-08.prod.phx3.secureserver.net (p3plsmtpa11-08.prod.phx3.secureserver.net [68.178.252.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B352A3A0913 for <rats@ietf.org>; Wed, 15 Dec 2021 11:01:17 -0800 (PST)
Received: from [192.168.1.7] ([75.80.148.243]) by :SMTPAUTH: with ESMTPA id xZWemZWEpnPD3xZWfmyBPW; Wed, 15 Dec 2021 12:01:17 -0700
X-CMAE-Analysis: v=2.4 cv=PNfKRdmC c=1 sm=1 tr=0 ts=61ba3b7d a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=7CQSdrXTAAAA:8 a=Lykd0JhsFJ0bLnMq_sAA:9 a=QEXdDO2ut3YA:10 a=_L_6eUpWcnjl43fgc2YA:9 a=FpY5uUjyGKt08AO1:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <E6E179AD-23AA-4B22-A0CE-26BED6BB2862@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_88B52405-EE63-43E8-8331-E4C31FA58B15"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Wed, 15 Dec 2021 11:01:16 -0800
In-Reply-To: <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com>
Cc: "rats@ietf.org" <rats@ietf.org>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfOpc0TA/5fnlg3E1R3AtboyND592SnvK6J3wVCfgu6SbPvxnTs7XGSfbQegFe/SImh4mmgEk+W/UyxXR8JU8z2LzcJg3mD5A898CibXKQcplI6QM16Ft UM638z2SIbsdg/mfMtp0nvC/sQfUbfJPP9dX38wwBHAhInjD8ZNAEnrd7/YPdN0Mrvyu4PuOj+ala0vK+nY0aP2PDlBk2mb1vxj5O2d2QBV5m5XAcoTKyW/P
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/3eWjmpRBdU8PLa87mzar7qru3uU>
Subject: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2021 19:01:26 -0000

Lots discussion on EAT. :-)

Chunking through it...

> On Dec 9, 2021, at 2:45 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>> Laurence wrote:
>> There’s strong logic here:
>> — RATS architecture explicitly calls out composite attestation — A submodule can be a nested EAT to implement composite attestation — A nested EAT can be a CWT, UCCS  or DEB — The CDDL that specifies a nested EAT submodule thus must mention UCCS
>> 
>> So a UCCS is a claim that goes into a CWT. I think UCCS, particularly CDDL for UCCS, must be included because of this.
> 
> [Hannes] I wonder whether everything in the RATS architecture should be covered in the EAT specification for several reasons:
> - First, the EAT spec becomes complex and harder to read.
> - Second, the RATS architecture enumerates everything that came into someone's mind or, as we later learned, can be patented.
> - Given the status of the industry with attestation I believe it will take a while to even get the basic functionality deployed. For more complex use cases it can easily take several years.

In the above, I said that RATS architecture has composite attestation and therefor we need EAT submods. Hannes is maybe suggesting we don’t need submods because they add too much complexity.

Here’s a few more reasons for submods:

- Complex devices like phones, routers and cars have a large number of subsystems. For the router case, you may have individual attestation from cards in the router and one for the chassis. A mobile phone has like 10 major compute environments (TEE, camera, modem, low power audio, CPU/GPU…) We need a way to express and organize claims for all sorts of complex devices.

- submods give EAT a very substantial expressive power for all sorts of use cases. Not having them would result in people inventing ad hoc schemes for their use cases.


- I recall a few conversations with various folks that see important for submods in their use cases


I have a strong conviction that submods, including nested tokens, are necessary for EAT now and are worth the complexity they add. 

LL

(Happy to consider improvements to the submods design)
(Submods != UCCS/UJCS; UCCS and UJCS are related, but can be a separate decision)

v2.39.1 | Report a Bug | By Email | System Status