Re: [Rats] Call for charter consensus
Laurence Lundblade <lgl@island-resort.com> Thu, 24 January 2019 23:59 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC971311F9 for <rats@ietfa.amsl.com>; Thu, 24 Jan 2019 15:59:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwYbze8mNrwH for <rats@ietfa.amsl.com>; Thu, 24 Jan 2019 15:59:03 -0800 (PST)
Received: from p3plsmtpa11-08.prod.phx3.secureserver.net (p3plsmtpa11-08.prod.phx3.secureserver.net [68.178.252.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B0A9130F40 for <rats@ietf.org>; Thu, 24 Jan 2019 15:59:03 -0800 (PST)
Received: from [10.60.0.10] ([167.160.116.52]) by :SMTPAUTH: with ESMTPSA id motig56BnwjkSmotigSCTr; Thu, 24 Jan 2019 16:59:03 -0700
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <64B825DE-50A6-4A87-BC8F-7ECC147E7316@tzi.org>
Date: Thu, 24 Jan 2019 15:59:02 -0800
Cc: Benjamin Kaduk <kaduk@MIT.EDU>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "rats@ietf.org" <rats@ietf.org>, Carl Wallace <carl@redhoundsoftware.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CEF7DAA0-6853-4514-A1E6-1E0876F871F3@island-resort.com>
References: <D86754B8.D099E%carl@redhoundsoftware.com> <C79C7D38-3544-4CDB-94C5-2F49FF0D7BE2@cisco.com> <AD9A3A3C-42FD-48A0-8B5B-A1F6644573DB@redhoundsoftware.com> <20190119012335.GT81907@kduck.mit.edu> <64B825DE-50A6-4A87-BC8F-7ECC147E7316@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfH84KuWGde87Raz3e9TzBWXCGcKgXELnBxDtuq43vJmrcGHOaBVoi6drfDdjW1jb7q1+WlyPp+eoLK/mcBrYc5+885hpUC6jQpr4nhDsQPGdNkfNUUYK I6sN6I5HRxd2apGrxJ+bMhRxfVgJiuI6s8lNNPakv3I0LGTdtEy7iajR52Gg5DnA9NybqRFw1fKt3gtYbvvsZMdmwCoyjpctiCXke8kLOpO2bt1eRngw2PIQ WHKl5gmBnSzet88NnhWfQzZ4p/1/8lmwiiPHQl+UExo=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/4QBzhB3UKgOUP8QkwddR5dNGy7U>
Subject: Re: [Rats] Call for charter consensus
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 23:59:05 -0000
> On Jan 24, 2019, at 8:53 AM, Carsten Bormann <cabo@tzi.org> wrote: > > On Jan 19, 2019, at 02:23, Benjamin Kaduk <kaduk@MIT.EDU> wrote: >> >> On the one hand, >> there's the raw crypto bits of "this is what signature validation/MIC >> verification/etc. you have to do in order to get the cryptographic >> validation that key X generated data Y [at time Z]”, > > I would call that “verification” (related to “authentication”). agree > >> but once you've done >> that, the decision of verifying that Y and Z are something you find >> trustworthy to perform action W is not really something we can standardize. > > I would call that “policy realization” (related to “authorization”). This could split finer into: - check against known good value (KGV) - actual policy Recently I have been doing some thinking about claims about SW components that includes measurements of those components. In that thinking the question about how you compare those measurements comes up when considering versions of the SW components and variations over time on how those measurements are performed (e.g. upgrading to new hash algs, measuring code in a file vs execute-in-place code…) How you check against KGV probably needs to be taken into account when we design the claim data model. > >> My understanding is that we plan to talk about the crypto but not, at least >> at first, what you do after confirming that the crypto has not been >> tampered with. > > That is also my understanding: we enable verification, but we don’t do the policy. Agreed that we don’t do policy, but maybe we should at least consider implications for checks against KGV. LL
- [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Michael Richardson
- Re: [Rats] Call for charter consensus Hannes Tschofenig
- Re: [Rats] Call for charter consensus Giridhar Mandyam
- Re: [Rats] Call for charter consensus Carl Wallace
- Re: [Rats] Call for charter consensus Smith, Ned
- Re: [Rats] Call for charter consensus Eric Voit (evoit)
- Re: [Rats] Call for charter consensus Benjamin Kaduk
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Henk Birkholz
- Re: [Rats] Call for charter consensus Ira McDonald
- Re: [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)
- Re: [Rats] Call for charter consensus Carl Wallace
- Re: [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)
- Re: [Rats] Call for charter consensus Benjamin Kaduk
- Re: [Rats] Call for charter consensus Carl Wallace
- Re: [Rats] Call for charter consensus Benjamin Kaduk
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Daniel P. Smith
- Re: [Rats] Call for charter consensus Fuchs, Andreas
- Re: [Rats] Call for charter consensus Shwetha Bhandari (shwethab)
- Re: [Rats] Call for charter consensus Jessica Fitzgerald-McKay
- Re: [Rats] Call for charter consensus William Bellingrath
- [Rats] 答复: Call for charter consensus Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] Call for charter consensus Monty Wiseman
- Re: [Rats] Call for charter consensus Carsten Bormann
- Re: [Rats] Call for charter consensus Carsten Bormann
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Frank MATTHIAS KOVATSCH
- Re: [Rats] Call for charter consensus Laffey, Tom (HPE Aruba)
- Re: [Rats] [EAT] FW: Call for charter consensus Mathias Brossard
- Re: [Rats] [EAT] FW: Call for charter consensus Diego R. Lopez
- Re: [Rats] Call for charter consensus Simon Frost
- Re: [Rats] [EAT] FW: Call for charter consensus Jeremy O'Donoghue
- Re: [Rats] Call for charter consensus Anthony Nadalin
- Re: [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)