IETF Logo Mail Archive

Re: [Rats] Call for charter consensus

Laurence Lundblade <lgl@island-resort.com> Thu, 24 January 2019 23:59 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC971311F9 for <rats@ietfa.amsl.com>; Thu, 24 Jan 2019 15:59:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwYbze8mNrwH for <rats@ietfa.amsl.com>; Thu, 24 Jan 2019 15:59:03 -0800 (PST)
Received: from p3plsmtpa11-08.prod.phx3.secureserver.net (p3plsmtpa11-08.prod.phx3.secureserver.net [68.178.252.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B0A9130F40 for <rats@ietf.org>; Thu, 24 Jan 2019 15:59:03 -0800 (PST)
Received: from [10.60.0.10] ([167.160.116.52]) by :SMTPAUTH: with ESMTPSA id motig56BnwjkSmotigSCTr; Thu, 24 Jan 2019 16:59:03 -0700
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <64B825DE-50A6-4A87-BC8F-7ECC147E7316@tzi.org>
Date: Thu, 24 Jan 2019 15:59:02 -0800
Cc: Benjamin Kaduk <kaduk@MIT.EDU>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "rats@ietf.org" <rats@ietf.org>, Carl Wallace <carl@redhoundsoftware.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CEF7DAA0-6853-4514-A1E6-1E0876F871F3@island-resort.com>
References: <D86754B8.D099E%carl@redhoundsoftware.com> <C79C7D38-3544-4CDB-94C5-2F49FF0D7BE2@cisco.com> <AD9A3A3C-42FD-48A0-8B5B-A1F6644573DB@redhoundsoftware.com> <20190119012335.GT81907@kduck.mit.edu> <64B825DE-50A6-4A87-BC8F-7ECC147E7316@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfH84KuWGde87Raz3e9TzBWXCGcKgXELnBxDtuq43vJmrcGHOaBVoi6drfDdjW1jb7q1+WlyPp+eoLK/mcBrYc5+885hpUC6jQpr4nhDsQPGdNkfNUUYK I6sN6I5HRxd2apGrxJ+bMhRxfVgJiuI6s8lNNPakv3I0LGTdtEy7iajR52Gg5DnA9NybqRFw1fKt3gtYbvvsZMdmwCoyjpctiCXke8kLOpO2bt1eRngw2PIQ WHKl5gmBnSzet88NnhWfQzZ4p/1/8lmwiiPHQl+UExo=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/4QBzhB3UKgOUP8QkwddR5dNGy7U>
Subject: Re: [Rats] Call for charter consensus
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 23:59:05 -0000


> On Jan 24, 2019, at 8:53 AM, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On Jan 19, 2019, at 02:23, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
>> 
>> On the one hand,
>> there's the raw crypto bits of "this is what signature validation/MIC
>> verification/etc. you have to do in order to get the cryptographic
>> validation that key X generated data Y [at time Z]”,
> 
> I would call that “verification” (related to “authentication”).

agree

> 
>> but once you've done
>> that, the decision of verifying that Y and Z are something you find
>> trustworthy to perform action W is not really something we can standardize.
> 
> I would call that “policy realization” (related to “authorization”).

This could split finer into:
- check against known good value (KGV)
- actual policy

Recently I have been doing some thinking about claims about SW components that includes measurements of those components. In that thinking the question about how you compare those measurements comes up when considering versions of the SW components and variations over time on how those measurements are performed (e.g. upgrading to new hash algs, measuring code in a file vs execute-in-place code…)

How you check against KGV probably needs to be taken into account when we design the claim data model.

> 
>> My understanding is that we plan to talk about the crypto but not, at least
>> at first, what you do after confirming that the crypto has not been
>> tampered with.
> 
> That is also my understanding: we enable verification, but we don’t do the policy.

Agreed that we don’t do policy, but maybe we should at least consider implications for checks against KGV.

LL

v2.23.0 | Report a Bug | By Email