IETF Logo Mail Archive

Re: [Rats] security-level claim (was Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

Laurence Lundblade <lgl@island-resort.com> Sun, 05 June 2022 20:00 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D467BC14792F for <rats@ietfa.amsl.com>; Sun, 5 Jun 2022 13:00:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JP45wNF7xPTD for <rats@ietfa.amsl.com>; Sun, 5 Jun 2022 13:00:20 -0700 (PDT)
Received: from p3plsmtpa09-03.prod.phx3.secureserver.net (p3plsmtpa09-03.prod.phx3.secureserver.net [173.201.193.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD72BC1527AF for <rats@ietf.org>; Sun, 5 Jun 2022 13:00:20 -0700 (PDT)
Received: from [192.168.1.7] ([75.80.148.139]) by :SMTPAUTH: with ESMTPSA id xwQ6ncqjOXocmxwQ7nCOVC; Sun, 05 Jun 2022 13:00:19 -0700
X-CMAE-Analysis: v=2.4 cv=O4n8ADxW c=1 sm=1 tr=0 ts=629d0b53 a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=48vgC7mUAAAA:8 a=QyXUC8HyAAAA:8 a=mHNk-sIj2jqAnhWqAAcA:9 a=QEXdDO2ut3YA:10 a=PRcgorOBn-5RX65W0v8A:9 a=sYT0QiBRDMevvrjn:21 a=_W_S_7VecoQA:10 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <A678D17C-DF9D-4C3E-BB7C-91A24C310343@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AF4516F0-0C84-4D49-AAC2-EDF4D5EBA7E2"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Sun, 05 Jun 2022 13:00:18 -0700
In-Reply-To: <E4E1CC7F-BC3E-4C83-9EA0-70D84E5FE61B@intel.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "rats@ietf.org" <rats@ietf.org>
To: "Smith, Ned" <ned.smith@intel.com>
References: <45618431-7329-4F31-941F-A39BBC9D575F@cisco.com> <BYAPR11MB3125EB2DEC4CE5136AC903F9A1DF9@BYAPR11MB3125.namprd11.prod.outlook.com> <7FD4FE54-7A16-4E92-BDDC-878D726095E6@island-resort.com> <900bf8d8-0b00-cc98-fd82-786dc9c18901@sit.fraunhofer.de> <SJ0PR02MB8353B7216358275E4BF3923081DF9@SJ0PR02MB8353.namprd02.prod.outlook.com> <AB42EABD-FE7A-4DF0-8909-A6D304E292C5@intel.com> <BL0PR11MB3122AA0245129AAB021F0E5DA1DE9@BL0PR11MB3122.namprd11.prod.outlook.com> <c98b992b-5efb-d46f-81d5-d3711941dbb9@sit.fraunhofer.de> <B2C05847-4A5C-4179-AE00-A5F9BACC5121@island-resort.com> <PH0PR02MB725621CB633C322367FD4935F2DE9@PH0PR02MB7256.namprd02.prod.outlook.com> <SJ0PR02MB83536AE654BEDBAE653F803381DE9@SJ0PR02MB8353.namprd02.prod.outlook.com> <C0C0C756-214C-43C8-8EE2-AD4CFF71C0A0@intel.com> <SJ0PR02MB8353CC2F1A9D2BC089F6BBBD81A19@SJ0PR02MB8353.namprd02.prod.outlook.com> <C448C94A-72A2-4C9E-A932-E44EE3E29738@intel.com> <SJ0PR02MB8353F45B4569872BA596A23981A19@SJ0PR02MB8353.namprd02.prod.outlook.com> <E4E1CC7F-BC3E-4C83-9EA0-70D84E5FE61B@intel.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-CMAE-Envelope: MS4xfMM0sq0fPW/KD4TNfXUDU3S/sUQQg1fHp7Ocas+IvisGFqTL2Za4xSK9jHnm50mGDn7ej4AoqI6hpfyNepJOTXzyE3ntRjMuMqjcMedmsjXJpAeJo94w ctRPEmmrq2ZdBimSuu8U1Ijg6QLVTifVjCFoWZUnDK72vZKNopi3eHwBXwn0BPnneSHA0d83AJvNod6mKa/OnfBYR/ErSDIuKnkfYIaYqUsAU3n4yq6qbHYf lWhleXEWZcFGYq5ZvDpFzA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/4QfhX1ELxQZmcaL_02p9N_YKAOQ>
Subject: Re: [Rats] security-level claim (was Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2022 20:00:22 -0000


> On Jun 3, 2022, at 6:38 PM, Smith, Ned <ned.smith@intel.com> wrote:
> 
> The Attester (as a device) can’t perform a common criteria evaluation (AFAIK), it takes a human at least to do some of the evaluation.

Common Criteria takes many people many months, sometimes years. Probably the minimum cost for most targets is $1 million. It requires a threat analysis of the target by humans. But it is probably the most thorough and solid certification program out there. Certainly miles beyond FIPS is actually providing assurance.


> The evaluation result can be encoded in electronic form as a claim. The evaluation lab that did the analysis could use their key to sign the electronic claim thereby making it into an Endorsement.

Security-level is definitely NOT about certification. 

Text in draft-13 is clear that DLOA’s are what you use for certifications.

LL

v2.23.0 | Report a Bug | By Email