IETF Logo Mail Archive

Re: [Rats] Attestation Timing Definitions

"Eric Voit (evoit)" <evoit@cisco.com> Wed, 11 March 2020 12:35 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86EE53A188A for <rats@ietfa.amsl.com>; Wed, 11 Mar 2020 05:35:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=B83pPyyd; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=EJsRoj6X
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aq9ZP_uz9FaB for <rats@ietfa.amsl.com>; Wed, 11 Mar 2020 05:35:17 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F20583A187F for <rats@ietf.org>; Wed, 11 Mar 2020 05:35:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=57866; q=dns/txt; s=iport; t=1583930116; x=1585139716; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=pDMPZHzjcRcuy2J0tYDo9IpcQCAhQ70Ava92xizduxk=; b=B83pPyydseJmDjSe8Q+R1Evsc5qJE0+oc5Dw9X1ILlFRSMDNuzBYsgLl WoOM4Ab0FeBLK/VLXjVJDHfn1qIrygz4g9Q6bauHBzodqS+GDoLzqZeN9 Abbpn6WDURy/6tWdvYnKi+HoMusrDNRY4hQgtvBHBC9XNUlRs8wv3+EqK Q=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:RxcYVR02JTjH4y9csmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxGPt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQBFP8LeLCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DwAgD72Whe/4MNJK1lGwEBAQEBAQEFAQEBEQEBAwMBAQGBe4ElL1AFbCstIAQLKgqEC4NFA4p0gl+YFYFCgRADVAIHAQEBCQMBAS0CBAEBhEMCggwkOBMCAwEBCwEBBQEBAQIBBQRthVYMhWMBAQEBAxIRBAYTAQE3AQ8CAQYCEQEDAQEhAQYDAgICMBQDBggBAQQBDQUIBhSDBYF9TQMfDwGOBJBnAoE5iGJ1fzOCfwEBBYUXGIIFBwmBOIFTg06GfA8agUE/gRFHgk0+gmQEgS4BEgEjFR+CWzKCLI10gneeUXYKgjyDcoI8kFqbOo58m1QCBAIEBQIOAQEFgWkiZ3FwFYMnUBgNhFeJRoNzilV0AoEnjDYBgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.70,540,1574121600"; d="p7s'?scan'208,217";a="740211438"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Mar 2020 12:35:15 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 02BCZFcm004799 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 11 Mar 2020 12:35:15 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 11 Mar 2020 07:35:15 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 11 Mar 2020 07:35:14 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 11 Mar 2020 08:35:14 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jAzOdnrpIezLJSYc9gLxSK3n8VNZH3GtxyLYPUXN6WS8IMkyfXZI5MK9fIdtpxBU6WTTY29rbinAlO+1wTf28awjFufq96CREiiLHfwVIui/Ch85oMlbxello/GF/+9L7PESZb8H9Z2VR/uu3xK9OeTCt6wkDu9CjHVmM5AG9A+9H4oFXN3Z/t9Cyjg8F0XWBWsT56xlMX5bs+K+ntzuVY+oOfRRR4FOnmsRPIqYkSaqIcrl9z4GBDJfREPF0bT72d6vbnYGXQ2Uqq/33CWOIcFlHY5ig10DfLocIri8Poid/UJoX6judPuLuIBDP28CrTK+T3UD+aordFcpMPatWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=2G8E3cD/YHuch8tWld9gWJDxXYOdqeMe6Gp/a4QggZ8=; b=S/hAzWYn5d0C6w/EFLsA1AW9YbrF2A9pzNYuFndvNiaayb3RUGvA1qceIejRNVZNBAUwnhKQa5LcQOZQX/7/2rBTxOmTYnA7ReTU6lJAUFeeOyQm35+m73n/HKo/gvfgRVuoQ8dGKMqI39sxFJ+2YugEORs2mstKezl6i+dof+AiAdE2E8PMoIsyti2jk0MmA1c1GZTlfvG+Bu+FyryWXNZmRtpiRNraBslEbaOdZl3sjHQdUwkybNW4Iny46ZpRM02b7zr+Sc1lMR+39gB07MLGU269xY1OMm1KHmP3Cq95mBVPRhvpJng2/PDf4a0RpEsQmILHJWgPVIBn7wIySQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2G8E3cD/YHuch8tWld9gWJDxXYOdqeMe6Gp/a4QggZ8=; b=EJsRoj6XbAKyZS/Mp/FcF3I4OB51qmpsh5t01dKaH0wzpX8YfRFbFklo8S8Iw5kaZUw/SBYCKT9LIC3RA4jBv6pKQ9sScUco9doMTeeUgFkEuYB5SU/2M/qO95/xtx0anE/KQrjkZpIhwq5dTq6KlZJAV653LKduRvUbv86qNBs=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by BL0PR11MB3220.namprd11.prod.outlook.com (2603:10b6:208:2f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.16; Wed, 11 Mar 2020 12:35:13 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::ec9a:6707:d1ba:ce30]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::ec9a:6707:d1ba:ce30%7]) with mapi id 15.20.2793.013; Wed, 11 Mar 2020 12:35:13 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "Panwei (William)" <william.panwei@huawei.com>, Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation Timing Definitions
Thread-Index: AdX3Ey664zQelNNbRnODHHrrt7v6IwADGMYAAAF6neAAC58LAAAS6YOg
Date: Wed, 11 Mar 2020 12:35:12 +0000
Message-ID: <BL0PR11MB31227E2543173E166F763C66A1FC0@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <BYAPR11MB31256F11BD86730AF9D21B6CA1FF0@BYAPR11MB3125.namprd11.prod.outlook.com><CD539706-7F11-4FF1-8483-17F51329C014@island-resort.com> <BYAPR11MB312543840E706D6A0DBC8013A1FF0@BYAPR11MB3125.namprd11.prod.outlook.com> <817d60e7ab6b41d5bad81b7702002397@huawei.com>
In-Reply-To: <817d60e7ab6b41d5bad81b7702002397@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5df66bfe-c8a1-4dfa-711b-08d7c5b8a525
x-ms-traffictypediagnostic: BL0PR11MB3220:
x-microsoft-antispam-prvs: <BL0PR11MB32204A7F0FF02A0CF4DDCC6BA1FC0@BL0PR11MB3220.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 0339F89554
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(376002)(396003)(136003)(346002)(199004)(9326002)(8936002)(110136005)(71200400001)(478600001)(5660300002)(4326008)(6506007)(2906002)(52536014)(53546011)(9686003)(186003)(33656002)(316002)(8676002)(26005)(66556008)(66616009)(66446008)(64756008)(86362001)(76116006)(66946007)(55016002)(66476007)(81166006)(81156014)(7696005)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR11MB3220; H:BL0PR11MB3122.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PAKE4jnLlaU8oHFkeGEpaP+PmJPHeIf46IwvrA0QaJMM2gfwh5OKiAF9lg6LyaTfG0urQ+jnQHTLP6cjbxx895UjFmV3Czc0oA+Y3WWSMSMr6kSzFzFUciUKGqMthqKjV404LirGSKirvvyOmZyJCSjefIoDNyGu5mi2ivd5bgyI9zAaQ0pikvk2k36YgtgH8/8COkN6zxmcKToJ57u9PEX1+pzISwsBNUK20lQYatvJTCQllkKsJvfVpUV5UgR/sZOOGveFEbh7N3megA6cZYAOYe5jjd1p18lIt8xwgtUMVgLp7hQ2vERCJbZ2WFoqBPAxVzTUwEQwnZc9dbm+ECQJ4uoXePkMHu063XPASwAnoVlafpOKoqv55EJ4RaBZqnNMEABZm6MGR4Qb+bFEvFxA44rtnuRO7KuffGiftvQSw6tvf1eeSnzb3sz6qNlL
x-ms-exchange-antispam-messagedata: /PpdzOnbIGR2dmqUxTMV52kujdGOzFVZSjYD+Z9p1+m6MAQ0ENT3h4GfattHB4rVZLp/DXB3sc3KtiKkeobBuseep8PUwI1PIBDjp9yOOetTdziS4IjQmehko9hLgVAyQ02Wq5UKcHEf1//xlDPdXA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_01FE_01D5F77F.F9746600"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5df66bfe-c8a1-4dfa-711b-08d7c5b8a525
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2020 12:35:13.1113 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: n3AMgz5GV8CRcJ6PBdBbYR4DnCr0et+gamgIMfkdi85kXW/Xwsmb8NqVJJR5qyer
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3220
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/4vSXexZIX7_hpeFUzahUIv8uSJw>
Subject: Re: [Rats] Attestation Timing Definitions
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 12:35:29 -0000

Hello Wei,

 

From: Panwei (William), March 10, 2020 11:20 PM



I think Ned’s email also has detailedly explained that the entity of Relying Party can also take on the role of Verifier, and in this case the Attester sends Evidence + previous Attestation Result to that entity, within that entity the Verifier role processes the Evidence and the Relying Party role consumes the two Attestation Results.

 

So, for a simple nonce-based Passport Model, the Attester just sends Attestation Result produced by the Verifier to the Relying Party, and the passport is simply the Attestation Result. 

   .----------.                     .----------.  .---------------.

   | Attester |                     | Verifier |  | Relying Party |

   '----------'                     '----------'  '---------------'

      time(a)                             |               |

      time(b)                             |               |

        |                               time(c)           |

        |<-----nonce1-------------------time(d)           |

      time(e)                             |               |

        |------Evidence---------------->time(f)           |

        |                               time(g){@time(h)} |

        |<-----Attestation Result-------time(i)           |

        |                                 |             time(c’)

        |<-----nonce2-----------------------------------time(d’)

      time(e’)                            |               |

        |------Attestation Result---------------------->time(l)

        |                                 |             time(h)

 

<eric> Agree this is a valid model.  It is ½ way between Models (1) & (2) from the original email.  It prefer this model to the simple Passport Model (1) from Figure 4 of draft-ietf-rats-architecture.  I have been assuming Figure 4 simplified away the nonces.

 

 

And for a complex model, which is the diagram 2 that Eric drew, the Attester will produce another Evidence to be sent together with the Attestation Result to the entity of Relying Party and Verifier.

For example, in the case of Eric’s draft (draft-voit-rats-trusted-path-routing), Evidence 1 is about the PCR value information, Attestation Result 1 says ‘boot processes have been verified successfully’, Evidence 2 is about time and changes since the Attester was last verified, Attestation Result 2 says ’time and changes are acceptable because only 5 minutes have passed since last verification and no changes happened’, then the Relying Party consumes these two Attestation Results to establish trust on the Attester.

   .----------.                     .------------.      .------------------------------------.

   | Attester |                     | Verifier 1 |      | Verifier 2     |     Relying Party |

   '----------'                     '------------'      '------------------------------------'

      time(a)                             |                   |                      |

      time(b)                             |                   |                      |

        |                               time(c)               |                      |

        |<-----nonce 1------------------time(d)               |                      |

      time(e)                             |                   |                      |

        |------Evidence 1-------------->time(f)               |                      |

        |                               time(g){@time(h)}     |                      |

        |<-----Attestation Result 1-----time(i)               |                      |

        |                                 |                   |                      |

      time(a’)                            |                   |                      |

      time(b’)                            |                   |                      |

        |                                 |                 time(c’)                 |

        |<-----nonce 2--------------------------------------time(d’)                 |

      time(e’)                            |                   |                      |

        |------Attestation Result 1 + Evidence 2----------->time(f')               time(l)

        |                                 |                 time(g’){@time(h’)}      |

        |                                 |                 time(i')-----AR 2----->time(l’)

        |                                 |                   |                    time(h)

        |                                 |                   |                    time(h')

More than Verifier 1 and Verifier 2 depicted in the diagram, between Attester and Relying Party there can be multiple Verifiers, whether within the same entity or not. I think this is an variant of the simple nonce-based passport model and the simple nonce-based passport model may be enough for timeliness consideration.

 

<eric> I agree that this is a viable variant.   Adding the numbers and the 'single quotes' to the second instance of the letters does provide useful specificity.   For simplicities sake, I probably wouldn't break out what is in the Verifier2+Relying Party.

 

Eric

 

Regards & Thanks!

潘伟 Wei Pan

华为技术有限公司 Huawei Technologies Co., Ltd.

 

From: RATS [mailto:rats-bounces@ietf.org] On Behalf Of Eric Voit (evoit)
Sent: Wednesday, March 11, 2020 6:10 AM
To: Laurence Lundblade <lgl@island-resort.com <mailto:lgl@island-resort.com> >
Cc: rats@ietf.org <mailto:rats@ietf.org> 
Subject: Re: [Rats] Attestation Timing Definitions

 

Hi Laurence,

 

In-line with <eric>

 

From: Laurence Lundblade, March 10, 2020 5:05 PM

On Mar 10, 2020, at 1:09 PM, Eric Voit (evoit) <evoit=40cisco.com@dmarc.ietf.org <mailto:evoit=40cisco.com@dmarc.ietf.org> > wrote:

 

2. Nonce based Composite Evidence Passport.  

This figure matches to the sequence diagram from Figure 3 of draft-voit-rats-trusted-path-routing

   ..----------.                     ..----------.  .---------------.

   | Attester |                     | Verifier |  | Relying Party |

   '----------'                     '----------'  '---------------'

      time(a)                             |               |

      time(b)                             |               |

        |                               time(c)           |

        |<-----nonce--------------------time(d)           |

      time(e)                             |               |

        |------Evidence---------------->time(f)           |

        |                               time(g){@time(h)} |

        |<-----Attestation Result-------time(i)           |

        |                                 |             time(c)

        |<-----nonce------------------------------------time(d)

      time(e)                             |               |

      time(j)                             |               |

      time(k)--Attestation Result + Evidence----------->time(l)

        |                                 |             time(h)

 

Something seems off here. By my understanding of the passport model, the Attestation Result is the passport and can only be created by a Verifier. This diagram seems to show the Attester creating there Attestation Result. 

 

<eric> Agree that Attestation Results can only be created by a Verifier.  The reason this was on the diagram was that Figure 4 from draft-ietf-rats-architecture showed "Attestation Evidence" as part of this specific flow.  And it *is* part of the flow.  But there is other Evidence in the flow too.  To reflect this, I have added "+ Evidence" to the figure above.

 

Generalizing the question a bit, adding Evidence to a passport is a natural thing.  Think about your US passport.  Every time you go through a port, it is stamped with additional information.   And this becomes a part of that passport which subsequent countries can see.  But it wasn't information attested by the US.

 

Seems like one fix is to remove the second nonce and time(e) and say the the Attestation Result is exactly the same in both occurrences — classic passport where the attester just passes the result through.

 

The other fix is to have the Attester produce a second Attestation Evidence that includes the first Attestation Result, route that to a second verifier and then on to the RP. Then you have composition.

 

<eric> Hopefully my answer above clears this up.  There is more in draft-voit-rats-trusted-path-routing section 4.2 which addresses specific topics on this flow.  

 

The main intent of this thread was to dive into the specific definitions of the timing definitions.  Perhaps if you have questions on this Section 4.21 flow, comment on the thread about "draft-voit-rats-trusted-path-routing"?

 

I don’t think Attesters can produce Attestation Results.

 

<eric>  Agree they do not produce Attestation Results.  

 

Eric

 

LL

v2.23.0 | Report a Bug | By Email