Re: [Rats] Attestation key material in architecture document

Laurence Lundblade <> Thu, 30 July 2020 18:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 72F763A08EC for <>; Thu, 30 Jul 2020 11:50:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.916
X-Spam-Status: No, score=-1.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Uq0XwuxSs5cZ for <>; Thu, 30 Jul 2020 11:50:30 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3D3CF3A0898 for <>; Thu, 30 Jul 2020 11:50:30 -0700 (PDT)
Received: from [] ([]) by :SMTPAUTH: with ESMTPA id 1DdMkDlPeccZp1DdMkl3yp; Thu, 30 Jul 2020 11:50:28 -0700
X-CMAE-Analysis: v=2.3 cv=c/HVvi1l c=1 sm=1 tr=0 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=0XtbOteLAAAA:20 a=48vgC7mUAAAA:8 a=W6KhWYqd5INMolrMDvwA:9 a=AfaGvO1MeL9y9aZ_:21 a=mfjsQ84ms7a-PWAa:21 a=QEXdDO2ut3YA:10 a=hnbapBadfA1NaKZJgBkA:9 a=Wb_aUdSB-Qzo9BCS:21 a=gNlvrNL0az7UbwyZ:21 a=PsVteSXnUuCul98o:21 a=_W_S_7VecoQA:10 a=w1C3t2QeGrPiZgrLijVG:22
From: Laurence Lundblade <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_129FB8B8-6909-4C95-AB63-7EFF7CF1634A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 30 Jul 2020 11:50:28 -0700
In-Reply-To: <>
To: Henk Birkholz <>
References: <> <>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfLAKAodlp6d1HA9jdmOUCxee/zAICX7cHzlb5z17OPxw645V+lpNMjxwt/f5vk0ilkDTrXBIorUQc23PSnVOtViVU2NOBVDoH+fDtdxfjP26ZqNRitVj Hh8WBay5hGnxIiUB2puAZZiG5K1updCBYkSXOk9Y2qi+Vv6hLF9vW7UNc38ildxo+yyTttCuzvf46anDPWAo2Rgq5Vs7pT7b4Eo=
Archived-At: <>
Subject: Re: [Rats] Attestation key material in architecture document
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 30 Jul 2020 18:50:33 -0000

Thanks for updating the issue. I will attend the architecture meeting when it is discussed. :-)

A good first step would be to determine if there is consensus that the 7 cases I described (TRUST_ANCHOR…VERIFICATION_SERVICE) should be allowed and supported by RATS. There were no fundamental objections in the 108 RATS meeting, but it would be good to know explicitly there is consensus on this so we’re working from a common base.

Does anyone think RATS architecture should explicitly exclude any of these 7?


> On Jul 30, 2020, at 3:31 AM, Henk Birkholz <> wrote:
> Hi Laurence,
> I updated issue #65 for you:
>> <>
> This will make it easier for the editors to address your two alternative proposals. I think it would help, if you are present when we discuss this.
> MCR: do we plan for an editor's meeting next Tue?
> Viele Grüße,
> Henk
> On 29.07.20 22:14, Laurence Lundblade wrote:
>> I presented this slide below the IETF 108 RATS meeting today. I believe it is critical that the RATS architecture allow for all uses case in the slide.
>> In particular RATS architecture must allow for symmetric keys. TPMs and public-key based crypto is too expensive for low-cost, large-scale IoT. There are real use cases supported my multiple companies using symmetric keys. Symmetric keys can be made secure at the verifier — we secure keys for TLS at servers all the time using HSMs and such.
>> I do NOT want to put this taxonomy into the RATS architecture document. I don’t think that is necessary. I created the taxonomy as background information and as illustrative examples of real world designs.
>> I think there are options for adjusting the architecture document to accommodate this.
>>    Option 1) Expand the notion of an Endorsement quite a lot.
>>    Endorsements are not longer just static documents like X.509 certs
>>    and/or COSE/CMS signed blobs. They are anything that conveys the
>>    attestation key material into the Verifier or allows Verification of
>>    the attester. They must support confidentiality.
>>    Option 2) Replace the term “Endorsement” with something like
>>    “Verifier Input” or “Attester Trust Criteria” in the architecture
>>    document as the means by which key material goes into the Verifier.
>>    Endorsements still exist, but are just one type of Verifier Input or
>>    Attester Trust Criteria just like EAT is one kind of Attestation
>>    Evidence.
>> I have a slight preference for Option 2). I’m interested in opinions of which option to choose.
>> This is issue #65 < <>>, opened in GitHub four months ago. It is not a last-minute/new issue. I believe it is in scope with the RATS charter as the charter explicitly mentions attestation key material in the Program of Work.
>> LL
>> My main point of this taxonomy was to affect the RATS architecture document. There was discussion today of it being a separate document perhaps outside of RATS. I’m happy for that to happen, but I don’t want to write it because I have enough RATS/EAT work to do. I’m very happy if other folks want to pick it up and use in other documents :-).
>> _______________________________________________
>> RATS mailing list
>> <>
>> <>