Re: [Rats] Hint for a Verifier ... was AW: I-D Action: draft-ietf-rats-msg-wrap-01.txt
Tom Jones <thomasclinganjones@gmail.com> Tue, 02 January 2024 17:45 UTC
Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5F7FC14F73F for <rats@ietfa.amsl.com>; Tue, 2 Jan 2024 09:45:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lhNBil7T44ef for <rats@ietfa.amsl.com>; Tue, 2 Jan 2024 09:45:26 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97C40C14CF17 for <rats@ietf.org>; Tue, 2 Jan 2024 09:45:26 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a2328f2b6e5so308549666b.0 for <rats@ietf.org>; Tue, 02 Jan 2024 09:45:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704217525; x=1704822325; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fxHzHgFk1/+/Xr1a+S1pl6UyrBXlus5bs02Zsws+upY=; b=nYxMDnbb5YqdyfHHlZ2HzCd/ua3hhs2rlbNJuRLcSuRHX5sLHZBJ4aPJN/XkqfFkAo N92c+SkocVTj3y5Fpbygp9YnRwGzUDLeHHmM2+nWGHJ6lJZnj9N+Vfe8aEjMjauDneV5 1XYOtM3B0q0kcvPXZJ84LhKObUL0Qof3bFtT9zLSw4humxJjVax+0ZwMYscx1hczl4xY GQTXLjDKjurdzyNaeWClU0wThEC7y559OUXgamcKzWMdFZfyCwD+aabYb0482wGGdIke v/FqRZ8MVdhHpRsxJShdU0f7kXr2vizuVthOlqfaoLxI4oadUJMZ9g+VhzPGY71MQqBI LWcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704217525; x=1704822325; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fxHzHgFk1/+/Xr1a+S1pl6UyrBXlus5bs02Zsws+upY=; b=FXj5mqJczEdzjmqA2G0vyx4I0RVLEZAlJHyx27T4cECg5AkfObF/tOqABV6SHTZsvL l+EqaujjZdR5LeDDvq0jPPTErbBhAVz7JFgNjJ6mrTDIeDKuH8tu3lHFg+iEMQLKr4cY WuxzsceuzQK0AK5F0tSVoeGPkZd9sazctV4JodjKH7hnGi/EVHGrSILF+seG+B0ZzTPc xJVdPB1DQa8/oF0YawcNtGzlixGbDrQMv1ShuLUngRrvWHmW7k53TXoZCxYVvPLKQ0Mp ae086WjaY6E8C9+n+uqywF5TRXXREparYVB90smXrV3+pUJoJ4BJTCVMriJhzl0zlUkO zMFw==
X-Gm-Message-State: AOJu0YwnpfPBZK72LCtB++75rC3zVLxyGqd8G1ssYYT9hU2hewH4rWvM qbAzqYIgjtxJrC9Tb4ze3+SQXO11gvtHh4npEd0=
X-Google-Smtp-Source: AGHT+IEwuPx3SN9f+WmoKXDbPkmbp0S7OZAh2OqUIdgZPwfVE+wtK75QeecZK2oMW9E2B6vc7kTmMWpL1x9juueiHIk=
X-Received: by 2002:a17:907:789:b0:a27:7701:f16 with SMTP id xd9-20020a170907078900b00a2777010f16mr8304130ejb.7.1704217524455; Tue, 02 Jan 2024 09:45:24 -0800 (PST)
MIME-Version: 1.0
References: <170315091797.55319.6825067742910818727@ietfa.amsl.com> <CA+1=6ydYyxgw0HaRYyTZ3PgJ70gT9yqHSB9Z9pD3pN-BHH3LUA@mail.gmail.com> <AS8PR10MB74278EA4BCFFE2EC31E2EFE9EE61A@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <AS8PR10MB74278EA4BCFFE2EC31E2EFE9EE61A@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Tue, 02 Jan 2024 09:45:12 -0800
Message-ID: <CAK2Cwb5igYfkZW85fyZeGhe0M-OCYquPEu__evnXo_+YosuLjQ@mail.gmail.com>
To: "Tschofenig, Hannes" <hannes.tschofenig=40siemens.com@dmarc.ietf.org>
Cc: Thomas Fossati <thomas.fossati@linaro.org>, "rats@ietf.org" <rats@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002a4dc7060dfa10df"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6pg3XBMegYwCwKX0z-yZq1w74Fs>
Subject: Re: [Rats] Hint for a Verifier ... was AW: I-D Action: draft-ietf-rats-msg-wrap-01.txt
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2024 17:45:31 -0000
attacks against the system would then be trivial. The attestor would insert itself (disguised of course) in as the verifier. How would the RP know that the whole thing wasn't bogus from start to finish? Be the change you want to see in the world ..tom On Tue, Jan 2, 2024 at 7:40 AM Tschofenig, Hannes <hannes.tschofenig= 40siemens.com@dmarc.ietf.org> wrote: > Hi Thomas, Hi all, > > I believe there is a need to add functionality for helping replying > parties to locate Verifiers. > This is a topic that recently surfaced in the LAMPS Attestation Design > Team and is documented here: > https://github.com/lamps-wg/csr-attestation/issues/70 > > The issue is the following: As a design principle, we want the relying > party to be agnostic of the attestation technology (and the encoding of the > Evidence format). Instead, the Verifier and the Attester have to understand > the attestation technologies. > > In simple deployments, a relying party just relays the Evidence to a > Verifier. In more complex deployments, there are most likely multiple > Verifiers and the relying party needs to decide where to send the Evidence. > > As described in the above-referenced issue, the suggestion is to include > additional information about what the attester believes the correct > Verifier is. This is a hint to the relying party. This information would be > included in the Evidence, at least if it is based on something like an EAT, > but since the relying party is not expected to parse the Evidence, it would > be replicated into a "wrapper" outside -- for example into the CMW. > > I am wondering what others think. > > Ciao > Hannes > > > -----Ursprüngliche Nachricht----- > Von: RATS <rats-bounces@ietf.org> Im Auftrag von Thomas Fossati > Gesendet: Donnerstag, 21. Dezember 2023 10:41 > An: rats@ietf.org > Betreff: Re: [Rats] I-D Action: draft-ietf-rats-msg-wrap-01.txt > > Hi, > > In this freshly published -01, we added a "CMW collection" modelled on > Simon's "EAT collections" [1]. The main driver for this is supporting > composite/layered attesters. > > The other added bit is the media types registration. > > See the "diff" link below for the details. > > cheers! > > [1] https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/ > > > On Thu, 21 Dec 2023 at 10:28, <internet-drafts@ietf.org> wrote: > > > > Internet-Draft draft-ietf-rats-msg-wrap-01.txt is now available. It is > > a work item of the Remote ATtestation ProcedureS (RATS) WG of the IETF. > > > > Title: RATS Conceptual Messages Wrapper > > Authors: Henk Birkholz > > Ned Smith > > Thomas Fossati > > Hannes Tschofenig > > Name: draft-ietf-rats-msg-wrap-01.txt > > Pages: 20 > > Dates: 2023-12-21 > > > > Abstract: > > > > This document defines two encapsulation formats for RATS conceptual > > messages (i.e., evidence, attestation results, endorsements and > > reference values.) > > > > The first format uses a CBOR or JSON array with two mandatory > > members, one for the type, another for the value, and a third > > optional member complementing the type field that says which kind of > > conceptual message(s) are carried in the value. The other format > > wraps the value in a CBOR byte string and prepends a CBOR tag to > > convey the type information. > > > > This document also defines a corresponding CBOR tag, as well as JSON > > Web Tokens (JWT) and CBOR Web Tokens (CWT) claims. These allow > > embedding the wrapped conceptual messages into CBOR-based protocols > > and web APIs, respectively. > > > > The IETF datatracker status page for this Internet-Draft is: > > https://data/ > > tracker.ietf.org%2Fdoc%2Fdraft-ietf-rats-msg-wrap%2F&data=05%7C02%7Cha > > nnes.tschofenig%40siemens.com%7C0bc7d290475f43a8184408dc02091811%7C38a > > e3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638387485278246935%7CUnknown%7 > > CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV > > CI6Mn0%3D%7C3000%7C%7C%7C&sdata=YbdIy5tz4qp1bAbJAJ6YHA7L75WU9m2us0t5u7 > > lOTYY%3D&reserved=0 > > > > There is also an HTML version available at: > > https://www/. > > ietf.org%2Farchive%2Fid%2Fdraft-ietf-rats-msg-wrap-01.html&data=05%7C0 > > 2%7Channes.tschofenig%40siemens.com%7C0bc7d290475f43a8184408dc02091811 > > %7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638387485278246935%7CUnk > > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw > > iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bfQvm7mbwh6z%2FEpc77aotMhV73bZPV > > UUjIZ%2Ffzm6A5M%3D&reserved=0 > > > > A diff from the previous version is available at: > > https://auth/ > > or-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-rats-msg-wrap-01&data=0 > > 5%7C02%7Channes.tschofenig%40siemens.com%7C0bc7d290475f43a8184408dc020 > > 91811%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638387485278246935% > > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yRX8Lk2XLU4su3FmNClI16qTBwh > > sDt4qRV5xt54gf8E%3D&reserved=0 > > > > Internet-Drafts are also available by rsync at: > > rsync.ietf.org::internet-drafts > > > > > > _______________________________________________ > > RATS mailing list > > RATS@ietf.org > > https://www/. > > ietf.org%2Fmailman%2Flistinfo%2Frats&data=05%7C02%7Channes.tschofenig% > > 40siemens.com%7C0bc7d290475f43a8184408dc02091811%7C38ae3bcd95794fd4add > > ab42e1495d55a%7C1%7C0%7C638387485278403181%7CUnknown%7CTWFpbGZsb3d8eyJ > > WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > > %7C%7C%7C&sdata=uiTcw1o8zlIvXplSg0GbuE5UwDE%2FwriHBEP9WpU%2BAo4%3D&res > > erved=0 > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- [Rats] I-D Action: draft-ietf-rats-msg-wrap-01.txt internet-drafts
- Re: [Rats] I-D Action: draft-ietf-rats-msg-wrap-0… Thomas Fossati
- [Rats] Hint for a Verifier ... was AW: I-D Action… Tschofenig, Hannes
- Re: [Rats] Hint for a Verifier ... was AW: I-D Ac… Tom Jones
- Re: [Rats] Hint for a Verifier ... was AW: I-D Ac… Tschofenig, Hannes
- Re: [Rats] Hint for a Verifier ... was AW: I-D Ac… Thomas Fossati
- Re: [Rats] Hint for a Verifier ... was AW: I-D Ac… Thomas Fossati