Re: [Rats] Verifier Input instead of Endorsement?
Dave Thaler <dthaler@microsoft.com> Tue, 30 June 2020 03:56 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215D13A0AB1 for <rats@ietfa.amsl.com>; Mon, 29 Jun 2020 20:56:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-tJZzhTSImQ for <rats@ietfa.amsl.com>; Mon, 29 Jun 2020 20:56:12 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2097.outbound.protection.outlook.com [40.107.237.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A27E3A0AAE for <rats@ietf.org>; Mon, 29 Jun 2020 20:56:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FXa/ORo5k36sGLFH/gKtzlXHYcKVhYvzz4Zntnf1TCiLjCbS7hXrWU4lAChptLuHIkWksZPwivfCTTXSHUQ5JkP1CmsL6ZqzJPv4AucVyPM38zufZ2WlTQ5UdYs6X8SGotrB5br+hpKnBPCJMNQ6jZIE7wto7mKn9+dl6S+hFEzcztdzZgzDk/Q5zWFizwEjRVN4omDaDGLQEPtRMtsW4X1BH6Ww/9jRL8EZ0+KT78eWiPLTuTCAcB4lOZRXXFtG3aXSU/z7kDaCZBH62GH1t4CLBBT8pXQmQc3h9M9RG9xT6jVTLSHuGRXKrMZEHMlyOpG8tdK6/OjzZ9mNTUzWkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g0dKuWHMcZu8e1yN+rzStU8NihOL+5YWKq4FOgXQVgQ=; b=THS6S+IFveVrTx3nYU1znoW3G8XdPDwW1neFqaNIPVMRuw3LezKxO9XToQuFMfze/SJkrmzcIeo7gxtmy3xBebJqJOr00wT3ddiAdgJQnQf1YSW9cp4eEYzvnud1XM1htFjAQJGXCs4teSG2ggeordJ0sxiYQ1uoXx+tovVYHpDiF3E4Vc0gWO4f49Dt4fkUCzXZD6raoHYEaetTv5fqZHW22qsar5ICMsXwLBziNXeSEUiX6bFq4kIMrGxZlyMBbuT/MBsN0lYc0UeftlqsgwO4NmWfize+Im33wigr3gTAB1/Pn+ydCx/Smob4VWbsjcpwERmRNupyYQrdz+iACg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g0dKuWHMcZu8e1yN+rzStU8NihOL+5YWKq4FOgXQVgQ=; b=TNcHxS/6qLwrm1LQXL22tOnPH3GMt5WCQYpSOBfLA85XU3zyrNMd4yxwSIJZ6bhEJ+Os5yjBUlwKQMtXCR8/twRB5n7cdUqGGhitChM1D0PpHCDU7T2ypaiTglWqJYboh4bs1t4n84w3m45riJ6ZOQlgtZ/E97tYa68lhBPqaIc=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (2603:10b6:207:30::33) by BL0PR2101MB0899.namprd21.prod.outlook.com (2603:10b6:207:36::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.2; Tue, 30 Jun 2020 03:56:10 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::29cb:295d:97bc:3f7f]) by BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::29cb:295d:97bc:3f7f%9]) with mapi id 15.20.3174.001; Tue, 30 Jun 2020 03:56:10 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Verifier Input instead of Endorsement?
Thread-Index: AQHWTkP+FnrtkqE4YE232Ks3KGvDAKjwhzrw
Date: Tue, 30 Jun 2020 03:56:09 +0000
Message-ID: <BL0PR2101MB10279501A4ECA5BB7B6AED63A36F0@BL0PR2101MB1027.namprd21.prod.outlook.com>
References: <878E068C-DAFD-4441-94F7-BA79CAF7FED6@island-resort.com>
In-Reply-To: <878E068C-DAFD-4441-94F7-BA79CAF7FED6@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-06-30T03:56:09Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=19eceaed-ea6f-4eec-99c8-29cd17012219; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:9780:16f0:5c6d:a267:2ce1:5e74]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 469767cb-3d83-4ec6-2c6b-08d81ca98658
x-ms-traffictypediagnostic: BL0PR2101MB0899:
x-microsoft-antispam-prvs: <BL0PR2101MB089965EA7C7EF2188480A7FDA36F0@BL0PR2101MB0899.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:785;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uRR2gBYrqiPUW7USaSaIpdWqiVkGDSYR+de6iyD03aGEyoEiBCtxbMPhprfCamb6oHsGwoug+1sZZ4TMsv/FfPh6fW+R01wdUdMr8c+hRIncvd/IQMhy41eC3yJiDvvQm6a7lRPd3lDfRczDo4CGCvtfzsQ0vB7hUqW0Tny27PYM7nfV+pseFNnbv3y5kAwrl9un2iEbn2r9iWIpZSpZxKhzGQgIfx9+TXgVUZagMYSokMy0uA1B3Bx86ZMiAY7Yh/cF5oefnKzp6ac4zqticz4naNkPwrN0jtT9QVzBH7GDMJIhYfcCffvOPmpnqO5Ja3sGATcALvS7I1yzurum96KZLagso/a54lWVe5NzkT0WNkHWGeIVZw0tz9w5JR5DpkVWnJAxFnQ9gOKCHP5Rgw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR2101MB1027.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(346002)(39860400002)(376002)(366004)(396003)(2906002)(82960400001)(82950400001)(71200400001)(83380400001)(10290500003)(86362001)(53546011)(166002)(186003)(6506007)(8936002)(478600001)(66946007)(33656002)(66446008)(64756008)(66556008)(66476007)(7696005)(76116006)(110136005)(8990500004)(55016002)(9686003)(5660300002)(8676002)(316002)(52536014); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: c+Y8k0iYzl89OXeK0YQwMgFfKZAYZd1EsWBYc/l/inXJyopNocN9Tuk7yeoI7dRvXwFBwUh+19qRZEl3Voe3Ed4XFsebMwmI9U2XU1C1arYNf5k9Yzsf6Xqi+yxLt0FvBy+m/nBQOSr5jb/a7sCzD1rTG9UvvKJQ5mKDzwhFRVMOSnq6vPkA6RuqIyYQdRliAO2xbu1wAuNDzEz8Y3Aqt+oVI8RpJLYfH2O4UPcqmgsx4YkCs8dbT2f5Kl1iLiP3bCtPRuIkEBnN8i7fb45NEeP+p7f9syQ6EZbPExRDgpJg/R4orQbRFeZ1qNAJvl1XkfhcHm3m2vEjW1mW9X5tRvr4o2JGmh6hM7kRBA3aW/EC3zEAu2tgGeetr53k7FpC4vhPHLU/gDApNa7ZedxqyHK1c2Ffaj/sJdNNEkEubUpyL1Kg3aacDjGpHFgOefHFf3lNA67QRdUN9wSurefC1iuLSn/hljTHugvu8T6bRB9BbmSNajJgpMetq28ZN6KiTZIdEAWO9Ci/ARkedF1RT6fdIhisVZeoCExh1ZsYxwCFswAoQU2sK3XENA0iF5lK
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR2101MB10279501A4ECA5BB7B6AED63A36F0BL0PR2101MB1027_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR2101MB1027.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 469767cb-3d83-4ec6-2c6b-08d81ca98658
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2020 03:56:10.0582 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YBVaC+BgRTyFTT7bcKj/GpQmRzU2ZKrNOCJzC+bGq5Puh5fcZTatJnbPRBr2rVby02yGnJDpM5a0n1z/AH3w9trNce9O/nEkurm1vp1xDK8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB0899
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/FBnlnqRokzGODXOcknP97J3MwkQ>
Subject: Re: [Rats] Verifier Input instead of Endorsement?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 03:56:14 -0000
I don’t like the term “Verifier Input” since “Appraisal Policy for Evidence” is also Verifier Input, so I would find it confusing. I think that the rules for what to put in Attestation Results (bullet 3), as well as “known-good/reference values” if such exist (and there can be valid policies where they may not exist, or rather where the policies use more complex rules than a simple test for equality against a constant) are conceptually part of Appraisal Policy. I do agree that Appraisal Policy can be conveyed to the Verifier in many different ways, and may be composed of different things from different sources. Dave From: RATS <rats-bounces@ietf.org> On Behalf Of Laurence Lundblade Sent: Monday, June 29, 2020 11:34 AM To: rats@ietf.org Subject: [Rats] Verifier Input instead of Endorsement? Stepping back a bit on the definition of an Endorsement, I think the four inputs to a Verifier are these: - Key material for verifying trust in the Attester - Known-good/Reference values for comparison with claims - Static implicit claims that are passed to RP's via Attestation Results - Appraisal Policy These can and will be conveyed to the Verifier in many different ways: - X.509 certs with extensions - Signed documents - HTTP queries against the Attester/device manufacturer - Remote SQL or some other sort of database access to manufacturer(s) - Data storage like flash drives the are hand carried into the Verifier's site - One-time special file transfers - Ceremonial procedures with M out of N people physical present approving transfer It seems like shoe-horning all of the above (except policy) into an Endorsement, like I’ve tried to do<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Farchitecture%2Fpull%2F94&data=02%7C01%7Cdthaler%40microsoft.com%7Cf15ace6e8b4b447eebc008d81c5b1f33%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637290524986365098&sdata=2NktPX%2B3LJXjMEjEFoM8kpUIy6yOxte%2BuhFYr1ETN4g%3D&reserved=0> is too much. I tried this shoe-horning because I think the architecture document needs to cover all this and Endorsements was what was in it. A typical Endorsement seems to be just the first two mentioned, X.509 and signed documents expanding its definition to include database access is a stretch. Rather than defining Endorsement, I’d like to define Verifier Input: ******************* ************ **************** * Manufacturer(s) * * Verifier * * Relying Party* ******************* * Owner * * Owner * | ************ **************** | | | Verifier Input| | | | |Appraisal | | |Policy | | |for | Appraisal | |Evidence | Policy for | | | Attestation | | | Result v v | .-----------------. | .----->| Verifier |------. | | '-----------------' | | | | | | Attestation| | | Results | | | Evidence | | | | | | v v .----------. .-----------------. | Attester | | Relying Party | '----------' '————————‘ Endorsements must still be mentioned, but as one form of Verifier input just like EAT is one form of Attestation Evidence. Verifier Input would be defined as: - Key material for verifying trust in the Attester - Known-good/Reference values for comparison with claims - Static implicit claims that are passed to RP's via Attestation Results To do this, I’d replace the current PR<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Farchitecture%2Fpull%2F94&data=02%7C01%7Cdthaler%40microsoft.com%7Cf15ace6e8b4b447eebc008d81c5b1f33%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637290524986365098&sdata=2NktPX%2B3LJXjMEjEFoM8kpUIy6yOxte%2BuhFYr1ETN4g%3D&reserved=0> and issue<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Farchitecture%2Fissues%2F65&data=02%7C01%7Cdthaler%40microsoft.com%7Cf15ace6e8b4b447eebc008d81c5b1f33%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637290524986375092&sdata=GfM5qElO4teNdjfABlmVayeGXuYHWBDqHTVtpeeew7g%3D&reserved=0> I have on Endorsements with a new PR. It will be a fair bit of work, so I want to see if there is some consensus first. LL
- [Rats] Verifier Input instead of Endorsement? Laurence Lundblade
- Re: [Rats] Verifier Input instead of Endorsement? Dave Thaler
- Re: [Rats] Verifier Input instead of Endorsement? Laurence Lundblade
- Re: [Rats] Verifier Input instead of Endorsement? Henk Birkholz
- Re: [Rats] Verifier Input instead of Endorsement? Laurence Lundblade
- Re: [Rats] Verifier Input instead of Endorsement? Michael Richardson
- Re: [Rats] Verifier Input instead of Endorsement? Simon Frost
- Re: [Rats] Verifier Input instead of Endorsement? Laurence Lundblade
- Re: [Rats] Verifier Input instead of Endorsement? Laurence Lundblade
- Re: [Rats] Verifier Input instead of Endorsement? Michael Richardson
- Re: [Rats] Verifier Input instead of Endorsement? Simon Frost
- Re: [Rats] Verifier Input instead of Endorsement? Henk Birkholz
- Re: [Rats] Verifier Input instead of Endorsement? Laurence Lundblade
- Re: [Rats] Verifier Input instead of Endorsement? Henk Birkholz
- Re: [Rats] Verifier Input instead of Endorsement? Michael Richardson
- Re: [Rats] Verifier Input instead of Endorsement? Laurence Lundblade
- Re: [Rats] Verifier Input instead of Endorsement? Henk Birkholz
- Re: [Rats] Verifier Input instead of Endorsement? Michael Richardson