Re: [Rats] draft-birkholz-rats-network-device-subscription-00

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 13 August 2020 13:02 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FAB53A0C0B for <rats@ietfa.amsl.com>; Thu, 13 Aug 2020 06:02:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.588
X-Spam-Level:
X-Spam-Status: No, score=-9.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Ci0tjLJN; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=zth3h/Tt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yRWk1qFc_TXp for <rats@ietfa.amsl.com>; Thu, 13 Aug 2020 06:02:30 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3659D3A0C04 for <rats@ietf.org>; Thu, 13 Aug 2020 06:02:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14870; q=dns/txt; s=iport; t=1597323750; x=1598533350; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=MeD0uzo+b5IJ6hOTPIat8t0e85zRBok6k6eWYtiQCuc=; b=Ci0tjLJNDJC0CO+9GFNJYVr3BOqvoJM6WwYkOont5jK+DmwCxRBcJDMN DTMSevtZioI/dFBITzUtprDjzHkcUcP0tWg4IRMS8a/QzzvZJPaCKMYf5 UMtSkN0P2jzSzLOLtwp5t9z4AgCmBzd3YBUWoln8DPxxUnsIi/nUYo8Lr Y=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3AzMiFVR2ieMvqNHZSsmDT+zVfbzU7u7jyIg8e44?= =?us-ascii?q?YmjLQLaKm44pD+JxWFv6dojVTTWp7c5e4CgO3T4OjsWm0FtJCGtn1KMJlBTA?= =?us-ascii?q?QMhshemQs8SNWEBkv2IL+PDWQ6Ec1OWUUj8yS9Nk5YS8P/bEfVuXq88XgZHR?= =?us-ascii?q?CsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wR?= =?us-ascii?q?zM8XY=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BjAQDYODVf/5NdJa1fHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgTkEAQELAYEiLykoB3ArLS8sCodyA41Xh16MHIRtgUKBEQN?= =?us-ascii?q?VBAcBAQEJAwEBIwoCBAEBhEwCgkACJDcGDgIDAQELAQEFAQEBAgEGBG2FXAy?= =?us-ascii?q?FcQEBAQMBEhsTAQE3AQQLAgEIDgcQIQIwJQIEAQ0NBhSCOUyBfk0DDhEPAQ6?= =?us-ascii?q?mUQKBOYhhdIE0gwEBAQWBR0GDIBiCBwcDBoE4AYFSgR6KEA8agUE/gVSCTT6?= =?us-ascii?q?CXAICAQGBJgESASMrgx2CLY9hiz6bDQqCYoQ4glyBT4JCjxigFYVajFmKP5R?= =?us-ascii?q?3AgQCBAUCDgEBBYFpJGdwcBU7gmlQFwINjh+DcYUUhUJ0NwIGCgEBAwl8jnA?= =?us-ascii?q?BgRABAQ?=
X-IronPort-AV: E=Sophos;i="5.76,308,1592870400"; d="p7s'?scan'208,217";a="811343533"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Aug 2020 13:02:28 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 07DD2SaN021320 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 13 Aug 2020 13:02:28 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 13 Aug 2020 08:02:28 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 13 Aug 2020 09:02:27 -0400
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 13 Aug 2020 08:02:27 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NiYceXobbnYSfGnfUq/MQD7DPI7ySAkH4WUTvcaklxtg07jpxnmOx62fexmXYQQ1nWFRyYxmFokZllPMtwRXzzJ64sBbfUkybhk/vNUAR7eXwJnu6vFnnoJCkiAuF9Z95OqMxYCdHPw2KtNre8zQrCRPRHR8vod15UWADqHLL6MCKhIu9JZHnpvYsz1JUEg1gG3yoDmRVZBcAj7+Rmzp09UmXYaW8qqK0+ceaYd+67yleW35+8izCfJFeDWQaoWkqej74yl2y1OeMzAiWasn1VFA5zCvOswZQGsqYXKUkCXfNUKrBYNu5ikm9heODGvyjhezvEjiE5DCvGj/8HTT/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UxoJ3Bg86cm75Zqi9hHYzalmYbOCin4R6SwuwWoZ8o0=; b=lLd5z8GOWECm+xJO1I+bx1mBPvKOz3ve+pq+vAtJCkrHYErGP1J/PS0+1YchGKC/FD03xZb3QY1UsMzi5eq3APqzktuP+CRJrYnrfzarq0ozBUfQ58YX9en4XqlDiHSWjm7exfN8mDnmjfot9pgdxMtmgkOccpuH4ii3y5ue0ObF+lY3ttJsUbJjRwAs99XBV4brAPo6bj3s91Rf5QIDFkhoq6Cuu3/cW/6mp3Cw9WY4/tjLR7R0jiwkvSiBJnr8Oz/Z4y5b1fDrm3KY3no5c3p3V3E8vZmX/iEWLf6R/AaxW0d8SIi0ggsCqxJnONnj2syQJK3zE+dCzFm8IAwubA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UxoJ3Bg86cm75Zqi9hHYzalmYbOCin4R6SwuwWoZ8o0=; b=zth3h/TtPa/DXFjyFVlsjJS4U6bnN3KYAsCH4+Xvux3kVNAXsrGMIaO1qRCzO08X9KjeCszbzRbNkHn/bccxbSDkGSkMK2SJhReyUs2l4c4Kdt3j306QHadBWKwafddlx2mj7GHrOvdWUTWPNgF6G0tBgg4zSgwMZr09yuxuhsk=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by MN2PR11MB4080.namprd11.prod.outlook.com (2603:10b6:208:137::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.18; Thu, 13 Aug 2020 13:02:26 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::fcd5:b07d:e935:8956]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::fcd5:b07d:e935:8956%7]) with mapi id 15.20.3283.016; Thu, 13 Aug 2020 13:02:26 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Dave Thaler <dthaler@microsoft.com>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
CC: Wei Pan <william.panwei@huawei.com>, "Birkholz, Henk" <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: draft-birkholz-rats-network-device-subscription-00
Thread-Index: AdZKRjugUmuktT1iTCKR70EUNGNj/gaoi4kQAAPEPuAC/lbRQAABxp6gAAHIi0AAGrLvgA==
Date: Thu, 13 Aug 2020 13:02:25 +0000
Message-ID: <BL0PR11MB3122EA46374C35C0FD2349CEA1430@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <BL0PR11MB31221B4EE75AADDB4685CBDEA1950@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR2101MB1027CB2B71CA83305B9608BAA3730@BL0PR2101MB1027.namprd21.prod.outlook.com> <BL0PR11MB3122F7A9111660B4D3C8B85CA1730@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR2101MB10271C5037D1F9BC826AE1F5A3420@BL0PR2101MB1027.namprd21.prod.outlook.com> <BL0PR11MB3122F0BF9EB8674F0B07FBF3A1420@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR2101MB1027925ACBD69C2F0016EB9CA3420@BL0PR2101MB1027.namprd21.prod.outlook.com>
In-Reply-To: <BL0PR2101MB1027925ACBD69C2F0016EB9CA3420@BL0PR2101MB1027.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-07-28T14:10:27Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=418b9af6-b4d5-4eb1-9d7d-e75014a19a02; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: microsoft.com; dkim=none (message not signed) header.d=none;microsoft.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3becbc8e-6472-4967-dc57-08d83f89208d
x-ms-traffictypediagnostic: MN2PR11MB4080:
x-microsoft-antispam-prvs: <MN2PR11MB4080557A57A729ABD6A63A2CA1430@MN2PR11MB4080.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IhQR2QUP+EDWd7MfKZnA49KSUHR179FKyRK2FZh4MLyhertC9NMIrnKv7uIBtuuMNr/NDQyom34FD3v3IfsRnhuLZAqus/+DXS7uK33B6E/GEaZe5HCEW3OO6O+NUG8V8I7PL3u6AfxqZiAOAZSQ36AJoe/TLhXuaHts30OINbOWiuS8oHA/Qlmy1y16oNsW8xVJgSwIzVhgZ9YIfKYcTq5jdOHomam5O1E40tQdtK8RQ6rzrYoIlrne9maiV8x3o2CHrO8T0kRUyQSCVGXH+0eKSN1Dp3FfitF0GR3JCEPrJgP/5CdcteA8SjEXofHzthmUFwPiFmeLZFqLP4zS3xleTdCyvGf3IUtr70yyg7hHgI4ucl2gEoo9L3734Vid7KxcbR0/PRdjVVNVG/dj6A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(366004)(376002)(136003)(396003)(99936003)(86362001)(33656002)(76116006)(71200400001)(7696005)(9686003)(66616009)(316002)(26005)(66446008)(64756008)(66556008)(66476007)(66946007)(186003)(166002)(966005)(478600001)(5660300002)(8936002)(110136005)(83380400001)(4326008)(54906003)(6506007)(8676002)(55016002)(2906002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: KKM/DsVC75LD20lzSD8WtvvnXPHhFiwpbfBUw9ZGYkI/Aj7jwL698/nAxGdppLFe0aReZ8NEjCu6adG1uScsnbB/fzF3RCsz2sJWzYzOnK+H0/DcVNR+c0FpaGTU8SvbrFU+8gcElqKrIAQEnNKZp4Olm1Vsb8Y5Pf0azNe+0GeEiq9MQ2QjbNDK4OPzYOigq1X212pItc1/LLLHMaalA4h0UbUZLebz9UO5RJq7Y3BgPnukeLdb106eBDHufpz6IJoy+jNBScvwBaX4rNfWHUL5ZUbUPbl4fMr0I0jiDhacKpqy/PpdRxy3uE5DbGPX17u0hVxclM4n7uHvUCXPkvXto/H43gq1R+/WY1sTCbzVJyRJAH4LqiX47IdT1XC0S/7l4hN1ajgm+zc2WWZ3N0WnFI9V1w2j+B4Uqh8fXCN5mdNEgSqIAknecvTg4VewF4T+ONJN+Lm4+dB6yRIU5+yCtkZVyHdmVozXB01+Y26ixB0VpOa2J77hh1vKqjQy9nakYOEynz3qPNDyKrV6RKBoSpltzhA3m4uB0L5eOHKot1xbOqO2Ztu5GHO9uUclbW2INDNNhEn5uWHTuHP5j5/3JFHk6GPq1jsMZ8Pj0FALbe/YphY2CaZi5G49MkMbGVH2+wsuMOiwPLUWRc3FYw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_02A1_01D6714E.161F5BF0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3becbc8e-6472-4967-dc57-08d83f89208d
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2020 13:02:26.0490 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0Om2SY+0jBjDexT9sWGlFxncUVenUFHR2lqKudA8gX4t0y9GG+Fybcph75JX2KYR
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4080
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/7lTAVTsv-TmNS_bzwdyI3EnCWVg>
Subject: Re: [Rats] draft-birkholz-rats-network-device-subscription-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 13:02:34 -0000

> From: Dave Thaler, August 12, 2020 7:21 PM

> 

> Eric Voit wrote:

> [...]

> > There are a YANG nodes relevant to such timings.  For YANG datastores

> > the best place to start is:

> >
<https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-capab>
https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-capab

> > ilities/

> > and look through definitions like:

> [...]

> 

> Sounds like you're saying yes there is a referencable document.   I'm
saying the

> answer

> should be in the doc not (just) in an email message in the list archive,
since the

> doc talks about timing in the section with Figure 1.

 

The answer is in the document.  Section 4.3.1 talks about a
<marshalling-period> which is associated with the <tpm-extend> of Figure 1.
The <marshalling-period> was also described within yesterday's thread.  Here
is its YANG definition:

 

    leaf marshalling-period {

      config true;

      type uint8;

      default 5;

      description

        "The maximum number of seconds between the time an event extends a
PCR,

        and the 'tpm-extend' notification which reports it to a subscribed

        Verifier.  This period allows multiple extend operations bundled

        together and handled as a group.";

    }

 

I have highlighted this information under Figure 1 so that readers of that
section do not have to search it out.

 

 

   o  time(eg) - Directly subsequent to the <establish-subscription>

      request, an initial response of Evidence is returned to the

      Verifier.  This includes:

 

...

 

   o  time(vg',eg') - This occurs when a PCR is extended subsequent to

      time(eg).  Within a configurable marshalling period after the

      extension (see Section 4.3.1), the following information needs to

      be pushed to the Verifier:

 

...

 

Eric

 

> Dave