Re: [Rats] Rats and EAT
Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 09 July 2018 14:02 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C66B130DBE; Mon, 9 Jul 2018 07:02:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1IxiVxWM7PJx; Mon, 9 Jul 2018 07:02:34 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0656612D949; Mon, 9 Jul 2018 07:02:34 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id z13-v6so20892960wma.5; Mon, 09 Jul 2018 07:02:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=iRSHp+iKOUR+PAi3V2nTBj+ejyNZgMBSte7Ve00yaww=; b=AZLh0QDau4eyAWoldxz/C3iEqCzdK/lLaHkk+pVPCkx/+YKtslcUYZ7QGlMIxEnbQe MM3XV6kbYJ9+vwP3itgWR2yZHOGBOik+8EBVjND6Ip09fm+HKp28ZfNt6g2t0RCzRor/ ksVnorLZM13+wFz/enEH9cd+BsgP1vTqkoatjNMztyZqN6OOdO+MrdDI2PHIUzhE5Hqj +VpxRKZzdbUjN8SaEluVuYTLq66JWEuoIZKX75nAGdJHXIoIIUchgakB1KXWz5EZVpju iV3qAv5xviY7Bt7kHZQseL1qeNGr3MoVY8yJN26sWc8PhQow46r+1b48/vB5nMLbp3T2 NkRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=iRSHp+iKOUR+PAi3V2nTBj+ejyNZgMBSte7Ve00yaww=; b=ffzyMD/TplnrEbOS4irxLbYeMayMdtNUeGJutHoy3O506ffFYwC5lDejpe2bwKtu2T 1ebWhx6MevQFEIX3wkz2ZyTNVUAt312U2YllILK6t0zj/3pZP1Wzo2Kv5RQ5lPq3ATUc S95aJtsU3igOkT6jHelq1Di9j3jIimnTUy58/86KXMIAIFb98wXtFtVAgWiEmOyPiuve FHIWK+p00kwWJZ6lOi3bKkXYZt83tPNcoCn2jDjo69hztXSeSD4BtV/TCui7rBGLXORU SRxBHqmzR4VkO2xRLJJ3dzCpltuD8PLJWhLjJBRfbQNI8bRP0JgVF7SartlR5KoqPnWO uqAA==
X-Gm-Message-State: APt69E3xegxq46CPrLssCfye39b4TzxnZgXE3VIdcMMh7tXfnpiMvKju SmJYas2TRpdEoLRlk2uOwOPucCad
X-Google-Smtp-Source: AAOMgpeLXn4X48U6o6+GleT0Kd0w/3nYSU3A7MAMUsTLeglBYSLYX/tW1RyTxU6SFgkE/VWygzBZ4g==
X-Received: by 2002:a1c:7eca:: with SMTP id z193-v6mr12095257wmc.139.1531144952115; Mon, 09 Jul 2018 07:02:32 -0700 (PDT)
Received: from [172.18.129.55] (bzq-202-11.red.bezeqint.net. [212.179.202.11]) by smtp.gmail.com with ESMTPSA id i4-v6sm22000629wmf.4.2018.07.09.07.02.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Jul 2018 07:02:31 -0700 (PDT)
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Laurence Lundblade <lgl@island-resort.com>, rats@ietf.org, eat@ietf.org
References: <0236DCF5-8B9D-4721-B169-8DCBC6B4CFBC@island-resort.com> <f81f30bd-28c4-f915-18d7-028f0e3cb2da@gmail.com> <e8cad7be-49fb-f95d-fad5-4e0830060caf@sit.fraunhofer.de> <0820ad7b-23d2-b6db-229f-f793843be76c@sit.fraunhofer.de>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <b3bfdec5-e148-ab39-2451-24aaf3afec00@gmail.com>
Date: Mon, 09 Jul 2018 17:02:29 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <0820ad7b-23d2-b6db-229f-f793843be76c@sit.fraunhofer.de>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/8Ahk9aLrxtKW5TJatFnhZYibF9U>
Subject: Re: [Rats] Rats and EAT
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 14:02:37 -0000
Yes. As an outsider, it would appear that the focus of TNC is moving "upward" in the stack, looking more at software asset management (or configuration management) and less at hardware layer attestation. OTOH the spec you cited does have all of Sec. 8 discussing how TPM fits into the picture. Thanks, Yaron On 09/07/18 12:49, Henk Birkholz wrote: > Replying to myself: > >> https://trustedcomputinggroup.org/wp-content/uploads/TCG-TNC-Architecture-for-Interoperability-Version-2.0-Revision-13-.pdf >> > > (somehow got an extra char in to that string) > > On 07/09/2018 11:47 AM, Henk Birkholz wrote: >> Hello Yaron, >> >> the TNC architecture was revised and update to 2.0 last year. You can >> find the current detailed architecture diagram in this document on >> page 20 (Figure 5). >> >>> https://trustedcomputinggroup.org/wp-content/uploads/TCG-TNC-Architecture-for-Interoperability-Version-2.0-Raevision-13-.pdf >>> >> >> There is also this freshly minted RFC that makes use of the >> architecture (RFC 5792, called IF-M in TCG lingo): >> >>> https://datatracker.ietf.org/doc/rfc8412/ >> >> >> Viele Grüße, >> >> Henk >> >> On 07/07/2018 11:51 PM, Yaron Sheffer wrote: >>> I'm a bit surprised that nobody's mentioning the work done by the >>> IETF NEA working group <https://datatracker.ietf.org/wg/nea/about/>. >>> Yes, it's been some time ago, but the people involved were (to the >>> best of my knowledge) involved with the TCG community. >>> >>> NEA was about desktop machines and NAC rather than mobile devices, >>> but hey, by now we should be looking for solutions that encompass >>> both technologies! >>> >>> See this diagram >>> <https://wiki.strongswan.org/projects/1/wiki/trustednetworkconnect> >>> on how the complex NEA/TNC architecture fits together, including the >>> TPM. >>> >>> Thanks, >>> >>> Yaron >>> >>> >>> On 06/07/18 22:20, Laurence Lundblade wrote: >>>> Hey EAT and Rats folks, just became aware of IETF attestation work >>>> running in parallel. Seems like EAT is focused more on an >>>> independent signed, self-secured data structure with a lot of clams. >>>> Rats, seems more TPM and full protocol centric, but I’m still reading. >>>> >>>> Here’s a list of attestation work that Diego and Henk made: >>>> https://datatracker.ietf.org/doc/draft-pastor-i2nsf-nsf-remote-attestation/ >>>> >>>> https://datatracker.ietf.org/doc/draft-birkholz-i2nsf-tuda/ >>>> https://datatracker.ietf.org/doc/draft-mandyam-eat/ >>>> https://datatracker.ietf.org/doc/draft-mandyam-tokbind-attest/ >>>> https://datatracker.ietf.org/doc/draft-birkholz-reference-ra-interaction-model/ >>>> >>>> https://datatracker.ietf.org/doc/draft-birkholz-yang-basic-remote-attestation/ >>>> >>>> https://datatracker.ietf.org/doc/draft-birkholz-attestation-terminology/ >>>> >>>> >>>> A couple of other interesting non-TPM “attestation" technologies: >>>> - FIDO >>>> <https://www.w3.org/Submission/2015/SUBM-fido-key-attestation-20151120/> does >>>> attestation of FIDO authenticators >>>> - Android KeyStore >>>> <https://developer.android.com/training/articles/security-key-attestation> uses >>>> the term to mean proving the provenance of a stored key >>>> - IEEE 802.1AR is kind of an attestation too >>>> >>>> FYI, the IETF attestation events I know of so far are: >>>> - I’ll present EAT at HotRFC Sunday around 18:00 >>>> - Secdispatch discussion of EAT (and Rats?) Monday at 15:30 (At >>>> least I hope; no confirmation yet) >>>> - EAT BarBof Monday at 18:00 >>>> - Rats BarBof Thursday after dinner >>>> >>>> I will attend them all :-) >>>> >>>> LL >>> >>> >>> >>> _______________________________________________ >>> Rats mailing list >>> Rats@ietf.org >>> https://www.ietf.org/mailman/listinfo/rats >>>
- Re: [Rats] [EAT] Rats and EAT Russ Housley
- Re: [Rats] Rats and EAT Yaron Sheffer
- Re: [Rats] Rats and EAT Henk Birkholz
- Re: [Rats] Rats and EAT Henk Birkholz
- [Rats] Rats and EAT Laurence Lundblade
- Re: [Rats] Rats and EAT jeff.hodges
- Re: [Rats] [EAT] Rats and EAT Diego Lopez
- Re: [Rats] Rats and EAT Yaron Sheffer
- Re: [Rats] [EAT] Rats and EAT Hannes Tschofenig
- Re: [Rats] [EAT] Rats and EAT Diego Lopez
- Re: [Rats] [EAT] Rats and EAT Hannes Tschofenig
- Re: [Rats] [EAT] Rats and EAT Laurence Lundblade
- Re: [Rats] [EAT] Rats and EAT Hannes Tschofenig
- Re: [Rats] [EAT] Rats and EAT Laurence Lundblade
- Re: [Rats] [EAT] Rats and EAT Diego R. Lopez
- Re: [Rats] [EAT] Rats and EAT Michael Richardson
- Re: [Rats] [EAT] Rats and EAT Michael Richardson
- Re: [Rats] [EAT] Rats and EAT Laurence Lundblade
- Re: [Rats] [EAT] Rats and EAT Yaron Sheffer
- Re: [Rats] [EAT] Rats and EAT Henk Birkholz