Re: [Rats] Attestation of implementation vs authenticity of service

Carsten Bormann <cabo@tzi.org> Wed, 05 August 2020 11:47 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C8B23A145F for <rats@ietfa.amsl.com>; Wed, 5 Aug 2020 04:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8XNzvBFI_cfE for <rats@ietfa.amsl.com>; Wed, 5 Aug 2020 04:47:13 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE0983A145D for <rats@ietf.org>; Wed, 5 Aug 2020 04:47:13 -0700 (PDT)
Received: from [172.16.42.101] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BM8xC2zZTzytS; Wed, 5 Aug 2020 13:47:11 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <0B64B104-1BA0-4341-8470-A17D2C6AC181@island-resort.com>
Date: Wed, 5 Aug 2020 13:47:09 +0200
Cc: rats@ietf.org
X-Mao-Original-Outgoing-Id: 618320829.004822-df18f8a91d321a372e68729ca238c2e5
Content-Transfer-Encoding: quoted-printable
Message-Id: <B61BA81C-6E39-4B3D-83FB-336694E99DC5@tzi.org>
References: <0B64B104-1BA0-4341-8470-A17D2C6AC181@island-resort.com>
To: Laurence Lundblade <lgl@island-resort.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/8R63kuh_R43EVl-KFx6AwppEXno>
Subject: Re: [Rats] Attestation of implementation vs authenticity of service
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 11:47:18 -0000

On 2020-08-03, at 20:58, Laurence Lundblade <lgl@island-resort.com> wrote:
> 
> Service Authenticity
> 	• Focus is on the provider of the service, not the HW or SW
> 	• The legal entity of interest is the service provider
> 	• There is no equivalent of claims, but if there was they would be about the business or person operating the service
> 	• Example: a web site
> 	• Example: an email provider (IMAP service)
> 

Hi Laurence,

if you are talking about HTTPS, there is exactly one claim:  The service is speaking for a specific name (e.g., facebook.com).  All other claims are funneled through this one very special one.  Of course, the TLS handshake could be leveraged to do more than this one claim, but that is not what happens in HTTPS.

Grüße, Carsten