[Rats] PKIX Attestation design team meeting notes 2024-03-011
Mike Ounsworth <Mike.Ounsworth@entrust.com> Mon, 11 March 2024 17:36 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA8A5C14F5E3; Mon, 11 Mar 2024 10:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zEo-xquiaIz; Mon, 11 Mar 2024 10:36:45 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45ED7C14F707; Mon, 11 Mar 2024 10:36:44 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42BDCd50020739; Mon, 11 Mar 2024 12:36:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:subject:date:message-id:content-type:mime-version; s= mail1; bh=fSVDoGJyR+wZHtQ95M1XqkyDlQAqCyoKmyvlIrcVefE=; b=Bhul99 LtjLsYZHO4XQkEANRGvyWLI0mtp9UcQkeaI3BMLj1RNwcHrqCTc6AeXDNkvfLj3r XAf2npYKnCp4fCukwYzqwjZpJcBOtqwdZ7AHRp4l70yNyZ1KNmKdCfC5U5UGLC9L AH0W/zebJahrE9a6A/GdLs2N1145JejwRec2YRh8F4wN1dtUAqAu914go4HnCU8r JF7JsM9QRYsvxgGDH48LGMhZD/rlUGS3ZLrvHQ4DA12UtlAVrXCQEIm5Md250wsn kI31ciMXNap0jlEndhRSLrD3cTHjoxIuiWnB3a+BB0UwJSEDoYZ5yCyJePt3mpSL RsiVZA4Q6dndjTMA==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2169.outbound.protection.outlook.com [104.47.56.169]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3wrkmrkxrn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 Mar 2024 12:36:41 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GDfk5fvptk3vORFs2QRWE8o98ywmIwL4qml1q4V69nd6nQIJLuixDLskRelpYpNKXkUTEasuxeRwJpT6LnCEO/XQxErASrPDR+W+Oa5tyr+8dhaLhP4aswr+KCyaqHRvWiVZPZP2EtuIUXtZonxsHSI3Ixx3jJAdJUv3PvcDZk8bv8fVhm0UHjybzH1XOnVSbdQqqeIXbtSVKx46t5xhl2b9zoDMYUOthzNTkV5WapvfYrOuk/bymXc82UXdbCRJ+UxQhdrT46JCpNAjZ0LheCYeIqPUt2G+HXbeLojfgcZn753sAsz/xJfD1iGjLM1WCIVZxzDDh6Dc5okeLHm4nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fSVDoGJyR+wZHtQ95M1XqkyDlQAqCyoKmyvlIrcVefE=; b=OgTnZ0p1wx39c1yY+ydPix789qkm4jfXNdsvvJ/U3YWC1AXk5a1mwJ1IV22i4GDGA3PEZiemz+rBSvnsJCaTKm5HycSdRv3gPFB2vBjEir6Z2BY+5AgfKY5mIhRAQ1fpjS9tMVkg2B9twvQJ0Pjao8qwoC+X0MEREygoutklb3Wnh43c4+Y9Gsa8v1+YIgvjH180H/ucn5bzN7oYVXkDB0xWtkhwjC1iSSNTwUeEeGt62aN7OVMm7iSUfs9zc3OOaLkAHFwhoNNBpNAefzIp9TqOAIgKXuNvNuNsTGlyZnoiITdEkbXWRGNA9SV4gtngZTKSLSv/rVL7iVanmcdvtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CY8PR11MB7266.namprd11.prod.outlook.com (2603:10b6:930:99::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.23; Mon, 11 Mar 2024 17:36:38 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03%3]) with mapi id 15.20.7386.016; Mon, 11 Mar 2024 17:36:38 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: 'LAMPS' <spasm@ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: PKIX Attestation design team meeting notes 2024-03-011
Thread-Index: Adpz2ktlXM7/YLVCSUO3/wZmIdSR/Q==
Date: Mon, 11 Mar 2024 17:36:37 +0000
Message-ID: <CH0PR11MB5739807DE3B15AF40F16DC279F242@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CY8PR11MB7266:EE_
x-ms-office365-filtering-correlation-id: 784f47cd-2a22-4ea7-6600-08dc41f1ce0b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7NqYMgrpwFwD9/gyNFqEekQbvCC8bCA5/hvc5Ppf3OvjgQdi6QRvuWBuW1CaX2k+iQA7zsyCRkHTR5dhJCEtv6y+CbOS7u/FCW8w+AY92pAaQS8IGjwIoFbp+F04UuuN/MKJHCaSCiTfXLv+6xP4H5g6ILDCy/Z9+cc5DRn6cej0FdNBTt9cxd9lzR/M4PZSEVpPcPrOxKOKbcWHm2zzBEcC7xJbe0FoBRwuFMiOzwwNzmJboHT1Xb1GZfIC1/OQ/aQzsWhBp0pKGUSobGikDsxuF+cCnSrYaGpyq/5C24OPPAOCV6BxRNBhW61epmq6vzYekNiLMflomvLKTHmhnYYCWUepymTJT+qGFxs1SwWqmsnFRY7KTtAqe+gD9/e63/JgO52g5/4eeWIH5XJqVDyHqjMdrQdY+G3qTWctSdozXuNfnyJsu242GJnI5jzpIR5WMo//ypVF8cOj21UFGgM5Hd3dmgEBfpmIZN50qlbGYFBLq3mT8WB8vNdHz2puzNqmiY/rBoknAGqAsnm9ECDj09bzErwbjHg4y52saOlJh0dXy+SJhZIeFkM4uN+nMnk8DgXKMK7YJxQm9picIfREr1ED0L7njnWl2KX+eNY9vs29OyZjks5PeYSysnfTY8aHn2HPhL+nwCy/dQjlUnWASxJkgbROOjmyDkLpqXHayMC6ArNLnxmwW8pYQQDC
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: E46VhVvQs6vbwz6vFpGylMhQ6oATiTDYyl1IfYl7zKX5pnl6t6aHE74Zw5u2YpoueWxXp6VkQOGmAjVY9H+PGUkG9K4CarhmQbB07ukxH2IysYtnQRuVr9ZALi2w85SJm0TjwWjDUp6TFXcc3MCg1n3WR+OhB5qc8m+Er00vmfn5eD0OnfCNLbvjnVUK5gRrL+BknPy2srfgtgROEVnZWO4EhZy9LhPRZrGKKhaejn5D02AkArAvAUVj30f33j1wqxKLjzo4sX7dE/M4GpEW8TnFbO/9vquq/c7s1EXoUa9uOY941GsIeiDDLsDDzVmHPPbtp48niTJZpJszyePvDOMwptc3D32Y/wWnCpPaMjOV3hAcc7RLsixqLJTn/std35BjaQmCXO9NhbHqIkh8kM8n3zFvGZJaaptOoVO/0O0qq2HPENZC9pMzivNvhaxRHTgzckgyTYM1yjxEbuHUB8t3e5sWPgzvrJAxkvB9ziquhkOBXXsRLcjlIuV4wr/FR/1x6dorSq3jv9RBKGZlmw/+kyLa5tfimUy1cN7Re1Kvsp3sGs5bqqDEEWOFicaiSV54/t+AW13wqKAbx97hSv2jL71lcSIIUytPk8fTXJUofEUOqVxDB/tKD+tuUiCCBHK17DoXoaIf70WS5I+saiEPKpdJIgk97SKxcUU5oGCdjpmUkPYYYt/UI6dLJWAQsMQzq0XONrx/8vDXm+V9yuFAk0lZ+7DiSx6EGB+1c+p5EIxIChxWM+h94PJu6j2Gb6OvmMFHkxZEIQMd9hWlKwsQ9GcOwvzZPGGFEOez5ra8N4S4IFxZXKFfyRP2b3zIXVsD7mZUEkzoDjKvyTRMCjpsZuzXEUJ4U9LFGieCMpVoGMCtoh+Xv/htXD13FClQuvkAnzh/W9gnI027ivRIiF5meo1BnNWf34b0f5EP7sU1r4LomG8FYuzdD3W+eJGBE2CM2hHULaSXWGzccqJSC4ogpdniZZbKDwoDUheL4MHAExm/nXD11Jak1rJ3cgQKAfdzhWiWK7N/ewIAsxdNrCDE6+icl9X1BImtOTMA8DkorOd349t9xv4a7Z+1eQ7zo/ddr5KJDXx58LnhxbTUsspq/H+LWvu47HenuqLBWq1m6r2eZvgFVCSDleMjGHldnQwzDulA9lo/1LQrAkAsKqtMjpbNCC9kvIG0YCIe1IJmtrrTrcg5LfTeVKuf0KlCHVgcxYG7nvPiTenQU9YCnwwptD3l4NqtDlJ1BbP85iImCHc0bqoVvh9JXeOWalvmwbvxnHeWdAgdWUiZQzpiu+hj+R9wZpb1z/KbO9FHNyXACTm+N6isYne8bk0AX4kvSWx7SRK2dBHD5LW8dW3s3Xaq+b9suFhNSEE0DB5s/WKsgYxVTUX9jHkVEHCOYuLqJ/tXj5GpbhcdqtFPL9X4QNnSetZJyc2DtFBrq8d3PY/JPLei0KFi/ItZVQJMzy+FkQV/HdB1OZGc++c3LQ6sY60h8vMS0wtkpy3ayXtGrXlCMrtqjyr96Bedr4fjoP/Sw7wAU3Dq9UBo0oImuYLwjUHxRj2+1GuIkQTHiv5hXhOIJF3OXpRTQHSJLHHYPJKU
Content-Type: multipart/signed; micalg="2.16.840.1.101.3.4.2.1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_05A7_01DA73B0.C1EB90D0"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 784f47cd-2a22-4ea7-6600-08dc41f1ce0b
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2024 17:36:37.9286 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vnjoo0JR1a/1cvp/W2Gjoorxnk4kGkGVJBmbUNtK6RTHdWEW1IyRCVT8ByPVXgnzts1EW9zZIvxta/Uo2GYjtfMU1zV07OwZrBKBuRVB5tM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB7266
X-Proofpoint-GUID: rJ4eSjlfHkJ1r8fMrwvSpx69mOLleVQa
X-Proofpoint-ORIG-GUID: rJ4eSjlfHkJ1r8fMrwvSpx69mOLleVQa
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-11_10,2024-03-11_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 suspectscore=0 spamscore=0 priorityscore=1501 mlxlogscore=999 impostorscore=0 bulkscore=0 malwarescore=0 phishscore=0 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2403110134
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/8X3N9e7-phCjDwGacWJrDoapeRE>
Subject: [Rats] PKIX Attestation design team meeting notes 2024-03-011
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2024 17:36:49 -0000
As always, the full meeting notes are on github: https://github.com/lamps-wg/csr-attestation/blob/main/meetingNotes/2024-03-1 1.md LAMPS > csr-attestation Draft will be ready for WGLC once two minor points are resolved: Need completed sample -- IETF 119 hackathon objective. Monty has posted shell scripts to generate a TPM attestation in the correct format, we just need to wrap that inside openssl scripts to put that into a CSR for the same subject key. https://github.com/mwiseman-byid/csr-attestation-tpm-example The new registry pointing to attestation formats from other SDOs; how exactly will that interact with TCG; more importantly do we need to change the currect document, or can we sort out how TCG wants their stuff cross-referenced within the constructs of how the registry table is currently laid out? RATS > x509-evidence Great continued discussion on what the goals are, following on JP's presentation of the Crypto4A format in our last meeting. "PKIX Attestation" group goals Focus: Network & PCIe HSMs TPMs already have a suite of well-defined attestation formats, we are trying to do the equivalent for the HSM community. Usecases - Key attestations -- for example to place inside a CSR. * Is this key in hardware? FIPS? Keygen date? Storage attributes for the private key? * Attesting some properties of the platform come indirectly into scope, but no need to directly attest the platform. * In a CSR for meeting CA/B F. rules. * More general attestation formats would enable HSM fleet monitoring type solutions. * Maybe we should define an attestation format where the key attribute is optional so that it can be used for platform attestations later on. (note: TCG solves the same problem by allowing both X.509 SubjectKey certs, and also Attribute Certs as attestation statements). - Operators may onboard the HSM into their own Attesation Trust hiararchy, and either inject a new On-Device Attesation Key to the HSM, or certify the existing AK in their PKI. "Take ownership". - Offboarding audit logs; attest that audit logs come from a given HSM. - "Mandatory-to-implement" minimum set of claims? Or all optional? JP suggests that all claims be optional and the client requesting the attestation from the HSM can request the set of claims that it wants included in the produced attestation. (that plays well with a nonce, for example). Ned countered that the way most hardware does it today, the claimset profiles are baked in at the hardware level. - Do we want to build-in a mechanism for multiple signatures (envisioning PQ hybrids), or counter-signatures? (this would more-or-less rule out X.509 as a carrier format). - - - Mike Ounsworth Software Security Architect (pronouns: he/him)
- [Rats] PKIX Attestation design team meeting notes… Mike Ounsworth