IETF Logo Mail Archive

Re: [Rats] More use cases for draft-richardson-rats-usecases-00

Anders Rundgren <anders.rundgren.net@gmail.com> Fri, 14 June 2019 20:46 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D741201E2 for <rats@ietfa.amsl.com>; Fri, 14 Jun 2019 13:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SF7gXmcL_mZO for <rats@ietfa.amsl.com>; Fri, 14 Jun 2019 13:46:18 -0700 (PDT)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5F87120047 for <rats@ietf.org>; Fri, 14 Jun 2019 13:46:18 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id s15so3541336wmj.3 for <rats@ietf.org>; Fri, 14 Jun 2019 13:46:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=gr01DhPxowcg+t8NmtG3IMSiW6o/ujHBiupODj87rds=; b=X0A3jTKDFyvGVaILIpsvahbnUKn1NetGTa1dhMSCT/e2qu8TqnnMIU+mq1+1JLMqGn X+n3yHkVN456QV/TuEhgCPoS9qkjzjllcDtQ0ISvbd190p52WhCPhGsxNdUG8V63qQKL eN8Le3ynZj4ECiJXlCW03pHs7DplUTMHmj0n5VjlF/F/TjTCCDMzbI8ocnzKYGUpf33R x+CRpp+g3BmN39OXN5NnHW3aQFG81St738Y6n1kGtVZ6I2BpEPOOeVPLeXHNQ3WSJF9S YE0sDT7JnemOefAKQqcHTG5KLwKBWBN6mqq7yFYSB/CjqynFZwD22exLMgUNDxJ7nwd0 9uwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=gr01DhPxowcg+t8NmtG3IMSiW6o/ujHBiupODj87rds=; b=ajSfqLdf8bnjHsWzitMF8AA6x+H9lzT+O7Sp0ZUmX77ZDxZy3uKw6dCAnMtwxzWN9B t9a43T0ZJQV9Q1SUy8O5GC1xHWTxhqPakG1APQx/csroHpL0aPvH/0Nrll8jbgr35AAe qitT3Nw7MCeEfQburNjvXQp3S5twH54DJw/le20cehEW0ufNLbQpmxMoTn5YMoMK2RxO KPHDeyis1lp7QMxUQxnamMq1a4actnRiq6pZUMdwLb/6USZaYCwbpd18tMAuN4jVHNPe mwR8ZOO1Q0miUF7EG/oOxMWiY0OJIa0VsTuBXFSiEhM5Ok1iD//KOIVtSEPPbusbrtyZ dfCg==
X-Gm-Message-State: APjAAAV+M0LKC9qmNqC4QCvHH8AbDVtb5Q4Ynt9LsfMtvKe/Dq+L4H9Z X7KEs9z/ztZe9H0YWqsuG79dy9f/v0g=
X-Google-Smtp-Source: APXvYqwkrQlhGiTUxj3DiTyEm6h6y2aiiBGR+WiwMrYeCQAFHJWZ8Bi1ANRhsAUXUUzNmR3KOc1nyA==
X-Received: by 2002:a1c:1947:: with SMTP id 68mr9265183wmz.171.1560545176751; Fri, 14 Jun 2019 13:46:16 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id l8sm10434228wrg.40.2019.06.14.13.46.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Jun 2019 13:46:16 -0700 (PDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Carl Wallace <carl@redhoundsoftware.com>, "rats@ietf.org" <rats@ietf.org>
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <58E37DB5-098C-4387-9A52-4AECD0F69F25@island-resort.com> <6495.1553219901@dooku.sandelman.ca> <BA6E28A7-0F6A-46A8-AB1B-A64B9229F149@intel.com> <507.1553725386@dooku.sandelman.ca> <24C0968B-32B0-4EF1-99C8-61D3F0955BA1@intel.com> <793F9A34-050F-4914-AF4B-08C072730A06@island-resort.com> <D8C23800.D851F%carl@redhoundsoftware.com> <19652.1553943890@dooku.sandelman.ca> <D8C50A67.D8999%carl@redhoundsoftware.com> <79ccb2d7-09a3-913d-f47d-1e702a23b341@gmail.com> <29183.1560536152@localhost>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <9a7e3efe-b021-f255-4afd-649ea0d5772d@gmail.com>
Date: Fri, 14 Jun 2019 22:46:13 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <29183.1560536152@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ABm5I9pv0WHXkvaN1rVV64Xv41o>
Subject: Re: [Rats] More use cases for draft-richardson-rats-usecases-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 20:46:22 -0000

On 2019-06-14 20:15, Michael Richardson wrote:
> 
> Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
>      >> Makes sense to me to capture current artifacts. Maybe in an appendix
>      >> to the use cases draft.
> 
>      > For completeness you should consider mentioning that there are two
>      > quite different platform attestation concepts: - Static: FIDO, Android,
>      > and current TEEP architecture - Session based: Used by some smart card
>      > schemes and SKS/KeyGen2
>      > (https://github.com/ietf-teep/architecture/issues/52)
> 
> I have added the following text.
> I read through the link above, and I found it really interesting, but I
> wasn't really sure if I could pin down some clear details about
> session attestions.

Hi Michael,

A session based attestation is the combination of a static attestation
and the creation of a shared session key.  That is, possible subsequent
operations using the shared session key "inherit" the initial attestation.
Such operations use MAC signatures and symmetric encryption (using keys
derived from the session key) in order to form a protected API.
Ideally a session based attestation scheme also provides "atomic"
operation, terminated by a "commit" call.

> 
> Are there things that could never be in one category or another?

To me they appear pretty distinct, including the code.

Regards,
Anders

> 
> ----
> 
> Platform attestions generally come in two categories. This document will
> attempt to indicate for a particular attestion technology falls into this.
> 
> ## Static attestions
> 
> A static attestion says something about the platform on which the code is
> running.
> 
> ## Session attestions
> 
> A session attestion says something about how the shared session key was
> created.

See text above.

> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>   -= IPv6 IoT consulting =-
> 
> 
>

v2.23.0 | Report a Bug | By Email