Re: [Rats] Supply Chain Attestation (was Re: 3 Use cases)
"Smith, Ned" <ned.smith@intel.com> Tue, 17 December 2019 22:33 UTC
Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DA83120091 for <rats@ietfa.amsl.com>; Tue, 17 Dec 2019 14:33:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id udhEVF-HDW93 for <rats@ietfa.amsl.com>; Tue, 17 Dec 2019 14:33:46 -0800 (PST)
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9900112008D for <rats@ietf.org>; Tue, 17 Dec 2019 14:33:46 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Dec 2019 14:33:43 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,327,1571727600"; d="scan'208";a="298196481"
Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7]) by orsmga001.jf.intel.com with ESMTP; 17 Dec 2019 14:33:43 -0800
Received: from orsmsx154.amr.corp.intel.com (10.22.226.12) by ORSMSX109.amr.corp.intel.com (10.22.240.7) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 17 Dec 2019 14:33:42 -0800
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.176]) by ORSMSX154.amr.corp.intel.com ([169.254.11.210]) with mapi id 14.03.0439.000; Tue, 17 Dec 2019 14:33:42 -0800
From: "Smith, Ned" <ned.smith@intel.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Supply Chain Attestation (was Re: 3 Use cases)
Thread-Index: AQHVfSmKYMgPnUiotk21jzEyn2HuJKdPgTUAgAGKNgCAW64jgIASoDAA
Date: Tue, 17 Dec 2019 22:33:42 +0000
Message-ID: <8DE34B79-65B2-4F67-B4F0-23B307BD8994@intel.com>
References: <HE1PR0701MB2267E23FFE8FF91F5DAC6FD58FCF0@HE1PR0701MB2267.eurprd07.prod.outlook.com> <1882.1570451614@dooku.sandelman.ca> <CAHbuEH6=O7zwyKD3-NAG=128dFtd7BVZ0QKEPTUcCLmJeenEGg@mail.gmail.com> <29358179-382F-4660-B012-0327274343AE@intel.com> <CAHbuEH5CrfikXn1SGRM+Fb2ChSd6YH_W5SexXkph+Mfa8wH7Jg@mail.gmail.com> <6836.1575569261@localhost>
In-Reply-To: <6836.1575569261@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.20.0.191208
x-originating-ip: [10.24.10.132]
Content-Type: text/plain; charset="utf-8"
Content-ID: <F106B0C98EBB314C83BCCF82C20DCAEF@intel.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/AN4yTqkLV8Tp-XFiwD3IBDdTwzw>
Subject: Re: [Rats] Supply Chain Attestation (was Re: 3 Use cases)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2019 22:33:49 -0000
There seems to be consensus around the idea that the entity implementing the Attester role can be decomposed into at least two components the "Attesting Environment" and "Attested Environment". If the component architecture allows for an Attested Environment to become an Attesting Environment then it seems possible to talk about various component architectures. If the goal is to be prescriptive, then I'll suggest a couple possibilities (prescriptions?) that can be described in terms of Attesting and Attested terms. - Multi-Component Package (MCP) where components may/may not have the ability to be an Attesting Environment all of them can be an Attested environment. - Software loading and execution such as a boot sequence or an OS load / exec scenario. It is possible that each software module exists as an Attested Environment (ingredient?) until it receives an execution thread after which it may become an Attesting Environment if the software loaded contained attestation functionality. Does this help? -Ned On 12/5/19, 10:07 AM, "RATS on behalf of Michael Richardson" <rats-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote: Cleaning my inbox out, leads me to a thread I felt needed some love. I think that Ned Smith wrote: > I think there are 3 classes of nesting logic: > 1 Subcomponent(s) that are Attested by a parent component (single layer > attestation of a multi-layered decomposition) > 2 Subcomponent(s) that are Attested by a parent component and Attesting > other subcomponents (layered attestations) > 3 Subcomponent(s) that are Attested by more than one parent component > (e.g. countersigned or co-signed) Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > If you are just talking about the TEE case and not the manufacturer signing > use case, then the signatures do build from the base. But for what I would > call supply chain, the manufacturer or software developing organization is > the one to provide the signature and they know what software, modules. or > components they rely upon. Therefore, the 3 classes are not painting the > right picture for what I would call the supply chain use case. That's why > your nesting module looks different than what I stated, where I was talking > about what you are calling "endorsements'. I am not sure if we have resolved this. I think that we continue to have challenges with describing the component situation. I suspect that what we need to do is to be somewhat prescriptive here, rather than trying to make everyone happy with a single diagram. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Rats] 3 Use cases Oliver, Ian (Nokia - FI/Espoo)
- Re: [Rats] 3 Use cases Thomas Fossati
- Re: [Rats] 3 Use cases Panwei (William)
- Re: [Rats] 3 Use cases Oliver, Ian (Nokia - FI/Espoo)
- [Rats] Dynamic Systems in IETF RATS (was Re: 3 Us… Michael Richardson
- [Rats] Supply Chain Attestation (was Re: 3 Use ca… Michael Richardson
- [Rats] Data Attestation (was Re: 3 Use cases) Michael Richardson
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Kathleen Moriarty
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Smith, Ned
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Henk Birkholz
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Laurence Lundblade
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Michael Richardson
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Henk Birkholz
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Henk Birkholz
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Kathleen Moriarty
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Laurence Lundblade
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Smith, Ned
- Re: [Rats] Dynamic Systems in IETF RATS (was Re: … Oliver, Ian (Nokia - FI/Espoo)
- Re: [Rats] Data Attestation (was Re: 3 Use cases) Oliver, Ian (Nokia - FI/Espoo)
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Michael Richardson
- Re: [Rats] Supply Chain Attestation (was Re: 3 Us… Smith, Ned