IETF Logo Mail Archive

Re: [Rats] Attestation Terminology

"Smith, Ned" <ned.smith@intel.com> Wed, 20 September 2023 19:03 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C41A2C14CF1C for <rats@ietfa.amsl.com>; Wed, 20 Sep 2023 12:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zTRCEomTfvFg for <rats@ietfa.amsl.com>; Wed, 20 Sep 2023 12:03:41 -0700 (PDT)
Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBC8DC151981 for <rats@ietf.org>; Wed, 20 Sep 2023 12:03:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1695236596; x=1726772596; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=ZwqmF1sTZ7g0cDkW26P/VbbDkJxKq8lNe62ip5VgzkY=; b=OiRFQ2VwIXgCTnQRTkTsayKj+sfYJkPX4fskxU1sVwv2H7FqNdVe6jTX LHMO2ZhP8X0RG3G2Rg9stlCnppnrSHmDFqYmskQa8Q4jZNWWrvJPVwPYx 92L4wyq/h6RgMvsL53okwQd1j+vGy+TNyhywBiRUgyB6n8j2I+DWkyR4S zEyZl2MD9zfkUw1SwoapDQbIKH/x5P0lfgWILvFFvkTOMlUPRbzEUPAm1 t6Z91DTELhZv54vgoJa23s4BbZIRMQD4ttC3QiGSwOkl5waSlv/DhEvP4 tKaasXpMOie1EaGCpN2qFyRV3PGGxoVzoUT7wZnQROQalJE5EymybPlh7 A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10839"; a="466623460"
X-IronPort-AV: E=Sophos;i="6.03,162,1694761200"; d="scan'208";a="466623460"
Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Sep 2023 12:03:13 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10839"; a="740334341"
X-IronPort-AV: E=Sophos;i="6.03,162,1694761200"; d="scan'208";a="740334341"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga007.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 20 Sep 2023 12:03:11 -0700
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Wed, 20 Sep 2023 12:03:11 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32 via Frontend Transport; Wed, 20 Sep 2023 12:03:11 -0700
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.170) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.32; Wed, 20 Sep 2023 12:03:10 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TCOEVoBdML3H+kWjBQDPFW1pzSkVBe/NTZzvPcX7ou/ctgVAl34tbMeZsfnWsmtn0Ks4iX7xyXPC6neeTMdlxgLIR8vNYFNuKdfDexxlVEyfLmqO72MrABoKE3NHqZLUdVhtgcYaWyRrwI37qKw7MfrnUZEyjOUOIKTPcG76A9A3Q24Kk3yg8gG2tGhbXSSXyF3zr6jrz+LmX2wQ421u1kmEavDLktXUsEaE7CqM7Y91Ywn4ajzLRe30J4fkV0kgf0YeBYvd2o5HqWQY7IlPQUfWNvTzSbJq5o1hj0DtYwpyQsXVHvUB+02S+EdePagExqi35gkXVOiC7cLxaTNOAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZwqmF1sTZ7g0cDkW26P/VbbDkJxKq8lNe62ip5VgzkY=; b=NpBq2YrtyQVw2diKp6d+fHUojMmeCDTKQS3t99Hgx75pQVpgUbQ+Pppu3Q/wyAqzaMct4HEkQxyhzt8CkKNeHekIfmhFa9uue26qjiOaPeWbDfNzHQcd+RbetYF+qvXceY0sat0CGgUsy1x1xgPkKOP+nLlECQ2A+mdc8GKySSDLjy9z8mOrbsoGQMf2U2yIRr5YcabZzf59AwRNguyOQXGtQx0dgPOjBUOWbjHrmbUxr4anjyBP6G5kxSydKXu+jEUaSbWtcwKyN+ZriRnjVAW2Iy1Yfyl506oXOodGsg7f0+OzrDEtiTNqT8oK3716B46rsbcsFBbjUixOHNif7w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DS0PR11MB8206.namprd11.prod.outlook.com (2603:10b6:8:166::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.28; Wed, 20 Sep 2023 19:03:05 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9%7]) with mapi id 15.20.6792.026; Wed, 20 Sep 2023 19:03:05 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation Terminology
Thread-Index: AdnqydtfjPaMHIqxQYm7XOY/OvM+XQAJsxKAACkKstAABoY8gAAKupAw///BJgA=
Date: Wed, 20 Sep 2023 19:03:05 +0000
Message-ID: <39D2C1B6-58F6-4080-82BC-BE0AC67A26A0@intel.com>
References: <002e01d9eaca$65aa4010$30fec030$@gmx.net> <cfaf21a1-7294-fcb1-b16b-17280ff56704@sit.fraunhofer.de> <AS8PR10MB74272E2A0BA72B343E55450FEEF9A@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <7ba3ca5c-94ef-079a-cf35-9fc63d3a8f96@sit.fraunhofer.de> <SJ0PR02MB83530EAB6D6C3D8342E9BA2F81F9A@SJ0PR02MB8353.namprd02.prod.outlook.com>
In-Reply-To: <SJ0PR02MB83530EAB6D6C3D8342E9BA2F81F9A@SJ0PR02MB8353.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.77.23091703
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB5169:EE_|DS0PR11MB8206:EE_
x-ms-office365-filtering-correlation-id: ab0f658a-68ad-4ebe-f1d3-08dbba0c3890
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: I5KwDO/Y7Hert7E1r7WylHcK+8cvygCDxqcYh6WqiKW+vfSs3KftSrzhwMpKpeOYVIjtYGzEnjBCupoSOZSkPVlg1v/yI/yIhWYFeVU8RfTgTMmPT+OKWd1teDDDJYsqWFUyZRWEc8yRWflZwrEgW0umESwdn6U3I0ju1InXkhaEZRHA6k+KHXEzXRjzeqjmcLSojhrX/X8fbYUjcxaqhDmJcu+vOt55ILrQCerA+9vUaCZH91JZdq0xy+f6fTIFaJu7XM6ybrFBD9M1ZnJ9ZUxCoA3H3CW5EoPjCUJ/eul82A2z1EJwkCCAY2qtTflPHHzDONL1k9SLOJglj78mJHf5QZDhrPhWXwZqREwWbwogg6eFrsk2fJ8NJS5MI0NrL50BWALKtBMI2UjUDaEpeTgJWXAnw4D8hCnZ/fMxsG21SY+pl9C/zUNjTLWKOiWyP/1uDbliDE7ZrUMz+gdBGV/8A4NcLP1g5rFjI4CO+dcKfqYQggmwxloSw54lowTYRjKjGABQn0hFtzrm/xc1x0owncha9VwhMBcOPbiPBzKuYhADMnxBT3t1kSdAVQS2fnqKuwKA88rObdks4rf+9QNRTVnAAF5nGSsZKtBWTZaxi0W8L0L1Uv0kTEHYB4Tugg6RaxKIi7SOysu22be3SRAB6DEp6fsMQAZN6Wq0Ehs=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(376002)(39860400002)(396003)(366004)(136003)(1800799009)(451199024)(186009)(2906002)(86362001)(33656002)(36756003)(38070700005)(38100700002)(122000001)(966005)(66446008)(316002)(66476007)(6512007)(64756008)(66556008)(66946007)(76116006)(110136005)(41300700001)(8676002)(2616005)(8936002)(82960400001)(53546011)(6486002)(6506007)(71200400001)(5660300002)(83380400001)(478600001)(26005)(66574015)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eZc+0IvnIhqCUHrLS8HXf1dCK0fzh1kEmuwpu+GUej9jvMw+fcd84lFXVVljqo6KM/F29mQwXVkxLtEiQnlBELNv91dnrFE0FZ/phAZgndrdXVMBE+CkaP8nLac7loeSY6tx2fdnnyNOjxQDTaOlyCiPiZz7ntXg8dwmSoUpTh7cs6Oy4UvSd8xpqZtA3c/fH/FRKebwtYmIVjoLi1ZVVBqX+4ObyUeaSzlaYNqjym/NxfApMv+BxUs24uwojRbZRkZaa7geZv7dINmDBCFA46f+xjPtfd6qQ868ulGu8EKCleiUzgAajwIqmOJRrzOCrrpaNz0iB83eB8+GomASyKiWW2FtdxeCF59JE4esYgKDTrb1lc6Db7rGbdRZenUirCiXXCsURZ2TcBtiwdbnKIf1cUZ/3gqGHhJ6b/plwvYuzGXw0RQaaA3msYeIqoq3kVNtw4VPS2w54oA2at/bOEkBu88oh6NhlTQsuXQ6PZ2zxl8ScliFgDupX2R5tgNX/1KRUQ2DhxwZASt0ip7PtFuKDMGMHwE11ipKuD0ESxKh60P62IwGHIjJO6JYpr4hFGaYXDSbaUiAMKuzjthH4zH9COAi9ZiJjDWlKU11CwXGxRJEvP4Dlm0jeq5gDZv+rkG7Sb23LBVrOAX0gT5YvY1srp+P1MUJp4KL7Ex2nXgpHTRlq4OrChON+R4MAJ5uJA6i31zdaiHS7ZDXmT1/8VF1146FqXn5rIAaH950n4H/O7291ZGidl+QiOp+u04zG9Gq4nFoP6h1HATkYYoR5ZJ7HAXBXKVn++NW5T5Tcr2Os7cojpm/5hT0YvyAK2MGXOE/rZsWnemV9ZBrmeLnwHMTC6a8/JNal4jH0ij8U5kLtwGC6IrFDNbeAARZuC3qZzZe63RdAJodRdOcxPyUrFbAghiXQb9cNVXJLflQXmfCRfHAVQL9O7KStYrvw7Mo6hO5592wZCG/ITGHNPJxjJnRdMMbxaTFLDCSmkiYIjmKnicS7xQAl4UlhSlMuzCEl0lmdt85FwtlAy9eBNU9RMMyH8l1zHXhwvvIVKWHwwigvAgogzipBbXosBxDj4Uq2U8UMlvfD8pqh/6kJG0dxvcipC/n6a0qid2KeE3hPKYq8JGYMlfu9HXY/WdeYxbo2Vt4gOAO2kpTLWbRsn7nD+UwEYYkGoF9OQfEtzx224CEhAslv2yFnG7tPkXpLWtdfzE9dyNdf5CyieiKyFwYM7Rp6Er/F0jv5Owl7DSj2ZYHoqOUM8/s1iBPojaQMHINpzTkUTO0tROH5aSKnF3JxWCZkLst6DzDutprXZUKE0KOUKx/Mnzfvni/dw+enZAkmcZHwkOEO1kY0N6eUjgrl/qAgvnSv61Po+CVKliGAEHx5aMGLYbtM7BaYSh+izRZMP+66x+idqs8uWcE8AHn//L+9xJoB3hmvP3k4HhUzuEvQR9z7LdaTc1NocIme+0VWdh6d0tNG1Ood/px+TBjMz74xyaHrmtZm18GUJfTACRdrA5p94EP63kcCAqOzGlpid1DVopHp8EEw3/JS/fREFX+OLv5xZs9WgGbrNjueXN8PLygODrdYWUX7HWd0yeL
Content-Type: text/plain; charset="utf-8"
Content-ID: <1A7D64356CBF364C973D41E09833A900@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ab0f658a-68ad-4ebe-f1d3-08dbba0c3890
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2023 19:03:05.4041 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: RicCW+zpxKE1Iu0wo7zTASPz+jif35S6Hm8Y4WGRv5oApNgd+aNnGFsuMG3mI+zIxCu+tsf50HuW38DTC4V1zw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB8206
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/BLK2wYgEHz38s4Ae_6xLkvZDlQY>
Subject: Re: [Rats] Attestation Terminology
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2023 19:03:45 -0000

The TCG Glossary defines attestation as:
"The process of vouching for the accuracy of information. External entities 
can attest to shielded locations, protected capabilities, and Roots of Trust. A 
platform can attest to its description of platform characteristics that affect the 
integrity (trustworthiness) of a platform. Both forms of attestation require 
realizable evidence of the attesting entity."

The draft-ietf-rats-tpm-based-network-device-attest definition seems to follow the spirit of the TCG definition while avoiding terms like "Root of Trust", "shielded locations", "protected capabilities" and other terms that are not in the IETF lexicon.

I don't think the draft-ietf-rats-tpm-based-network-device-attest is positioning this definition as a RATS definition, but seems to recognize the reader is familiar with RATS terminology and maybe less familiar with TCG terminology.

-Ned

On 9/20/23, 9:00 AM, "RATS on behalf of Giridhar Mandyam" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of mandyam@qti.qualcomm.com <mailto:mandyam@qti.qualcomm.com>> wrote:


Session attestation for keys related to transport (TLS) was actually defined in https://datatracker.ietf.org/doc/html/draft-richardson-rats-usecases-08#section-2.2. So <https://datatracker.ietf.org/doc/html/draft-richardson-rats-usecases-08#section-2.2.&nbsp;&nbsp;So> in my opinion there has already been an attempt to define a specific type of key attestation in RATS accepted group documents.


That being said - I have used a somewhat similar definition to the one that Henk provided below in published work and feel it sufficient to cover common usage of the term. For reference, the definition I used was "Remote attestation describes the process by which software executing on a device provides an assertion to a relying party about the integrity of its platform" (https://ieeexplore.ieee.org/document/7945438 <https://ieeexplore.ieee.org/document/7945438>), which was derived from [1].


-Giri Mandyam


[1] Coker, George et al. “Principles of Remote Attestation.” International Journal on Information Security. Vol. 10. No .2. 2011. pp. 63-81.


-----Original Message-----
From: RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>> On Behalf Of Henk Birkholz
Sent: Wednesday, September 20, 2023 3:41 AM
To: Tschofenig, Hannes <hannes.tschofenig@siemens.com <mailto:hannes.tschofenig@siemens.com>>; hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>; rats@ietf.org <mailto:rats@ietf.org>
Subject: Re: [Rats] Attestation Terminology


WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.


Hi Hannes,


no, I do not think there was ever a list discussion on the term. Maybe I missed that. It might be useful to restate the whole definition from https://www.ietf.org/archive/id/draft-ietf-rats-tpm-based-network-device-attest-14.html <https://www.ietf.org/archive/id/draft-ietf-rats-tpm-based-network-device-attest-14.html>
here:


> Attestation: the process of generating, conveying and appraising claims, backed by evidence, about device trustworthiness characteristics, including supply chain trust, identity, device provenance, software configuration, device composition, compliance to test suites, functional and assurance evaluations, etc.


The definition follows the context of NIST's 1st definition of `Attestation` as it describes an activity and the definition does unify IETF and TCG ("TPM/DICE/MARS") terminology.


In general, there was a lot of avoidance to become specific wrt to terms such as `Root of Trust` or `Attestation` in the scope of the architecture RFC. I am okay with becoming more specific in the RATS context, but that seems to be a strategy change to me and should become (maybe a lightweight) discussion here on the list. I doubt this is the first time this comes up, but taking into account the hesitance of key stakeholder in remote attestation to define such terms to rigidly, I would not be surprised if there is no referencable definition still.




Viele Grüße,


Henk


On 20.09.23 11:00, Tschofenig, Hannes wrote:
> Hi Henk,
>
> as you can imagine, I am confused. You are saying that the RATS group couldn't agree on a term for "attestation" in the architecture document. But now the term is defined in another RATS document, namely <ietf-rats-tpm-based-network-device-attest>.
> Is that because you finally found an agreement or just because nobody in the group wasn't paying attention?
>
> Regarding key attestation: IMHO it is what we are providing with draft-ietf-lamps-csr-attestation where Evidence includes information about the private key being stored in a hardware security module. I don't have a good definition of the term myself and hence I was wondering whether there is some established terminology in TCG or elsewhere already. It cannot be the first time that this issue arises.
>
> Ciao
> Hannes
>
> -----Ursprüngliche Nachricht-----
> Von: RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>> Im Auftrag von Henk Birkholz
> Gesendet: Dienstag, 19. September 2023 13:59
> An: hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>; rats@ietf.org <mailto:rats@ietf.org>
> Betreff: Re: [Rats] Attestation Terminology
>
> Hi Hannes,
>
> w.r.t.: `attestation`
>
> there is no satisfying answer to your question, I afraid. The RATS architecture was explicitly and carefully worded to avoid the word `attestation` as a stand alone term. As it causes confusion in the context of "activity vs. message" and is horribly overloaded, in general:
>
>> https://csrc/
>> .nist.gov%2Fglossary%2Fterm%2Fattestation&data=05%7C01%7Channes.tscho
>> f 
>> enig%40siemens.com%7C04d90290edb94ff2833508dbb907da4c%7C38ae3bcd95794
>> f
>> d4addab42e1495d55a%7C1%7C0%7C638307215597987825%7CUnknown%7CTWFpbGZsb
>> 3
>> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%
>> 7
>> C3000%7C%7C%7C&sdata=wUKkQ85T%2BEDnoE2e7CENvC%2FGBvZLlCz8WtSdv%2F%2F%
>> 2
>> FQ2Q%3D&reserved=0
>
> (here NIST captures the confusion in a nutshell)
>
> That is why RATS is about _remote attestation_, and corresponding activities, such as Evidence Generation, Conveyance, Appraisal, etc.
>
> w.r.t.: `key attestation`
>
> The RATS WG has not defined the more narrow term "key attestation"
> today. As Denis pointed out, "OpenID for Verifiable Credential Issuance"
> does, for example. Looking at that definition there are two essential
> components:
>
> 1.) "a certificate including a certificate chain asserting that a particular key is managed, for example, by a hardware security module"
>
> 2.) "provide this data along with the proof of possession in the Credential Request"
>
> In RATS (IETF/TCG) words, I think, openid is defining `key attestation` as as an Endorsement (according to 1.) of key material that is then combined with a PoP (according to 2.). That is not the same thing as remote attestation, as there is no Evidence about the trustworthiness of the Attester generated.
>
> I am not entirely sure how useful it would be for the RATS WG to specify
> yet another meaning of the term `key attestation`. What I would see as useful in any case, however, would be writing up a definition (independent of any name). Maybe something along the lines of "Evidence about an endorsed key storage that is augmented with a PoP of a stored key" or something to that effect.
>
> But that probably just reflects my half-baked understanding of "RATS key attestation"... what would you think `key attestation` means in the context of RATS, Hannes?
>
>
> Viele Grüße,
>
> Henk
>
> On 19.09.23 09:24, hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net> wrote:
>> Hi all,
>>
>> I am wondering why the group has not defined the term "attestation" 
>> in the RATS architecture RFC. Instead, it is defined in a solution 
>> document <ietf-rats-tpm-based-network-device-attest> where nobody finds it.
>>
>> Ciao
>> Hannes
>>
>> PS: Where is the term "key attestation" defined?
>>
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org <mailto:RATS@ietf.org>
>> https://www/.
>> ietf.org%2Fmailman%2Flistinfo%2Frats&data=05%7C01%7Channes.tschofenig
>> % 
>> 40siemens.com%7C04d90290edb94ff2833508dbb907da4c%7C38ae3bcd95794fd4ad
>> d 
>> ab42e1495d55a%7C1%7C0%7C638307215597987825%7CUnknown%7CTWFpbGZsb3d8ey
>> J
>> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300
>> 0 
>> %7C%7C%7C&sdata=eCDY%2F9fUK5Jo1UHtMPf6qz3pJWAwyk8xu0qTEkm6288%3D&rese
>> r
>> ved=0
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org <mailto:RATS@ietf.org>
> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>


_______________________________________________
RATS mailing list
RATS@ietf.org <mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>
_______________________________________________
RATS mailing list
RATS@ietf.org <mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>

v2.23.0 | Report a Bug | By Email