Re: [Rats] Use case -> architecture document

Dave Thaler <dthaler@microsoft.com> Mon, 14 October 2019 23:01 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFDD61208A7 for <rats@ietfa.amsl.com>; Mon, 14 Oct 2019 16:01:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3R0pycPRqUa for <rats@ietfa.amsl.com>; Mon, 14 Oct 2019 16:01:05 -0700 (PDT)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-co1nam04on0708.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe4d::708]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2190120894 for <rats@ietf.org>; Mon, 14 Oct 2019 16:01:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xh26jbNau/GHhz0s4QOQFMiz/qccjSHi1IXyw8SVTJvwZR+jIIp0AQ3MuseCfKG+zrz7HZbbE8b1b6UBhf+LevhnPaRSD6Geb2tdc4KMUfSBum49seG6j4oRDQA35x2CC9EYWcWmMKxh6cs60ouU8/S/p0T/0DrokI8p6ro4UEa/+FULEn8YvKgUyrkCGiBBJ2NN98Lk99JhUQ/FfyhrVASxbKDEXMyQ72ItqX9wxFmxZiVGFWwvFBfiWL9YTP2y++rxa3JAVSbWH5Dlo7wQ6tondDlfaJA9ocw+OH0Q/aQ1La5TCOxXIpFDdcSnA/FqB//cKCcAdLexwTRmiAG9jg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zF8BTKBdjMQAPYOZkVaISY8iGmGxKwpS4SwBk15lkIY=; b=k94u6LDarC926+1GE7NYU8earGBzy+z9C0s8EcJYKaQllf6J4dIwdTwB7VUJFZVdm9bQ+tJYP369uCA+syfOZ7VkvLzGnF694lKhJXqY+q+EgSX4fDeC9ZLdlLJKkpnnNuhp9bFIDXx+3DIFc78oNZDDNyknM1/xTy3g8H+NhM5LLVG6ElyiuY/evby6HqPU0Ubgft11AASaKNuci9B9uc103B2ZRdbhV3dPr9MKiJ9ptUQ3w8/C8oTZUVlfP7LgnfR/vIwrysm+9WfShKMOTDWJ8A2LkXuixnFlTx/pubMgQ3snpTdh9jG8ndiaW9Ltkzsxp29NUUYbxUW4RGh8FQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zF8BTKBdjMQAPYOZkVaISY8iGmGxKwpS4SwBk15lkIY=; b=PxipYZhGaIhgnIB2iawhT+tdAQaoRE3a7iN7q3hViwrMsZp850V+1skgMATIoTgBmL+OWsZn9ZwLi7jjeP2hI4zBgNYI26kLQ2eIVQi+x5SrUQ6Sf4nsqlGx4QSt8/wt1oLFHnY6I/X+xO/cvFvXH4wff4v7nL1G8IZxhtgq96M=
Received: from MWHPR21MB0784.namprd21.prod.outlook.com (10.173.51.150) by MWHPR21MB0143.namprd21.prod.outlook.com (10.173.52.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.1; Mon, 14 Oct 2019 23:01:04 +0000
Received: from MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::5d43:ff3f:d4e9:c39c]) by MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::5d43:ff3f:d4e9:c39c%11]) with mapi id 15.20.2367.014; Mon, 14 Oct 2019 23:01:04 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Use case -> architecture document
Thread-Index: AQHVfpUq2vNYZxzKzkGPZFkm3ao0cadSM9uAgAAwqYCAABSIAIAACXkAgAAPgoCACDU2sA==
Date: Mon, 14 Oct 2019 23:01:04 +0000
Message-ID: <MWHPR21MB078499E5D4A2A5E697924EC7A3900@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <CAHbuEH7f0jjquR=iZDgof4DkgpZKgxEP86NcQ0A1NQ=SP+_FHA@mail.gmail.com> <C02846B1344F344EB4FAA6FA7AF481F13E9560C0@dggemm511-mbx.china.huawei.com> <CAHbuEH7WkqeyUW3sL5bdw5N25B6O7ZEF0Qkx03fE5c42Sd4M5w@mail.gmail.com> <b91baad2-2fc3-a5e4-6898-e2cddcda300d@sit.fraunhofer.de> <20191009145006.r2pjsoo6jxirah64@anna.jacobs.jacobs-university.de> <CAHbuEH6u-6GsJjK8s0eFQPLeSuGjPMgonhyQkmaeA6Q+rp42kA@mail.gmail.com> <9379d880-2b7e-6657-c547-b37bb7a9e466@sit.fraunhofer.de> <CAHbuEH7XfWgPT+=T-Za9Cw-5GRQj0_+WT3L+Kd4aPp6VvU9jAQ@mail.gmail.com>
In-Reply-To: <CAHbuEH7XfWgPT+=T-Za9Cw-5GRQj0_+WT3L+Kd4aPp6VvU9jAQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-10-14T23:01:03.1757429Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=7bcc303b-d1e6-4848-9358-f1c22ddbffcb; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:4898:80e8:b:78e7:f894:d381:5331]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 587eeea4-59d8-47f5-3d6a-08d750fa63ff
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: MWHPR21MB0143:
x-microsoft-antispam-prvs: <MWHPR21MB01435A340594E78B3E37DBA6A3900@MWHPR21MB0143.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01901B3451
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39860400002)(396003)(136003)(376002)(346002)(366004)(199004)(189003)(66556008)(6116002)(14454004)(2501003)(316002)(22452003)(76116006)(66446008)(64756008)(46003)(25786009)(66946007)(2906002)(14444005)(102836004)(256004)(486006)(10090500001)(6506007)(446003)(33656002)(11346002)(76176011)(2351001)(476003)(5660300002)(478600001)(66476007)(10290500003)(7736002)(8936002)(9686003)(86362001)(55016002)(1730700003)(8990500004)(6246003)(74316002)(5640700003)(8676002)(52536014)(99286004)(71190400001)(186003)(81166006)(71200400001)(229853002)(6436002)(305945005)(6916009)(7696005)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0143; H:MWHPR21MB0784.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +gBcLLhUNUJq5D4vFSSqCZ7ys4MTk5x6+FfwWZAX/U9bWkw3FhfikBIa+dWUdm1OmM5gFCZ/ZiEcJd3IKCV8CG/YSAIta0lA/Uj7eZctbLRBaypvTwwRJ+D2N5nnxi7yu7vSQEsULScBZIlzuCxZm1bODbDm5Ozk/j2kA/mAneDlnOs5PxLwft+es7RQI/RpgyQ8m2zVlL2G4hJ3aQMpENdAYOPqNJcaDzQrBTbVJ8c1RjwC9MisyvEdK4HsK3rFl4a3t8d7kgy1KFBYfSAjeBRycXMPcdAVRJ5vDBr070TUyP0zHyvfdFU2BiWCyq0pmw6qA4KosjdfrVS5T4bRibiLzIjcseO4cbPYn9J4t/zsOjAkbKJeXMZirT1KtIO2TiSkw3olVd+pPTO6SDJ2ZtoGmrJ+NabK5UUzgoBXonw=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 587eeea4-59d8-47f5-3d6a-08d750fa63ff
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2019 23:01:04.4712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zZ9T7Vvzk0d8pMrKXM09w073CW6L26Urec0mxmKwXkHjT8UV0Mz9fGqn1I6EFqLpX5MUgS9LXgc0wjzmOZ+b1O/5zBDVqD73+fl03TQXPhs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0143
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/CDA7OcBUW-cwyKxJZPUwwq53BKY>
Subject: Re: [Rats] Use case -> architecture document
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 23:01:09 -0000

[…] 
> If the goal for service providers and others is to use this technology 
> (as is my goal), we need to make it something that is accessible to 
> many.  The developers at many organizations will use crypto libraries, 
> but will not necessarily be security people.  They will be starting from 
> a point where they do not have security specific language nor this very 
> specific set of terms that is being defined.  The simpler we can keep 
> it, the better to gain wider adoption.
> 
> I think if we step back and see what Dave does with the document to 
> define the architectural patterns, then we can decide how we merge 
> content with readability as a goal.
> 
> Best regards,
> Kathleen
[…]

As requested, I have written a document for the WG to consider, that
includes my architectural patterns work, plus some content pulled from
others' docs.  It's not complete (i.e., some stuff is not covered), but I do
hope it's readable by a general audience.

Besides some topics I just didn't get to, I omitted some other topics either
because I was intentionally trying to reduce the number of terms needed to
understand the doc, or because I didn't understand the content enough to
know how to rephrase it in more accessible terms, or because I actually disagreed
with it and so wanted to punt that discussion until after people could
see the direction I was going :)

I will post a -00 shortly and then you can all review it and hopefully figure
out what path forward the WG would like to take.

Dave