[Rats] 802.1AR device identity

Guy Fedorkow <gfedorkow@juniper.net> Wed, 10 March 2021 15:58 UTC

Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29CFC3A1248 for <rats@ietfa.amsl.com>; Wed, 10 Mar 2021 07:58:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.345
X-Spam-Level:
X-Spam-Status: No, score=-2.345 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=th7s/8Is; dkim=pass (1024-bit key) header.d=juniper.net header.b=inMYHxzB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pF5fNslPPpOG for <rats@ietfa.amsl.com>; Wed, 10 Mar 2021 07:58:35 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE16E3A1245 for <rats@ietf.org>; Wed, 10 Mar 2021 07:58:35 -0800 (PST)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12AFtVM7018670; Wed, 10 Mar 2021 07:58:35 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=PPS1017; bh=/dv6syhjMEtXr1kJIQ39AJnYKXSe5eiKg1cGeHQgnHQ=; b=th7s/8IsLlPGY1RBeInKBqNmZTi9UJr9q8nny+yyv41Kxj3Qkcp9kuz7duWV1ZyqXRg0 u/CDDykUd+HRQGDHPQKr+bW5qC0wElP/AG58i7J9KTCCWq40F0UfOjhA89Jw+hzeXt2Y v5Z+pDYrJPdCj/6gDHPW8FP+35+ZzcQO07pMBQ11w/A3NDj/xAxZi1Dz+McDu6cKfLXg sb7mKa26+yG/O1AQOHvg7fuwmEmC8lQkUk5eDzb/Iq9SsxoUB5MHjLf0V/YB0F5kdIBV Z/5az+4jYkn1uF5iu15vpdMXmTpL04ZwVNqVazfa2Es3Ewdstpy/6eAYf/nwdhW7XYr7 +g==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx0a-00273201.pphosted.com with ESMTP id 3746ax7qw1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 10 Mar 2021 07:58:34 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J2b3yzTn/b0CCzWl/+IDXbzgMq8kSr9KDHC0b2yYOR2rI1/+ggcFQNVc2bhEScDiirBzRQUhMoHwHRUK6tO8lsBjKZpcmJpoOi2BZgDEQ89wCoJ+eWyrl9aqnuBs1DqJNloK7uBIbt81riM7OBlGJrO3DxJkWsoeo/kbHOJf4P2qmBNB737wBbU2AXS3f2jxlSg1keU6gj2NTe8GCqwEOdyFBWseyqdRgOcWjitW9LX/ee7pzEkCYxxA8uQR2Wi4xlPclmCQeM9JNeSOp8S8W4p1FnualUySsZFVEi58Ov3bEWOMo3FtlWtb+jQc7R/+7KtEWzmTZfuSAfo31GO4AA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/dv6syhjMEtXr1kJIQ39AJnYKXSe5eiKg1cGeHQgnHQ=; b=VdiEWs5C1onyNCUW7wBodVat30qlZX8VQlqO6MyB5H8Em7QhxysVlHRBZ12HzmNpMsGPr/VzbUFbiF3Xr1fW7/D9dnXAI9wFRABcdL5V8Bo5CvRJ2spjeilN8kDJObBNcefD8u8aEwzhV4/RahscRzrvZ/KrzqKMii0Y0qp8Bhemgb25qyoBsuq35pFM60pYX1g6ROC8U3Uimmbj451w613Lp9xXbtPSRgeYrzwd9GA6FO+kf6OH9vGAHxXHfXBKbX0QTdn0VNRn+ODCbgeQMLYot2BerSawqcVsRmBObJ211KBpz9rPIPqn1qNeW9ezyRqqBU13EDfUMC2jDUtpJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/dv6syhjMEtXr1kJIQ39AJnYKXSe5eiKg1cGeHQgnHQ=; b=inMYHxzB93OuD4vu94EInn4acMQL0+IHNvjH6kOJPWkOeyLOSjQZNCPtdme25do0KJoKv0FVV8Gxy9LgZ2UrsfOU7feT+lZRUfyYcWP5L/ckTDZcl7zq3eTeWD2u9KjV2ls6pVFA1jm4cLPcNjBPf+Wi/gczmD7m7u19rQttv08=
Received: from BLAPR05MB7378.namprd05.prod.outlook.com (2603:10b6:208:298::10) by BL0PR05MB5345.namprd05.prod.outlook.com (2603:10b6:208:6e::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.13; Wed, 10 Mar 2021 15:58:32 +0000
Received: from BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::6c50:5962:d313:b6c3]) by BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::6c50:5962:d313:b6c3%8]) with mapi id 15.20.3933.031; Wed, 10 Mar 2021 15:58:32 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: 802.1AR device identity
Thread-Index: AdcVxjJe27nOSbXvT1qyB6nJ9PLMSQ==
Date: Wed, 10 Mar 2021 15:58:32 +0000
Message-ID: <BLAPR05MB7378831E4561BA23098C9C9BBA919@BLAPR05MB7378.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.6.0.76
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2021-03-10T15:58:31Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=55fcf178-02e0-40f5-a962-a9e746f276f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [24.62.29.247]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 4817ae95-fc31-4862-4cca-08d8e3dd5af9
x-ms-traffictypediagnostic: BL0PR05MB5345:
x-microsoft-antispam-prvs: <BL0PR05MB534555D557C36B282A56BF53BA919@BL0PR05MB5345.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SuXOvzicMgOjGz1vT1mMmkzXyYRCVwbQ+2wunvj+XSHmn33ui3PDW4UtSerTNqb/j1z6za5jB6bJhFIs+AhRNQIR1SjmJzT29cH4FRo15ZLwY7XWQSEP5jVKIHUdyXkCtmPQVangG0cJQnf3n5OAlJOeMnO8gl1fGsZUAhYE26TtVEYKMnpHz5jcH+UHv8fxWbKp6GchbW88aGnGfK5yfyJrBB2a2+Mlw56c/v984SZ9MMFUBo03a9ojJABSuqVEsuF8aCZRG/pUf6rDL22HAl4pYIY6p7F+ZFPTapNwYhEZ13oe3yIpqA7fAVOFWPRGyZlr8lUefPlWCdQgMwMNcwWhiG6OOLyG2EUeKxBngd4q7j7AllR71IjZ10kbwZ8TthQ/ZJCIbPlMw970IrpRI+rOb1ukLtOFnKastq4n7JB2DgwPO2bUCpGv2c4mrwYuuFdalSkz4R338jL8jFmhHTq/XR3hIpwM30Vn4+YVREIe3KyKA+0Uv1ZJXxrghuLfzSI8I/duYBzdeXs0a2QaTYUwjp3YTJ9iLtjWF5hjc1PMdp2cfe4pD44o8gIr5VIhVjs05jimFArWiIKf92wENP/lf+lmTuec68zPQLM8v7AHXfr6Sawcti3NkClr084Q85YGeSEvFI2bf87lqR+06g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR05MB7378.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(39860400002)(346002)(376002)(366004)(4744005)(55016002)(7696005)(9686003)(83380400001)(5660300002)(26005)(6916009)(8676002)(66556008)(66946007)(4326008)(76116006)(66476007)(166002)(64756008)(66446008)(52536014)(2906002)(6506007)(478600001)(966005)(316002)(8936002)(9326002)(86362001)(186003)(33656002)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?47F1PUWExTnwc2aqisgJT838ya6W9BBdUis3WpbNhEp/sIiYkk/OHr0Ioi/C?= =?us-ascii?Q?H+2VH80Szj3z/293uSBtByaVvQ3lErs5T2zVcTqhDamCEV59jn0ZKGgKflZy?= =?us-ascii?Q?odxH/538sQa0/ps1fU0Thy/MDw6sIoobgVGexnJZsAFhckgZN4F6dO6Inw0W?= =?us-ascii?Q?nvw7MdRbaCCxyh/j0yMel3MaRjxLOwwKzoSwxdvk+j5hcWjZxTj73I4YcP1B?= =?us-ascii?Q?0ZMS6pLt6aTCEbWoZ4QrNei7xADQzZNAGZp6XcDSq5c5KccSFqUVLzPP9OGA?= =?us-ascii?Q?a3hD6fxPqDWdEwf0UjaYSqFKQoZoTc8GH5Mud2JGxFBBlgo+J/szEFhf6Z6c?= =?us-ascii?Q?cmDxHmK8NggfWJ1t4+UiWj/hE6252OZjoDiaFVOR1xEQ3oyuBFUYjmPag1Sb?= =?us-ascii?Q?ytxt3eEwsgynhOTA+1mTy82zI30lewSyNJG4v4yVK5p0I/Env4+TpY9ijMtJ?= =?us-ascii?Q?fSQsVPlVKGpF234HVR+AxEgs6/xpHbal+6mI9JNrx0itw+eET5C3COe4MmRd?= =?us-ascii?Q?KVEmUHxKA5dW/II/EHxGmcpKwCdOeeYpyOtgMV5Z7YCjZeN2DNIIAzIf+jcI?= =?us-ascii?Q?e6Oa9IXuJpdQI0hrgMM/aBDbKAmi8VoDAs1OpWz1+9+lli4Bm46hB0a44d+S?= =?us-ascii?Q?2UFRVYhttLpdea0L0XcYaN69PGbd6S5Qyb8lxyUYilleLmxPV569diwii5YV?= =?us-ascii?Q?xsLlB5po7kyt1U+OkFsvPB0SzRzrKpOv5lg4CyMFSnyAPA/fMeVRzm52Y67a?= =?us-ascii?Q?q2EYJ0sknIsu0EkaeYK27jzWICMXokI8XVWShNt5P7sNmPJzCYESgXbmmC61?= =?us-ascii?Q?Kf7flqQ3I2q3wIEa/8yISE5lTuD2Ye3Hj8JIE0Hg8uxZpH8mNsQH8tSgZjfr?= =?us-ascii?Q?Mr/WkOrQPu+euYEYtDQJc7xAun7+BFtMIQXhEZGXgLnioG0bobflyateUTjs?= =?us-ascii?Q?IUHng18r60YpZ4ABj1HDgPGTh/LqVOIYSvxXoBI+NY6t7zWCU3iZKfW8AT80?= =?us-ascii?Q?4lvQsRd8hVTzsbKscz3vDMERaGt8lkTD6HtxYCAovs3qrCFaxQMWHzsbvRyQ?= =?us-ascii?Q?iaVYQ0Zk91Q9TC+mpGPI6zrWU4sazwAGvucmdo1RzQOzzvmRG9uco87RIGMK?= =?us-ascii?Q?TxlLpnQ0A/vHnGhUEOgSYUwK8DpqEOXh65p95h+X2tgdSJ/cu75nDoxSUZ/5?= =?us-ascii?Q?yPkIlXMjm0WcVBJL8OPLj7xIhzJ7xIfdcH3hP3mB8U/fnoOMRD9fZdhnlajW?= =?us-ascii?Q?OlxHghcqWWq/pPNcRKGIg9TZFXHII2emGUkrwDwE8p8tqim+65/bqWgL/6pr?= =?us-ascii?Q?X5sFdcspTOWbvE0rgukWJK2i?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BLAPR05MB7378831E4561BA23098C9C9BBA919BLAPR05MB7378namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BLAPR05MB7378.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4817ae95-fc31-4862-4cca-08d8e3dd5af9
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2021 15:58:32.4688 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WbSM6AuPSYV+N0032C1s4P1nBE/ly44qUEcdNO9B0/l1oYaeQlxrLgOwCqz/EJ63segaML0A5XFtCB+dwtyoQQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5345
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-10_09:2021-03-10, 2021-03-10 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 lowpriorityscore=0 mlxlogscore=836 adultscore=0 clxscore=1011 impostorscore=0 priorityscore=1501 bulkscore=0 suspectscore=0 mlxscore=0 phishscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103100079
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/CjgwU2McC3KwMs_sbsjt4eT0w4k>
Subject: [Rats] 802.1AR device identity
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2021 15:58:37 -0000

Hi Laurence,
  We talked about device identity on the RATS call today.
  For RIV, we're relying on this IEEE spec:
https://1.ieee802.org/security/802-1ar/
  That spec defines Initial and Local Device Identities.  Initial DevID is set by the manufacturer and can't be changed or replaced, while the Local DevID can be set and erased by the owner of the gear.
  The spec doesn't address deciding which identity to use for any specific application, but the intent clearly is to allow the owner to use the manufacturer-supplied identity to install an owner-specific identity in a device, and erase the owner-specific identity leaving the manufacturer identity in place when the device is decommissioned.

  Many different specs must have examined this problem, but of course it never hurts to re-use some of these ideas where possible.
  Thx
/guy



Juniper Business Use Only