IETF Logo Mail Archive

[Rats] Function of an endorsement relative to evidence

Laurence Lundblade <lgl@island-resort.com> Sat, 04 June 2022 21:16 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22A13C14CF02 for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 14:16:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.93
X-Spam-Level:
X-Spam-Status: No, score=-1.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vra8wfMMeH_R for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 14:16:29 -0700 (PDT)
Received: from p3plsmtpa09-04.prod.phx3.secureserver.net (p3plsmtpa09-04.prod.phx3.secureserver.net [173.201.193.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BB57C14F75F for <rats@ietf.org>; Sat, 4 Jun 2022 14:16:28 -0700 (PDT)
Received: from [192.168.1.7] ([75.80.148.139]) by :SMTPAUTH: with ESMTPSA id xb8Enct1fjD1mxb8Fn9FAF; Sat, 04 Jun 2022 14:16:27 -0700
X-CMAE-Analysis: v=2.4 cv=NqIUz+RJ c=1 sm=1 tr=0 ts=629bcbab a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=IkcTkHD0fZMA:10 a=B6iggxGAeXwJ5UegVHAA:9 a=QEXdDO2ut3YA:10
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Message-Id: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com>
Date: Sat, 04 Jun 2022 14:16:26 -0700
To: rats <rats@ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-CMAE-Envelope: MS4xfMx8uIhQgHo2yAMVRH3cTM5GByP2rC6Ubg8F63VajPD06pV8cjN/ZLbxSxdIq/qB0ZJEzA/VQBd95Lcpm5LV19GjDhcXd+Iel6MnRcG6y0+zmh8D93uJ wyK0M3inQqwNKCAZ4EKYIvMTOr0PjbPjHjHcdTb5WZY4zfGDPNtN2lKljJic6Z8AWZHsPTVebQN+EQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/DBQVqJ1xtNybIw53A2REVdPqgdk>
Subject: [Rats] Function of an endorsement relative to evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2022 21:16:30 -0000

This is a step back for framing for the security-level discussion.

The fundamental purpose of an Endorsement is to tell the Verifier that they can believe what they get in Evidence. There may be some varying degree here from claim to claim and device to device, but the basic  principle always holds.

Assuming for the sake or argument here that the Attester Manufacturer and Endorser are the same, it goes like this. The Endorser/AttesterManufacturer only puts private keys into devices that it knows are built correctly. They won’t lie. They’ll protect their keys. They produce correct claims. This really is the fundamental work of the Endorser/AttesterManufacturer above all else.

 For example, maker of a device with a TPM selects a good TPM and also carefully writes the boot code that does the measurement. They make sure that the devices that the TPM is soldered into always has the good boot code. Then they publish the public keys supplied with the TPM to the Verifier so it knows it can trust the measurements.

In the TPM world, you can’t really have the Attester send much more than PCRs in Evidence, but in the non-TPM world, lots of stuff can go into Evidence.

Tell me if you disagree with this!


By all that, Evidence can be a parallel channel for the Endorser/AttesterManufacturer to convey claims to the Verifier.

The Endorsement can mean “believe all the Evidence from this Attester”. (It might always not be all the Evidence, but it will always be some of the Evidence).

By this it is entirely reasonable for security-level to be transmitted either as an Endorsement or in Evidence.


I think there is also room for security-level in Evidence in composite device attestation. One Attester may have a good way to evaluate the security-level of a subsystem, perhaps a subsystem that varies from device to device.

LL

v2.23.0 | Report a Bug | By Email