[Rats] Re: Hint Discussion in CSR Attestation Draft

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Mon, 24 June 2024 07:02 UTC

Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB9A1C1519AF; Mon, 24 Jun 2024 00:02:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.703
X-Spam-Level:
X-Spam-Status: No, score=-2.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ib8GAIkG94eE; Mon, 24 Jun 2024 00:02:40 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B11A3C14F5EA; Mon, 24 Jun 2024 00:02:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.net; s=s31663417; t=1719212552; x=1719817352; i=hannes.tschofenig@gmx.net; bh=RjVHwOPayMz5hJoyB2zhIBiwC3SiUk6CevBiEiyim+I=; h=X-UI-Sender-Class:MIME-Version:Message-ID:From:To:Cc:Subject: Content-Type:Date:In-Reply-To:References:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=D90+cuzjGpjGuW0vE1ToRlfeFioCQk26NmPOnRkw956nJmhCXUnO5YOGvXyJkTkF hQ9eRf3USyIFo42HInM6NFv1r/2lsmWdWFfgJ8jtMwOLV4JP3FKdAvzl1v4qm4dw7 enUh1J0SSKLYs5HMMqHMv6BANfh/AmflAAlMVap07ICL0yvHDqzLjNMWnxV43zrJA KeG6tfu1ddSes3Gjpac2ggZ8GcnQ87uPJ3OYuQWqFSUq8a04XRUQ9BfjCPMphyEQf ej++FALk0tzyhTJZ/VJz77QbeUbHQFtvVtBBgvkppKmLArXY2J/5zoEi5ZOJM2qNA wwvPD39bmQP5Bml+Dw==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [109.43.50.121] ([109.43.50.121]) by web-mail.gmx.net (3c-app-gmx-bs24.server.lan [172.19.170.76]) (via HTTP); Mon, 24 Jun 2024 09:02:32 +0200
MIME-Version: 1.0
Message-ID: <trinity-39aaab13-428a-4514-a640-951a3f6be631-1719212552601@3c-app-gmx-bs24>
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: Thomas Fossati <tho.ietf@gmail.com>
Content-Type: text/html; charset="UTF-8"
Date: Mon, 24 Jun 2024 09:02:32 +0200
Importance: normal
Sensitivity: Normal
In-Reply-To: <CAObGJnP6BdeAmrOW_oYy_RASeG9uOtmLkRi8tF5NmZd218w4UA@mail.gmail.com>
References: <AS8PR10MB742727BFEC71CB78468FB0E7EECD2@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <0145e095-e684-d2ee-58d5-41aee54a4b3b@ietf.contact> <2627.1718830718@obiwan.sandelman.ca> <FB01F359-84F4-4AAD-82F7-1CF2356DCD4B@redhoundsoftware.com> <CAObGJnO6bn5xEpqPxc46HRh3v2BnmxbE0YXwfNv9BtQnNV9Mag@mail.gmail.com> <E7968891-2903-4A53-8A8C-060BFBE349AA@redhoundsoftware.com> <CAObGJnP6BdeAmrOW_oYy_RASeG9uOtmLkRi8tF5NmZd218w4UA@mail.gmail.com>
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K1:3I6SsquGUjV3wFpbfqGcQsXD93e8+OXSGWko+jrYVWq0GMjphaPzgTq2PQh3hh9O+a9Dh LX1Pr5KzY5BHWmNo6JBmh53TiPCkklD/du6QZtPy9o/w9jUgUJWyh4qupLTwF0DvNoS6ZHf+KUpe ShPHLIpMb1iTHW674W+KPLQ6QS4DZMZTYzfLK6Soko4EKxTm+dzAfKSkE5d+eFE066SHgRP7zTlN tTrI9Q3DZTFsOcs9kZX8Dr9mai0P9T4b1rX8bh/kG6y5Rjs6s8P6XwJLYCNtLLZTf6xRKfRSYHAJ oc=
UI-OutboundReport: notjunk:1;M01:P0:4tpmOA1qVRM=;BC63Y6RR2QrBFDjLxx+KzlnUraP LuMnZlOylNiUR5GmKHbLmJEvZAc4ENE2dxs6DHIYGpfoKqYXq6XPVoukHhnLTM11vRa9eSQdb mvVhNniUs/eufFstAmvNA2l/K4OEfchD9P//mpV9HyFSUed5gvv9xMwzeTjKUSXVmHJCU4yMk /qBUsjCGyZyi83BO0esXQuG+fBdpTgHuBGdhkkQA4Z8yYs1ggvb4D/J8m+xGoJqjIvCNSs/tJ m7r8zmOdXRLzXVgwMTbB5CynmAnUn//atFkQuiguJLhNIGCW8y+6wgqMUkxq4+V9H/329+U55 iV4FgBrO0hwo6LLiTXH/vCdVLpgY4QkcQsQy3nxgrDREqP/KC/IBed9W2q/vowCi/eWLhYo/K FC2YRa571Kj46w+kTF4PEzpQyLjewn2g6UeEd2XhwFJuT0gjdTcjO38qwrVVb67PsAJ7JGYAh Ef4q7LAKFFle6Xz3EwLZ+hzwx7fZBC6MOIKoTabuLgDkZGIoi0o77VG+/NMyPowage1sV65Gs 0IOslk7gNLyC3fjsYoBY4SLAjyHkeMhQ4Jy/6+Cx/PRC4IKj+olLVOKuICfqOiSVQq6dcsh8l StSzjIwKAj5DwkUZWB3QRuh5euGtMuens3RbQKifwsBGRoHRS6KIM/y0/rUWMx4MNSbIPSR8u Yu0wneO3OGlqDju+xdIu0oeX/u32Pf6OWdiFOoK8J7I1kKsgV6Xk8zTox8TpHoc=
Message-ID-Hash: 73YZHSMCAMKTY62MBZ56373UZ3ZDMLIN
X-Message-ID-Hash: 73YZHSMCAMKTY62MBZ56373UZ3ZDMLIN
X-MailFrom: Hannes.Tschofenig@gmx.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Carl Wallace <carl@redhoundsoftware.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Henk Birkholz <henk.birkholz@ietf.contact>, "Tschofenig, Hannes" <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, rats <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: Hint Discussion in CSR Attestation Draft
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/DGRVyODq5D_aAd1nGZy1y0zmhbE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

 
FWIW this is also what we write the CSR attestation draft, see Section 5.2 of https://datatracker.ietf.org/doc/draft-ietf-lamps-csr-attestation/
 
Any worry that we are specifying an open redirector here is unjustified.
 
Ciao
Hannes
 
Gesendet: Freitag, 21. Juni 2024 um 22:37 Uhr
Von: "Thomas Fossati" <tho.ietf@gmail.com>
An: "Carl Wallace" <carl@redhoundsoftware.com>
Cc: "Michael Richardson" <mcr+ietf@sandelman.ca>, "Henk Birkholz" <henk.birkholz@ietf.contact>, "Tschofenig, Hannes" <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "rats" <rats@ietf.org>
Betreff: [Rats] Re: Hint Discussion in CSR Attestation Draft
On Fri, Jun 21, 2024 at 9:12 PM Carl Wallace <carl@redhoundsoftware.com> wrote:
> [CW] OK, so relying party, not verifier. How would the relying party use a "free form" label to route anything?

The RP comes preconfigured with one or more trusted verifiers, i.e.,
verifiers for whom it knows (at least) the API endpoint and public key
used to verify their attestation results.

if the hint matches one of these configured verifiers, the RP may
decide to prefer such verifier over another.

--
Thomas

_______________________________________________
RATS mailing list -- rats@ietf.org
To unsubscribe send an email to rats-leave@ietf.org