Re: [Rats] CoSWID and EAT and CWT
Laurence Lundblade <lgl@island-resort.com> Wed, 27 November 2019 00:48 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B2A120B32 for <rats@ietfa.amsl.com>; Tue, 26 Nov 2019 16:48:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M8-4lZ7Q-6nD for <rats@ietfa.amsl.com>; Tue, 26 Nov 2019 16:48:48 -0800 (PST)
Received: from p3plsmtpa07-04.prod.phx3.secureserver.net (p3plsmtpa07-04.prod.phx3.secureserver.net [173.201.192.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E04B1120B30 for <rats@ietf.org>; Tue, 26 Nov 2019 16:48:47 -0800 (PST)
Received: from [10.86.0.118] ([45.56.150.43]) by :SMTPAUTH: with ESMTPA id ZlVei0gP2YzYsZlVfiQUm7; Tue, 26 Nov 2019 17:48:47 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <46CBC5D5-C4AF-4FFD-A06E-5D8B1FFF2AE7@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B1B39B3D-7B29-415F-BAE8-DFD016492154"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 26 Nov 2019 16:48:46 -0800
In-Reply-To: <60C4E362-02FD-4DDF-BFB4-D09D358282D4@arm.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "sacm@ietf.org" <sacm@ietf.org>, "rats@ietf.org" <rats@ietf.org>
To: Thomas Fossati <Thomas.Fossati@arm.com>
References: <2A12D8A3-722A-44D1-8011-218C89C8B50B@island-resort.com> <VI1PR08MB5360236E3583EBD3A78085EDFA490@VI1PR08MB5360.eurprd08.prod.outlook.com> <60C4E362-02FD-4DDF-BFB4-D09D358282D4@arm.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfNLsy+E7UFr6g9DdtJI2HrTdbIh/Ans7SVSmX9d4V/qQgtY6FyozCeWsZ/Fe2jiKMP/Zj1K57xuon+6jKOLfO+GkXEdSSfFob/Fe0bktzzgtBI9Uzt69 MmxxCYciT+mCEmcqckvaoaJLHh/JXaDkz54TZ+f75pdVHALi7Ll0P076AFfEP16MtelUatEE+MM5bw8kzyAYmcmCd2oPlo76x61vWUqPLrfCMwMI3vbzJG4q PrGb5F1lr/X+IQQ6OvAlCA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/DXxsHk1ekegHp-NoSMbp-N6pjy8>
Subject: Re: [Rats] CoSWID and EAT and CWT
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 00:48:49 -0000
Looks good, Thomas Here’s a signed EAT with the CoSWID as a claim with label 21. In EATs with submods, there would likely be a CoSWID per submod (not shown below). LL 18( [ / protected parameters, bstr wrapped / << { / alg / 1: -7 / ECDSA 256 / } >>, / unprotected parameters / { / kid / 4: h'4173796d6d657472696345434453413 23536' / 'AsymmetricECDSA256' / }, / COSE payload, the EAT, bstr wrapped / << { / nonce / 7:h'948f8860d13a463e8e', / UEID / 8:h'0198f50a4ff6c05861c8860d13a638ea4fe2f', / boot_state (based on the -01 draft) / 12:{true, true, true, true, false}, / time stamp / 6:1526542894, / The CoSWID / 21: { / tag-id, globally unique identifier for the software component / 0: "trustedfirmware.org/TF-M", / tag-version (here: 0, i.e. initial tag) / 12: 0, / software component name / 1: "TF-M", / version of the software component / 13: "1.0.0-rc1+build.123", / (optional) version scheme (here: semver) / 14: 16384, / entity, i.e. organizations responsible for producing or releasing the software component / 2: { / entity name / 31: "Linaro Limited", / entity role (here: software creator) / 33: 2, / thumbprint of the entity public key (algo -- here; SHA-256 -- and value) / 34: [ 1, h'5e73c2e6a96be594e56b218418a3ea03f1397934a2517d781855195fe3c5916b' ] }, / payload / 6: { / filesystem item (name and hash) / 17: { 24: "tfm.bin", 7: [ 1, h'4a039f284d8ad68ca5b4d1592977c7c964c4abb5d08d87e4a0346b80cce5c74d' ] } } } } >>, / signature / h'5427c1ff28d23fbad1f29c4c7c6a555e601d6fa29f 9179bc3d7438bacaca5acd08c8d4d4f96131680c42 9a01f85951ecee743a52b9b63632c57209120e1c9e 30' ] ) > On Nov 26, 2019, at 3:51 PM, Thomas Fossati <Thomas.Fossati@arm.com> wrote: > > Hi Hannes, > > On 22/11/2019, 00:08, Hannes.Tschofenig@arm.com> wrote: >> Hi all >> >> Can someone send an example around how this would actually look like? > > For something such as TF-M, it should look like this: > > { > / tag-id, globally unique identifier for the software component / > 0: "trustedfirmware.org/TF-M", > > / tag-version (here: 0, i.e. initial tag) / > 12: 0, > > / software component name / > 1: "TF-M", > > / version of the software component / > 13: "1.0.0-rc1+build.123", > > / (optional) version scheme (here: semver) / > 14: 16384, > > / entity, i.e. organizations responsible for producing or releasing > the software component / > 2: { > / entity name / > 31: "Linaro Limited", > > / entity role (here: software creator) / > 33: 2, > > / thumbprint of the entity public key (algo -- here; SHA-256 -- and value) / > 34: [ > 1, > h'5e73c2e6a96be594e56b218418a3ea03f1397934a2517d781855195fe3c5916b' > ] > }, > > / payload / > 6: { > / filesystem item (name and hash) / > 17: { > 24: "tfm.bin", > 7: [ > 1, > h'4a039f284d8ad68ca5b4d1592977c7c964c4abb5d08d87e4a0346b80cce5c74d' > ] > } > } > } > > At least this would be my interpretation of the CoSWID draft. I'm a bit > unsure whether a "filesystem" item is the most appropriate payload for a > firmware thingy. Surely Henk can suggest something better. > > Cheers! > > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] CoSWID and EAT and CWT Ira McDonald
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [Rats] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] CoSWID and EAT and CWT Hannes Tschofenig
- Re: [Rats] [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] [sacm] CoSWID and EAT and CWT Adrian Shaw
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Adrian Shaw
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Brendan Moran
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [sacm] [Suit] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Smith, Ned
- [Rats] Review of draft-birkholz-rats-uccs-01 Russ Housley
- Re: [Rats] Review of draft-birkholz-rats-uccs-01 Henk Birkholz