Re: [Rats] Android comments on EAT draft

Simon Frost <Simon.Frost@arm.com> Thu, 16 May 2019 11:16 UTC

Return-Path: <Simon.Frost@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD128120198 for <rats@ietfa.amsl.com>; Thu, 16 May 2019 04:16:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z4Md_H5bfajY for <rats@ietfa.amsl.com>; Thu, 16 May 2019 04:16:05 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0621.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::621]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E06312017F for <rats@ietf.org>; Thu, 16 May 2019 04:16:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yZaW2GErEIWBUy3hxLnHKa7qVY0NXYso3WSwrkeVRFo=; b=64BPqePNADFyhZhv3ticHI58IXNF1Y4t3ZGnAxTf22pso8Qcx5nG2kbDsm00DpAydIdyBfCrA3fL9YQiZJ5G5sSZd8Sa/yKf8Z4IRs1xechPtsCM7qvmOn9TjQABCoF9WX1mKn6iKGYGmF3c9hRmdN6qBoT81hb9sAeRNpvAUYY=
Received: from HE1PR0801MB1643.eurprd08.prod.outlook.com (10.168.147.136) by HE1PR0801MB1884.eurprd08.prod.outlook.com (10.168.91.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.17; Thu, 16 May 2019 11:16:00 +0000
Received: from HE1PR0801MB1643.eurprd08.prod.outlook.com ([fe80::f0cb:b369:295e:39dc]) by HE1PR0801MB1643.eurprd08.prod.outlook.com ([fe80::f0cb:b369:295e:39dc%5]) with mapi id 15.20.1878.024; Thu, 16 May 2019 11:16:00 +0000
From: Simon Frost <Simon.Frost@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>, Shawn Willden <swillden=40google.com@dmarc.ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Android comments on EAT draft
Thread-Index: AQHVC9i8uTu26pLBHUylqEH4qBP5fw==
Date: Thu, 16 May 2019 11:16:00 +0000
Message-ID: <HE1PR0801MB1643AA2E129098E2C65F9163EF0A0@HE1PR0801MB1643.eurprd08.prod.outlook.com>
References: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com> <35459D73-3D08-4E0B-814B-780AD60DD600@island-resort.com>
In-Reply-To: <35459D73-3D08-4E0B-814B-780AD60DD600@island-resort.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Simon.Frost@arm.com;
x-originating-ip: [217.140.106.55]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f8daf7d1-0c9a-4591-fc89-08d6d9efe08d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:HE1PR0801MB1884;
x-ms-traffictypediagnostic: HE1PR0801MB1884:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <HE1PR0801MB18842DD57C9489E9EFE1AA77EF0A0@HE1PR0801MB1884.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0039C6E5C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(346002)(39860400002)(366004)(396003)(189003)(53754006)(199004)(40434004)(5660300002)(55016002)(66066001)(66946007)(7696005)(66556008)(66476007)(73956011)(76116006)(33656002)(8676002)(81156014)(81166006)(66446008)(7736002)(64756008)(8936002)(606006)(25786009)(52536014)(110136005)(2906002)(54896002)(6436002)(790700001)(3846002)(236005)(6116002)(9686003)(6246003)(966005)(186003)(26005)(478600001)(446003)(11346002)(256004)(14444005)(5024004)(72206003)(68736007)(316002)(74316002)(99286004)(76176011)(14454004)(86362001)(4326008)(6506007)(6306002)(53936002)(486006)(53546011)(71200400001)(476003)(102836004)(71190400001)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0801MB1884; H:HE1PR0801MB1643.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: yghl6tnxr/SeyUo0XdJ5738eQCQgZjfyw/Uj0WRxZuv1Plfvra5bfcsllkcNTWUB6JPl7mxt2jSPG7JTD2OgcLshnbEDNZyKVc31YfPkrZOV4Le9I5YuhTTgh+5Pt7Zc8crko7qx1Q6k1GyenXEAAukZ6Erd1HJ445KK7+AR0+TtjDVafPd9BICD/Ul2rUsjpvVxduOV6ba0S1i6WA6A4sRd954Ix68qwryJERzacSfKtcGqm3+k6yYA4caPghPlwWiYD1oWeMFaUdaefjtJSatFu9/xlG8Ss5WOZlVWTNFNK/EIEP+biuYlEoWdW8dQfjYa5kzlLVaU0D0v3X+6vmiTu+j3kNMRWuNxgcKuxYHbG2ALhJQiZtUVnSlD0n4nYzsyodrPhwjRnHoH1meE6Sb1jY6sWHTsiZEQP9iatHs=
Content-Type: multipart/alternative; boundary="_000_HE1PR0801MB1643AA2E129098E2C65F9163EF0A0HE1PR0801MB1643_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f8daf7d1-0c9a-4591-fc89-08d6d9efe08d
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2019 11:16:00.5414 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1884
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/qJXDwnbi0eiRArCTjs0BwVDQ8fs>
Subject: Re: [Rats] Android comments on EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 11:16:10 -0000

Hi Shawn,

I think you’re at the stage with EAT that we were at Arm on first embracing it. We received the essential guidance, as below, from Laurence that all claims are optional and that the conversation about the claim set is at an early stage. I would encourage you to enlarge on the set of claims you think would be needed for the Android use case and we can see what overlap there might be with other use cases and whether the working group can converge on more standard claims.

From your email, it appears that the two major areas you may need additional claims on are the description of (at least one) software component and description of (at least one) key. The description of a software component appears to be a recurring need and one that seems likely can achieve some convergence towards some standard claims. As an example, have a look at the draft ‘profile’ we put together for an Arm PSA attestation (https://www.ietf.org/id/draft-tschofenig-rats-psa-token-01.txt) and let us know where that does or doesn’t cover your software needs. Note that all claims in that profile are marked as custom ones as it is being used in an existing implementation and we did not want to use what is in the draft in anticipation of potential change, even where some of the PSA profile claims are closely modelled on those in the draft.
I would be very interested in reading your set of claims necessary to describe a key as that use case has also been expressed for our usage.

Thanks
Simon

From: Laurence Lundblade <lgl@island-resort.com>
Sent: 16 May 2019 03:26
To: Shawn Willden <swillden=40google.com@dmarc.ietf.org>
Cc: rats@ietf.org
Subject: Re: [Rats] Android comments on EAT draft

Hi Shawn, a couple notes:

- The claims in EAT are just a start and by no means complete. Adding claims that carry and describe keys is certainly on the list.

- All claims are considered optional and many claims are expected to be left out in some use cases for privacy reasons.

Personally, I’d like to see EAT be useful for Android and would value yours and Google’s input to make it so.

LL

(Not sure what rats@ietfa.amsl.com<mailto:rats@ietfa.amsl.com> is, have replaced that address with rats@ietf.org<mailto:rats@ietf.org>)



On May 15, 2019, at 5:43 PM, Shawn Willden <swillden=40google.com@dmarc.ietf.org<mailto:swillden=40google.com@dmarc.ietf.org>> wrote:

Hi all.

After being invited by Laurence to join this WG some time ago, I have completely dropped the ball. I apologize for that; in the interim period I have expanded my team from one engineer (me) to six, and we all still have more to do than we can accomplish, which gives a good indication of how much I was dropping on the floor.  I think I have now delegated enough that I can begin to put some time into this.

After reviewing the draft (which I like a lot, in many ways), I notice a crucial divergence of focus between EAT and Android Keystore Attestation.  Perhaps this means that EAT is not applicable for Android; but I'd like to explore the question a bit.

Specifically, EAT is about attesting to a device while Keystore Attestation is about attesting to a key -- though we also attest to quite a bit about the context of the key, i.e. the device. Indeed, the device information we provide is growing with every release, because there's a strong pent-up demand for device attestation.  So Keystore Attestation is gradually expanding to include the device attestation role, but must also retain its key attestation purpose.  For EAT to be directly applicable, it would have to include claims about a key as well.

Perhaps another option is that we could use an EAT attestation as a sub-element inside a CBOR structure that attests to a key.  Or maybe there are other ideas about how an EAT attestation may fit into a larger attestation that describes characteristics of entities other than the containing device?

Another, more tractable, area of difference is that EAT provides Claims for several data items which Android will likely never allow to be attested because of their privacy implications and potential for ecosystem fragmentation (apps choosing which devices they'll run on -- we generally try to deny them the information they'd like to have to make those choices).  These are:

  *   UEID
  *   Origination
  *   Location
We do allow OEM Identification, though it's a different format and is restricted.

Some other claims that we have, and think are important, are OS version and patch-level (represented as a date, YYYYMMDD); secure boot verification key digest; secure boot digest (hash of all verified code); application ID (a digest of the requesting app signing key); and secure app version (hmm, don't have a patchlevel, but we should!  I'll see about adding that for R).

I suppose all of this could be address by registering additional claims.  I'm not sure it would make sense to add a set of claims (or a complex claim) that addresses key attestation, though.  That seems to significantly change the semantics. Or does that sort of extension seem appropriate to folks?

I also have a set of more detailed comments and questions, plus some editorial suggestions.  I put the draft into a Google Doc and added comments.  I've asked my team to take a pass through it as well, and I'll share it with this mailing list as soon as they've had a chance to weigh in.

Again, my apologies for jumping in late.  Let me know if you think EAT just isn't appropriate for Android.

--
Shawn Willden | Staff Software Engineer | swillden@google.com<mailto:swillden@google.com> | 720-924-6645
_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.