Re: [Rats] Charra v03? -- Ready for YANG Doctor review?
Guy Fedorkow <gfedorkow@juniper.net> Fri, 09 October 2020 14:51 UTC
Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E2623A0922 for <rats@ietfa.amsl.com>; Fri, 9 Oct 2020 07:51:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.296
X-Spam-Level:
X-Spam-Status: No, score=-3.296 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=eiBgIOOG; dkim=pass (1024-bit key) header.d=juniper.net header.b=c6ZTWgRh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a856nElWnPmd for <rats@ietfa.amsl.com>; Fri, 9 Oct 2020 07:51:43 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 397563A091B for <rats@ietf.org>; Fri, 9 Oct 2020 07:51:43 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 099EmCbR012631; Fri, 9 Oct 2020 07:51:34 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=Y/8wYL+U2SOqPk3xWV0TvTeKSxswY11pTfFpHEOUvbI=; b=eiBgIOOGpfw+2MTVkvIAn/sSqrWTEw4wZYnnWU8jP8acyjRFhqsBM/m5nlq6gN1q11he 7aHpWeasABPDDHeF5FwQMU4ByryLbj9Co4tvHypOS8wCIYFLmiVdyNdmabS4bhN9Y9tU ReK50LfroJXCZWFuaibGLZNfMr1PrWUUlOE7zExqmlTa0PzPrrDFPat5DU7u+0lUx2fU H4O/Wlrkw6VdBtc5ZW9jutAI8I/xr8SHJpAEm/3pRlWfRso+jcYLaB8DOJ+cbI/9JsZz 7FasNj0mKMfHCYfWdopzNcT4xcJ6eBSEF2StNe5DbBrW91Psa7jU5QQpQhE2xg6vyqpA uw==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2170.outbound.protection.outlook.com [104.47.58.170]) by mx0a-00273201.pphosted.com with ESMTP id 3429kx9eyx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 09 Oct 2020 07:51:33 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C9Atkf67OUNDA8TgiKQJQPjwLWt9yXJSAGQSFnqavTqkZwwxpTtK+wuuJk85gsmGP0sj8JP7Pd0oDDFuEYGW5RgM3h2rHBeRZQwZk/NcAmfA2Qvh46j14AADVjZGFP1ad4ldUWXb0JfdovyMd+JY7tbJTGP8cqeGV/0sVEsASPfzHugHUwH7TP+PMcHXhn9grzowNjUB9tiMGah9RBYxZ3gLI+uzylse7Trl6BeFo2F028h+OV7qf3Gw69btsxMD+G8tW593RRj6hgDEzCKJfrfJbf4pbsIMs1i4M5WccR3igAht9VChvWw/TJxLuEUZiZitR6T0nU1iCBZFyI2nUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/8wYL+U2SOqPk3xWV0TvTeKSxswY11pTfFpHEOUvbI=; b=es/z+P1G0i49m0+xK6ZUeJ+q9iS0Sg0xK2CEJWpP1jtdfRsEaMXIpU10DWW/IpI7QAtF71hm551JDtPtahKozOJO6gXad4agG5+ynKtLx1TsDiW/ZraCz6VgeqsPS3Ym+6VPNhQVhGc+OIiUuGCBzHwx4w0CEaqkm0ryZPgcL3Td58Da5JWcyYsPx5iM1QvVDhgND4b6dvlXZa2xm8pCyAQZZ1GEWFayQ4UhuWRfMZgc/EXoKO4xKsKpv3iZdTb/Df4FKyUYPjQ+jyM5ieriPH+XWAmItunzDFb9gA6w01e3SNtQf61BSx35ZZn92/23MfvaqhNrsypjuqNl/mHrZg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/8wYL+U2SOqPk3xWV0TvTeKSxswY11pTfFpHEOUvbI=; b=c6ZTWgRhB3D+TVGBLc3FFxTElAMaXHbtJQRcMGyL4JEkv3GqC6Cpe5WiP74n2JfyEu0vozQGmzsWWHRxmgjizw2WZ2ES6EoZ54X7bV/X+IDWosJPxA//7DohT84JoXqINTpnHzRpxaWPfZuk29ifpdhVUk9ULQ6k+GgGyF3Byts=
Received: from BLAPR05MB7378.namprd05.prod.outlook.com (2603:10b6:208:298::10) by MN2PR05MB6768.namprd05.prod.outlook.com (2603:10b6:208:1b7::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.11; Fri, 9 Oct 2020 14:51:27 +0000
Received: from BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::ed9a:1675:208f:4600]) by BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::ed9a:1675:208f:4600%4]) with mapi id 15.20.3477.011; Fri, 9 Oct 2020 14:51:27 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: "Panwei (William)" <william.panwei@huawei.com>
CC: "rats@ietf.org" <rats@ietf.org>, "Eric Voit (evoit)" <evoit@cisco.com>
Thread-Topic: Charra v03? -- Ready for YANG Doctor review?
Thread-Index: AdaN+Mh0COkr7bssS32ju+PDTl/lwQB5ylgQAA28UhAAKB+9UAAUrTzAA1A1CXA=
Date: Fri, 09 Oct 2020 14:51:27 +0000
Message-ID: <BLAPR05MB73788B16210272DA322C6A31BA080@BLAPR05MB7378.namprd05.prod.outlook.com>
References: <BYAPR11MB3125AFA653F91CDE62D8FE61A13F0@BYAPR11MB3125.namprd11.prod.outlook.com> <5c2c03297a834ca3b5bb3a4ed7d2b2b3@huawei.com> <MW2SPR01MB00288E073A1CD18F8B5F2023A13A0@MW2SPR01MB0028.namprd11.prod.outlook.com> <31412534a97a4f90bbdfa8dafce945ef@huawei.com> <BYAPR11MB3125C80A1036D6F82D0A0D4FA1320@BYAPR11MB3125.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3125C80A1036D6F82D0A0D4FA1320@BYAPR11MB3125.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-10-09T14:51:25Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=b69867d4-0748-40d3-94c4-ce69855c5b15; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: huawei.com; dkim=none (message not signed) header.d=none;huawei.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [24.61.11.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: c5804588-c028-47bb-efc1-08d86c62cd3c
x-ms-traffictypediagnostic: MN2PR05MB6768:
x-ld-processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr,ExtFwd
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR05MB676845F654B6BEFE587C25D5BA080@MN2PR05MB6768.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +lUlF0QkA+DKo1a6pXoa4rTuG+7bOts+evM8YwGZdLtX0Kksuimc1hoGkp+Lehqjtc4WW03Et2GOHXegs7/SFfZJi10ULBDmuwHqUJH6Rg59P83WLmA+Tp0KLNm/UMbrlW+DI1Jz+V1oGp1EQoriLQc3JOux0ZqB+MjlzBWBEwAP3V3TKzoLcg484ujUYdUklQ4IRJN1M90uaqPbwaQPP6yX3glxUsMHtylyEzk0YzGoWyeoXtoofLjTQpoGF2PG9jreKUwHOc7Wf25CmsvIkPWsNK1dlQnYdPSvwAKdnnq74YJaS65KKH8MX0Tj3QvcVK/olp/zQyR5AhNlomgJBQaoZoFiuin3z5iZAr081TgKQxg0AK6eb4fN+dq0vNWxCNwPJKzdMBBORVD0rPpRsg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR05MB7378.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(39860400002)(136003)(346002)(366004)(2906002)(6506007)(66556008)(8936002)(66446008)(186003)(8676002)(5660300002)(64756008)(83080400001)(166002)(76116006)(33656002)(478600001)(26005)(7696005)(71200400001)(66476007)(83380400001)(55016002)(4326008)(53546011)(9686003)(66946007)(52536014)(66574015)(86362001)(54906003)(316002)(6916009)(966005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: bKBWA2ZWzc2WkDl7mhxZPCg+HSa0FGXVVLPr+ZiEc9z6Lz7Pk6/ArVJJiV6/1gbuzWU+yVVps5jLyOAQtzKyZi/nhZywr7ykAyw7ReAcazP6z7oUsV3cdSrAJX9xIhthwsd2UTx34kqwYU8gjI19vPae1PQPezQkVXrYjDACt+9So8EZNGMquoVzq22OXYvYpfoh06GW/jdtPyTsXbbXZ+r1lQByUXXrPwpDtjZkEMR1lon6e80Ls+0kaXh9DVfv5yx6QtDJkxZxUZn3MqZv4q9uBGsERG5c5IWTzHEIuj3azoG0l+lJqTPOcc/JAQXF0SwKCFOm9E5I2NBeq5CWqUtsWU8bh8y0/P8/gTN3Scoze/Kv8YOx750YM3QMLGw7Uv/Vl2VUDXtuzlLsaW+xVJsG/GYajkLYDcyIixEe0R7nKMAJeagKqMJJQp44XjpX+kEfd0qJxruBdB8xQhtMailAGLeSO/8uX3DRNpjwMM4vbJKzECun+wzxcgnrO68ydPlwYtbnZS68DyCfCJf9dlFy+ujHH6ZZtlZxKNsudGAboRHzVE+ebbLNsSVkcwRjmHqtLAo5eR98mFhBHIzpfMeoVW3z2tNVKmeBxzNGbbWQbKGYBge/MbAn9c9dhNizrvslWdzmrQQonbHD/By3Ag==
Content-Type: multipart/alternative; boundary="_000_BLAPR05MB73788B16210272DA322C6A31BA080BLAPR05MB7378namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BLAPR05MB7378.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c5804588-c028-47bb-efc1-08d86c62cd3c
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2020 14:51:27.7409 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FpuLCoDdRlOhzT4K1Ffx0nL7bPMD5hHf9FDUxOqgOHPVJo+1eCU+2Ar+ynvwPvDRG34p5E8v5Wu8KMl+Iyz4kQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR05MB6768
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-09_06:2020-10-09, 2020-10-09 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 impostorscore=0 bulkscore=0 clxscore=1015 adultscore=0 suspectscore=0 mlxscore=0 spamscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010090108
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/1IpYYfLR1YKAJ1VKk0jhW_EtS5s>
Subject: Re: [Rats] Charra v03? -- Ready for YANG Doctor review?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2020 14:51:46 -0000
Hi Wei Pan, As Eric says, the vTPM in isolation is not so hard, but it has a number of thorny questions relating the vTPM to underlying hardware. Although I know there are some restrictions in access, but the TCG has a Virtual Platform Work Group dedicated to examining these issues and proposing solutions that balance security and flexibility. If it's possible, it might be good to get involved with that work... Thanks /guy Juniper Business Use Only From: Eric Voit (evoit) <evoit@cisco.com> Sent: Tuesday, September 29, 2020 8:16 AM To: Panwei (William) <william.panwei@huawei.com>; draft-ietf-rats-yang-tpm-charra@ietf.org Cc: draft-ietf-rats-yang-tpm-charra.chairs@ietf.org Subject: RE: Charra v03? -- Ready for YANG Doctor review? Hi Wei Pan, One vTPM can be handled without a volume issue. But if we are talking lots of vTPMs, then we should examine the business purpose here. One possibility you mention below is VNF. A subset of the VNF is that you have vTPM serving a logical router. Certainly many vTPMs like this can increase the volume. However other significant changes will be needed before we can do a meaningful attestation of a vTPM per logical routing. This will include: * Being able to prove that a vTPM is *currently* bound to a specific physical device (potentially an x86 server.) * Being able to get the attestation information about the physical device (this requires a business relationship with the hardware operator.) * Proving that there is no MITM software between a virtual router and a physical device. The Charra model is not in a position to handle the full set of virtual device requirements yet. Nor is draft-ietf-rats-tpm-based-network-device-attest documenting these operating requirements. As a result what we can do right now is ensure that we don't preclude what you say below. I.e., we don't preclude "compressing the log records into a file and transferring the file by using some file transfer protocol". I don't see anything in the current Charra which should limit sending log messages in other transports, not anything which would preclude. Nor anything which would preclude "compressing the log records into a file and transferring the file by using some file transfer protocol". So I don't think we are limiting future solutions with the current Charra definition. So I think it is safe not to worry about the volume question right now. Perhaps we should start with new drafts once the VNF topic becomes more pressing? Thoughts? Eric From: Panwei, September 22, 2020 8:43 AM Hi Eric, For IMA and Network Equipment Boot, the log is essential for the appraisal. Because the Known Good Values are for the files and not directly for the PCRs, and the Verifier needs the log to simulate the extending processes and compare the result with the PCR values received from the Attester. The logs have the possibility of being very large. For example, in the VNF scenario, the Attester has the ability to launch many virtual machines that have their vTPMs. If one Attester has 1024 virtual machines, each virtual machine has 1024 files to be loaded and measured, and each file has a 100bytes~ log record, then the whole log will exceed 100Mbytes. I know to address this issue there are other ways rather than NETCONF. One simple choice I assume is that we can add an optional element 'log-file-name' in the log output RPC, when the Attester uses this element it doesn't need to send the log entries in this RPC and indicates to the Verifier that the Verifier can retrieve the log file later by some other file transfer means. In my thinking, this method is quite simple and no big change, while also increases the interoperability. But I don't know how do you feel about it? Regards & Thanks! Wei Pan From: Eric Voit (evoit) [mailto:evoit@cisco.com] Sent: Monday, September 21, 2020 9:25 PM To: Panwei (William) <william.panwei@huawei.com<mailto:william.panwei@huawei.com>>; draft-ietf-rats-yang-tpm-charra@ietf.org<mailto:draft-ietf-rats-yang-tpm-charra@ietf.org> Cc: draft-ietf-rats-yang-tpm-charra.chairs@ietf.org<mailto:draft-ietf-rats-yang-tpm-charra.chairs@ietf.org> Subject: RE: Charra v03? -- Ready for YANG Doctor review? Hello Wei Pan, I am hoping this is not an issue for the Charra model for several reasons: * The speed at which a TPM can do extend operations is hardware limited. As a result I hope we don't see massively large logs. (I am hoping that IMA logs are as large as we are ever going to get.) * Code on the Attester should be able to do some pre-filtering on the types of information which might make it into a PCR. Not everything needs to be measured. * Where there does need to be *a lot* of record interpretation, there will be more need for vendor specific Verifiers. (This is in contrast with things like Known Good Values, which can be published to many Verifiers.) * There are many other ways to get large logs which are not NETCONF based. We can always standardize choices beyond NETCONF if there is a business need for such interoperability. Thanks, Eric From: Panwei (William), September 21, 2020 3:20 AM Hi Eric, authors, Thanks for your updating. I have one comment but not coming from your revising of the YANG model. I have mentioned a potential scalability issue before (https://mailarchive.ietf.org/arch/msg/rats/qFq91oujxykEqBGYIW3N8ljaN68/), but unfortunately there was no more discussion about it. The situation I'm concerned about is that when the number of log records is too many, transferring them directly using the NETCONF RPCs may be a problem because it's not so efficient. The bandwidth would be heavily consumed, and other management messages may be interfered. I know there may be some methods to address this issue, for example, compressing the log records into a file and transferring the file by using some file transfer protocols. But these methods also need interoperability between the Attester and Verifier. So I don't know whether CHARRA draft should give a standard way to address the issue. Regards & Thanks! Wei Pan From: Eric Voit (evoit) [mailto:evoit@cisco.com] Sent: Saturday, September 19, 2020 4:31 AM To: draft-ietf-rats-yang-tpm-charra@ietf.org<mailto:draft-ietf-rats-yang-tpm-charra@ietf.org>; Panwei (William) <william.panwei@huawei.com<mailto:william.panwei@huawei.com>> Cc: draft-ietf-rats-yang-tpm-charra.chairs@ietf.org<mailto:draft-ietf-rats-yang-tpm-charra.chairs@ietf.org> Subject: Charra v03? -- Ready for YANG Doctor review? Hi Co-authors, I just did some minor scrubbing, and added text describing various elements of the YANG model within the mainline Charra text. The compiled draft hasn't been merged from the pull requests<https://github.com/ietf-rats-wg/basic-yang-module/pulls> in the main repository yet. But if/when the merging is done, it should look something like: https://github.com/ericvoit/basic-yang-module/blob/master/draft-ietf-rats-yang-tpm-charra.txt I believe the draft is ready for initial review by the YANG doctors. I also believe this version is ready for posting as v03. Any thoughts/comments/objections? Eric
- Re: [Rats] Charra v03? -- Ready for YANG Doctor r… Guy Fedorkow
- Re: [Rats] Charra v03? -- Ready for YANG Doctor r… Panwei (William)