Re: [Rats] EAT claims needed by TEEP
Dave Thaler <dthaler@microsoft.com> Mon, 08 November 2021 17:20 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74FFF3A1263; Mon, 8 Nov 2021 09:20:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b4MTJ24cokcN; Mon, 8 Nov 2021 09:20:37 -0800 (PST)
Received: from na01-obe.outbound.protection.outlook.com (mail-cusazon11020025.outbound.protection.outlook.com [52.101.61.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 018E33A125F; Mon, 8 Nov 2021 09:20:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nD/o+20kmVRmzOQ/t3zf3sGpz3EHMhStJOOGmeeNg4ileYLTZzv1r+VLl41/tk7UGUX4OPjxlyf8Qie3eTtnsAJ/1EV1dOczYyqqFGTe3E22i5zUA6Qz88zxJLAogisrzI4qByXhuJboQskDuZutJeNAg93Fr082UzupIJt7ul0VuonQHsXeq2gb1Kf4yBtKoDGY5ijLytfkmEv8HIfZ8UNOTUy0f4VpE91eF5QnaWpg1ad1vE/L3A/dcuHnNp0oaEjKcOLGw8nXdbX+WSAFHn5NORlhPV47BW4lOjT95pk7xN6P10Yuy+jyIRHq+EEhlOzZ6fZq+GeRdNQ6YI7ICA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2WdJyCJChWwTN6ATMIXWuTiuHPqSoJIr93Kq4A1qoBE=; b=A+J/mOpehJqv5F+I7FVt7q+dGOTgfsEkG1+pGF+/jK3K8t4HuJkD+Z+q5WIG/r0nriXl9RRFxdI8AzAtLX1xxUZZX+5ee40dir3GNNQMCwYNsiznFhYGhpDPnJztNatFKLiE3llufpdqj9iMOVvwRdoG8hWojtsHgyhgpBC5bczJM8PBXWhN5OjfYGQ7r/AkL/0hj4Wiq7v8R7yEgELX0CKhOm9Ve7y6IDwK3wClp9tRAJ13a0lHxDfDYyQxMMSJuCoTu9GF4bqJWItjkVPNoXlTCw5XuLsBmF+Vh8EP8V/r0mP0BQM3UxWgdxBX/ZS/8awaN2GkNQpl7Ox8RndBPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2WdJyCJChWwTN6ATMIXWuTiuHPqSoJIr93Kq4A1qoBE=; b=M0zKuyhYvVtpaHaWoi070FAFqIlly5I3WhE1UlPS5fXwXI7nvQo+ZbcbHa9LZM19Rm3DqUSBAOGXNCTOqTG+/ag8AEh7DhWpo9rSEEsjljzXpjH7QF5C0YyfFFK8h9c3uKR+6JPYv3Fedj/p7V8pnRGrvzfvC+S42MJdsOQBgKY=
Received: from CH2PR21MB1464.namprd21.prod.outlook.com (2603:10b6:610:89::16) by CH2PR21MB1494.namprd21.prod.outlook.com (2603:10b6:610:88::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.0; Mon, 8 Nov 2021 17:20:33 +0000
Received: from CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::9007:83c9:e722:5236]) by CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::9007:83c9:e722:5236%7]) with mapi id 15.20.4713.005; Mon, 8 Nov 2021 17:20:33 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Laurence Lundblade <lgl@island-resort.com>, Giridhar Mandyam <mandyam@qti.qualcomm.com>
CC: "rats@ietf.org" <rats@ietf.org>, teep <teep@ietf.org>
Thread-Topic: [Rats] EAT claims needed by TEEP
Thread-Index: Adar5IMluvH5Xfk/TjCNoR5RTUTf2AAroFeAAAKv15AAARKhAAAtBI8AADYVQwAAAL1cOAABgHyAAABiwm5JodwIcA==
Date: Mon, 08 Nov 2021 17:20:33 +0000
Message-ID: <CH2PR21MB14640330E3DA58D2144659F7A3919@CH2PR21MB1464.namprd21.prod.outlook.com>
References: <BL0PR2101MB102770B8E03B95A44497004CA3190@BL0PR2101MB1027.namprd21.prod.outlook.com> <7607E6BF-459C-4A32-AAE2-08117A97E06B@island-resort.com> <BL0PR2101MB1027EA205417DAF375BA7085A3160@BL0PR2101MB1027.namprd21.prod.outlook.com> <B1FDD70B-2530-454C-90AF-F44EEDC4F1F3@island-resort.com> <AM6PR08MB342916CCDD01E8698BB3C883EF170@AM6PR08MB3429.eurprd08.prod.outlook.com> <2D53BD60-4FA8-4153-B28B-585E902845AE@island-resort.com> <AM6PR08MB423141370A5CE9DEF6C732C69C140@AM6PR08MB4231.eurprd08.prod.outlook.com>, <3370D92E-23C2-41C3-B86F-A65C168E9082@island-resort.com> <AM6PR08MB42311D76B24E866812171BDC9C140@AM6PR08MB4231.eurprd08.prod.outlook.com>
In-Reply-To: <AM6PR08MB42311D76B24E866812171BDC9C140@AM6PR08MB4231.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=aab33fc6-77f4-4e30-b278-1432e006bdb1; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-11-08T16:48:07Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3f2fd76f-6df3-4cb3-fdfa-08d9a2dc1249
x-ms-traffictypediagnostic: CH2PR21MB1494:
x-microsoft-antispam-prvs: <CH2PR21MB149450E93A48DFD57C45DB7DA3919@CH2PR21MB1494.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iAXM9LrUON9BdDF7NgVqjx3m1KrOD32uRd1jUif2J3BI2/AxoTSHe8EEkyHVf063SGzAyhEgZWmfsUnDKWBRXEKLjuWCzb1Tmk2qEFFCABIOq8C9rEKQNQt79IJ7CLD1BAs7hASg5WIuLpCYsgoGXUKtTWuKXZLSAin8ANy02oukvHYclI9/wQDday+HBVlY2xHKX4/FyrO8RtEuGS0sRVHeq/A6uxw6Tk+NG15JZyl9IXlK4VnQ+066nQwgzxzpEgVrra8OsnwTjNa8dTeF1bcQh1VEPm4A0E5cIBV5gPyD8lRjGgassyFzK+7sfD1Byp72R4utLOdiuuIqH2hjEJfTmGqZJOF9lyCYNvpjwg9yTclN9iZ895XfyyZHVl2j1vOvFl1Nfg1+lgb2YlvQ95dt32pXw/O+MZoAfpga1/VRAd2k7WhJ//dJX46/aYz0ov3kqTK4vUr2/esQzKxmr0ENs5B+lfgJc6YZWW/0BMRdCmedaX+1DWRPkpguUMbgdC5NaU25yHJmcsaXnWW/s7h4A2EH2zTgcsZwiC14/xkAq+EmV29vyKR/3Zt3JLRe09NmTjdDrv5dC62MO9eWKWTDoYj9KPxrOWcdQhWfZ3KwxYnmC4as4cY3Q7S4ktrPpvG315mQDK5+m2EOFiEgEAYH1ek1+WR1+Jek0wkWG97CFZ2WuTkoa8nKaNWMHEdqAOf17yOha9bSs3wB2X+dfIihI6u015cXbtoL26a5Vs3nUgXygP7Y0gw2/kkQIGk0UdA/nb7YoKzxgDjFLEvrPm3lWMk5BRVvV81MGeHLnuaAwb6vSZNexsuzfL0sCpq00YQYKx+Lm6rCLYxpHzNuqA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR21MB1464.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(54906003)(508600001)(8990500004)(8676002)(966005)(55016002)(82950400001)(2906002)(8936002)(66476007)(66556008)(64756008)(66946007)(83380400001)(110136005)(4326008)(316002)(66446008)(186003)(52536014)(166002)(76116006)(71200400001)(122000001)(7696005)(9686003)(82960400001)(38070700005)(86362001)(38100700002)(5660300002)(6506007)(33656002)(53546011)(10290500003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /SNxJWJWRSqxtypNdY88m+bWAxaDuef4FPZOnin1xkzWYcqejuqsvsy2edqjOOs//JUR6MHZO2AUVLvSPxNj1BjBoX69tqSv8qEvEIT/graq4+3Pz5oO8QdeGL/GZ5tHkqBKhZCqjufmM5lD/52G5JPMxndKyz4hPTKtKdFSY8t8lZGDXgdOKcAhJTy8nmH2hV4h7Y5cN5waPOIAiQR0zYxspikZcu8dfwLcn3tgAElHp6HUgLHEPoRY1J7c8U036DnT1LBxDaxFMMmv7z8BywWBMKi1yMalMEwvbv+3hPL+N7bSro8uIhCsyKyB5UXoEM8X0kJEht++ZK3y+L7a4GTvJEqix/xxTwuacL+Jp3lIMSglrQKewh6o0EyRayJcYxQCu9XaScSoFLQMzufrkAq+yaE9YNXyjhdAQqMl+MKMEvsC3xVcGI9KFhhSWpdG2pyb7J4FdIp3XROf8ZZexrEos2a18Kc0QGX4FZAtUxjbIbIkRc73u+pp44+gIrnWnvJSeXOhcCRuqxtlXPYW/oFU/pSlL1NEAe1M8LPEQ279S6uf2rSPWl781oRJJ46C9QJiiRuihPBJfCvBqFp2L614gfckEyqs7fWpMdqYId4BzgxcWlg9G3t333boTJfLMxiyfTxBsRS7EJHlYkGPGrngdPkUkyZ6jDyEEJYtjO5QBhgz0Vg20IQHDemVa77p0TeVz/YIDyA3WY4ntFRhljfYms/Gfb/Gqs6b5oRrdbF+3KbbeKjqAobDOI8shgBq5cD7ct6wQ4bfyVCTODfH8tjnQWFAL6M/GPVSgt6QIH+Hp+74C05cZwpXP+fTTQshDvt7EJyOED7o3Qmvtj74ZRyDb7t4A8XVirsAjvbSjPiHkiUOmTl4ZNKYPuRA+Cxv1U2D3iaU3PjSe6Hi9uIiWdq7xdsEFE81iuK0ZBI0OakixoItOO2h8UB3gJFV+CPlaQgIy9QiQiCb6UGq670K8VBZNQYT29f8I7U9jl1aguPYG5EscRh2k0Zw0Fqp/FWmmGdPwUzuJk1f8cxFvCD8rP1keZKlk6chwwwGWebybiifgCZ4awOU4wmfbfBJM9DLkA687Cj/xqcDeKsZ6fERb3s3Lx0UdrY5rqzfBO0RdnSOrlq3AB/Fbb+Gmzss5ioXMR76cA4fowENOg91PIgRr0xJIX6UZujfWJFkWhvshgNfMccsE44n8DfysPFtd322e3sNWZB/Mo89tg6CrdBZxseJVXIU3GLMTmn27LE41jltj42iKHADwG8pbMbbmKsVj1ynpPvpApLz3U4FCWtZrKaTGpY7MWgsrCwAd1xbaBgMRZ6817wdhYv6heYpzMa/hBJKYvaSrabWXt1DTGUVH6qJfsMwe0BcLvzKh1gFhaOrRC8nwMVZTDiYba/HgtiJHJJrioa91pZEl5F+g+MA2MOawNrJbXMbSt/vkNgOlfYwmNxifxS0EqJHwcztxmXaq+wyHnXmYeJ/kGDVR3fB8W7FZDzvYWWdMTlkChqpuO+LahJDX/7Oe8mbHjubf1jyU/hc6cgiiCF5W30B2eVzEk0U7JeWr4ff4yo/qLTPUVvVOK32s3S4m39o3Sie4hjhxVRNN903oMtvF8Te01gLGdWg7T5D4RadWKZLPMLrykZQMZPoGe6PIYZC2NQewXMp83k2P4NB6BxcnTSiaclf3taXyD+W7gZO2rO0xsoYdJr/UkpWV4M6m55pL2kmzl5Qj58U77Tkc/SJdi8z/90Frg==
Content-Type: multipart/alternative; boundary="_000_CH2PR21MB14640330E3DA58D2144659F7A3919CH2PR21MB1464namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR21MB1464.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3f2fd76f-6df3-4cb3-fdfa-08d9a2dc1249
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2021 17:20:33.1665 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UYDLz4QW84mYZxr0eNhK2A96avtBhTXZretd7FvSehzjdQ+GF/Oq0jahaYEQ+PnikARrxZG/cJLhzpSJrVbW8iZILKuxxVS4uc2kvkHJfQs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR21MB1494
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/G8tFwaCZ6DIAuD7i1KdCT-eA25Q>
Subject: Re: [Rats] EAT claims needed by TEEP
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 17:20:43 -0000
Following up on the RATS meeting today, I compared the latest EAT document against the TEEP requirements discussed most recently at the IETF 111 RATS meeting. There were 5 requirements from TEEP for claims, ideally general use ones not profile specific ones. My reading is that the latest EAT doc now meets 4 of the 5 and only "device class" is missing, and indeed the EAT document discussion of ueid explicitly says "It does not identify types, models or classes of devices." but nothing else in the document I could find provides a way to identify such. Henk's proposal there was section 3.1.2 of draft-birkholz-rats-suit-claims: > 3.1.2. class-identifier > > A RFC 4122 UUID representing the class of the Attester or one of its > hardware and/or software components. > > $$system-property-claim //= ( class-identifier => RFC4122_UUID ) The other four requirements from TEEP can be met as follows, if I understand the intent correctly: 1. Device unique identifier -> use ueid claim 2. Vendor of the device -> use oemid 3. Firmware type -> use sw-name 4. Firmware version -> use sw-version The above claims would go in a claimset about the TEE (which may or may not be a separate processor), but EAT already supports different claimsets for different components as I understand it, so that's fine. https://github.com/ietf-rats-wg/eat/issues/138 tracks this issue and my belief is it should be simple to add a device class claim into a draft -12 of EAT. I will also cover this in the TEEP WG meeting on Friday where I will discuss what we need to change in the TEEP protocol spec, where this is tracked by https://github.com/ietf-teep/teep-protocol/issues/165 Dave From: Thomas Fossati <Thomas.Fossati@arm.com> Sent: Thursday, October 29, 2020 2:21 PM To: Laurence Lundblade <lgl@island-resort.com> Cc: rats@ietf.org; teep <teep@ietf.org>; Dave Thaler <dthaler@microsoft.com>; Simon Frost <Simon.Frost@arm.com>; Thomas Fossati <Thomas.Fossati@arm.com> Subject: Re: [Rats] EAT claims needed by TEEP On 29/10/2020, 21:07, "RATS" <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> wrote: > On Oct 29, 2020, at 1:45 PM, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> wrote: > > Hi Laurence, > > > My understanding is that they are always encoded as CBOR text strings, > > so floating-point doesn't mean #7.25 or such. > > Correct. In (Co)SWID software-version is just a text string and version-scheme > is there to do some semantic polishing. But the underlying type is always #3. > > Maybe I'm misunderstanding your proposal here, but I would be circumspect > in mixing SWIDs attributes, which are scoped to software artifacts, with HW > identifiers. > > > Hi Thomas, > > All the SW Version stuff would fall under a single EAT claims that > contains a full CoSWID. > > For HW Version, I was thinking of two EAT claims, one for the version > text, another for the version scheme (or we could go off and define a > full CoHWID). OK, looks like I had misunderstood your plan :-) thanks for the clarification! IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Simon Frost
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Thomas Fossati
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Thomas Fossati
- Re: [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Michael Richardson
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Michael Richardson
- Re: [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Thomas Fossati
- Re: [Rats] [Teep] EAT claims needed by TEEP Brendan Moran
- Re: [Rats] [Teep] EAT claims needed by TEEP Jeremy O'Donoghue
- Re: [Rats] [Teep] EAT claims needed by TEEP Henk Birkholz
- Re: [Rats] EAT claims needed by TEEP Michael Richardson
- Re: [Rats] [Teep] EAT claims needed by TEEP Giridhar Mandyam
- Re: [Rats] [Teep] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] EAT claims needed by TEEP Ira McDonald
- Re: [Rats] [Teep] EAT claims needed by TEEP Dave Thaler
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade
- Re: [Rats] [Teep] EAT claims needed by TEEP Michael Richardson
- Re: [Rats] EAT claims needed by TEEP Michael Richardson
- Re: [Rats] EAT claims needed by TEEP Laurence Lundblade