Re: [Rats] [Iotops] 802.1AR device identity

Michael Richardson <> Sun, 14 March 2021 01:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8660B3A1557; Sat, 13 Mar 2021 17:34:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Znlp6wpISspH; Sat, 13 Mar 2021 17:34:44 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1376F3A1558; Sat, 13 Mar 2021 17:34:43 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9ED8238A02; Sat, 13 Mar 2021 20:39:59 -0500 (EST)
Received: from ([]) by localhost (localhost []) (amavisd-new, port 10024) with LMTP id dj4I918SAU71; Sat, 13 Mar 2021 20:39:59 -0500 (EST)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id EE97738A01; Sat, 13 Mar 2021 20:39:58 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id 0543E8F5; Sat, 13 Mar 2021 20:34:42 -0500 (EST)
From: Michael Richardson <>
To: Eliot Lear <>, "rats\" <>,
In-Reply-To: <>
References: <> <>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Sat, 13 Mar 2021 20:34:41 -0500
Message-ID: <22167.1615685681@localhost>
Archived-At: <>
Subject: Re: [Rats] [Iotops] 802.1AR device identity
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 14 Mar 2021 01:34:47 -0000

Eliot Lear <> wrote:
    > Yeah, this is an issue that comes up from time to time.  How
    > “immutable” should that iDevID be?

I take the approach that the IDevID that was shipped from the factory can not
be replaced without a device recall.

(It could be that there are modes where another IDevID can be installed, but
the original would not be removed.  Whether this is an LDevID or IDevID is
open to intepretation)

    > I’ve had this thought in two
    > different contexts: What if the signature algorithm, CA, or private key
    > used to protect the iDevID has been compromised?

Then, the device is broken.
I think you would certainly agree that this can be the only answer if the
software signing key is compromised, right?

    > Can one recover with an update?
    > What if there are attributes in the cert that I want to
    > dink and share with the deployment?

Please define "dink" for me.  I know of only one definition from the school yard.
Does this mean remove? replace?

    > I’d like to take that latter case off the table, but then we need to
    > seriously think about RATS or SUIT providing a standard protected TLV
    > list that deployments could receive through a standard interface.
    > These are attestations of a form, but they’re not really measurements,
    > as has been previously discussed here.

Can you give me an example of one of these attributes?
This sounds like the FIDO situation, from section 6.3 of (my) the usecase

   According to [fidotechnote] FIDO uses attestation to make claims
   about the kind of device which is be used to enroll.  Keypairs are
   generated on a per-device _model_ basis, with a certificate having a
   trust chain that leads back to a well-known root certificate.  It is
   expected that as many as 100,000 devices in a production run would
   have the same public and private key pair.  One assumes that this is
   stored in a tamper-proof TPM so it is relatively difficult to get
   this key out.  The use of this key attests to the the device type,
   and the kind of protections for keys that the relying party may
   assume, not to the identity of the end user.

Michael Richardson <>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide