Re: [Rats] comments on draft-birkholz-rats-architecture-02
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 02 October 2019 09:00 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A2B41200D7 for <rats@ietfa.amsl.com>; Wed, 2 Oct 2019 02:00:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=60Z5fEIz; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=gJbUkIgK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3KQxEuq-9bOG for <rats@ietfa.amsl.com>; Wed, 2 Oct 2019 02:00:48 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50056.outbound.protection.outlook.com [40.107.5.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F6D41200FE for <rats@ietf.org>; Wed, 2 Oct 2019 02:00:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WgD9tZWCNeCpSnrwfSI+wEq/gexaQrquuNUcHFY5FNs=; b=60Z5fEIzvYGILztdEgRx8F7orw3V9srSHbPSruAnd4snEpXeOAtUZoXbXDD1cpfqTaW8qJgayJnfV8NmsUIzebBMqyIBb9IUMZPTEAJE6eh7RVZlwtSD/vi0bDZqnTl4BrhltC00qSS5DyTsmSAfpg+mO8PoLvEEKQx3Issg4iw=
Received: from DB7PR08CA0057.eurprd08.prod.outlook.com (2603:10a6:10:26::34) by AM6PR08MB3703.eurprd08.prod.outlook.com (2603:10a6:20b:83::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Wed, 2 Oct 2019 09:00:41 +0000
Received: from AM5EUR03FT055.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::202) by DB7PR08CA0057.outlook.office365.com (2603:10a6:10:26::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2305.17 via Frontend Transport; Wed, 2 Oct 2019 09:00:41 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT055.mail.protection.outlook.com (10.152.17.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2305.15 via Frontend Transport; Wed, 2 Oct 2019 09:00:40 +0000
Received: ("Tessian outbound e4042aced47b:v33"); Wed, 02 Oct 2019 09:00:40 +0000
X-CR-MTA-TID: 64aa7808
Received: from 0ceb54e8eb5e.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.4.53]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 2BC9D269-7500-432B-B2F3-6747EE4B9023.1; Wed, 02 Oct 2019 09:00:35 +0000
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2053.outbound.protection.outlook.com [104.47.4.53]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0ceb54e8eb5e.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Wed, 02 Oct 2019 09:00:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l6JqbJvqQYDLwltwCg7FrhZNU2TWA1cF886jS4VcaSxwJ9tKsRHELuoo3u29hUN6AJYNUqLifBhu7p8hRWbZS0pS0gdq8N8iYGew3MvjXjY42Apwf/wliDauOvLXvmYa2xwd8CuwWBGBaCrQhm1UwLFOJLuYnXYpruco27+bMjRtYUgLqJykFvoLLc0osyEW23zyzg7YXdZegL3Pc94xLgsGUQtf8aVcCHT45vwygF2sP6cAsy0mFFbIWannQTjaNJG+RjUIvTh1+SS72v1QgO53euoWqV5OcYErmVhaXzg8u2ng0sm2CY8dmdHkG3FuVDpF15qzeezTjDbqWOKpHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zUXIiAp82YF6S9cbLp7FDV3f5iY+i2R4w71ZMELiQcY=; b=MWDNgE+tRp565LhQC1A4PnZgB4FSpNp/DaHMq2qj66rIciSHn2QxowYyL9zUgW8RyzGUdddNlYi/1f7BUq5xCWSC9V5aslNu+vm63YNuNldslJuDw2BT/1LE2EYIOby6YTrqFTRdU10lo6uoJdxiLmoa8rvVUwCoRk+Oe/NFYZOHHqNRLENJOTkGiPfxLegGBw9nW9a37Q/kNGYYAyQBZIZ6wTwXIy7yh/dFt7SLAHZDD64GBhqH5NFgIlUe0sKJ1Qks2rOixTUQgR5xroRjCtBGMoJMslgUVK3ZcA+41auats6Hf5ThutA5+Uhs8ngJE025MzKrlsIazzBcjRHlCw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zUXIiAp82YF6S9cbLp7FDV3f5iY+i2R4w71ZMELiQcY=; b=gJbUkIgKJWtjGsDFQJCTDJ2iBk1qLRrT8pODfVQu91cfcngrOgb0jHD1JUEfrB9AXZvyUu1OBu2HmyUnKAhIrakKsL7isR6/CaqUJjTKUtCyy6egtlNj2uKHyH0KCjPhDwBgQqWgOaNIWcn/uEKLHHSq4lEtkWk0E0RyDogbZ7E=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.245.74) by VI1PR08MB4080.eurprd08.prod.outlook.com (20.178.127.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Wed, 2 Oct 2019 09:00:33 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::b003:8767:35c7:e31]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::b003:8767:35c7:e31%2]) with mapi id 15.20.2305.023; Wed, 2 Oct 2019 09:00:33 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: comments on draft-birkholz-rats-architecture-02
Thread-Index: AQHVc6wLs8eXy3dKq0+sUkZ9OD7XJadHF0Ig
Date: Wed, 02 Oct 2019 09:00:32 +0000
Message-ID: <VI1PR08MB53607670A7762C9EABE9D1A3FA9C0@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <20190925141802.5kvcriaysbuw5dhi@anna.jacobs.jacobs-university.de>
In-Reply-To: <20190925141802.5kvcriaysbuw5dhi@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 8034cca0-c12f-4a37-9ef7-cdc6e0b798ad.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.116.217]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 7a7d9aed-67fc-466f-8034-08d747170013
X-MS-Office365-Filtering-HT: Tenant
X-MS-TrafficTypeDiagnostic: VI1PR08MB4080:|AM6PR08MB3703:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Antispam-PRVS: <AM6PR08MB37037C8C2CBBDBDE29E7FCDCFA9C0@AM6PR08MB3703.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0178184651
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(346002)(376002)(136003)(39860400002)(199004)(189003)(13464003)(55016002)(316002)(110136005)(14454004)(6116002)(8936002)(26005)(229853002)(3846002)(25786009)(81166006)(81156014)(2501003)(8676002)(478600001)(6246003)(99286004)(71200400001)(71190400001)(2906002)(33656002)(476003)(5660300002)(11346002)(966005)(66066001)(6436002)(446003)(66574012)(52536014)(53546011)(6506007)(102836004)(76176011)(7696005)(86362001)(256004)(14444005)(186003)(66476007)(74316002)(64756008)(66946007)(305945005)(66446008)(66556008)(6306002)(76116006)(7736002)(486006)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB4080; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: gRX8oDPCee8TSwXGU14AOk1wUX++DQ7sn+WqOqtbVEriuf6k6Xw6im3nP7WNk6ClfVxMFtNiEODZNThUpCQc8wB25ybUXGp/1uI43Yrl1i5UPeYGrIMoNAIf1lqYdB3bHEX5U0xzDAWI9ltVtEfDo/4lg7ANKZ4+e8hAUhW98Y8DKisDE7OmwBcMCbMDf6VDLd/fy37o6Gow8bYNnshXLvpmUV3XDUNjz4sJu0jnavkkLwzzgInIIhL1yPhlXNZZ/EsyVNcd2+r5b10zvCdpIRKd70ukWz0A8GFwTIxqg4VgZhjl4/z9Ziw5iVxzdq4ydGt0UbGUE++2lihX1PLMAEd018R9tn5FqKxZt8mCiFVmgf1AJHp48Zi3b1YxeNkPYQxiPACsElGvk6TQ7GrCYdnseHGqIA9C0iPmvXdUqQqu/4IEsrWhGLzuuyoez96PAuZZCT0s82dNSE1eFbdsAw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB4080
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT055.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(396003)(376002)(136003)(189003)(199004)(40434004)(13464003)(70586007)(66574012)(5024004)(26005)(70206006)(23756003)(7696005)(336012)(8746002)(47776003)(74316002)(33656002)(76176011)(8936002)(66066001)(14454004)(26826003)(99286004)(446003)(3846002)(186003)(316002)(476003)(2501003)(76130400001)(25786009)(126002)(966005)(52536014)(63350400001)(6116002)(110136005)(11346002)(9686003)(229853002)(478600001)(36906005)(50466002)(6306002)(486006)(5660300002)(305945005)(81166006)(81156014)(53546011)(6506007)(22756006)(7736002)(102836004)(55016002)(6246003)(86362001)(8676002)(14444005)(356004)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3703; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 4221f26e-82f7-481c-2ded-08d74716fb83
X-Forefront-PRVS: 0178184651
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: xhH91pSDaF2gDhar8g0VefB/UwDt3rkvFWMoxzJ/8GcyE8/HMbvQIE+f4bhrF4oE+rw/JkponyDI1rtyJRF8cPVFK0iUeSGxIfkAcWYulVFE0cRw3XhRrP5WMoMUtd82bI0mUGirvXW8WRgDFnqC2W4asSZcWTQtdGAOrH4v44cgm3tkBqTzowsAwjAC7IyJLN9cWhFecMMSq1PdFgHzPlAmx7Dwblkz0b+I2ZxexW5LwkIitqftYhvAFfzwWyPN/v8wzz3E4xta4wNcmz3wMzMkD3CA6oXAG8Vl1n6cA54JWHqJzsw75M0Tc9Qv2QsL4pVLYd1Ls0yxV7f6VuKljNFva2f457XueuxLIJ/67IZ5Cr18ZeX1qi1YPrqnjcaFYY4vnJKL1gtu4FV8vMNSDUExtBJuEa/yg5JhJ72B1POIQDtSee2vFA8YQd9OXiXbM0dCpXe9/FuSSwV/BYD3pQ==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Oct 2019 09:00:40.6421 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a7d9aed-67fc-466f-8034-08d747170013
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3703
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/GRkKoBiKEuYh6wEXeZonphb2N9A>
Subject: Re: [Rats] comments on draft-birkholz-rats-architecture-02
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 09:00:51 -0000
Hi Jürgen, Thanks for your review. Looks of great questions. Below is my take on it. -----Original Message----- From: RATS <rats-bounces@ietf.org> On Behalf Of Schönwälder, Jürgen Sent: Mittwoch, 25. September 2019 16:18 To: rats@ietf.org Subject: [Rats] comments on draft-birkholz-rats-architecture-02 Hi, I am rather new here to please forgive my ignorance. I thought I start by reading the architecture document. Some of my questions may just show my ignorance but then this is what happens if you get fresh reads... - What is 'normative guidance'? [Hannes] Should just be 'guidance' but on the other hand an architecture document shouldn't provide guidance. I guess we have to change the sentence altogether from " In general, this document provides normative guidance how to use, create or adopt network protocols that facilitate RATS. " To: " - Would it not make sense to also define the terms introduced in 1.1? - Claims - Evidence - Known-Good-Values - Endorsements - Attestation Results Perhaps section 1.1 should be folded into section 2 so that all terminology is defined in one place. What about terms such as - Attester - Verifier - Asserter - Relying Party - What are 'architectural constituents'? - Separation: A Computing Environment with the capability of remote attestation: o is separate from other Attested Computing Environments (about which attestation evidence is created), and Does it always have to be separate? Is there an architectural requirement for these to be separate? - If you read this document for the first time, it is difficult to put the various terms together in your head. Figure 1 helps but it comes a bit late, it would help if it would be shown early. It would have helped me if all key terms are defined upfront followed by a Figure explaining relationships or interactions before the discussion of details starts. - Not sure this helps me understand things: (e.g. Prinicipals that are Supply Chain Entities) - What are Appraisals? [...] Attestation Results are the output of appraisals. There is text in 3.3 about appraisals that I do not understand. If Attestation Results are the output of appraisals, then appraisals are some form of a function. I thought that the Verifier is creating appraisals based on the received Evidence and the received Endorsements and that leads to Attestation Results, i.e., in a functional writing style: Verifier :: Known-Good-Values -> Endorsements -> Evidence -> Attestation Results This is also how I understand the definition of Verifier in 4.3.1. It seems appraisals are something internal to the logic of the Verifier, i.e., they may be produced by the logic of the Verifier but then the Attestation Results are really the output of the Verifier. - Evidence I understand that Evidence is a specific form of a claim. I am not sure, though, what exactly turns a claim into Evidence. o Evidence is provable Claims about a specific Computing Environment made by an Attester. What makes a claim a provable claim? Who is originating the claim and who is originating the Evidence? - Endorsements It is not clear to me yet what the difference between Endorsements and KGV really is. - Security Considerations RATS Evidence, Verifiable Assertions and Results SHOULD use formats ... Should that be RATS Evidence, Endorsements, Known-Good-Values, and Attestation Results SHOULD use formats ... to be consistent with terminology? The term 'Verifiable Assertions' shows up here the for the first time... [...] Nonce Claims often piggy- back other information and can convey attestation semantics that are of essence to RATS, e.g. the last four bytes of a challenge nonce could be replaced by the IPv4 address-value of the Attester in its response. Despite wondering whether this is a good thing or a bad thing, I wonder why this is in the security considerations of the architecture document. The architecture does not define how Nonce Claims look like, so why would it discuss specific issues about Nonce Claims? - Editorial s/capabile/capable/ Singular/plural confusion in the following? Likely, there are a set of Claims that is widely applicable across most, if not all environments. Conversely, there are Claims that are /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/> _______________________________________________ RATS mailing list RATS@ietf.org https://www.ietf.org/mailman/listinfo/rats IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] comments on draft-birkholz-rats-architectu… Schönwälder
- Re: [Rats] comments on draft-birkholz-rats-archit… Hannes Tschofenig
- Re: [Rats] comments on draft-birkholz-rats-archit… Hannes Tschofenig
- Re: [Rats] comments on draft-birkholz-rats-archit… Henk Birkholz