Re: [Rats] errata against RATS architecture
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Thu, 11 January 2024 07:40 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99C7CC14CE52 for <rats@ietfa.amsl.com>; Wed, 10 Jan 2024 23:40:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvJPM-j_Fh0x for <rats@ietfa.amsl.com>; Wed, 10 Jan 2024 23:40:32 -0800 (PST)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2AD1C14F701 for <rats@ietf.org>; Wed, 10 Jan 2024 23:40:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=In-Reply-To:From:References:CC:To:Subject: MIME-Version:Date:Message-ID:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=u5MmadiA0Ekd4O1q4hPXH7iGDCCJW9mWcZ83SsYRJWI=; b=qTsjcZ6L75dhy6SMHvhM/61eUx dGdeF52u3KBmqty5gAYZVCJ2CtlxsmLhM5loXNFcQcjGViWs0K4S8kXMnRj3aa5VNmw75/sdOEjz7 y52OZmNf5P2rMm8ANSx/oP91I0WQgAGHLX59H3cyIcxyhHc0yGhZkp+j+DAcc+educVtxys9FNCVC 8Sz55EJK6wyNbnhn+e2bEVwny9WFkzx7Lp3quu/2qNaPtOZ4h2yCZvxvaoIzDlDr0C0CxAVzZbf1F 4EAORlgOdRtBoiJ/En3ls25HqqAY5F8WJvxU8er3yfaFkZkzjxgSpwo1AU0KFHA9MViUz22Jf8xuf k8uAoL1Q==;
Received: from [172.26.35.114] (helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1rNpfv-00DjU7-7P; Thu, 11 Jan 2024 08:40:27 +0100
Received: from [10.12.5.228] (81.201.156.93) by MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 11 Jan 2024 08:40:24 +0100
Content-Type: multipart/alternative; boundary="------------v9JzqUXDayNdIpDQRcD0YpRM"
Message-ID: <884ce51f-8d3b-4621-aafa-52547541fce4@tu-dresden.de>
Date: Thu, 11 Jan 2024 08:40:23 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: rats@ietf.org
References: <9226.1704914969@obiwan.sandelman.ca>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <9226.1704914969@obiwan.sandelman.ca>
X-ClientProxiedBy: MSX-L312.msx.ad.zih.tu-dresden.de (172.26.34.112) To MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/GUcamLBPSQZ-Hv9-zdSVbT7W_sg>
Subject: Re: [Rats] errata against RATS architecture
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2024 07:40:36 -0000
Hi Michael, Well, since you started a new thread, it needs some context now (which was clear in the previous thread with subject TDX and AMD). So the context in whole of my email would be confidential computing. Some history before jumping to errata: [1] which the authors did not have any answer to but still continued the claim "neutral towards processor architectures" till the published RFC9334. Hence, with this claim, confidential computing is certainly in scope. On 10.01.24 20:29, Michael Richardson wrote: > It seems to me that the architectural split allows for multiple parties to > run Verifiers (and not just the manufacturer). This opens the market for > Verifiers that can be verified. Who verifies the Verifier that verifies the Verifier? or put simply, the question is how exactly would the Relying Party verify the first Verifier? > Yet, you say say that the document is somehow fundamentally broken? > I re-read your errata, and I don't agree it's well-formed errata. Without a proper solution to my above question, the document just shifts the focus from attester to another verifier or from one verifier to another verifier, and is thus incomplete. Now you could have N number of verifiers, each verifying the next verifier in stage. But where does this recursion end? You just have to trust the first verifier, right? The following statement in Errata tries to cover this: > The solutions presented in the standard are not always complete and precise. For example, in ยง11, if the Verifier's own Attestation Results are generated by the Verifier's Verifier, it leads to recursive problems. Now about the architecture, there is very little scientific justification of why this architecture is more suitable than alternatives, e.g., the one where the verifier and relying party are collapsed, as mentioned by Dionna. There is one standard RFC9334, and there is another draft for anonymous attestation [2] and then there is a separate draft for explaining what endorsements are. Then there will be another document for local attestation because it is an important part of SGX and TDX remote attestation and not covered by RFC9334. Couldn't all of that be in a single standard? Moreover, architecturally-defined attestation by itself - without additional mechanisms - does not provide authentication property (see formalization in [3]): something which is missing in the security considerations of RFC9334. Intel's approach to provide this authentication is to compose remote attestation protocol with TLS protocol, named as RA-TLS [4], which is widely used in industrial solutions such as Gramine and SGX SDK. The idea is to use generate an Evidence before starting TLS handshake and send this Evidence as an extension to the Certificate message. CertificateVerify message then contains the signature over handshake messages using the ephemeral key generated within the TEE (rather than the LTK). The problem is that it leads to replay attacks, as the same Evidence can be replayed in multiple sessions. [1] https://mailarchive.ietf.org/arch/msg/rats/qYUQ1C5-8blE4KzF7PnYW-pXrUQ/ [2] https://datatracker.ietf.org/doc/draft-ietf-rats-daa/ [3] https://ieeexplore.ieee.org/document/10373038 [4] https://arxiv.org/pdf/1801.05863.pdf Regards, Usama
- [Rats] errata against RATS architecture Michael Richardson
- Re: [Rats] errata against RATS architecture Tom Jones
- Re: [Rats] errata against RATS architecture Henk Birkholz
- Re: [Rats] errata against RATS architecture Tom Jones
- Re: [Rats] errata against RATS architecture Muhammad Usama Sardar
- Re: [Rats] errata against RATS architecture Michael Richardson
- Re: [Rats] errata against RATS architecture Smith, Ned
- Re: [Rats] errata against RATS architecture Michael Richardson
- Re: [Rats] errata against RATS architecture Muhammad Usama Sardar