IETF Logo Mail Archive

Re: [Rats] Attestation Timing Definitions

"Smith, Ned" <ned.smith@intel.com> Tue, 10 March 2020 21:26 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B775D3A0DDA for <rats@ietfa.amsl.com>; Tue, 10 Mar 2020 14:26:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fe__8wKydb5y for <rats@ietfa.amsl.com>; Tue, 10 Mar 2020 14:26:23 -0700 (PDT)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CF8C3A0DD0 for <rats@ietf.org>; Tue, 10 Mar 2020 14:26:23 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Mar 2020 14:26:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,538,1574150400"; d="scan'208,217";a="277116049"
Received: from orsmsx110.amr.corp.intel.com ([10.22.240.8]) by fmsmga002.fm.intel.com with ESMTP; 10 Mar 2020 14:26:22 -0700
Received: from orsmsx158.amr.corp.intel.com (10.22.240.20) by ORSMSX110.amr.corp.intel.com (10.22.240.8) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 10 Mar 2020 14:26:21 -0700
Received: from orsmsx108.amr.corp.intel.com ([169.254.2.232]) by ORSMSX158.amr.corp.intel.com ([169.254.10.225]) with mapi id 14.03.0439.000; Tue, 10 Mar 2020 14:26:21 -0700
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation Timing Definitions
Thread-Index: AdX3Ey664zQelNNbRnODHHrrt7v6IwARw94A//+QmAA=
Date: Tue, 10 Mar 2020 21:26:21 +0000
Message-ID: <205E0664-37D1-4BB0-978F-C431BFFB321C@intel.com>
References: <BYAPR11MB31256F11BD86730AF9D21B6CA1FF0@BYAPR11MB3125.namprd11.prod.outlook.com> <CD539706-7F11-4FF1-8483-17F51329C014@island-resort.com>
In-Reply-To: <CD539706-7F11-4FF1-8483-17F51329C014@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
x-originating-ip: [10.254.177.50]
Content-Type: multipart/alternative; boundary="_000_205E066437D14BB0978FC431BFFB321Cintelcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/GVsLhcgUeH2t-je-PeYyNui2fAg>
Subject: Re: [Rats] Attestation Timing Definitions
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 21:26:26 -0000

I second Laurence’s point about Attester sending AR to a RP or Attester sending Evidence to RP.
The use case would benefit from separating ‘entity’ from ‘role’. The entity implementing the RP also implements a Verifier (V2) (This is because Evidence at time k is different from Evidence at time f.

Might be better to name them Evidence-E1 (at time f) and Evidence-E2 (at time k). Now the diagram can show E2 from Attester to Verifier-V2.

The RP is accepting two inputs AR1 (at time i) and AR2 (at time h). Note: AR at time k is actually mislabeled Evidence-E2, but also includes a “passport”(?) which is AR1.

What isn’t shown is AR2 which passes from V2 to RP. This is uninteresting from a standards perspective because it is a local flow. It is interesting from an architecture perspective because the third entity needs policies for both Evidence and A.Results and has to account for all the time variables.

-Ned

From: RATS <rats-bounces@ietf.org> on behalf of Laurence Lundblade <lgl@island-resort.com>
Date: Tuesday, March 10, 2020 at 2:05 PM
To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>
Cc: "rats@ietf.org" <rats@ietf.org>
Subject: Re: [Rats] Attestation Timing Definitions




On Mar 10, 2020, at 1:09 PM, Eric Voit (evoit) <evoit=40cisco.com@dmarc.ietf.org<mailto:evoit=40cisco.com@dmarc.ietf.org>> wrote:

2. Nonce based Composite Evidence Passport.
This figure matches to the sequence diagram from Figure 3 of draft-voit-rats-trusted-path-routing
   ...----------.                     ...----------.  .---------------.
   | Attester |                     | Verifier |  | Relying Party |
   '----------'                     '----------'  '---------------'
      time(a)                             |               |
      time(b)                             |               |
        |                               time(c)           |
        |<-----nonce--------------------time(d)           |
      time(e)                             |               |
        |------Evidence---------------->time(f)           |
        |                               time(g){@time(h)} |
        |<-----Attestation Result-------time(i)           |
        |                                 |             time(c)
        |<-----nonce------------------------------------time(d)
      time(e)                             |               |
      time(j)                             |               |
      time(k)--Attestation Result---------------------->time(l)
        |                                 |             time(h)

Something seems off here. By my understanding of the passport model, the Attestation Result is the passport and can only be created by a Verifier. This diagram seems to show the Attester creating there Attestation Result.

Seems like one fix is to remove the second nonce and time(e) and say the the Attestation Result is exactly the same in both occurrences — classic passport where the attester just passes the result through.

The other fix is to have the Attester produce a second Attestation Evidence that includes the first Attestation Result, route that to a second verifier and then on to the RP. Then you have composition.

I don’t think Attesters can produce Attestation Results.

LL

v2.23.0 | Report a Bug | By Email