Re: [Rats] Comments on draft-birkholz-rats-architecture-01
Adrian Shaw <Adrian.Shaw@arm.com> Mon, 15 July 2019 16:31 UTC
Return-Path: <Adrian.Shaw@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5088012003F for <rats@ietfa.amsl.com>; Mon, 15 Jul 2019 09:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=m2Q62/9I; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=F21lEcc7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g8Vaqi0tBkDP for <rats@ietfa.amsl.com>; Mon, 15 Jul 2019 09:31:18 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30059.outbound.protection.outlook.com [40.107.3.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09A09120026 for <rats@ietf.org>; Mon, 15 Jul 2019 09:31:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zhCxwxAA9MTbZeVzMbXFZMKmjHUXnLFqGhq8JYfvNtk=; b=m2Q62/9IlOZgmoKbb349gHrZTT71U/KDKxOPRTf48lXaIbXAACkOIkNJ1aCVTQ4E5+hTbdOl449VLDBoW51L+L5zLcm/S5/4kmJOXWIAT9KXwpLnunoRWq/rhQagmjYDZUhl05aKOFZxoFeumf5vYHH2y3UC0swP5Gkd2sRbwhA=
Received: from HE1PR0802CA0008.eurprd08.prod.outlook.com (2603:10a6:3:bd::18) by AM6PR08MB4949.eurprd08.prod.outlook.com (2603:10a6:20b:e1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Mon, 15 Jul 2019 16:31:14 +0000
Received: from AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::203) by HE1PR0802CA0008.outlook.office365.com (2603:10a6:3:bd::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2073.14 via Frontend Transport; Mon, 15 Jul 2019 16:31:14 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=temperror action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT046.mail.protection.outlook.com (10.152.16.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Mon, 15 Jul 2019 16:31:12 +0000
Received: ("Tessian outbound 3c2a520fbb81:v24"); Mon, 15 Jul 2019 16:31:10 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 2967bd217f092f3b
X-CR-MTA-TID: 64aa7808
Received: from 575bedd19fc4.1 (cr-mta-lb-1.cr-mta-net [104.47.25.102]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 88469B8B-4BB4-4B8C-94E9-31C13FB8A6E7.1; Mon, 15 Jul 2019 16:31:05 +0000
Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01lp0102.outbound.protection.outlook.com [104.47.25.102]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 575bedd19fc4.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Mon, 15 Jul 2019 16:31:05 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CpjwHDUMN2WXV2PVzbeTK3n9+uAWme0KQHGufn/YGLPcelGk4z6r4pvsoBp9ZB0kODOXc2VTsb9p8jGxa/P7YJzg3ihX2S0CU8kMYS9dXm8ndS5sW9xDJvzN1aUns4VuayUKGCZ35F7kB6kmrTUGbSPCgO6CTTlH38CzgDOqcAMXGJomkMv3o+os/pxKiNSJrt0diD5IJXSr0HixiQ7cmTHkyv7lRK4JGPP4q3zRixP00S0v07KsP2DSD+dj1o2BCH6XKKdaMZgsEAqv0TPwYfJXK5mFvbMjxZQKmL4I095lz++kUKsF9vQpED8LJV32eqSxEnuhWajzqLNCoCurCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ObOZuAyC0y1s04LTu4n0HhTifoSN8jH4xJTCas9q4Jw=; b=Ge4CPVu5fbEusywV3qoKUIVVm3Pvd4Oohw4cbt7J6aGLJv7ueJEcxHWNowsHBUzAZyp0aUIl+rCdLSIpVh/Q0XADFqI52TFDQbsYYdrZfvU6DGRbG8FV9DgDW+Ub+2rJ1HAHRxGC7/RySt8Dsla63ldM3XcdUuBAC3F2jmEKQ/APoSkV/RotoxuIrzkNuFakIB/mkdW3f9UxnwnW8vmZldFriPGCKs6qLoik1ewc1aiLnPrlGdC2pH0+jQyduxf2hRVK9icvrdT+hHCkfZwgp5e+fXYd2nOr2hXpy+YKJbzDcM5NYVPgzESvUpHKfYMThViWaqk74PjIc4FJJkRa5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=arm.com;dmarc=pass action=none header.from=arm.com;dkim=pass header.d=arm.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ObOZuAyC0y1s04LTu4n0HhTifoSN8jH4xJTCas9q4Jw=; b=F21lEcc7gbhaZAD2EzFmqnkG2KO3ImV+SNosaIfjQPi8ZUv1oIH0IuzT+KMyGANsyjnYCCgzB2lrnM4KZaU/Q/EjLkHd5Ap+Vk8uVEZ/MB5X1TbknGjVCN2OZbDmiQJwIvqISgFiCXKL/RuRvkKcKH+PNrVhEWLS1Ac0IFPHf3M=
Received: from PR2PR08MB4811.eurprd08.prod.outlook.com (52.133.109.146) by PR2PR08MB4906.eurprd08.prod.outlook.com (52.133.110.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.10; Mon, 15 Jul 2019 16:31:02 +0000
Received: from PR2PR08MB4811.eurprd08.prod.outlook.com ([fe80::49b7:576c:f393:edf6]) by PR2PR08MB4811.eurprd08.prod.outlook.com ([fe80::49b7:576c:f393:edf6%7]) with mapi id 15.20.2073.012; Mon, 15 Jul 2019 16:31:01 +0000
From: Adrian Shaw <Adrian.Shaw@arm.com>
To: Ira McDonald <blueroofmusic@gmail.com>
CC: "Smith, Ned" <ned.smith@intel.com>, "henk.birkholz@sit.fraunhofer.de" <henk.birkholz@sit.fraunhofer.de>, "rats@ietf.org" <rats@ietf.org>, Nicolae Paladi <nicolae.paladi@ri.se>, Thomas Hardjono <hardjono@mit.edu>, Benjamin Kaduk <kaduk@mit.edu>, "monty.wiseman@ge.com" <monty.wiseman@ge.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>
Thread-Topic: [Rats] Comments on draft-birkholz-rats-architecture-01
Thread-Index: AQHVNM6n08a7P12bmUyVFL6zYsL3BKbArEYAgAcyKYCAAMI5AIADIu2AgAAQygCAABdkgA==
Date: Mon, 15 Jul 2019 16:31:01 +0000
Message-ID: <B2C0CFB3-1500-427E-BB85-6543B7272EB6@arm.com>
References: <0189ed44bcf749c18e9b6612b2728553@oc11expo23.exchange.mit.edu> <8C52026F-A4D1-4CA5-901A-C20CC2396DF5@ri.se> <20190713023817.GU16418@mit.edu> <CAN40gSuge3=-dKTtUz2bWVTzBDX0rqmr1sj=NT_-OVRH90o=9A@mail.gmail.com> <E7299F99-54D4-47FA-A439-F1D8CB7D1353@intel.com> <CAN40gSskcq_RxXhD2Z3y+rJ7icW0EZg25VLsaUdVihC2nejViw@mail.gmail.com>
In-Reply-To: <CAN40gSskcq_RxXhD2Z3y+rJ7icW0EZg25VLsaUdVihC2nejViw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Adrian.Shaw@arm.com;
x-originating-ip: [217.140.106.51]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: d4ebaf0f-02fd-4c78-b4d4-08d70941d9c4
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:PR2PR08MB4906;
X-MS-TrafficTypeDiagnostic: PR2PR08MB4906:|AM6PR08MB4949:
X-MS-Exchange-PUrlCount: 6
X-Microsoft-Antispam-PRVS: <AM6PR08MB4949A1EAE51BE88A806F8123F9CF0@AM6PR08MB4949.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:7219;OLM:7219;
x-forefront-prvs: 00997889E7
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(979002)(4636009)(136003)(376002)(39860400002)(346002)(366004)(396003)(199004)(189003)(8936002)(606006)(14454004)(66066001)(256004)(478600001)(6486002)(1411001)(86362001)(5660300002)(6436002)(4326008)(3846002)(66476007)(76116006)(66556008)(6116002)(91956017)(66946007)(5070765005)(11346002)(446003)(14444005)(64756008)(2616005)(476003)(66446008)(486006)(26005)(6246003)(36756003)(53936002)(6306002)(6916009)(25786009)(8676002)(81156014)(81166006)(316002)(966005)(54896002)(33656002)(19273905006)(66574012)(2906002)(7736002)(229853002)(71200400001)(54906003)(71190400001)(76176011)(6512007)(236005)(68736007)(53546011)(102836004)(99286004)(6506007)(186003)(563064011)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:PR2PR08MB4906; H:PR2PR08MB4811.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: bPU9BtgPMc5l7fQ/Om/TxSiGbHQQyJ//mVlGAsIA4P2QEpqS7keasN6EUx9En+O3dgRUFvHg5HXGScAppFn7eUXTkQntXAke5tUOM2xlztwVePXwO23FqFD7Z5XnIxgw017ANSwfwJlU5bDptR3umbbzCdmot7a/5WgWQbgLsOxKwRzeq9dOeAiYN9bm2gUk+wqJADSsovm3/AfOCcr88V2JDIbpRrEyVSMf3M0VDkd1FRW9ox/B1cK/wcCsGqWBWWw3F9Y2ABK0MckEHqnE25QMMJzQHVYR1TVNiF1MFhVY8vuDYRRVqiE8FbZtPurcPkQx+ntJ3ACaps5cwiRiIzduRkt8pNhQFaxeqU5bMr/f0IX5uoxHdGpCOpCws8bbe9YmEy2CK1SXMuYk7sQlYkxDkPN7pKF86RbGmXVGf2M=
Content-Type: multipart/alternative; boundary="_000_B2C0CFB31500427EBB856543B7272EB6armcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2PR08MB4906
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Adrian.Shaw@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(979002)(4636009)(39860400002)(396003)(346002)(136003)(376002)(2980300002)(40434004)(199004)(189003)(70206006)(14454004)(4326008)(36756003)(22756006)(70586007)(30436002)(336012)(5660300002)(26005)(25786009)(66066001)(102836004)(76176011)(6486002)(30864003)(6862004)(76130400001)(3846002)(186003)(53546011)(33964004)(229853002)(6506007)(6116002)(26826003)(33656002)(966005)(486006)(2906002)(7736002)(81156014)(66574012)(36906005)(45080400002)(8936002)(5070765005)(99286004)(478600001)(5024004)(86362001)(14444005)(81166006)(2616005)(6512007)(19273905006)(1411001)(6306002)(6246003)(476003)(54896002)(11346002)(4546004)(16586007)(54906003)(606006)(446003)(236005)(71190400001)(8676002)(63350400001)(356004)(126002)(63370400001)(316002)(563064011)(969003)(989001)(999001)(1009001)(1019001);DIR:OUT;SFP:1101;SCL:1;SRVR:AM6PR08MB4949;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;A:1;MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: faf1e49c-4bd9-456d-db52-08d70941d35d
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:AM6PR08MB4949;
X-Forefront-PRVS: 00997889E7
X-Microsoft-Antispam-Message-Info: vSJA5M65i9mEnCuvd/SNc46q+laQj0/T2QSrAL8V+HW76t2g75cjRE5BSj2tdQIvh2Nqm2jDF1FQZkeA7wyML2UIDOCqXxVDHNFQ+u0G6nSSkTwe3P0dTx8/l2EkfKnHxZSpH6ZigIPfqcw8OCjyQyvHhlMR/Vd84tkNCNMgdohDLMsJhHtwMJbFhJQlibWOLYiSPn0PEVGuFrJH+XOr6E70da0e+MWRxT5uMkyGaFWb3ZFYYa83FyQ9Hk6NNk9WCIuaImdLhflZO4Za67z543XsNJB8EwXnrLEYc90bvs42bLLttuqcHfcyteQEIa/IS8NDeeSL21eQ99lC6wVG4Y2g80N1BLIHZ+R9LYxuGwCz6c+qTZnYcMTWMEJoEw28ybQPT5rN8KlixcaDunmpQHcO00V+76zVfs8LIQKbrAI=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jul 2019 16:31:12.6335 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d4ebaf0f-02fd-4c78-b4d4-08d70941d9c4
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4949
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/H9REkcbSX4A-usjuONnlGtBwiGg>
Subject: Re: [Rats] Comments on draft-birkholz-rats-architecture-01
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 16:31:23 -0000
If trustworthiness is based on whether you meet a set of criteria then it is always a binary result. But remember that trust is not absolute or blind, there’s always a specific context. You trust X to do action Y without malice. Each context has its own (maybe distinct) set of criteria e.g. whether you meet the criteria to access a particular subnet. Best, Adrian On 15 Jul 2019, at 16:07, Ira McDonald <blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>> wrote: Hi Ned, Perhaps in the RATS context we don't have to have this (side) discussion about the use/definition of the word trustworthy... For access at the datalink (device joining a network via an Access Point), perhaps you could consider "trustworthy" as binary. Although even later TCG TNC and IETF NEA didn't - they distinguished which logical subnet you got access to according to the quality of your posture information. For access to a service (e.g., financial or medical), certainly "trustworthy" is not binary. Service access and transaction authorization are dynamic contexts for "trustworthy" - banks and credit card companies make a new decision about relative degree of "trustworthiness" for every transaction. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com> PO Box 221 Grand Marais, MI 49839 906-494-2434 On Mon, Jul 15, 2019 at 10:07 AM Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote: I think both perspectives are correct. If the context of evaluation is an access decision then trust is binary. If the context is analytics, logging or risk management then trust is (can be) probabilistic. The relying party has the necessary context. The main objective for RATS is to define Attester-Verifier interactions. I’m just wondering, for the purposes of RATS architecture, if we need to resolve this question now? On 7/13/19, 7:11 AM, "Ira McDonald" <blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>> wrote: Hi, About binary "trustworthy". This is a fundamental fallacy. Neither "trustworthy" nor "secure" are *ever* binary. That's basic to the security by design approach. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com> PO Box 221 Grand Marais, MI 49839 906-494-2434 On Fri, Jul 12, 2019 at 10:38 PM Benjamin Kaduk <kaduk@mit.edu<mailto:kaduk@mit.edu>> wrote: Cherry-picking one point.... On Mon, Jul 08, 2019 at 02:44:56PM +0000, Nicolae Paladi wrote: > Hello, > > Some comments on draft-birkholz-rats-architecture-01<https://tools.ietf.org/html/draft-birkholz-rats-architecture-01> > [...] > 7.1.1<https://tools.ietf.org/html/draft-birkholz-rats-architecture-01#section-7.1.1>. How the RATS Architecture Addresses the Lying Endpoint Problem > > > > > > RATS imply the involvement of at least two players (roles) who seek > to overcome the lying endpoint problem. The Verifier wishes to > consume application data supplied by a Computing Context. But before > application data is consumed, the Verifier obtains Attestation > Evidence about the Computing Context to assess likelihood of poisoned > data due to endpoint compromise or failure. Remote Attestation > argues that a systems's integrity characteristics should not be > believed until rationale for believability is presented to the > relying party seeking to interact with the system. > > “Likelihood” implies a probabilistic approach to trustworthiness (e.g. 42% likelihood of poisoned data”). Is that really feasible? And if so, is it actually of any use? IMO trustworthiness is binary (“trustworthy or not trustworthy”), or binary and conditional/contextual (“trustworthy if used for certain actions”). My personal thinking here is along the lines of "this data makes me confident that only someone who was able to subvert my supply chain and surreptitiously replace the TPM chip in the sealed device delivered to me would be able to forge the attestation evidence; I don't think I'm the target of such an attack, so there's a low likeliyhood of endpoint compromise". Or, as James Mickens put it more glibly in https://www.usenix.org/system/files/1311_05-08_mickens.pdf there's a Mossad/not-Mossad distinction in the potential attackers, and if the Mossad is a threat, you're gonna be Mossad'ed upon no matter what you do. -Ben _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] Comments on draft-birkholz-rats-architectu… Thomas Hardjono
- Re: [Rats] Comments on draft-birkholz-rats-archit… Nicolae Paladi
- Re: [Rats] Comments on draft-birkholz-rats-archit… Benjamin Kaduk
- Re: [Rats] Comments on draft-birkholz-rats-archit… Ira McDonald
- Re: [Rats] Comments on draft-birkholz-rats-archit… Laurence Lundblade
- Re: [Rats] Comments on draft-birkholz-rats-archit… Nicolae Paladi
- Re: [Rats] Comments on draft-birkholz-rats-archit… Ira McDonald
- Re: [Rats] Comments on draft-birkholz-rats-archit… Smith, Ned
- Re: [Rats] Comments on draft-birkholz-rats-archit… Ira McDonald
- Re: [Rats] Comments on draft-birkholz-rats-archit… Adrian Shaw
- Re: [Rats] Comments on draft-birkholz-rats-archit… Laurence Lundblade