Re: [Rats] Comments on draft-birkholz-rats-architecture-01

Adrian Shaw <Adrian.Shaw@arm.com> Mon, 15 July 2019 16:31 UTC

Return-Path: <Adrian.Shaw@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5088012003F for <rats@ietfa.amsl.com>; Mon, 15 Jul 2019 09:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=m2Q62/9I; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=F21lEcc7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g8Vaqi0tBkDP for <rats@ietfa.amsl.com>; Mon, 15 Jul 2019 09:31:18 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30059.outbound.protection.outlook.com [40.107.3.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09A09120026 for <rats@ietf.org>; Mon, 15 Jul 2019 09:31:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zhCxwxAA9MTbZeVzMbXFZMKmjHUXnLFqGhq8JYfvNtk=; b=m2Q62/9IlOZgmoKbb349gHrZTT71U/KDKxOPRTf48lXaIbXAACkOIkNJ1aCVTQ4E5+hTbdOl449VLDBoW51L+L5zLcm/S5/4kmJOXWIAT9KXwpLnunoRWq/rhQagmjYDZUhl05aKOFZxoFeumf5vYHH2y3UC0swP5Gkd2sRbwhA=
Received: from HE1PR0802CA0008.eurprd08.prod.outlook.com (2603:10a6:3:bd::18) by AM6PR08MB4949.eurprd08.prod.outlook.com (2603:10a6:20b:e1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Mon, 15 Jul 2019 16:31:14 +0000
Received: from AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::203) by HE1PR0802CA0008.outlook.office365.com (2603:10a6:3:bd::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2073.14 via Frontend Transport; Mon, 15 Jul 2019 16:31:14 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=temperror action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT046.mail.protection.outlook.com (10.152.16.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Mon, 15 Jul 2019 16:31:12 +0000
Received: ("Tessian outbound 3c2a520fbb81:v24"); Mon, 15 Jul 2019 16:31:10 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 2967bd217f092f3b
X-CR-MTA-TID: 64aa7808
Received: from 575bedd19fc4.1 (cr-mta-lb-1.cr-mta-net [104.47.25.102]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 88469B8B-4BB4-4B8C-94E9-31C13FB8A6E7.1; Mon, 15 Jul 2019 16:31:05 +0000
Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01lp0102.outbound.protection.outlook.com [104.47.25.102]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 575bedd19fc4.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Mon, 15 Jul 2019 16:31:05 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CpjwHDUMN2WXV2PVzbeTK3n9+uAWme0KQHGufn/YGLPcelGk4z6r4pvsoBp9ZB0kODOXc2VTsb9p8jGxa/P7YJzg3ihX2S0CU8kMYS9dXm8ndS5sW9xDJvzN1aUns4VuayUKGCZ35F7kB6kmrTUGbSPCgO6CTTlH38CzgDOqcAMXGJomkMv3o+os/pxKiNSJrt0diD5IJXSr0HixiQ7cmTHkyv7lRK4JGPP4q3zRixP00S0v07KsP2DSD+dj1o2BCH6XKKdaMZgsEAqv0TPwYfJXK5mFvbMjxZQKmL4I095lz++kUKsF9vQpED8LJV32eqSxEnuhWajzqLNCoCurCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ObOZuAyC0y1s04LTu4n0HhTifoSN8jH4xJTCas9q4Jw=; b=Ge4CPVu5fbEusywV3qoKUIVVm3Pvd4Oohw4cbt7J6aGLJv7ueJEcxHWNowsHBUzAZyp0aUIl+rCdLSIpVh/Q0XADFqI52TFDQbsYYdrZfvU6DGRbG8FV9DgDW+Ub+2rJ1HAHRxGC7/RySt8Dsla63ldM3XcdUuBAC3F2jmEKQ/APoSkV/RotoxuIrzkNuFakIB/mkdW3f9UxnwnW8vmZldFriPGCKs6qLoik1ewc1aiLnPrlGdC2pH0+jQyduxf2hRVK9icvrdT+hHCkfZwgp5e+fXYd2nOr2hXpy+YKJbzDcM5NYVPgzESvUpHKfYMThViWaqk74PjIc4FJJkRa5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=arm.com;dmarc=pass action=none header.from=arm.com;dkim=pass header.d=arm.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ObOZuAyC0y1s04LTu4n0HhTifoSN8jH4xJTCas9q4Jw=; b=F21lEcc7gbhaZAD2EzFmqnkG2KO3ImV+SNosaIfjQPi8ZUv1oIH0IuzT+KMyGANsyjnYCCgzB2lrnM4KZaU/Q/EjLkHd5Ap+Vk8uVEZ/MB5X1TbknGjVCN2OZbDmiQJwIvqISgFiCXKL/RuRvkKcKH+PNrVhEWLS1Ac0IFPHf3M=
Received: from PR2PR08MB4811.eurprd08.prod.outlook.com (52.133.109.146) by PR2PR08MB4906.eurprd08.prod.outlook.com (52.133.110.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.10; Mon, 15 Jul 2019 16:31:02 +0000
Received: from PR2PR08MB4811.eurprd08.prod.outlook.com ([fe80::49b7:576c:f393:edf6]) by PR2PR08MB4811.eurprd08.prod.outlook.com ([fe80::49b7:576c:f393:edf6%7]) with mapi id 15.20.2073.012; Mon, 15 Jul 2019 16:31:01 +0000
From: Adrian Shaw <Adrian.Shaw@arm.com>
To: Ira McDonald <blueroofmusic@gmail.com>
CC: "Smith, Ned" <ned.smith@intel.com>, "henk.birkholz@sit.fraunhofer.de" <henk.birkholz@sit.fraunhofer.de>, "rats@ietf.org" <rats@ietf.org>, Nicolae Paladi <nicolae.paladi@ri.se>, Thomas Hardjono <hardjono@mit.edu>, Benjamin Kaduk <kaduk@mit.edu>, "monty.wiseman@ge.com" <monty.wiseman@ge.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>
Thread-Topic: [Rats] Comments on draft-birkholz-rats-architecture-01
Thread-Index: AQHVNM6n08a7P12bmUyVFL6zYsL3BKbArEYAgAcyKYCAAMI5AIADIu2AgAAQygCAABdkgA==
Date: Mon, 15 Jul 2019 16:31:01 +0000
Message-ID: <B2C0CFB3-1500-427E-BB85-6543B7272EB6@arm.com>
References: <0189ed44bcf749c18e9b6612b2728553@oc11expo23.exchange.mit.edu> <8C52026F-A4D1-4CA5-901A-C20CC2396DF5@ri.se> <20190713023817.GU16418@mit.edu> <CAN40gSuge3=-dKTtUz2bWVTzBDX0rqmr1sj=NT_-OVRH90o=9A@mail.gmail.com> <E7299F99-54D4-47FA-A439-F1D8CB7D1353@intel.com> <CAN40gSskcq_RxXhD2Z3y+rJ7icW0EZg25VLsaUdVihC2nejViw@mail.gmail.com>
In-Reply-To: <CAN40gSskcq_RxXhD2Z3y+rJ7icW0EZg25VLsaUdVihC2nejViw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Adrian.Shaw@arm.com;
x-originating-ip: [217.140.106.51]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: d4ebaf0f-02fd-4c78-b4d4-08d70941d9c4
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:PR2PR08MB4906;
X-MS-TrafficTypeDiagnostic: PR2PR08MB4906:|AM6PR08MB4949:
X-MS-Exchange-PUrlCount: 6
X-Microsoft-Antispam-PRVS: <AM6PR08MB4949A1EAE51BE88A806F8123F9CF0@AM6PR08MB4949.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:7219;OLM:7219;
x-forefront-prvs: 00997889E7
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(979002)(4636009)(136003)(376002)(39860400002)(346002)(366004)(396003)(199004)(189003)(8936002)(606006)(14454004)(66066001)(256004)(478600001)(6486002)(1411001)(86362001)(5660300002)(6436002)(4326008)(3846002)(66476007)(76116006)(66556008)(6116002)(91956017)(66946007)(5070765005)(11346002)(446003)(14444005)(64756008)(2616005)(476003)(66446008)(486006)(26005)(6246003)(36756003)(53936002)(6306002)(6916009)(25786009)(8676002)(81156014)(81166006)(316002)(966005)(54896002)(33656002)(19273905006)(66574012)(2906002)(7736002)(229853002)(71200400001)(54906003)(71190400001)(76176011)(6512007)(236005)(68736007)(53546011)(102836004)(99286004)(6506007)(186003)(563064011)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:PR2PR08MB4906; H:PR2PR08MB4811.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: bPU9BtgPMc5l7fQ/Om/TxSiGbHQQyJ//mVlGAsIA4P2QEpqS7keasN6EUx9En+O3dgRUFvHg5HXGScAppFn7eUXTkQntXAke5tUOM2xlztwVePXwO23FqFD7Z5XnIxgw017ANSwfwJlU5bDptR3umbbzCdmot7a/5WgWQbgLsOxKwRzeq9dOeAiYN9bm2gUk+wqJADSsovm3/AfOCcr88V2JDIbpRrEyVSMf3M0VDkd1FRW9ox/B1cK/wcCsGqWBWWw3F9Y2ABK0MckEHqnE25QMMJzQHVYR1TVNiF1MFhVY8vuDYRRVqiE8FbZtPurcPkQx+ntJ3ACaps5cwiRiIzduRkt8pNhQFaxeqU5bMr/f0IX5uoxHdGpCOpCws8bbe9YmEy2CK1SXMuYk7sQlYkxDkPN7pKF86RbGmXVGf2M=
Content-Type: multipart/alternative; boundary="_000_B2C0CFB31500427EBB856543B7272EB6armcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2PR08MB4906
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Adrian.Shaw@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(979002)(4636009)(39860400002)(396003)(346002)(136003)(376002)(2980300002)(40434004)(199004)(189003)(70206006)(14454004)(4326008)(36756003)(22756006)(70586007)(30436002)(336012)(5660300002)(26005)(25786009)(66066001)(102836004)(76176011)(6486002)(30864003)(6862004)(76130400001)(3846002)(186003)(53546011)(33964004)(229853002)(6506007)(6116002)(26826003)(33656002)(966005)(486006)(2906002)(7736002)(81156014)(66574012)(36906005)(45080400002)(8936002)(5070765005)(99286004)(478600001)(5024004)(86362001)(14444005)(81166006)(2616005)(6512007)(19273905006)(1411001)(6306002)(6246003)(476003)(54896002)(11346002)(4546004)(16586007)(54906003)(606006)(446003)(236005)(71190400001)(8676002)(63350400001)(356004)(126002)(63370400001)(316002)(563064011)(969003)(989001)(999001)(1009001)(1019001);DIR:OUT;SFP:1101;SCL:1;SRVR:AM6PR08MB4949;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;A:1;MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: faf1e49c-4bd9-456d-db52-08d70941d35d
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:AM6PR08MB4949;
X-Forefront-PRVS: 00997889E7
X-Microsoft-Antispam-Message-Info: vSJA5M65i9mEnCuvd/SNc46q+laQj0/T2QSrAL8V+HW76t2g75cjRE5BSj2tdQIvh2Nqm2jDF1FQZkeA7wyML2UIDOCqXxVDHNFQ+u0G6nSSkTwe3P0dTx8/l2EkfKnHxZSpH6ZigIPfqcw8OCjyQyvHhlMR/Vd84tkNCNMgdohDLMsJhHtwMJbFhJQlibWOLYiSPn0PEVGuFrJH+XOr6E70da0e+MWRxT5uMkyGaFWb3ZFYYa83FyQ9Hk6NNk9WCIuaImdLhflZO4Za67z543XsNJB8EwXnrLEYc90bvs42bLLttuqcHfcyteQEIa/IS8NDeeSL21eQ99lC6wVG4Y2g80N1BLIHZ+R9LYxuGwCz6c+qTZnYcMTWMEJoEw28ybQPT5rN8KlixcaDunmpQHcO00V+76zVfs8LIQKbrAI=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jul 2019 16:31:12.6335 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d4ebaf0f-02fd-4c78-b4d4-08d70941d9c4
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4949
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/H9REkcbSX4A-usjuONnlGtBwiGg>
Subject: Re: [Rats] Comments on draft-birkholz-rats-architecture-01
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 16:31:23 -0000

If trustworthiness is based on whether you meet a set of criteria then it is always a binary result. But remember that trust is not absolute or blind, there’s always a specific context. You trust X to do action Y without malice. Each context has its own (maybe distinct) set of criteria e.g. whether you meet the criteria to access a particular subnet.

Best,
Adrian

On 15 Jul 2019, at 16:07, Ira McDonald <blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>> wrote:

Hi Ned,

Perhaps in the RATS context we don't have to have this (side) discussion
about the use/definition of the word trustworthy...

For access at the datalink (device joining a network via an Access Point),
perhaps you could consider "trustworthy" as binary.  Although even later
TCG TNC and IETF NEA didn't - they distinguished which logical subnet
you got access to according to the quality of your posture information.

For access to a service (e.g., financial or medical), certainly "trustworthy"
is not binary.  Service access and transaction authorization are dynamic
contexts for "trustworthy" - banks and credit card companies make a new
decision about relative degree of "trustworthiness" for every transaction.

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>
PO Box 221  Grand Marais, MI 49839  906-494-2434



On Mon, Jul 15, 2019 at 10:07 AM Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:
I think both perspectives are correct. If the context of evaluation is an access decision then trust is binary. If the context is analytics, logging or risk management then trust is (can be) probabilistic.

The relying party has the necessary context. The main objective for RATS is to define Attester-Verifier interactions.

I’m just wondering, for the purposes of RATS architecture, if we need to resolve this question now?

On 7/13/19, 7:11 AM, "Ira McDonald" <blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>> wrote:

Hi,

About binary "trustworthy".

This is a fundamental fallacy.  Neither "trustworthy"
nor "secure" are *ever* binary.  That's basic to the
security by design approach.

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>
PO Box 221  Grand Marais, MI 49839  906-494-2434


On Fri, Jul 12, 2019 at 10:38 PM Benjamin Kaduk <kaduk@mit.edu<mailto:kaduk@mit.edu>> wrote:
Cherry-picking one point....

On Mon, Jul 08, 2019 at 02:44:56PM +0000, Nicolae Paladi wrote:
> Hello,
>
> Some comments on draft-birkholz-rats-architecture-01<https://tools.ietf.org/html/draft-birkholz-rats-architecture-01>
>
[...]
> 7.1.1<https://tools.ietf.org/html/draft-birkholz-rats-architecture-01#section-7.1.1>.  How the RATS Architecture Addresses the Lying Endpoint Problem
>
>
>
>
>
>  RATS imply the involvement of at least two players (roles) who seek
>    to overcome the lying endpoint problem.  The Verifier wishes to
>    consume application data supplied by a Computing Context.  But before
>    application data is consumed, the Verifier obtains Attestation
>    Evidence about the Computing Context to assess likelihood of poisoned
>    data due to endpoint compromise or failure.  Remote Attestation
>    argues that a systems's integrity characteristics should not be
>    believed until rationale for believability is presented to the
>    relying party seeking to interact with the system.
>
> “Likelihood” implies a probabilistic approach to trustworthiness (e.g. 42% likelihood of poisoned data”). Is that really feasible? And if so, is it actually of any use? IMO trustworthiness is binary (“trustworthy or not trustworthy”), or binary and conditional/contextual (“trustworthy if used for certain actions”).

My personal thinking here is along the lines of "this data makes me
confident that only someone who was able to subvert my supply chain and
surreptitiously replace the TPM chip in the sealed device delivered to me
would be able to forge the attestation evidence; I don't think I'm the
target of such an attack, so there's a low likeliyhood of endpoint
compromise".  Or, as James Mickens put it more glibly in
https://www.usenix.org/system/files/1311_05-08_mickens.pdf there's a
Mossad/not-Mossad distinction in the potential attackers, and if the Mossad
is a threat, you're gonna be Mossad'ed upon no matter what you do.

-Ben

_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats
_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.