[Rats] draft-ietf-rats-architecture-12
Daniel Migault <mglt.ietf@gmail.com> Mon, 01 November 2021 20:59 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D02503A2F8A for <rats@ietfa.amsl.com>; Mon, 1 Nov 2021 13:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FNcUofZt_THa for <rats@ietfa.amsl.com>; Mon, 1 Nov 2021 13:59:49 -0700 (PDT)
Received: from mail-ua1-x930.google.com (mail-ua1-x930.google.com [IPv6:2607:f8b0:4864:20::930]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55FCF3A2F89 for <rats@ietf.org>; Mon, 1 Nov 2021 13:59:49 -0700 (PDT)
Received: by mail-ua1-x930.google.com with SMTP id b17so24076210uas.0 for <rats@ietf.org>; Mon, 01 Nov 2021 13:59:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=5Th1BCT5FHPhGqjGO/g4gfMYwSnWwPtIWNzUUSESV14=; b=nBRCr7T+335caL1/zgQqY8BNcWf1vaLYS8diHjM6aImfW474gxHIiZy92a8MUrp8NO c8gUYQbKf3P3c/UqTVEORV5v5UcnmCu6R7WQO4vgC/WvW0d7vApmUA3S8gDI7uKDSQUr jiigS0YmiJfnoUwda42TntOroF0Bz+PSncTRsi5UIiUxGxznl6Ccg8k/f9SXz5g0kxcB oEOpbuZmVp+93jZLh/g9wwHXaCUZ8PU+NrsvvC+IP9McExYqRIfrJjj0zUd8tzCxSxJl tNi0a1eWnX8Wkw1uUSl5XQt4pJEGbVgUDtsniaw/X4IHhR198hgWwEQTJ0g83kTyKG29 Nb9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5Th1BCT5FHPhGqjGO/g4gfMYwSnWwPtIWNzUUSESV14=; b=5vYidRKwzKhkl8JCTnkgXhIEJRY0XkTYEwWRAsY+7V+e05I5uw0c7hwnCMxfgwOr/w tAfWa8XAcqzZYlwM17XJO+/UjRh5+jVRQ05515+40szC8iRwfKUT5d0tQargPOsbb5zj f0LV+be3l4A8PM4hagoTNqp3ey8k3rL5b6WQ/C3HRMWYBjXS2pT9asQiZYJfHbAyoux+ 96WiwnGGYD5rDdyqDbaex3Vyfa27tWeFEO86NkRGg+tnvept3nPYYGX+hdh9olhL5v8N Zao9Z02PX8n2L+WaIGjN+eEj/i2n55JFS08SI1kF2Lvw+t4Or7uklZ2+39SVvE2X/0iV c1ag==
X-Gm-Message-State: AOAM5304ROXCnzfMRxtCUdQVBz6hCsaaNsQYqnj5RO8Ggc1SXymbqkBa c8GbqOPanZpgSODfLuXZE6J64NY4wolmWYLshSlOde0IxfM=
X-Google-Smtp-Source: ABdhPJxb3XPOL2pHO5rdJnU2xsAfJFky8V8vFrD2dNYJaIbqv9J7iECFc93RqF5EhWxWzrm0oUXpjx4ZyfMQfR9JV8I=
X-Received: by 2002:a05:6102:392:: with SMTP id m18mr11514625vsq.56.1635800384602; Mon, 01 Nov 2021 13:59:44 -0700 (PDT)
MIME-Version: 1.0
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 01 Nov 2021 16:59:33 -0400
Message-ID: <CADZyTk=ZbSUYxywzVONYjo59JVf56r8kAhpKqtXgE2=k2uZ5uA@mail.gmail.com>
To: rats@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d905e505cfc074f8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Hf1klBqNuKWanHxQWWuOFE_saPk>
Subject: [Rats] draft-ietf-rats-architecture-12
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2021 20:59:54 -0000
Hi, I could not see the draft-ietf-rats-architecture in the dt and was wondering what is its current status. I am providing a review of the document and hope the document can progress. The document is in a nice shape. I suppose the comments are only clarifying my understanding. Yours, Daniel I suppose there is an editorial nits there: """ See Section 8 for further discussion of the conceptual messages shown in Figure 1. ## Two Types of Environments of an Attester """ >From Figure 2. The trust associated with the Evidence is related to the trust of the Target Environment as well as the communication of the Claims from the Target Environment to the Attestation Environment. I think some clarification/explanation may be added. My current reading is that Evidence are attested untrusted claims which is not so useful. section 3.1 """ Normally, Claims are not self-asserted, """ seems to me a bit unclear, more especially, when a claim contains a value of a register, I see the register as part of the Target Environment and the register provides its value. I tend to see the register as self asserting its value. Assert in the text seems to be related to the trust associated with the value of the claim. If so, that assertion (or trust) results both in the trust of the Attesting Environment (system + attesting keys) as well as the system that enables the communication of the Claims to the Attesting Environment. Am I correct when I consider the system + keys as the root of trust ? But back the beginning of my comment I think I do not understand what self asserted means and what the problem might be. Maybe also I am mis-interpreting asserting as I do not understand it with something stronger than a statement. https://www.merriam-webster.com/dictionary/assert Claims about a root of trust typically are asserted by an Endorser. So Figure 1 shows the Endorser interacting with the Verifier. Figure 2 shows the interaction within the Attester and shows Claims being exchanged between the Target Environment and the Attesting Environment while Attesting Environment and Verifier exchange Evidences. I am wondering if that Claims should be replaced by Evidence or if the intention is to say that Evidence is carrying/generated Claims trusted by a root of trust - which in this case is associated to the Target Environment and not the Attesting Environment. """ The final Evidence thus contains two sets of Claims: one set about the bootloader as measured and signed by the BIOS, plus a set of Claims about the kernel as measured and signed by the bootloader. """ I understand that the set of claims are combined together with for example a hash function. In other words, Evidence is not (necessarily) a list of claims that can easily be extracted from the Evidence. If my understanding is correct, I would maybe clarify "contains". I also have the impression cascading carries the notion of recurrence where one level includes all levels below - but that is my own perception. Overall I have the impression that [claims_a, claims_b] can have multiple representations including claim_c = hash( [claims_a, claims_b] ) or claim_d = [claims_a, claims_b]. In both cases they represent the set of claim_a and claim_b. 4.2 """ Evidence: A set of Claims generated by an Attester to be appraised by a Verifier. Evidence may include configuration data, measurements, telemetry, or inferences. """ This is mostly what is just mentioned above. To me a set of claims is s = ( claim1, claim2, ..., claimn) and I have the possibility to take s[0], but I have the impression that the set here is more abstract and is represented by the hash(s). Myabe that worth clarifying how the set is represented. section 7.4 1. The key material used to authenticate and integrity protect the conveyance channel is trusted by the Verifier to speak for the Attesting Environment(s) that collected Claims about the Target Environment(s). The text does not mention the trust in the Claims. I have the impression that it also conveys some trust in the claims. In the case of the BIOS, we do put similar trust into the hardware to load properly the BIOS stored into the ROM as we trust the attestation keys stored into the hardware. This, in my view, makes the states provided by the TPM trusted. section 8.4 _Strength of Function_ this is a markdown notation I suspect. By default, the Relying Party does not believe the Attester to be compliant. Upon receipt of an authentic Attestation Result I do not see any reason to perform attestation if the Attester is known to be compliant. I am wondering if "by default" is appropriated or should be instead replaced by something around Upon starting an attestation, the Relying.... It is a bit unclear to me what authentic means, so I am checking if it should not be replaced by trusted or simply being removed. Unless I am missing it, I noticed authentic is widely being used across documents so it might be worth defining it in the architecture document. At least I am happy to be pointed to its definition. Section 9: 9. Claims Encoding Formats The section is mostly focused on Evidence and Attestation Results, not so much on Claims. That said, the discussion is a generic discussion over which format to use and this can be extended to Claims as well, though in some cases Claims may have proprietary formats. What is unclear to me in the section is the relation between Claims and Evidence, and I think that is related to previous comments. Here I am reading Evidence as a set of Claims. So I am wondering if we expect Evidence format to be a list of Claims in which Claims can be either built from the Attesting Environment or provided by a Attesting Target. Typically I do see measurements as new Claims generated by the Attesting Environment. I agree that in both cases these are inside the Attester. section 10. All timekeeping methods seem to me to have an implicit period when the information is valid - I am basically thinking of it as a TTL. Using Epoch ID, I have the impression that a new ID indicates a new time slot, so I am wondering if blocking the time distributor does not keep the device into the past and makes possible replay attacks. -- Daniel Migault Ericsson
- [Rats] draft-ietf-rats-architecture-12 Daniel Migault
- Re: [Rats] draft-ietf-rats-architecture-12 Thomas Fossati
- Re: [Rats] draft-ietf-rats-architecture-12 Daniel Migault
- Re: [Rats] draft-ietf-rats-architecture-12 Michael Richardson
- Re: [Rats] draft-ietf-rats-architecture-12 Smith, Ned
- Re: [Rats] draft-ietf-rats-architecture-12 Daniel Migault
- Re: [Rats] draft-ietf-rats-architecture-12 Daniel Migault
- Re: [Rats] draft-ietf-rats-architecture-12 Michael Richardson
- Re: [Rats] draft-ietf-rats-architecture-12 Daniel Migault
- Re: [Rats] draft-ietf-rats-architecture-12 Daniel Migault