Re: [Rats] draft-birkholz-rats-network-device-subscription-00

"Smith, Ned" <ned.smith@intel.com> Tue, 28 July 2020 14:53 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC31D3A0D66 for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 07:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZpNxFn48EDT for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 07:53:52 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1DAD3A0D63 for <rats@ietf.org>; Tue, 28 Jul 2020 07:53:51 -0700 (PDT)
IronPort-SDR: qCakGlc+qzEp9GjuM/SPcUNE2vLeG7Wr4pVPJj5OS58Iqi9nheyXXyboI4jPJIRDY3N1ma1MQE A9zvx7L8QNYQ==
X-IronPort-AV: E=McAfee;i="6000,8403,9695"; a="138742764"
X-IronPort-AV: E=Sophos;i="5.75,406,1589266800"; d="scan'208";a="138742764"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jul 2020 07:53:50 -0700
IronPort-SDR: YobEkcm/KIes7tcbp3cL4xy68Kc369/jGw6hfeAaweFcVee+aVBddZSWY5jXYUphmizX615Me7 UDBNbJup6Lqg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,406,1589266800"; d="scan'208";a="330076071"
Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga007.jf.intel.com with ESMTP; 28 Jul 2020 07:53:50 -0700
Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 28 Jul 2020 07:53:50 -0700
Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 28 Jul 2020 07:53:50 -0700
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.173) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 28 Jul 2020 07:53:48 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QEQCbAjtencFfcblj2lDCQmHNXtToEvTBIwyC9VKyo6OU1Os31GRNb+o8R0fTGMdM+xg69NNw/5CCPBt4fXcF5ztmwha5dqzmZ0VXvBzwNBKkH8V8b/JasPWKIqW2w+kfrFLhZdRJtB8CrpiYx6mtfBloj3tSSgYuX8t92vxr/3U9SZib028dEZK/s6ES9kMibhgAw7adFk07D6FaKIy1/UIGCwksuBkqf4rEQWRqmOSzvL8iYxsIJTPNu5q84gqkXj/AxQKMcYahgjCm+wOSXfxptFtm3Vqyck/2V3uF9bea+EJo1dD7OANuBFv6wirevqi0hZWj+ZPxCXmbstWDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tpdTHobN0N+J+HpDylTF+Sfqhzx7niM7wzU4SxGmP5Y=; b=iqnRP7IqxvNVak5Uhwjak23VWCXsvDpRucvynV/TqyhxaTU4vhaJta6XZbL2/b9xtrIgcyjhZEemu1E10Ewqk4cukwlL4slYnm5rtxMkfgiIZ4bsgr8ba7+z9IGfIi2Gt9MMhgHUJuX4JuVdysyBuquvUloTw7hljfEABQBPRs6lxgFq4sIdeVi28ZIoYe3fE8D6pYjubQYXqJabYwZwl5Fn04BjNJERm+wB5l+wDl+9osImaar5awTpApc2GjkpKh0w6s/3PqPG07HTHerSFhO32R2K9pClEHeriYZ2NyGZbm/5Tu0UqwbKpvyjePyjmzB3zljZN+qqeHziMTAyFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tpdTHobN0N+J+HpDylTF+Sfqhzx7niM7wzU4SxGmP5Y=; b=K/4S7L5HfcCRF1eQ7uNZXNFGIPCdz0nkg4o7SVlf+UbrcfC8CKYsOegAzLAaQIVcDCkAIvQr9wq2aXi65qPlt6RVDabkG3TaQbveANyU9aEEjN+Pv11rZ4A/jb01Y1okgJ7jNMc+pIqZ+v6gUWfTQ7xeLN1ClBRXA+DcqiDc9KE=
Received: from MWHPR11MB1439.namprd11.prod.outlook.com (2603:10b6:301:9::20) by MWHPR11MB1582.namprd11.prod.outlook.com (2603:10b6:301:c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.20; Tue, 28 Jul 2020 14:53:46 +0000
Received: from MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::acd1:6189:65ad:9750]) by MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::acd1:6189:65ad:9750%5]) with mapi id 15.20.3216.034; Tue, 28 Jul 2020 14:53:46 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Dave Thaler <dthaler@microsoft.com>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
CC: Wei Pan <william.panwei@huawei.com>
Thread-Topic: [Rats] draft-birkholz-rats-network-device-subscription-00
Thread-Index: AdZKRjugUmuktT1iTCKR70EUNGNj/gaoi4kQAABdhgD//5SxAA==
Date: Tue, 28 Jul 2020 14:53:45 +0000
Message-ID: <140611B6-9060-47A8-957F-3D4E8E7BFACD@intel.com>
References: <BL0PR11MB31221B4EE75AADDB4685CBDEA1950@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR2101MB1027CB2B71CA83305B9608BAA3730@BL0PR2101MB1027.namprd21.prod.outlook.com> <0428729f-5754-8b19-6bbf-378aa123c799@sit.fraunhofer.de>
In-Reply-To: <0428729f-5754-8b19-6bbf-378aa123c799@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: sit.fraunhofer.de; dkim=none (message not signed) header.d=none;sit.fraunhofer.de; dmarc=none action=none header.from=intel.com;
x-originating-ip: [50.53.43.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3fceebd3-1088-463a-5de7-08d83306077b
x-ms-traffictypediagnostic: MWHPR11MB1582:
x-microsoft-antispam-prvs: <MWHPR11MB158201B5584C4A806C51ED44E5730@MWHPR11MB1582.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jNt3Th8w+AZbHCM4slA/bdTudBtkVZRb9UqQDqujY5kXGIWB6iQPSvO/yOyIcFVc9pwOUbDWEgLItpHdC1sIyVQmBEOuEXXssH1rZe1v5CJQYsC+KCsFKAbOvo22rjQlRCVtqPF0uN4y3y0or3zEw9c4HRgzveohhujZDpBBHS7ywtwlmjjPElk1nQAvr4vpHA1rFn7dBn3b1SA8KtIqBwhKbR7Hq0z4R+DLL7wggiU6Jj2OQ7JuTRGpL0pbXYgGww4nr1SPqiXpFLAkFcDPNLW0PdSzjubKKgij6D6YvrA4onIEIBb0U7R5Om/LmDgHpfOD2ut0uphtPeR2e/cr7JHXp7j8bgFmCbd0CONmpRf9IWKpRnD4GHqTygcdL2fKqTtVec5D9ytXF1ZS51FxWA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1439.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(39860400002)(136003)(366004)(396003)(26005)(53546011)(86362001)(76116006)(66574015)(478600001)(83380400001)(4326008)(36756003)(45080400002)(6506007)(316002)(2616005)(110136005)(8936002)(5660300002)(6486002)(33656002)(966005)(2906002)(8676002)(66446008)(186003)(66946007)(66476007)(66556008)(64756008)(6512007)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: JTJ90puLnu4tYNzzOX0encM+yngeENBHjxQai6MAUscK31TZMxp6zJ632BIpMjgr9gf/j3fWZD30hLBP6ee26fg75GITMCD0YR1eo5fJ6JsjvN4B0/c6JohMNrDzpLeEA92jlnBnMRlbcqVw+SZFb0rNSh5iZdWDwRZaFpl4QktmhXNEE8kXEF3H9KKX5GSleusWegDEUFLZ6ZC10Lb20w6+GSsE5fGueDUI7uuor0NzTIIKHWO9ZVxw6sKcn4oI3OdblKYefO508ySdmO3H7AG9eOWIxJ62GTtaHZx4ciHwUdKK/ugmpBgLjEPtnzmkhIQ9dLJGhztwSuCP8N+s2tPrIrrEnV1rOQ8abw2xBu1G+dk9Ovlg2N3LOEV/DxqO+jjFRazTpALs1WYI741Z1UHZ0Mxr3bqmz6RDw+hUufFOr8eJruQJqlAeGNgNUbwrrhmIUmSsCN2ASZ9iFeH8PHrVFhi1yUVS9l8Ha+lpJ2A=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E4BA484C4084CD48AFD58D884E56D9D5@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1439.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3fceebd3-1088-463a-5de7-08d83306077b
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2020 14:53:45.9751 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8zU6lJ72xZqbAb76KoY8+YZnKfVhXV5Q2rSIPsCkJ8FLTZ/0DyWofAub4Qlv98eF2pR5+//FO0sS8BZanVMS7w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1582
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/HtCogEcuWwCJIRUNgiSa-MOR5hc>
Subject: Re: [Rats] draft-birkholz-rats-network-device-subscription-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 14:53:56 -0000

Subscription models could be topic based rather than entity based. The use case below suggests that a Verifier is interested in system booting events. A topic-based approach might allow Verifiers to subscribe to "boot image X" as the topic. All entities that collect a Claim for "image X" would publish the Claim to the field of subscribers. 

Is the use of YANG to describe pub/sub limiting the ability to do topic-based pub/sub?
-Ned

On 7/28/20, 7:19 AM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org on behalf of henk.birkholz@sit.fraunhofer.de> wrote:

    Hi Dave,

    a clarifying question:

    What exactly do you mean by the "who" in "a subscriber knows who to 
    subscribe to"?

    The I-D does not come with its own join/rendezvous/discovery capability. 
    That either comes related with YANG Push ("call home"). That would be a 
    "who" on the entity level.

    Another possibility is that you mean a YANG RPC with the "who"? That 
    would be a "who" on the management interface level.

    Or you could mean one of the Attesting Environment of a composite 
    Attester. Tha would be a "who" on the Attester level. And that is done 
    via the included data store.

    Or do you mean something I am missing here?

    Viele Grüße,

    Henk

    On 28.07.20 16:10, Dave Thaler wrote:
    > I asked in the meeting how a subscriber knows who to subscribe to, and I believe the answer was
    > that CHARRA answers that.  Well I looked in draft-ietf-rats-yang-tpm-charra-02 and it does not
    > contain any mention of the subject.  I think one or the other of the two drafts needs to address
    > this issue.  My preference is that it be in draft-birkholz-rats-network-device-subscription since
    > that's the draft that talks about limitations like
    >> Evidence is not streamed to an interested Verifier as soon as it is generated.
    > Which certainly still applies, it's just another case... you didn't know to subscribe to it until
    > after the evidence was generated when it booted.
    > 
    > Dave
    > 
    > -----Original Message-----
    > From: RATS <rats-bounces@ietf.org> On Behalf Of Eric Voit (evoit)
    > Sent: Wednesday, June 24, 2020 9:41 AM
    > To: rats@ietf.org
    > Cc: Wei Pan <william.panwei@huawei.com>om>; Birkholz, Henk <henk.birkholz@sit.fraunhofer.de>
    > Subject: [Rats] draft-birkholz-rats-network-device-subscription-00
    > 
    > Hi All,
    > 
    > This draft defines how to subscribe to a stream of attestation related Evidence on TPM-based network devices.  When subscribed, a Telemetry stream of verifiably fresh YANG notifications (which are generated when TPM PCRs are
    > extended) are pushed to the subscriber.
    > 
    > This draft integrates:
    >   *  Section 5 of draft-voit-rats-trusted-path-routing-01
    >   *  Elements of draft-xia-rats-pubsub-model
    > 
    > Thanks!
    > 
    > Eric, Henk, and Wei
    > 
    > 
    > -----Original Message-----
    > From: internet-drafts@ietf.org <internet-drafts@ietf.org>
    > Sent: Wednesday, June 24, 2020 12:19 PM
    > To: Eric Voit (evoit) <evoit@cisco.com>om>; Wei Pan <william.panwei@huawei.com>om>; Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
    > Subject: New Version Notification for
    > draft-birkholz-rats-network-device-subscription-00.txt
    > 
    > 
    > A new version of I-D, draft-birkholz-rats-network-device-subscription-00.txt
    > has been successfully submitted by Eric Voit and posted to the IETF repository.
    > 
    > Name:		draft-birkholz-rats-network-device-subscription
    > Revision:	00
    > Title:		Attestation Event Stream Subscription
    > Document date:	2020-06-24
    > Group:		Individual Submission
    > Pages:		20
    > URL:
    > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-birkholz-rats-network-device-subscription-00.txt&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029115135&amp;sdata=MnEJ5ZwAh4BlTNs09fk0Vr1H39j5N%2BJdyBQHNJp7BdY%3D&amp;reserved=0
    > Status:
    > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-birkholz-rats-network-device-subscription%2F&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029115135&amp;sdata=qukLQaq17P4ts20nW1L%2B2dB9zIM9XB9SRcscFWcOeLw%3D&amp;reserved=0
    > Htmlized:
    > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-birkholz-rats-network-device-subscription-00&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029125095&amp;sdata=Q0TfFjrfHZU%2FKFOT3li4JG0QoBa3Vo%2FkHTp00T6GbZY%3D&amp;reserved=0
    > Htmlized:
    > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-birkholz-rats-network-device-subscription&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029125095&amp;sdata=RLSvdRTcWX4Gew50X2DL7t2pE7N%2FA%2BKWrAVz0NhsbiA%3D&amp;reserved=0
    > 
    > 
    > Abstract:
    >     This document defines how to subscribe to a stream of attestation
    >     related Evidence on TPM-based network devices.
    > 
    > 
    > 
    > 
    > Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
    > 
    > The IETF Secretariat
    > 
    > 

    _______________________________________________
    RATS mailing list
    RATS@ietf.org
    https://www.ietf.org/mailman/listinfo/rats