Re: [Rats] More use cases for draft-richardson-rats-usecases-00
Dave Thaler <dthaler@microsoft.com> Sat, 06 July 2019 02:20 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 676B812023E for <rats@ietfa.amsl.com>; Fri, 5 Jul 2019 19:20:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZB5vcWXBX07 for <rats@ietfa.amsl.com>; Fri, 5 Jul 2019 19:20:01 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700117.outbound.protection.outlook.com [40.107.70.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FF32120271 for <rats@ietf.org>; Fri, 5 Jul 2019 19:20:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VlTHKhkrcCrsjOeXP2kC2qMlucMVOT9ui0UdK6I7ECs18M1o9vd13WVTmR4z+hmBd5y9Ua3qlmwsrgzH3u+MIBTbWsQlnnJE95vsXi5THAN6RzynFimrn7WFUpDM+vCa0norNQb3t+M2LBch0IGShv2nw+YiAXWoqJYYCnTcfxttN9hN3yo2aK3+4qMrsFM3R/+CsalLUTrosSVJXzeghdkIZGJJ90I6F4lbThLho2VxnVcg74jXi4UOtvpOLT15g5RYb+af+TvvXg+fG/tbb9LB0lC3DmwrsoWrAz5BohzRTWbRuxN9J2lOriXOK9/YG7BCxyNVCxWYWrZ35B1BZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z/X2RLGCuiinZ0vAG+kq+ES7Fl4vd5+i0v/RtBkVk9o=; b=PEYnLW7yL4z2x7+n+djF6/TUvS+oPoAJn213NJ30x2qBS6bHD9I25Y5CoK5e4AlmNAHuD8dSVnYAMYCVfP526QNqbJXIsjYEF+vk/MmfkVMJsSdltNHTfSPir28TQM2rNKjc7xR7TmpLTVTmbxCxi9T/8aOAAbSjWhezWQr3yqAVFvvbMZlgSLfjCYqhA3RQMMY0QBbZnZ+3Dq55NSj0/7DojMB5nw6e9HYzaKFl0Y4SoHRz9ZpUjD5KbMSbovW2EGBjAmrDjaq+eUe5ryEL3fVJVuh4ZCvXeue/hfHuPrv+pejxFbGuHyextpDpib9B3AVluzq7hFIz2zNpRFV8fg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=microsoft.com;dmarc=pass action=none header.from=microsoft.com;dkim=pass header.d=microsoft.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z/X2RLGCuiinZ0vAG+kq+ES7Fl4vd5+i0v/RtBkVk9o=; b=M+litzcNlI7MdN/cwOOFJSUmKV95hrC91ftY0mykkoUxfM5zrEcs4KWcd56itiEcQnv40i2d2CR2tx+a7bTRMJU/hTycWP1+Mg84y3eDpDmnV8lqB9KD1N1vEnOG6jZCpoo+VqRPf2kkF/6LAs/FPY1Pf1EpaxrLwsqG/ElYF1U=
Received: from BN6PR21MB0497.namprd21.prod.outlook.com (10.172.112.7) by BN6PR21MB0130.namprd21.prod.outlook.com (10.173.199.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.2; Sat, 6 Jul 2019 02:19:59 +0000
Received: from BN6PR21MB0497.namprd21.prod.outlook.com ([fe80::5885:95cf:9573:e243]) by BN6PR21MB0497.namprd21.prod.outlook.com ([fe80::5885:95cf:9573:e243%14]) with mapi id 15.20.2073.004; Sat, 6 Jul 2019 02:19:59 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
CC: Carl Wallace <carl@redhoundsoftware.com>
Thread-Topic: [Rats] More use cases for draft-richardson-rats-usecases-00
Thread-Index: AQHVIt07UqXwjmBCtU2xA/h++i/79qabnq2AgAfKkwCAAKLmAIAYcA2AgAB9liA=
Date: Sat, 06 Jul 2019 02:19:58 +0000
Message-ID: <BN6PR21MB0497C7CDE96455DE52EED1BAA3F40@BN6PR21MB0497.namprd21.prod.outlook.com>
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <58E37DB5-098C-4387-9A52-4AECD0F69F25@island-resort.com> <6495.1553219901@dooku.sandelman.ca> <BA6E28A7-0F6A-46A8-AB1B-A64B9229F149@intel.com> <507.1553725386@dooku.sandelman.ca> <24C0968B-32B0-4EF1-99C8-61D3F0955BA1@intel.com> <793F9A34-050F-4914-AF4B-08C072730A06@island-resort.com> <D8C23800.D851F%carl@redhoundsoftware.com> <19652.1553943890@dooku.sandelman.ca> <D8C50A67.D8999%carl@redhoundsoftware.com> <79ccb2d7-09a3-913d-f47d-1e702a23b341@gmail.com> <29183.1560536152@localhost> <9a7e3efe-b021-f255-4afd-649ea0d5772d@gmail.com> <19489.1560973504@localhost> <e43e8f26-9692-0d0e-8eae-2ae74edcf5c0@gmail.com> <404.1562351963@localhost>
In-Reply-To: <404.1562351963@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-07-06T02:20:01.4816464Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=778b4844-84d7-4af1-9b28-3284f4c44d8e; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:4898:80e8:7:5278:9c01:a2b6:3f3c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 92a446ab-c11f-4b29-ffee-08d701b871fe
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BN6PR21MB0130;
x-ms-traffictypediagnostic: BN6PR21MB0130:
x-ms-exchange-purlcount: 1
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <BN6PR21MB013003EBFFCB58B0E1B2B641A3F40@BN6PR21MB0130.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:1332;
x-forefront-prvs: 00909363D5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39860400002)(376002)(396003)(346002)(136003)(366004)(13464003)(189003)(199004)(6436002)(305945005)(7736002)(5660300002)(52536014)(7696005)(66476007)(66574012)(8936002)(966005)(81166006)(10090500001)(6246003)(99286004)(66556008)(6116002)(74316002)(76116006)(66446008)(102836004)(53546011)(6506007)(64756008)(2906002)(8990500004)(66946007)(186003)(86362001)(46003)(68736007)(229853002)(110136005)(22452003)(71190400001)(9686003)(316002)(71200400001)(53936002)(6306002)(14454004)(76176011)(5024004)(256004)(14444005)(11346002)(2501003)(8676002)(81156014)(73956011)(10290500003)(4326008)(446003)(33656002)(476003)(55016002)(478600001)(486006)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR21MB0130; H:BN6PR21MB0497.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: obbMGUNPccpcUSUKATqG3l4Vojk+vcNKkp2PnbeBbfqIpKjr4yTnqLQ+n9xMRAivy/no0CgOlrtXovbTAeQBBdXt+4EeFYLCL053wVGwYFrnpqvDaAmnzWu//BENBPNlfAiZdy7UUY2SzuK+nvoMwkMzy7+Su1PX28/iTd82CFRPp1+tlRyQCAF3DZ8lpaJi1Qijt8haVAaz+FeDL/sECiRqD/un5vX0q07/04p1XX1MhuyXEYTpXQWxAxJgzgPr0mgFHKetFaTryDAosstpB+fpqUYVu8I8yQNZXBYB/dCf6u0l8OuWu90vvzffU4JvR1ZwdaWc44qc0QLoDtaBoXMrLtxmjOJtYSsQyT4ztAjcEZJ7mWWB9F+RnOacLopBUCCxa+513CqR4x7Zdx/t5Q26HbMo9f2wEgQgVCbHLFo=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 92a446ab-c11f-4b29-ffee-08d701b871fe
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2019 02:19:59.0123 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dthaler@ntdev.microsoft.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR21MB0130
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/hL1gLJVFrI1Yx0caKR8hQ-uZ3QA>
Subject: Re: [Rats] More use cases for draft-richardson-rats-usecases-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2019 02:20:14 -0000
My comments on draft-richardson-rats-usecases-02 are in the PDF at https://www.microsoft.com/en-us/research/uploads/prod/2017/05/draft-richardson-rats-usecases-02.pdf In addition, besides the additional references I mentioned in a comment in the PDF, there are additional use cases that I mentioned in the interim meeting. Feel free to incorporate this text: * TEEP: the "Trusted Application Manager (TAM)" server wants to verify the state of a TEE, or applications in the TEE, of a device. The TEE attests to the TAM, which can then decide whether to install sensitive data in the TEE, or whether the TEE is out of compliance and the TAM needs to install updated code in the TEE to bring it back into compliance with the TAM's policy. * Confidential ML model: Microsoft talked about this category of use cases at the recent Microsoft //build conference. An example use case is where a device manufacturer wants to protect its intellectual property in terms of the ML model it developed and that runs in the devices that its customers purchased, and it wants to prevent attackers, potentially including the customer themselves, from seeing the details of the model. This works by having some protected environment (e.g., a hardware TEE) in the device attest to some manufacturer's service, which if attestation succeeds, then the manufacturer service releases the model, or a key to decrypt the model, to the requester. If a hardware TEE is involved, then this use case overlaps with the TEEP use case. * Critical infrastructure: when a protocol operation can affect some critical system, the device attached to the critical equipment wants some assurance that the requester has not been compromised. As such, attestation can be used to only accept commands from requesters that are within policy. Hardware attestation in particular, especially in conjunction with a TEE on the requester side, can provide protection against many types of malware. Dave -----Original Message----- From: RATS <rats-bounces@ietf.org> On Behalf Of Michael Richardson Sent: Friday, July 5, 2019 11:39 AM To: rats@ietf.org; Anders Rundgren <anders.rundgren.net@gmail.com> Cc: Carl Wallace <carl@redhoundsoftware.com> Subject: Re: [Rats] More use cases for draft-richardson-rats-usecases-00 >> > A session based attestation is the combination of a static attestation >> > and the creation of a shared session key. That is, possible t >> > operations using the shared session key "inherit" the initial >> > attestation. Such operations use MAC signatures and symmetric >> > encryption (using keys derived from the session key) in order to form a >> > protected API. Ideally a session based attestation scheme also >> > provides "atomic" operation, terminated by a "commit" call. mcr> I understand. I'm not sure what to change, if anything, based upon mcr> your comments. Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > Doesn't TEEP represent yet another attestation concept where each > operation is attested? I certainly what to discuss this more. My understanding is that TEEP is looking for (and has probably found, via SUIT) a way for code to admitted into the trusted area from a network source. While I can imagine that the resulting new code might affect the measurements that get attested to, I'm not sure they are a use case distinct from other verified boot use cases. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Laurence Lundblade
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] 答复: More use cases for draft-richardso… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- [Rats] draft-richardson-rats-usecases-00 comments Anthony Nadalin
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
- [Rats] More use cases for draft-richardson-rats-u… Laurence Lundblade
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Anthony Nadalin
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- [Rats] 答复: More use cases for draft-richardson-ra… Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Thomas Fossati
- [Rats] Android attestations: Re: draft-richardson… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
- [Rats] aligning the use case documents appropriat… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Shawn Willden
- Re: [Rats] Android attestations: Re: draft-richar… Shawn Willden
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
- Re: [Rats] More use cases for draft-richardson-ra… Thomas Hardjono
- Re: [Rats] More use cases for draft-richardson-ra… Benjamin Kaduk
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson