Re: [Rats] Use case -> architecture document

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Mon, 04 November 2019 06:27 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2988D1209B0 for <rats@ietfa.amsl.com>; Sun, 3 Nov 2019 22:27:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NF6meJ3Xx9C5 for <rats@ietfa.amsl.com>; Sun, 3 Nov 2019 22:26:58 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130088.outbound.protection.outlook.com [40.107.13.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39622120116 for <rats@ietf.org>; Sun, 3 Nov 2019 22:26:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MwL0VYpHm75roMrg3mSKfUyv3nlDTKg7BRzE8k9/2vGKlDyf+oqT2uGhfvx9vV0Lc3Kus5bf2/TWm+ppc52SzQRDDTxrGyTCxpPysTuYW3zAh53isj1A76NCa8oWNaEEgUsf+BwWr4j48d0G9z/ozSUv7uacLUUPuT9UzdgpLKREA+8xUpAX8zGbhMhewl0UKG6ezm4cCgqjsaPiWGCl3+nWJAZ0XHcWSC3vK5M17HF48Jdtie/i1Zh0SLVDO3tcl+vLhK0zrWs+O0MGFlePGBrAbFAgqewB8SX3rxeCjc58DlTe+RvGhwSyyAqR1wZYYoKPeAXJ49QCGocS4BcS1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OdWIwSVqAGScVNehaMaZQ63XmmSKLURp1TpDTmAqkZ8=; b=Efx0EZ0+51qWzT0DhxMLXy9fHPde5cnbywl76FEntP5XAwS4VcoWL+3yL6j08KCnjDEjYxybor62bfO3doCwaS/qaGvzOhaeCguWf27gI65X4D0vADEJK4nXJ7+jWUvRNsB4fx5f1fcGgSGitbl19jdY3qPWBpGRt2yRTQYl0IibqPqg+uOepzuiX7CgvWJ5ahAeqPqW83/+cXv5D2VuK8fC+uZ5zxDEsfKnkgFROXrd5/iRD+QnS5SYoShEnOyySWbReVslicTkTQERb1SMq0d6JXVaTu4McpfMrrOWKKVzAZYu/3rjNCRiZvxg1WKd4rfOQduQv0vJzWrqsEHcBg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OdWIwSVqAGScVNehaMaZQ63XmmSKLURp1TpDTmAqkZ8=; b=UcGvMHmBy2X+IUbRZpjiSZESVc3D6NAECBtTcat2XHPu+FjD+ars7avGTD8tiSA+lADHij8HXGz4DIebYzVVS+o/Yerm4xgOoMFQAriWYwMWNpJIoqXq2P6sN5OnINGaYG+4WbFB179/8/plXVErR5y4rgkn8dql6jiEa8vDZOA=
Received: from AM5P190MB0482.EURP190.PROD.OUTLOOK.COM (10.161.65.11) by AM5P190MB0452.EURP190.PROD.OUTLOOK.COM (10.161.64.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Mon, 4 Nov 2019 06:26:55 +0000
Received: from AM5P190MB0482.EURP190.PROD.OUTLOOK.COM ([fe80::6c6c:2cd2:11dd:2aff]) by AM5P190MB0482.EURP190.PROD.OUTLOOK.COM ([fe80::6c6c:2cd2:11dd:2aff%5]) with mapi id 15.20.2408.024; Mon, 4 Nov 2019 06:26:55 +0000
From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Use case -> architecture document
Thread-Index: AQHVfpUtedcuT2wbS0SCyHTQ7+elcqdSM9uAgAAwqYCAABSIAIAACXkAgAAPgoCACDU2sIABGpkAgB4MXwCAAMZUAA==
Date: Mon, 4 Nov 2019 06:26:55 +0000
Message-ID: <20191104062654.e2q7cgz43auzozok@anna.jacobs.jacobs-university.de>
References: <C02846B1344F344EB4FAA6FA7AF481F13E9560C0@dggemm511-mbx.china.huawei.com> <CAHbuEH7WkqeyUW3sL5bdw5N25B6O7ZEF0Qkx03fE5c42Sd4M5w@mail.gmail.com> <b91baad2-2fc3-a5e4-6898-e2cddcda300d@sit.fraunhofer.de> <20191009145006.r2pjsoo6jxirah64@anna.jacobs.jacobs-university.de> <CAHbuEH6u-6GsJjK8s0eFQPLeSuGjPMgonhyQkmaeA6Q+rp42kA@mail.gmail.com> <9379d880-2b7e-6657-c547-b37bb7a9e466@sit.fraunhofer.de> <CAHbuEH7XfWgPT+=T-Za9Cw-5GRQj0_+WT3L+Kd4aPp6VvU9jAQ@mail.gmail.com> <MWHPR21MB078499E5D4A2A5E697924EC7A3900@MWHPR21MB0784.namprd21.prod.outlook.com> <20191015154500.ruv2ie36hsxfb3qq@anna.jacobs.jacobs-university.de> <df88e230-53ac-7f52-2534-d1e9dc1a508a@sit.fraunhofer.de>
In-Reply-To: <df88e230-53ac-7f52-2534-d1e9dc1a508a@sit.fraunhofer.de>
Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR0202CA0033.eurprd02.prod.outlook.com (2603:10a6:208:1::46) To AM5P190MB0482.EURP190.PROD.OUTLOOK.COM (2603:10a6:206:1d::11)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0c85a27e-8430-4108-d7dd-08d760effce4
x-ms-traffictypediagnostic: AM5P190MB0452:
x-ms-exchange-purlcount: 3
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM5P190MB045254BBEC533646634B0482DE7F0@AM5P190MB0452.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0211965D06
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39850400004)(346002)(376002)(366004)(199004)(189003)(8676002)(81166006)(8936002)(76176011)(81156014)(305945005)(71190400001)(71200400001)(186003)(14444005)(256004)(6916009)(476003)(486006)(46003)(7736002)(66574012)(1076003)(3450700001)(86362001)(6116002)(2906002)(6486002)(45776006)(11346002)(446003)(229853002)(99286004)(14454004)(316002)(478600001)(66476007)(66446008)(66946007)(66556008)(64756008)(6512007)(6436002)(25786009)(6306002)(386003)(6506007)(53546011)(52116002)(102836004)(54906003)(4326008)(5660300002)(786003)(966005)(561944003)(43066004)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P190MB0452; H:AM5P190MB0482.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bKslpXEESxE4R8Od6ZGV9QwWSJ+JontRGW+n9xcUoWNfC97Z+o2JUTJOBxjBDvt+p6fN82BGU8sHwj/Ff893VNlsaceSBI/vsZ5CTfER9CvKoRg6L2l8vF5BwIJp/cwfNI93yc3WfSP9tPauYqqbzB6ptjQwHZj0bVPWmv5heszIyOTfJFTx1ZQ/kjY1KjUnnV5r1ukVjki/JHZHBNCEq9Mk2ygVFQskBKCaJ+chkhbOQR9RTks3sOKH7TiqtHOopn8CU9m2sgucYQGHB9Uvmu/KPyTMbyaiRvI8BF/D1Xh3H53qwJwSe2eOybIHk66G+0xq3hH+WSgM9k4fqEuEgMeBrM+gy336Hjz1gx7+mNqzWiUkO4DhF8nMneMC6ihoIfWVCMmMniyXZgA4qqnVJvDhH4uOEznXexxFcWnwbpJtOPb3Ln7oVT1orOARF69sZjFpw7HdSQqJ+lW0w+aOEvmz4+/eGNGTFLuG+xFCKXc=
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <71362AB611DBE2469D43EA372E437DDE@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 0c85a27e-8430-4108-d7dd-08d760effce4
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2019 06:26:55.4259 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kQL/PXH6273ZsWiqRFd654O9DLkOhNQBrANyL22xY93WvIYos7MDb377Fz2y7DmLgMQN2GHdrzZTZ1uRkPYR2rJxygruzpAiHAG/wg9BFfk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0452
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/IT6rQdJDpuF7BIO86Mt4iWLv9kc>
Subject: Re: [Rats] Use case -> architecture document
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 06:27:06 -0000

Henk,

I prefer having all relevant interaction models in the architecture.

Looking at your architecture draft and "attestation characteristics"
(aka attestation principles), then I am not sure I do understand all
definitions. For me, 'relevance' seems somewhat unclear. Should such
terms be defined in an architecture doccument? Probably yes if they
are fundamental for understanding the technology and not covered by
generally known security terminology.

/js

On Sun, Nov 03, 2019 at 07:37:04PM +0100, Henk Birkholz wrote:
> Hi Jürgen,
> 
> in the RATS WG we split that specific challenge/response interaction (there
> are others, but this is the best understood one) out into this document:
> 
> > https://datatracker.ietf.org/doc/draft-birkholz-rats-reference-interaction-model/
> 
> An complementary approach was recently introduced here:
> 
> > https://datatracker.ietf.org/doc/draft-xia-rats-pubsub-model/
> 
> Both types of (and by inference - all) interaction adhere to the same
> "attestation principles" (which we are currently relabeled to "attestation
> characteristics" but this is more a matter of finding the most intuitive
> title here), which are included in one of the architecture documents.
> 
> I think you highlighted a good question that we should put to a call for
> consensus: Are attestation characteristics, such as freshness, provenance
> (often referred to as origination), or veracity defining (or vital) concepts
> for remote attestation procedures so that they belong into the architecture
> document?
> 
> Viele Grüße,
> 
> Henk
> 
> 
> 
> On 15.10.19 17:45, Schönwälder, Jürgen wrote:
> > Henk's architecture discusses 'Attestation Principles' that are not in
> > Dave's proposal. I guess the WG needs to decide whether to include
> > them or not. Are these important for understanding or guiding the RATS
> > work?
> > 
> > I also like to mention that there are research papers where the remote
> > attestation process is described more in the form of a challenge
> > response interaction, where the verifier sends a specific challenge to
> > a device and the device returns a response that is than evaluated by
> > the verifier. An example is "compute a hash over certain memory areas
> > within a certain time limit" and then the device returns the result
> > and the verifier checks whether it is what is expected.  The time
> > limit is used to control that an infected device can't reasonably
> > forward the challenge to obtain an answer from an unaffected device
> > that is then relayed back to the verifier. The question is whether the
> > architecture includes models where a stimuli is used to trigger the
> > production of a certain Evidence or whether this is left out of the
> > architectural picture on purpose. For more details, see for example
> > <doi.org/10.1145/2988546> (you will find a preprint if you search).

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>