IETF Logo Mail Archive

Re: [Rats] Function of an endorsement relative to evidence

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 05 June 2022 19:34 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E4CC14CF17 for <rats@ietfa.amsl.com>; Sun, 5 Jun 2022 12:34:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.705
X-Spam-Level:
X-Spam-Status: No, score=-1.705 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCjkwXvRZ74r for <rats@ietfa.amsl.com>; Sun, 5 Jun 2022 12:34:39 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D79BC14CF08 for <rats@ietf.org>; Sun, 5 Jun 2022 12:34:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 20D1B38F1F; Sun, 5 Jun 2022 15:49:46 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YXuusvPc8900; Sun, 5 Jun 2022 15:49:42 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A3FB738F19; Sun, 5 Jun 2022 15:49:42 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1654458582; bh=IEEKzg6nXhyTk2BJVwZ7Vkl4/EUJkpeScnSxam8ADpg=; h=From:To:Subject:In-Reply-To:References:Date:From; b=5IC8TjhYnZIY5PbpE4WOChUasSuomkbign/ddQhnJjJPbEtgC88qs/xdD4f2Auwfg 1I8MdDJxXy3hJBvaNOw4r+i/9jQEimjC08cFd+SmRD19bV2SmnDceu1aef+lO/LrMA njtO3D1WsVawHD+44185NUdWg1f1nU2spDfqWPpQIrPxQpm2zPeRhfPgOXO4DP0nm6 +xYK4PbeetU0XO+SyCtPX5S6iuk5MKVUswJ+qyKiy0v2se5CpwNLNQaEhODE3JdeFV aKPl/MLWJdqE0vve7TWnE2EP5TW7ztrMiV5MKOjGy9ulmV2ldmsSr3MDy/kOs5YGH4 oSN2t72V+wGOw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0549F35D; Sun, 5 Jun 2022 15:34:34 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Laurence Lundblade <lgl@island-resort.com>, rats <rats@ietf.org>
In-Reply-To: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com>
References: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 05 Jun 2022 15:34:33 -0400
Message-ID: <14746.1654457673@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/IWhY0h7CEajhmORxclHTUfSbv-M>
Subject: Re: [Rats] Function of an endorsement relative to evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2022 19:34:45 -0000

Laurence Lundblade <lgl@island-resort.com> wrote:
    > Assuming for the sake or argument here that the Attester Manufacturer
    > and Endorser are the same, it goes like this. The
    > Endorser/AttesterManufacturer only puts private keys into devices that
    > it knows are built correctly. They won’t lie. They’ll protect their
    > keys. They produce correct claims. This really is the fundamental work
    > of the Endorser/AttesterManufacturer above all else.

I'm with until you say, "They won't lie", as it's totally irrelevant.

Of course malware will lie.  That's the whole point of this process.
If they keys are protected, then the claims the malware generates will not
validate.   But, it will try, based upon some private key extracted out
of some other device that was subject to some silicon level attack.


A piece of Evidence, saying, "I'm security-level FOO", signed by ME, is
completely meaningless.
Only after the Verifier has looked up the public key can it have any meaning.
You know this, you've said exactly this multiple times.

But, only at that point, the "security-level" (or any other integer based
big/little comparison of stuff) comes out of the Endorsement.   It's just
wasted bits to put it anywhere else.

So, it is *NEVER* useful as Evidence.  EVER.

    > The Endorsement can mean “believe all the Evidence from this
    > Attester”. (It might always not be all the Evidence, but it will always
    > be some of the Evidence).

That's a really bizarre thing to put in an Endorsement.

    > By this it is entirely reasonable for security-level to be transmitted
    > either as an Endorsement or in Evidence.

No, it's not.

    > I think there is also room for security-level in Evidence in composite
    > device attestation. One Attester may have a good way to evaluate the
    > security-level of a subsystem, perhaps a subsystem that varies from
    > device to device.

I don't even believe this is useful.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email