[Rats] RATS Architecture Document Review
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 26 February 2021 22:24 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4A673A0DF7 for <rats@ietfa.amsl.com>; Fri, 26 Feb 2021 14:24:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JEs2W_hZ8gXg for <rats@ietfa.amsl.com>; Fri, 26 Feb 2021 14:24:30 -0800 (PST)
Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6ED3F3A0DEA for <rats@ietf.org>; Fri, 26 Feb 2021 14:24:30 -0800 (PST)
Received: by mail-vk1-xa30.google.com with SMTP id k191so2268028vke.2 for <rats@ietf.org>; Fri, 26 Feb 2021 14:24:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=9Y67d0f10oS76rFcbLPMqO8opfhKbgYIKccegt0mgUA=; b=L+LDYy+9p5tV7QuKrk4UEGfQiwCU6Enr2sBRfwwr5J/3AStJZqiaVEYkWmg/Q2UQCy w99o4sD1y2PFpyGdw/PJDetR3PlT58bWpVU4YmZ0ZuZd5OFMcyVaGVh2CZV9JzIRMs6v Hxai+TzRJAIXNH/l2fEOnH2aZUIFA75MH9kCifVTtu6epU2ItB0D1sTy3SwL77IMAoR9 QuixF0J2IlO2XKGrAbVMmEgI3O5hkOGzh2X2LZ0BCAFPORb3wcnqziH5P82lsfWjdzjm yEEtgxerDQCKEUVy18DrJcUEHEJW+EV75BUdO3X+wO3aErtPiBBBjafDCEfQHwCVZqko MQmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=9Y67d0f10oS76rFcbLPMqO8opfhKbgYIKccegt0mgUA=; b=rOt0XX6A0h5dGlrskfe+EXnwaXZvzJkYsdXHU5eyUUNSQCbuo7ImGnI86D9/zdGgX8 FPrPKgncVTVlauUrt71uZV9RiY96coLBLWWPy0/7+G7P/hixJnEpMvHmjkK2GbjTTIdo HvhOn0VCKJ+I76agcW4C0tAbMbGK+F9BxC/DPnXI87HkaHqss02DvNlzifJr9OStcNO/ 8LW8fN3/x6yvcaRBevXQmO/QWX24BjcKxlGBVFvwWI9gYac4NE1k4+z8ou8m0JLepDW7 jroS+LVYDlxjzgu973+oaLQAnAZXBSIreX9hUZ0v6LvU17HRk6YYFXUc3JxxwFGO0nFW ks8g==
X-Gm-Message-State: AOAM532VW4ENsAtGy3/biedn24OtDgGKsgNGKkMAYoCLFcFANFImatAF R61EVBfT5llPe0OEr0Wsnv7if8y903LT3UEqyLdgsmFQbjNXPQ==
X-Google-Smtp-Source: ABdhPJwM7hkjYprJYiQHYAWn3F18BXzsicwtAsKNK/61YaJYJ7tvItFU4UcLWm2o3jk0SRIJvTq+tUNb2rJYEAx/v/o=
X-Received: by 2002:a1f:9b0e:: with SMTP id d14mr3399038vke.10.1614378268872; Fri, 26 Feb 2021 14:24:28 -0800 (PST)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 26 Feb 2021 17:23:53 -0500
Message-ID: <CAHbuEH4QBD+UsSuKp1VDMYrPxW9VkMeacN93buGW2iU1oXQz3g@mail.gmail.com>
To: rats@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003fd5f105bc44bbf0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/LwSiTJBc_6XikuExpoRdTtpWJvg>
Subject: [Rats] RATS Architecture Document Review
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2021 22:24:33 -0000
Greetings! I reviewed the RATS Architecture document with the intent of progressing this to last call soon as the document shepherd. The document has come a long way since my first and second detailed reviews, thank you all very much for all the work that has been put into this document! Here is my current set of comments, which do not include the Appendix. I will have to read that in the next few days. This should be quick to get through as text is suggested in most cases, it may appear long, but really is not. IETF RATS Architecture Review Abstract: The abstract limits remote attestation to network protocols and assessing peers. A major use for it will be posture assessment, which could be a management station that collects and verifies the evidence. Let's work this into the abstract so that the solution is not viewed as constrained as the abstract suggests. How about: OLD: In network protocol exchanges it is often the case that one entity requires believable evidence about the operational state of a remote peer. Such evidence is typically conveyed as claims about the peer's software and hardware platform, and is subsequently appraised in order to assess the peer's trustworthiness. The process of generating and appraising this kind of evidence is known as remote attestation. This document describes an architecture for remote attestation procedures that generate, convey, and appraise evidence about a peer's operational state. NEW: It is often the case that one entity requires believable evidence about the operational state of a remote peer. Such evidence is typically conveyed as claims about the peer's software and hardware platform, and is subsequently appraised in order to assess the peer's trustworthiness. The process of generating and appraising this kind of evidence is known as remote attestation. This document describes an architecture for remote attestation procedures that generate, convey, and appraise evidence about a peer's operational state. Introduction: NIT: RATS is provided as an acronym and used, but then the text reverts back to the expanded text. Choose how you'd like to do this an be consistent. Section 2.1: NIT: Network operators is too limited as others want this information as well. Suggest changing S/Network operators/Organizations/ OLD: Network operators want a trustworthy report that includes identity and version information about the hardware and software on the machines attached to their network, for purposes such as inventory, audit, anomaly detection, record maintenance and/or trending reports (logging). NEW: Organizations want a trustworthy report that includes identity and version information about the hardware and software on the machines attached to their network, for purposes such as inventory, audit, anomaly detection, record maintenance and/or trending reports (logging). OLD: The network operator may also want a policy by which full access is only granted to devices that meet some definition of hygiene, and so wants to get Claims about such information and verify its validity. NEW: An operator may also want a policy by which full access is only granted to devices that meet some definition of hygiene, and so wants to get Claims about such information and verify its validity. If this should be more generally readable, then removing the network focus here would help a general reader who might be concerned with lateral movement between applications rather than "access to the network". We no longer advise a mushy core (e.g. zero trust architecture), so I suggest the following word changes: OLD: Remote attestation is desired to prevent vulnerable or compromised devices from getting access to the network and potentially harming others. NEW: Remote attestation is desired to prevent vulnerable or compromised devices from gaining further access and potentially harming others. Section 11: NIT: Remove the closing paren in the second paragraph as there is no opening parentheses. "Many claims in Attestation Evidence and Attestation Results are potentially Personally Identifying Information) depending" The privacy section should also include a requirement for transport security protections via TLS, cTLS, DTLS, EDHOC/OSCOAP, IPsec to ensure only the intended party can access the content (unless that intended party has been compromised). Section 12.1.1: It might be worth calling out that this process could all occur on a single system. It reads as if that's the case for this section and you'll have an IESG with diverse backgrounds reading this. This seems to be conflating use cases for cryptography: "Cryptography can also be used to support confidentiality, but keys that are used to then provision attestation keys must somehow have been provisioned securely beforehand (a recursive problem)." It would be good to separate out encryption for transport and cryptographic protections for attestation at the object level or even the attestation keys for signing processes. It would be important to have this read well. You could mention transport level encryption, then a discussion on attestation keys and options for advanced provisioning (by hand is certainly an option for secure systems or mention the burn in process for TPMs by the manufacturer as an example. Perhaps include an example of how attestation keys might be provisioned to a TEE for use cases where the TEE is the attester. Section 12.2 Integrity protections should mention digital signatures over the evidence for the attestation. It may be obvious to the authors, but not to all readers. This should come before the other mentioned protections. The first sentence should be split in two to make this possible and to shorten the sentence. OLD: Any solution that conveys information used for security purposes, whether such information is in the form of Evidence, Attestation Results, Endorsements, or appraisal policy must support end-to-end integrity protection and replay attack prevention, and often also needs to support additional security properties, including: NEW: Any solution that conveys information used for security purposes, whether such information is in the form of Evidence, Attestation Results, Endorsements, or appraisal policy must support end-to-end integrity protection and replay attack prevention. Cryptographic digital signatures provide integrity protection, enabling verification that the data has not been altered since it was signed. Solutions often need to support additional security properties, including: A leap is made to the following paragraph and the reader will have trouble figuring out why it's there. Tie the following to an explanation of how one might know this information on whether the RoT is mutable or not and explain the cryptographic keys and functions are stored/performed in the RoT, digital signatures are applied within the RoT. This will explain the relevance to the integrity section. " To assess the security provided by a particular appraisal policy, it is important to understand the strength of the root of trust, e.g., whether it is mutable software, or firmware that is read-only after boot, or immutable hardware/ROM. It is also important that the appraisal policy was itself obtained securely. If an attacker can configure appraisal policies for a Relying Party or for a Verifier, then integrity of the process is compromised." 12.3: Make sure the text on transport encryption is added and fuller explanations on when you may or may not need transport encryption. It can be in the other section where I pointed this out and then put a reference to it from this text: "To mitigate this threat, the transport should be at least integrity protected and provide origin authentication." In a coherent section, discuss the physical security options, use cases within a single system, protected and physically isolated networks, and then any other use case requiring transport encryption. -- Best regards, Kathleen
- [Rats] RATS Architecture Document Review Kathleen Moriarty
- Re: [Rats] RATS Architecture Document Review Henk Birkholz