Re: [Rats] Requesting a Nonce from a Verifier
Thomas Fossati <tho.ietf@gmail.com> Thu, 07 March 2024 04:36 UTC
Return-Path: <tho.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38140C14F6A9 for <rats@ietfa.amsl.com>; Wed, 6 Mar 2024 20:36:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWthziOejuQ7 for <rats@ietfa.amsl.com>; Wed, 6 Mar 2024 20:36:30 -0800 (PST)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE193C14F5E4 for <rats@ietf.org>; Wed, 6 Mar 2024 20:36:29 -0800 (PST)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-563b7b3e3ecso592097a12.0 for <rats@ietf.org>; Wed, 06 Mar 2024 20:36:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709786188; x=1710390988; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=eh8FBUApaargUPIriRJhIw2H2l7W3AZdXE2Q4sx4sMA=; b=QYPoNMdRyRdV+wnfdce307gz1G/9dXV1lfl9gYw6AByaFuU0B2iMqb37YL/npi0HZ5 U8zBbKrEquxkCVVAq9hmSUaWQIARi9hDgwRizS9nnICq4MS+qBxFENdIokgoZYM1ScJ1 i2peBSvVKNpkTKZbKF48BlkuxmEzE5mioBanlilnjiY00psJdKHCxE9W1TXC4j8c550w Ks4QWSsr285BpmIp8BlHV8SBbiowh5dwx01DHkM56eDarnsdGRDFs3DCiS4SlKBw5+bi GPVaI4qcegFs5466wL9y5/12lkF7pgkVc+NjoBV0ePoCfQUV7Zlpa05MMx7P4vMMbCls zUtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709786188; x=1710390988; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eh8FBUApaargUPIriRJhIw2H2l7W3AZdXE2Q4sx4sMA=; b=dObgOfQ5DmbpocQzqURWTjvTZbgXhJ6Bu9SHd08SBtEDVsP9VP0pd4aRP9hn5pVj2U G0cEhoilKAYY1gNKt7AMgRBU8TkHAJpxXlePRLjE0nsouC3+xjVsSBP7dHDtmvx26zQ1 V5r8fWd5Xv1jxywYYX67sf0uqznb1B+fNWlFqcVRkjphTFa+xVAw5cx/qAY9KlcFgVmx hhO7VKzzGKJ+a+Yfva6ZVa2N8OC2raTCHcoidPtrKqppHK6O7aR70pPACjC8uw0w6VLe BxIbXFX/E7covGwFryXjroLOJjXtgdxJ+gEAtVnDHBp8BC5XsmytVF9oa9jvgFygF9wB dQhw==
X-Forwarded-Encrypted: i=1; AJvYcCXu/Blg8M5Msi6N+tq94+5TcxL0Q8dACUEac8hoiOMzTLBkOGkeXEVzYQRXYBNyIWyxw5rLwy8CSmHo9leN
X-Gm-Message-State: AOJu0YwR6IDZrnzuiJ0ot4QhAUQZrohglxfRxQh0i00VOjXPeke+7k8W 4QE1DWt2xUHxAZxNMK7Zx3VoBZrz/5jOxCGSnU7dd7PVEwZ3REPGTFTO/nM1EXnmvvEGhqNu4mR DPeygzOKnKgggPZJRLLijUCiUeq8=
X-Google-Smtp-Source: AGHT+IEGhijrZAqj6f4qWo5TtjfM5lP/RxYa7r1z1yGOnel2OTjp4B+LTDJmggTQlvJWbuQsCDX9P7EE2a0HKvLcfj4=
X-Received: by 2002:a17:906:774c:b0:a45:ca39:c6d8 with SMTP id o12-20020a170906774c00b00a45ca39c6d8mr740291ejn.67.1709786187873; Wed, 06 Mar 2024 20:36:27 -0800 (PST)
MIME-Version: 1.0
References: <02c501da6987$d2d64490$7882cdb0$@gmx.net> <ecf9ac86-82f2-80b7-160a-bdde42387ef0@ietf.contact> <011b01da6d5e$e30e4e90$a92aebb0$@gmx.net> <a69d9a50-68e6-80c2-e400-f565da746d79@ietf.contact> <5E4A8C93-FC03-4780-9F41-F0CCA559B513@intel.com>
In-Reply-To: <5E4A8C93-FC03-4780-9F41-F0CCA559B513@intel.com>
From: Thomas Fossati <tho.ietf@gmail.com>
Date: Thu, 07 Mar 2024 05:36:16 +0100
Message-ID: <CAObGJnNPc_x691C0s7dEA_ccB0z6mQnN_xo5Ub8JOaD8PBkqgQ@mail.gmail.com>
To: "Smith, Ned" <ned.smith@intel.com>
Cc: Henk Birkholz <henk.birkholz@ietf.contact>, "hannes.tschofenig=40gmx.net@dmarc.ietf.org" <hannes.tschofenig=40gmx.net@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/M_figgMtFCoZqAAuk_K-g2lgKoI>
Subject: Re: [Rats] Requesting a Nonce from a Verifier
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2024 04:36:32 -0000
On Wed, Mar 6, 2024 at 5:54 PM Smith, Ned <ned.smith@intel.com> wrote: > I'm not sure I understand Hanne's use case. Is the CA doubling as the RATS Verifier? No, the CA is the RP. The CA trusts one or more verifiers. >If not, why does one CA need attestation results from multiple Verifiers I guess it is to support devices that produce composite evidence. > (would their responses be different)? In such a case, yes. For example, one verifier could be authoritative for "platform"-related evidence, another for the "workload" part.
- [Rats] Requesting a Nonce from a Verifier hannes.tschofenig
- Re: [Rats] Requesting a Nonce from a Verifier Henk Birkholz
- Re: [Rats] Requesting a Nonce from a Verifier Smith, Ned
- Re: [Rats] Requesting a Nonce from a Verifier Smith, Ned
- Re: [Rats] Requesting a Nonce from a Verifier Orie Steele
- Re: [Rats] Requesting a Nonce from a Verifier Watson Ladd
- Re: [Rats] Requesting a Nonce from a Verifier hannes.tschofenig
- Re: [Rats] Requesting a Nonce from a Verifier hannes.tschofenig
- Re: [Rats] Requesting a Nonce from a Verifier hannes.tschofenig
- Re: [Rats] Requesting a Nonce from a Verifier hannes.tschofenig
- Re: [Rats] Requesting a Nonce from a Verifier Orie Steele
- Re: [Rats] Requesting a Nonce from a Verifier hannes.tschofenig
- Re: [Rats] Requesting a Nonce from a Verifier Michael Richardson
- Re: [Rats] Requesting a Nonce from a Verifier Henk Birkholz
- Re: [Rats] Requesting a Nonce from a Verifier Orie Steele
- Re: [Rats] Requesting a Nonce from a Verifier Michael Richardson
- Re: [Rats] Requesting a Nonce from a Verifier hannes.tschofenig
- Re: [Rats] Requesting a Nonce from a Verifier Henk Birkholz
- Re: [Rats] Requesting a Nonce from a Verifier Smith, Ned
- Re: [Rats] Requesting a Nonce from a Verifier Thomas Fossati
- Re: [Rats] Requesting a Nonce from a Verifier Carl Wallace
- Re: [Rats] Requesting a Nonce from a Verifier Smith, Ned