Re: [Rats] A quick question about different message flow models of RATS architecture:

Dave Thaler <dthaler@microsoft.com> Sat, 16 November 2019 10:46 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A991120026 for <rats@ietfa.amsl.com>; Sat, 16 Nov 2019 02:46:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZClJqVlspz-z for <rats@ietfa.amsl.com>; Sat, 16 Nov 2019 02:46:48 -0800 (PST)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690123.outbound.protection.outlook.com [40.107.69.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 339F8120019 for <rats@ietf.org>; Sat, 16 Nov 2019 02:46:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hGCbsFCGhNCgtiTLlFeDVQJadoO5l44PQnHSB9UF1wYsNhbSQtwC84ewA2JtCfOaKFjHJupCrClegk4HI0hl00bkqwhzbegbvdcRWLnMqFtWlBF65Q2715ydnsZ+sMRTjUo04xW6jwCkpBhLX/Tcn0wrFU5skbKLVm4upUjJUrcRsUUDC13kzvZiyMQMjRnXvFRwLDUdCkSJL2qpFpkHfmR3w1whnY+PVwFhHk+v+2E4SH8TiwqqTocExjNrMFMqqPlKo3JwWkvz9zbVnAwz0k8Potdx7rfEniF3UEhTb1JXDq5SVs6O/QZxJxiHc1zXpoh2N66FTEZ7QSIlIq6liw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n0WsxxzXtCNXs8gaN+z/FGizoEHtX1JHlSCpoMExcoM=; b=CrygskJohJbnfu0OrODAVf4Oik/tTeu+wuUp8qgpHtGzRBm1XFV4sg9XNvh7QpfuMrFMoKeZn+9mCI/t4U0xxMx3mT+13cBogHMeaQ7GZ2DAqJzrAL00B0XBv2I50DW9tH2xJWgWPwrj1XIcxGaKMnGUwfEOTlX9yzeMIuOy5Ldcn9lkM5WH6780s5igeXRJTAbg8kWETaIpOS7MCC1PaUtRvrPMIDE0USpxZBo+rV0j01wcNVNxH+zHIEPsR12DSoSh9M0W5scVQCrgvOusFbVDos+zgzXRODVyZsf/W6//87OBXVapIsjDuXKGJKfa9Tsi3q7qCxCGo2yEXxDqHw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n0WsxxzXtCNXs8gaN+z/FGizoEHtX1JHlSCpoMExcoM=; b=MqwxS9xCna3oX5sDADZrKwm7HY9h9g7InJSjZ965mV+sGrDWGhF1GtpIVgZDFhgnIA8z7UX9BrMAEsMiXyph2dM8Xx9ejwv1grdleTlA/Mlvd98K47MzjSptstNTQNVt+QQdhY5wFzetAkbREcM37WFMgaP6EECpPXPsA9o05tM=
Received: from MWHPR21MB0784.namprd21.prod.outlook.com (10.173.51.150) by MWHPR21MB0287.namprd21.prod.outlook.com (10.173.53.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.6; Sat, 16 Nov 2019 10:46:44 +0000
Received: from MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::8d41:8f86:8654:8439]) by MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::8d41:8f86:8654:8439%12]) with mapi id 15.20.2474.001; Sat, 16 Nov 2019 10:46:43 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: A quick question about different message flow models of RATS architecture:
Thread-Index: AdWcaLSXt4ZnbTW/T8mp21C+ZFHK2AAAhnRA
Date: Sat, 16 Nov 2019 10:46:43 +0000
Message-ID: <MWHPR21MB0784D0B25BF3687DAF7C752EA3730@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <C02846B1344F344EB4FAA6FA7AF481F13EA39686@DGGEMM531-MBS.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F13EA39686@DGGEMM531-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-11-16T10:46:42.8603535Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=7a5776cf-c5e1-4ffe-9495-36cf0d00eda8; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:67c:1232:144:c826:a42f:69af:2a0a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 39b932b6-a134-468c-cc31-08d76a82456d
x-ms-traffictypediagnostic: MWHPR21MB0287:
x-microsoft-antispam-prvs: <MWHPR21MB0287990C392420DE2BA6FB68A3730@MWHPR21MB0287.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 02234DBFF6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(366004)(39860400002)(136003)(199004)(189003)(71190400001)(256004)(22452003)(110136005)(2420400007)(5660300002)(25786009)(54896002)(6436002)(81156014)(81166006)(9686003)(15650500001)(486006)(478600001)(2906002)(10290500003)(6306002)(476003)(14454004)(10090500001)(66476007)(66946007)(66446008)(55016002)(52536014)(8990500004)(64756008)(66556008)(2501003)(102836004)(229853002)(74316002)(7736002)(6116002)(8936002)(46003)(8676002)(76176011)(53546011)(86362001)(6246003)(790700001)(33656002)(11346002)(186003)(7110500001)(316002)(99286004)(7696005)(71200400001)(6506007)(76116006)(14444005)(446003); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0287; H:MWHPR21MB0784.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8WGUYpal0ywErTKRdVanIAVOFcgvIhKVuL5zaWRekPsKcbG2kim4t91KbRTIxeamSOgBc0lW3av8Kfb4q1F2tCnH6SFemeElh6Hg7Pc2PpvAM/evjGKefkOf4g/MZPkE43W+vOVyj8m2BOGhLwflyTYfqZWcmhg4JX8Hk9Dm3aKFVMH7tx621XjhkFNNDIRKILV++OgYo7uqrzlJlgSYGiKjKi6KmZbjRYaq8+5riuBEM+WZeyaRGFLdqv2G7uKD7tBcqvGaT99Jgd6T7qcnGJPppwsIrbMBeCDxe8wNgyyPJDkChyaU4OtKcfUWMw/ogGuUp3LRKAA7A5PPuULZQQMX0+dn1ytRNUVMU2dwE0hqFRG9/1fJYKomqailTOC45rRqLvKWAdIrWHRhcTG81RbUKyEyC4F6oJ4WELlOtLiQIYJjkShlKbvdIw59oGX0
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB0784D0B25BF3687DAF7C752EA3730MWHPR21MB0784namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 39b932b6-a134-468c-cc31-08d76a82456d
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2019 10:46:43.7781 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uLZ9LyawYts8AVwrhbCSkYm1F9bcUPCoJNMNWDRAAeIT2TD61mzyxox97Jds6a0mhFubw0EyFEtr6yx+QQ1WjOgTLXX+FmpCY8Z7t40LBIY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0287
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/McipiBMLfGCvX2Pw9SfjgAnQXA0>
Subject: Re: [Rats] A quick question about different message flow models of RATS architecture:
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Nov 2019 10:46:51 -0000

Both models are potentially suitable for initial onboarding in different situations/topologies, and both models are potentially suitable for runtime permission.

But yes it is possible that different models are used by the same network for different life stages of devices, or for different devices for the same stage.
Whether that's desirable or not is a different question (to which I don't know the answer), but yes it is possible.

From: RATS <rats-bounces@ietf.org> On Behalf Of Xialiang (Frank, Network Standard & Patent Dept)
Sent: Saturday, November 16, 2019 6:35 PM
To: rats@ietf.org
Subject: [Rats] A quick question about different message flow models of RATS architecture:

Hi,
>From my understanding, background check model is suitable for device onboarding stage for network access control, and passport model is suitable for device running time permission of specific service request.
If the above understanding makes sense to certain level, is it possible a network will use both of them, but for different life circle stage of device?

B.R.
Frank