IETF Logo Mail Archive

Re: [Rats] Call for charter consensus

Carl Wallace <carl@redhoundsoftware.com> Sat, 19 January 2019 12:29 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4344130DC2 for <rats@ietfa.amsl.com>; Sat, 19 Jan 2019 04:29:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AzKbF3Hn6Wz5 for <rats@ietfa.amsl.com>; Sat, 19 Jan 2019 04:29:41 -0800 (PST)
Received: from mail-qk1-x743.google.com (mail-qk1-x743.google.com [IPv6:2607:f8b0:4864:20::743]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8011F128CF3 for <rats@ietf.org>; Sat, 19 Jan 2019 04:29:41 -0800 (PST)
Received: by mail-qk1-x743.google.com with SMTP id y16so9569265qki.7 for <rats@ietf.org>; Sat, 19 Jan 2019 04:29:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version:content-transfer-encoding; bh=DTo8zQ7rXs+ALn0fGqyRjJu+zu0r8uP9C8yqlsPLL8E=; b=MBJoxr1pN5QTUXtID55ajKNGtqCH8YJ88Bt+g4+652O6a6pIx6695jJnlBZq+AKZlr wYsBbX3K5rpGM5ePz1tAA9GowvAiRQeKyXnh145n6YcQaIhGqQH0qJetan6lrVv7VSNR MNjOckRiqAtVpxtf+FwczxKy0qdnN2SbEEX00=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=DTo8zQ7rXs+ALn0fGqyRjJu+zu0r8uP9C8yqlsPLL8E=; b=pn/ZmHrwphHnJBHWPpZLPqER+HoWsghwYMnu9SjxRMKyifZXkMEIk+BDc0+azb0Bu7 +HRv5JSs334NzRfiNr2++pPM16Jp60/lBs1ACNm8wshvyCVsufr1VGoFhA14jVcLY4j7 1knzyTrMtPkoklLe87wkLOX+zD5Zao08h12tBL87sVJ5FZGjUFsuhiPqQndeYo3C3mzm wbAIQnJpvJs2UTwocz6CQ0OvDWYFaqCt2/eMwb+Zs8AxdsGLw97b2jbmSIeaDEEGu1DC 2Z5aSNK6NXATPce90HOxs2L4bq+yavOwD52dSwvL6kUcJJpsTsVo6wzoYRBXdyNrtKiu gRww==
X-Gm-Message-State: AJcUukeq6bsHfhcRfvZb6rJduKzd3KobU16ypjNqFlyogyhDc9qKgCMa pOLa05t01frWicLDndJXXFiywQ==
X-Google-Smtp-Source: ALg8bN6aflN74Umqawlwbj9IFBCs2cIkKxKyXvuI9DZD+R+LLp6boZiGIfooq8psUCXUfbvnCgTM1Q==
X-Received: by 2002:a37:ad15:: with SMTP id f21mr19036665qkm.267.1547900980483; Sat, 19 Jan 2019 04:29:40 -0800 (PST)
Received: from [192.168.1.180] (pool-173-66-82-22.washdc.fios.verizon.net. [173.66.82.22]) by smtp.googlemail.com with ESMTPSA id x49sm75973274qta.89.2019.01.19.04.29.37 (version=TLS1 cipher=AES128-SHA bits=128/128); Sat, 19 Jan 2019 04:29:39 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Sat, 19 Jan 2019 07:29:30 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "rats@ietf.org" <rats@ietf.org>
Message-ID: <D8687BF3.D0B91%carl@redhoundsoftware.com>
Thread-Topic: [Rats] Call for charter consensus
References: <D86754B8.D099E%carl@redhoundsoftware.com> <C79C7D38-3544-4CDB-94C5-2F49FF0D7BE2@cisco.com> <AD9A3A3C-42FD-48A0-8B5B-A1F6644573DB@redhoundsoftware.com> <20190119012335.GT81907@kduck.mit.edu>
In-Reply-To: <20190119012335.GT81907@kduck.mit.edu>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/MsCX7DwYbgyup7BFHZIWkv4EgyA>
Subject: Re: [Rats] Call for charter consensus
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jan 2019 12:29:44 -0000

Inline...


On 1/18/19, 8:23 PM, "Benjamin Kaduk" <kaduk@mit.edu> wrote:

>On Fri, Jan 18, 2019 at 06:54:44PM -0500, Carl Wallace wrote:
>> Inline...
>> 
>> > On Jan 18, 2019, at 6:27 PM, Nancy Cam-Winget (ncamwing)
>><ncamwing@cisco.com> wrote:
>> > 
>> > Hi Carl,
>> > <Chair hat-off>
>> > It is my experience in the IETF that we focus more in the definition
>>of data models and transfer/transport mechanisms for information (e.g.
>>yang, netconf, radius, nea) but how the information is applied is
>>typically out of scope.
>> 
>> Many verifiable data models (e.g., X509, CMS, JOSE, COSE, etc.) include
>>verification rules.
>
>I attempted (probably poorly) on the call to make a point that in some
>sense there are two different types of thing in the RATS workflow we're
>thinking about, that could be called "verification".  On the one hand,
>there's the raw crypto bits of "this is what signature validation/MIC
>verification/etc. you have to do in order to get the cryptographic
>validation that key X generated data Y [at time Z]", but once you've done
>that, the decision of verifying that Y and Z are something you find
>trustworthy to perform action W is not really something we can
>standardize.

[CW] Depending on where you are drawing the "decision" line, I don't
disagree with any of this. However, as a relying party of several
currently available attestation types, I can say that all I have
encountered are broken in one or more ways related to verification,
including: misapplication of security specifications, poor definition of
trust establishment practices, misuse of structures relevant to trust
establishment, misencoding of structures relevant for assessment of
attestation contents, unstable structure definitions, "interesting" use of
extensibility mechanisms. Each complicates interoperability and code reuse
without even considering that each is different. Most of these issues are
at the intersection of proprietary attestation structures and standard
security layers, i.e., the procedures that appear to be missing in the
charter goals.

While it may be fair to simply write this all off as implementation
errors, my hope is that RATS will help greatly improve the landscape with
a solid set of standards accompanied by sample artifacts for testing.


>
>My understanding is that we plan to talk about the crypto but not, at
>least
>at first, what you do after confirming that the crypto has not been
>tampered with.

[CW] The relevance of what one does during/after crypto will vary with the
nature of the claim and likely can't be avoided in all cases.

>
>> >  
>> > <Chair hat-on>
>> > As to the consensus of the group and the charter during the call,
>>there was no consensus to the last item (the assessment of claims).
>>Additionally,
>> > I don’t believe we have permanently omitted the “assessment” portion.
>> > The understanding is that we need to charter to a scope that we can
>>achieve and if and when in that process we need to recharter to include
>>other work items we can certainly do so.
>> >  
>> OK. 
>
>Yup, we want to bite off a manageable chunk for the initial round, and add
>on later as needed.

[CW] As noted, I don't think omitting procedures for verification and use
of the structures is a good idea but won't belabor the point further as a
charter point.
>

>>

v2.23.0 | Report a Bug | By Email