Re: [Rats] Call for charter consensus
Carl Wallace <carl@redhoundsoftware.com> Sat, 19 January 2019 12:29 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4344130DC2 for <rats@ietfa.amsl.com>; Sat, 19 Jan 2019 04:29:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AzKbF3Hn6Wz5 for <rats@ietfa.amsl.com>; Sat, 19 Jan 2019 04:29:41 -0800 (PST)
Received: from mail-qk1-x743.google.com (mail-qk1-x743.google.com [IPv6:2607:f8b0:4864:20::743]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8011F128CF3 for <rats@ietf.org>; Sat, 19 Jan 2019 04:29:41 -0800 (PST)
Received: by mail-qk1-x743.google.com with SMTP id y16so9569265qki.7 for <rats@ietf.org>; Sat, 19 Jan 2019 04:29:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version:content-transfer-encoding; bh=DTo8zQ7rXs+ALn0fGqyRjJu+zu0r8uP9C8yqlsPLL8E=; b=MBJoxr1pN5QTUXtID55ajKNGtqCH8YJ88Bt+g4+652O6a6pIx6695jJnlBZq+AKZlr wYsBbX3K5rpGM5ePz1tAA9GowvAiRQeKyXnh145n6YcQaIhGqQH0qJetan6lrVv7VSNR MNjOckRiqAtVpxtf+FwczxKy0qdnN2SbEEX00=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=DTo8zQ7rXs+ALn0fGqyRjJu+zu0r8uP9C8yqlsPLL8E=; b=pn/ZmHrwphHnJBHWPpZLPqER+HoWsghwYMnu9SjxRMKyifZXkMEIk+BDc0+azb0Bu7 +HRv5JSs334NzRfiNr2++pPM16Jp60/lBs1ACNm8wshvyCVsufr1VGoFhA14jVcLY4j7 1knzyTrMtPkoklLe87wkLOX+zD5Zao08h12tBL87sVJ5FZGjUFsuhiPqQndeYo3C3mzm wbAIQnJpvJs2UTwocz6CQ0OvDWYFaqCt2/eMwb+Zs8AxdsGLw97b2jbmSIeaDEEGu1DC 2Z5aSNK6NXATPce90HOxs2L4bq+yavOwD52dSwvL6kUcJJpsTsVo6wzoYRBXdyNrtKiu gRww==
X-Gm-Message-State: AJcUukeq6bsHfhcRfvZb6rJduKzd3KobU16ypjNqFlyogyhDc9qKgCMa pOLa05t01frWicLDndJXXFiywQ==
X-Google-Smtp-Source: ALg8bN6aflN74Umqawlwbj9IFBCs2cIkKxKyXvuI9DZD+R+LLp6boZiGIfooq8psUCXUfbvnCgTM1Q==
X-Received: by 2002:a37:ad15:: with SMTP id f21mr19036665qkm.267.1547900980483; Sat, 19 Jan 2019 04:29:40 -0800 (PST)
Received: from [192.168.1.180] (pool-173-66-82-22.washdc.fios.verizon.net. [173.66.82.22]) by smtp.googlemail.com with ESMTPSA id x49sm75973274qta.89.2019.01.19.04.29.37 (version=TLS1 cipher=AES128-SHA bits=128/128); Sat, 19 Jan 2019 04:29:39 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Sat, 19 Jan 2019 07:29:30 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "rats@ietf.org" <rats@ietf.org>
Message-ID: <D8687BF3.D0B91%carl@redhoundsoftware.com>
Thread-Topic: [Rats] Call for charter consensus
References: <D86754B8.D099E%carl@redhoundsoftware.com> <C79C7D38-3544-4CDB-94C5-2F49FF0D7BE2@cisco.com> <AD9A3A3C-42FD-48A0-8B5B-A1F6644573DB@redhoundsoftware.com> <20190119012335.GT81907@kduck.mit.edu>
In-Reply-To: <20190119012335.GT81907@kduck.mit.edu>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/MsCX7DwYbgyup7BFHZIWkv4EgyA>
Subject: Re: [Rats] Call for charter consensus
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jan 2019 12:29:44 -0000
Inline... On 1/18/19, 8:23 PM, "Benjamin Kaduk" <kaduk@mit.edu> wrote: >On Fri, Jan 18, 2019 at 06:54:44PM -0500, Carl Wallace wrote: >> Inline... >> >> > On Jan 18, 2019, at 6:27 PM, Nancy Cam-Winget (ncamwing) >><ncamwing@cisco.com> wrote: >> > >> > Hi Carl, >> > <Chair hat-off> >> > It is my experience in the IETF that we focus more in the definition >>of data models and transfer/transport mechanisms for information (e.g. >>yang, netconf, radius, nea) but how the information is applied is >>typically out of scope. >> >> Many verifiable data models (e.g., X509, CMS, JOSE, COSE, etc.) include >>verification rules. > >I attempted (probably poorly) on the call to make a point that in some >sense there are two different types of thing in the RATS workflow we're >thinking about, that could be called "verification". On the one hand, >there's the raw crypto bits of "this is what signature validation/MIC >verification/etc. you have to do in order to get the cryptographic >validation that key X generated data Y [at time Z]", but once you've done >that, the decision of verifying that Y and Z are something you find >trustworthy to perform action W is not really something we can >standardize. [CW] Depending on where you are drawing the "decision" line, I don't disagree with any of this. However, as a relying party of several currently available attestation types, I can say that all I have encountered are broken in one or more ways related to verification, including: misapplication of security specifications, poor definition of trust establishment practices, misuse of structures relevant to trust establishment, misencoding of structures relevant for assessment of attestation contents, unstable structure definitions, "interesting" use of extensibility mechanisms. Each complicates interoperability and code reuse without even considering that each is different. Most of these issues are at the intersection of proprietary attestation structures and standard security layers, i.e., the procedures that appear to be missing in the charter goals. While it may be fair to simply write this all off as implementation errors, my hope is that RATS will help greatly improve the landscape with a solid set of standards accompanied by sample artifacts for testing. > >My understanding is that we plan to talk about the crypto but not, at >least >at first, what you do after confirming that the crypto has not been >tampered with. [CW] The relevance of what one does during/after crypto will vary with the nature of the claim and likely can't be avoided in all cases. > >> > >> > <Chair hat-on> >> > As to the consensus of the group and the charter during the call, >>there was no consensus to the last item (the assessment of claims). >>Additionally, >> > I don’t believe we have permanently omitted the “assessment” portion. >> > The understanding is that we need to charter to a scope that we can >>achieve and if and when in that process we need to recharter to include >>other work items we can certainly do so. >> > >> OK. > >Yup, we want to bite off a manageable chunk for the initial round, and add >on later as needed. [CW] As noted, I don't think omitting procedures for verification and use of the structures is a good idea but won't belabor the point further as a charter point. > >>
- [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Michael Richardson
- Re: [Rats] Call for charter consensus Hannes Tschofenig
- Re: [Rats] Call for charter consensus Giridhar Mandyam
- Re: [Rats] Call for charter consensus Carl Wallace
- Re: [Rats] Call for charter consensus Smith, Ned
- Re: [Rats] Call for charter consensus Eric Voit (evoit)
- Re: [Rats] Call for charter consensus Benjamin Kaduk
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Henk Birkholz
- Re: [Rats] Call for charter consensus Ira McDonald
- Re: [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)
- Re: [Rats] Call for charter consensus Carl Wallace
- Re: [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)
- Re: [Rats] Call for charter consensus Benjamin Kaduk
- Re: [Rats] Call for charter consensus Carl Wallace
- Re: [Rats] Call for charter consensus Benjamin Kaduk
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Daniel P. Smith
- Re: [Rats] Call for charter consensus Fuchs, Andreas
- Re: [Rats] Call for charter consensus Shwetha Bhandari (shwethab)
- Re: [Rats] Call for charter consensus Jessica Fitzgerald-McKay
- Re: [Rats] Call for charter consensus William Bellingrath
- [Rats] 答复: Call for charter consensus Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] Call for charter consensus Monty Wiseman
- Re: [Rats] Call for charter consensus Carsten Bormann
- Re: [Rats] Call for charter consensus Carsten Bormann
- Re: [Rats] Call for charter consensus Laurence Lundblade
- Re: [Rats] Call for charter consensus Frank MATTHIAS KOVATSCH
- Re: [Rats] Call for charter consensus Laffey, Tom (HPE Aruba)
- Re: [Rats] [EAT] FW: Call for charter consensus Mathias Brossard
- Re: [Rats] [EAT] FW: Call for charter consensus Diego R. Lopez
- Re: [Rats] Call for charter consensus Simon Frost
- Re: [Rats] [EAT] FW: Call for charter consensus Jeremy O'Donoghue
- Re: [Rats] Call for charter consensus Anthony Nadalin
- Re: [Rats] Call for charter consensus Nancy Cam-Winget (ncamwing)