[Rats] Review of draft-ietf-rats-tpm-based-network-device-attest/

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 03 August 2020 15:22 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id AC93D3A0B8F for <rats@ietfa.amsl.com>; Mon, 3 Aug 2020 08:22:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id NyQTlotY_Coj for <rats@ietfa.amsl.com>; Mon, 3 Aug 2020 08:22:45 -0700 (PDT)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A0853A0B84 for <rats@ietf.org>; Mon, 3 Aug 2020 08:22:45 -0700 (PDT)
Received: by mail-io1-xd2d.google.com with SMTP id q75so30736414iod.1 for <rats@ietf.org>; Mon, 03 Aug 2020 08:22:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=xXfcZfGt6Gzxar4xqiGie2kc9bYJhsP8N/znhdBWd0U=; b=S1qAb3E2V8yNjxDbBtiYxLChYzUzSKdkwJiLJrSrfx6VoojcPDvIUkWAOa0UtEyxMy lgy7+zQ0YGkmi9zYJ/28799ppTdoWovxjLCvnG9VbDxFxvqwPBa9icssnCpJSJUyPK6P WFfdtiv/68VA3bXQ9RlLHeHMWdjE5eOnbtxalucBWAuNtOTVSiPoqYu4jyL6ZMyjz0IF kNr+w0JiHBBjzJZW3wXZJo8iM+quDnD3xcKI9HhOTHuPv3rjXZn1u428dBgVZKbvUpPU frp39HTsxSc3LvOGjIMxlFW2QlzkgEH2WVOR0U8oTgWMuSALeYfdZdOczXTfX5MNbJ92 pO5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xXfcZfGt6Gzxar4xqiGie2kc9bYJhsP8N/znhdBWd0U=; b=QB75tnkmMCtumCqaWDWlcsMCM70zscJ3ZTYyAsmiuWDYLgr+ekYgrD7E76icE6rXpN IWnFmi/GsJWlhd1L742I50kb9/vnXGEKmYwL+hIj0y6v8t+PY+45cyQohPsUqCl+APjS ZQP9Y952AQdwrAwKHJ4+T5wegH7DxjZxrcsDS89EIEJV9Lqgqrrtnnl72FuaXHH/gCtL sdKAWjJyR1RlyNnwf6sA7uCeC5YPqvX7Uedy1djk7FDaIPfXDg59IfYczfJ0t6hCEs+H z4z6gK3OGfK8nBj59oQWoUkKW4p3Hjro8awSA4y07hu95MB+CiDO3tRr7seNgKacF7IU 9+Zg==
X-Gm-Message-State: AOAM5312Eq089zUCEh6v27AEftatcU3LfUkuJNObuRoj/NY8R/v9X2wp ptkDo2F4R/3WKNUcUs6didd9ts9aQSILHPD4Khjg90aY
X-Google-Smtp-Source: ABdhPJzJ9GhB5r8C1WBl73N+DPOam29RkwayvtcWkUWRJ4Jb/bBDxC/xglqZToVMyeV4knyX/9BeqhXnY68/570cOwU=
X-Received: by 2002:a5e:dd44:: with SMTP id u4mr368780iop.192.1596468164555; Mon, 03 Aug 2020 08:22:44 -0700 (PDT)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 3 Aug 2020 11:22:08 -0400
Message-ID: <CAHbuEH4R-mmPii39nEaQDLdQjeJKvUkFi6dyaY8ts0mGD9CHJg@mail.gmail.com>
To: rats@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d7f95605abfab56a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ND062KMSUccjxsFrxUi6BXDc70s>
Subject: [Rats] Review of draft-ietf-rats-tpm-based-network-device-attest/
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 15:22:47 -0000

Thank you to Jess and Guy for a very well written document.  I have 2
comments for the security considerations section.

You may want to make note that preventing collision attacks with digital
signatures is important (algorithm and key size selection).  While rare,
this type of attack will be more important to protect against as this
technology is further adopted.  This type of attack was successfully
conducted with STUXNET and yes, is very sophisticated.

The second item I think that is worth calling out is the attack vector in
the supply chain.  If the measurements provided are subverted in the
development phase where a compromise is embedded, it will be really hard to
detect.  Supply chain security, safe coding, QA, and other measures should
be in place.  It may be that this remains a potential vector, but calling
it out as a consideration could be important.  I had passed this along our
internal path to TCG as well, just so it is noted.

You get at this second point a little, but I think expanding it may help.

      "Attestation depends on an unbroken chain of measurements, starting
      from the very first measurement.  That first measurement is made

Fedorkow, et al.        Expires January 14, 2021               [Page 27]
Internet-Draft             Network Device RIV                  July 2020

      by code called the Root of Trust for Measurement, typically done
      by trusted firmware stored in boot flash.  Mechanisms for
      maintaining the trustworthiness of the RTM are out of scope for
      RIV, but could include immutable firmware, signed updates, or a
      vendor-specific hardware verification technique."

Best regards,