IETF Logo Mail Archive

Re: [Rats] EAT document (was Re: CDDL for CWT, JWT, UCCS and UJCS)

Laurence Lundblade <lgl@island-resort.com> Sun, 31 October 2021 19:08 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A7D33A11FB for <rats@ietfa.amsl.com>; Sun, 31 Oct 2021 12:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0QxScPiFspn for <rats@ietfa.amsl.com>; Sun, 31 Oct 2021 12:08:14 -0700 (PDT)
Received: from p3plsmtpa07-06.prod.phx3.secureserver.net (p3plsmtpa07-06.prod.phx3.secureserver.net [173.201.192.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78DA33A11FA for <rats@ietf.org>; Sun, 31 Oct 2021 12:08:14 -0700 (PDT)
Received: from [192.168.1.7] ([75.80.148.243]) by :SMTPAUTH: with ESMTPA id hGBfmNTU0t5zQhGBgmG1Pp; Sun, 31 Oct 2021 12:08:12 -0700
X-CMAE-Analysis: v=2.4 cv=d+QwdTvE c=1 sm=1 tr=0 ts=617ee99c a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=IkcTkHD0fZMA:10 a=l70xHGcnAAAA:8 a=48vgC7mUAAAA:8 a=e4SfKWIPNAUj7-g6YRAA:9 a=QEXdDO2ut3YA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <e265e5f9-8912-7bd4-25fe-fc9bd2368c60@sit.fraunhofer.de>
Date: Sun, 31 Oct 2021 12:08:06 -0700
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, rats <rats@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FC65F8D4-400F-4A60-9853-6456DEF4D4A5@island-resort.com>
References: <DF92CC30-A84C-4474-AF2B-C51C9856534D@island-resort.com> <19047.1635268801@localhost> <19539.1635348327@localhost> <04884B13-AF2B-4C77-830D-2DBEC6EA2777@island-resort.com> <655a5819-0428-5f3e-1b40-b0680f4cdabf@sit.fraunhofer.de> <36DC4FB2-F83A-48AA-9A8B-CEE493944770@island-resort.com> <e265e5f9-8912-7bd4-25fe-fc9bd2368c60@sit.fraunhofer.de>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfNs6yhJw8aa90VFYXGL+qVmcpqu1DX4V57ivmMdviOQfXdybyPeD+QxvcJ+ponyTqiNiHVVUcDLTpjoE8jr3NKcQTPfhDU0pzewnyvjX8KO96XO1T2OO Zo0SPHcYk5XrJodpTbTGFkekq/X08FP8oUrxSlwvkaBUMGA9WultToHn+ryMU/xn8HpnLnri3fHBT3pN/ZzRPnI50X6mnaugtoWGkRtpWoD3Zi+0C5kck7+6 2FYTY0PC9SXbVhE4iBifl2LKKMxIe2SdY4LMhU9T/UY=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/NopCwWtCwq8yFg4L-VRsLLgBfAA>
Subject: Re: [Rats] EAT document (was Re: CDDL for CWT, JWT, UCCS and UJCS)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Oct 2021 19:08:19 -0000

Hey Henk,

Pretty much agree with all you say below. Completely understand that EAT doesn’t fit every use case. Thanks for taking the time write it out. :-)

As to Michael’s comment "it does not seem like the document is actually that important.”
- Henk provides some good reasons below
- EAT lines up well for big use case like FIDO and the Android Key Store 
- It works well with TEE’s. It is used by SUIT, is integrated into ARM’s Trusted Firmware and is a part of ARM’s PSA certified program
- If you can’t afford to solder a TPM into you IoT device and your device needs the most compact representation, doesn’t use YANG and such, EAT is a good candidate

Now that the core writing for EAT is done, I hope to spend more time seeing how it fits with other RATS work. Am open to changes in EAT, particularly improving the claims, to make it fit better.

LL



> On Oct 27, 2021, at 3:14 PM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
> 
> Hi Laurence,
> 
> one step towards answering the question "what will a person implementing RATS use if they are not using yang?" is of course > draft-ietf-rats-reference-interaction-models
> 
> But of course that work does not provide you with a set of protocols (aka the complete answer), but only with a set of models to chose from in order to build the acutal protocol.
> 
> Now - I've been holding back on that one - TUDA is of course a very exact protocol how to convey evidence and that would be one candiate> draft-birkholz-rats-tuda
> 
> Alas, that protocol does not require EAT, as well as YANG TPM CHARRA does not. In consequence, I like the notion to align EAT more to TUDA or to YANG of course, but I am not certain that that is actually possible. I'd really appreciate proposals that illustrate how to do that.
> 
> EAT brings a lot of flexibility to the table, especially if the layout of an attesting environment is under your design control. Mix in some simple component hierarchy that is also under your direct control, such as with cell phones, and EAT is an excellent fit.
> 
> There are other evidence representations that are more difficult to fit into EAT (as we have learned here in RATS), because they already existed for a long time, have stable and intentionally (relatively "strict defined") interfaces, such as a TPM. That does not seem to be a bad thing, but simply is accepted as a different way how to phrase evidence, in the end.
> 
> In summary, today there are a few distinct ways how to represent evidence. Some representations are based on existing technology, some representations are based on the appraisal process (e.g. IMA logs in support of indeterministic user space environments), and some representations are tailored to match other conceptual message formats.
> 
> On the one hand, I think EAT should be the first goto candidate, if you want to implement RATS and are free to chose how to do it. On the other hand, I also think that EAT should not be an MTI or a mandatory data model to be incorporated in a protocol.
> 
> The most important thing EAT brings to the table - from my point of view - is actually the information model. The information elements defined (and registered as CWT Claim definitions in the end) are the real treat. No evidence format should conflict with these definitions! That would be really really bad for semantic interoperability and would be in conflict with the RATS WG's goals. If there is overlap, the WG process should identify that and address that (although I am not taking a stance on the "how", maybe sometimes a change to EAT might be warranted, but that case would have to be presented very thoroughly).
> 
> In general, I'd like to see EAT as "the first candidate in line", but also other options next to it next in line.
> 
> Viele Grüße,
> 
> Henk
> 
> 
> 
> 
> On 27.10.21 20:53, Laurence Lundblade wrote:
>> Hi Henk,
>> Right. As a data model, the question seems mostly the same.  What will a person implementing RATS use if they are not using yang?
>> Yang is not particularly suitable for small IoT devices, and those devices need attestation too, right? Claims in a UCCS sent over DTLS is EAT, right?
>> And maybe we should we be aligning EAT closer to all the stuff defined for yang?
>> LL
>>> On Oct 27, 2021, at 10:38 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>>> 
>>> Hi Laurence,
>>> 
>>> EAT is not a protocol, it is a data model for CWT (and I guess now also for JWT) to represent remote attestation evidence (where evidence is the conceptual message generated by an Attester and appraised by a Verifier).
>>> 
>>> The data model proposed can include information elements that are useful for protocols - most prominently, a nonce - but that does not render it a protocol, it probably makes it "convenient payload" that also "puts constraints on most protocols that want to use EAT".
>>> 
>>> Viele Grüße,
>>> 
>>> Henk
>>> 
>>> 
>>> 
>>> On 27.10.21 18:40, Laurence Lundblade wrote:
>>>> On Oct 27, 2021, at 8:25 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>>>>> 
>>>>> 
>>>>> Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>>>>>> To me, the document looks done to me.
>>>>>> I think that there are wording fixes that would make it a little easier to
>>>>>> read, but it sure looks finished to me.
>>>>> 
>>>>> Is EAT core work for the RATS document set?
>>>>> I thought it was.  But it does not seem like the document is actually that important.
>>>> R in RATS is for “remote” which means there’s a protocol to convey Attestation Evidence.
>>>> If you want to do remote attestation that is not conveyed via YANG, would not EAT be the protocol?
>>>> What’s your vision of the protocols used in remote attestation that doesn’t need EAT?
>>>> LL
>>>> _______________________________________________
>>>> RATS mailing list
>>>> RATS@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email