Re: [Rats] Use case -> architecture document

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Tue, 15 October 2019 15:45 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A811120807 for <rats@ietfa.amsl.com>; Tue, 15 Oct 2019 08:45:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4kcJoXgZCEY for <rats@ietfa.amsl.com>; Tue, 15 Oct 2019 08:45:04 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150045.outbound.protection.outlook.com [40.107.15.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07DE9120829 for <rats@ietf.org>; Tue, 15 Oct 2019 08:45:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Glhk9ea+xeCZbeRnXIx/ZREbAp8+O7NbSzoalttlXjf0UydiYlx7xyUsyYKwiZhGDr/ou5diNzbUyESTY7O5uR0OrkB6rDPixk2iKbd4QRQK8UpwONEGRijX3iE/BfNYXIOhRO3ymM+WTQhYWKficw0e85IKP8oh+Rd5YtCKKSHn/Y8pDPH1Nc1U/Zgzh/gnUZJXUh8mqjdgvdYUec0Guxm1Ocsu3c6f3FqA7YigHbqGfVfVmio2HWpXIMBAWDCpdb7P3wlUChwp8oaseY6QMSXKvlP8HnxF/NMYWdCWEp1oiSPOKyBkoEECRNRvKVdJ1AjxXsUwobGeI12e40nttA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lAYA9qeVdq/teh+XXmb66pQ+GazT+0F6M18tC8Brtro=; b=oJ2eY56ZCrrq5IMVhTTw9tETY3o1JgTv3ofYiPIqyl3stj17QGkl5vPoUR9mwa8PUC4V/1/eLG1CGbZ6hu2dSy/XNUBC1nNGgpWSa/AFhS52m7ekhietczN9e4uP7v+ofx006UAHPLGXJTe/LqyMts3hc3f6j/43GMeyTub8fDqDdwMw+1t/3c+En1FJ6iepLk8CUjOwoYaIhg4oZtIHx10GjRq9q+kFGsI5vMdJ7yz/rBn8gzs35XwZz7Np3qNNok0X7alkj0exnOkgnxmeMLbC3tWQdvC9Zycvsn5MDoU4glBWHoPXPx5O2HQur+DN+UM1IY9633mz4CMYzRut9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lAYA9qeVdq/teh+XXmb66pQ+GazT+0F6M18tC8Brtro=; b=RdpVs5fdGOFqiicSpS10/k8+jOvNqqmxm5HJE+e6qDHfkVW5N7y79eQWGpq6Q+AasAtdqMYzmJ2otZOAtsioeKusOpOst6KslsbvHCI+y0PS+HXWgOGjnBzf6+bYNecUEK9UBrw4++4+Z79QxD56P12Mpzh//4ncaBnQI44Un2k=
Received: from AM4P190MB0129.EURP190.PROD.OUTLOOK.COM (10.172.218.17) by AM4P190MB0130.EURP190.PROD.OUTLOOK.COM (10.172.219.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Tue, 15 Oct 2019 15:45:01 +0000
Received: from AM4P190MB0129.EURP190.PROD.OUTLOOK.COM ([fe80::1112:b17:e675:4506]) by AM4P190MB0129.EURP190.PROD.OUTLOOK.COM ([fe80::1112:b17:e675:4506%9]) with mapi id 15.20.2347.023; Tue, 15 Oct 2019 15:45:01 +0000
From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
To: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Use case -> architecture document
Thread-Index: AQHVfpUtedcuT2wbS0SCyHTQ7+elcqdSM9uAgAAwqYCAABSIAIAACXkAgAAPgoCACDU2sIABGpkA
Date: Tue, 15 Oct 2019 15:45:01 +0000
Message-ID: <20191015154500.ruv2ie36hsxfb3qq@anna.jacobs.jacobs-university.de>
References: <CAHbuEH7f0jjquR=iZDgof4DkgpZKgxEP86NcQ0A1NQ=SP+_FHA@mail.gmail.com> <C02846B1344F344EB4FAA6FA7AF481F13E9560C0@dggemm511-mbx.china.huawei.com> <CAHbuEH7WkqeyUW3sL5bdw5N25B6O7ZEF0Qkx03fE5c42Sd4M5w@mail.gmail.com> <b91baad2-2fc3-a5e4-6898-e2cddcda300d@sit.fraunhofer.de> <20191009145006.r2pjsoo6jxirah64@anna.jacobs.jacobs-university.de> <CAHbuEH6u-6GsJjK8s0eFQPLeSuGjPMgonhyQkmaeA6Q+rp42kA@mail.gmail.com> <9379d880-2b7e-6657-c547-b37bb7a9e466@sit.fraunhofer.de> <CAHbuEH7XfWgPT+=T-Za9Cw-5GRQj0_+WT3L+Kd4aPp6VvU9jAQ@mail.gmail.com> <MWHPR21MB078499E5D4A2A5E697924EC7A3900@MWHPR21MB0784.namprd21.prod.outlook.com>
In-Reply-To: <MWHPR21MB078499E5D4A2A5E697924EC7A3900@MWHPR21MB0784.namprd21.prod.outlook.com>
Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR0102CA0039.eurprd01.prod.exchangelabs.com (2603:10a6:208::16) To AM4P190MB0129.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:5f::17)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 25303e1d-6081-466c-216f-08d75186a3f4
x-ms-traffictypediagnostic: AM4P190MB0130:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM4P190MB01301E3230EC9C55BBBF3A03DE930@AM4P190MB0130.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01917B1794
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(346002)(136003)(39850400004)(366004)(376002)(396003)(199004)(189003)(7736002)(14444005)(316002)(305945005)(256004)(561944003)(786003)(43066004)(25786009)(86362001)(102836004)(229853002)(8676002)(81156014)(81166006)(6246003)(8936002)(52116002)(186003)(5660300002)(99286004)(6436002)(6306002)(1076003)(386003)(6506007)(76176011)(71200400001)(2906002)(476003)(71190400001)(486006)(6512007)(6486002)(446003)(3450700001)(11346002)(478600001)(66946007)(4326008)(45776006)(66476007)(66446008)(6116002)(14454004)(64756008)(46003)(66556008)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4P190MB0130; H:AM4P190MB0129.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Wogn56BFtNdoFAcEw9x9DdfgDVclVaGyQn75pexMGqBiwA/APpjrOOAVscUdvlDnymv+j3RyRoIq9RSvTZFRfC/M42qaYVmj7FqDkZSI1No4W0bdCrtK+8dIBegBzDeFn7RJcGnyeP5fw9pdQ0qz0ziwUaevxn0nesxkvEwOTPOkYE4l8rxb/AgdGZwTdSb8lojXOqIl/nN+Xu6F2srrCo/v+uoQ8sWV68emTwa5068sf9NwVkgkG9ShwU8CFMPu4BdmHtR98frcq1qS00OpMp80AUKrorhQ/fPN41OCCIkoeT958NU8AU4qAIJD4BdGpBpFhvA0EiUJBljWTtN44hqqzN1II1ITYhfJugXqIa+AYbvj9pcjkSmiN8ebpkNPgQ+r297ffd7DY9/3k9MVZTgXdiVYnYEUZGZ03N6/l20BWFKFxo3qvxkf/hCMmEf/fza3+l2laJ5swRwltCf83w==
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <86958A662D30144EB6C8D4C2F573BFA7@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 25303e1d-6081-466c-216f-08d75186a3f4
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2019 15:45:01.6756 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4Dx+0b/0rd5pSWxpkzgWkbtC8hqakrP1lehTlfCowZrn2GhI0CrwKaKh+8rYEjtTZ5vnoa9yN757IWm0U26nTUi44mWjaq7EEkkHJ5glpIY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4P190MB0130
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/O-K5feIWgNbs7Pb_x8YcFEnbAXs>
Subject: Re: [Rats] Use case -> architecture document
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 15:45:15 -0000

On Mon, Oct 14, 2019 at 11:01:04PM +0000, Dave Thaler wrote:
> 
> As requested, I have written a document for the WG to consider, that
> includes my architectural patterns work, plus some content pulled from
> others' docs.  It's not complete (i.e., some stuff is not covered), but I do
> hope it's readable by a general audience.
>

This document is well readable and the use case examples seem to be
about right (although it is not entirely clear for all of them how the
architecture supports them). Dave's document defines fewer terms
compared to Henk's document and I assume the WG needs to decide what
the set of terms is that should be defined in the WG's architecture
document.

Dave takes a minimalist approach, but then he introduces some terms
later on in the document (e.g., Endorsement) that may actually belong
into the terminology section.

If an Endorsement is a statement, why is it defined under Conceptual
Messages? I assume messages may carry endorsements.  Perhaps the
section title "Conceptual Messages" is a bit misleading?  Henk's
document uses the term 'claim' (which does not really show up in
Dave's document), as a superclass, i.e., Endorsements and Evidence are
all forms of Claims (instead of 'Conceptual Messages'). Perhaps Dave's
'statements' used informally in the 'Conceptual Messages' section are
Henk's 'claims' and we need to pick a term and then change the section
title to 'Types of Claims' or 'Types of Statements' or something like
that and we likely want to define the concept of a 'Claim' or
'Statement'.

Henk's architecture discusses 'Attestation Principles' that are not in
Dave's proposal. I guess the WG needs to decide whether to include
them or not. Are these important for understanding or guiding the RATS
work?

I also like to mention that there are research papers where the remote
attestation process is described more in the form of a challenge
response interaction, where the verifier sends a specific challenge to
a device and the device returns a response that is than evaluated by
the verifier. An example is "compute a hash over certain memory areas
within a certain time limit" and then the device returns the result
and the verifier checks whether it is what is expected.  The time
limit is used to control that an infected device can't reasonably
forward the challenge to obtain an answer from an unaffected device
that is then relayed back to the verifier. The question is whether the
architecture includes models where a stimuli is used to trigger the
production of a certain Evidence or whether this is left out of the
architectural picture on purpose. For more details, see for example
<doi.org/10.1145/2988546> (you will find a preprint if you search).

/js


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>