IETF Logo Mail Archive

[Rats] Hint for a Verifier ... was AW: I-D Action: draft-ietf-rats-msg-wrap-01.txt

"Tschofenig, Hannes" <hannes.tschofenig@siemens.com> Tue, 02 January 2024 15:40 UTC

Return-Path: <hannes.tschofenig@siemens.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47EEDC14F6EF for <rats@ietfa.amsl.com>; Tue, 2 Jan 2024 07:40:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E_XUy0sdB3uZ for <rats@ietfa.amsl.com>; Tue, 2 Jan 2024 07:40:25 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2054.outbound.protection.outlook.com [40.107.20.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E28FC14F6EA for <rats@ietf.org>; Tue, 2 Jan 2024 07:40:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CC+1K1AQHx4bVTV7iHyARQavf10vHn01f4OT0GT0mHlei+eYc4uz9EsxM5JgWmVvhaBKmm7jsJNIjV4TpHbR3FGFJl2z5jkxOnW7YUXOblmEIsbOcAA3OeJeKAxW1abNUSOp5JDXD/Fs/lxnlW0QFKZovUvdAVfKRiJaBbxyKOFKyOS4DIOgC9FcZGVIXp5gUn8Z+29BwtNOxnAJOHZOkHTUCmTCFe2aIFtKy6G+t5JMQzFWjAOYLLllbdf4t6jHU8k9saG2d5lMsew4Z8iwtVPocxlpzQOwWuf2w9P/tL8QOcGJgnBB7kP5el+Fiwth2k/uE2LAKuaLpttBUJRXMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lW2JnQBxoCloQod/dYu3VVXV+SXdwxPcQ3Wc2hvNfcQ=; b=CnLnqJiMNfg3AAOIwnOMSG22WpySHrWOjfaqcw5iQjRJryEI6XW7UXesFPxp/TL4lxcghbjOqud5kGX8ArAK30fw+CO7km5AsBz/SSVQMWTgNUx5ZTqDtulnOUZb4bJ6ZeIzhu1hhEbYIQhObsjxTxo8wkpYEv+Im0OQ9rRY4Ks5LYsCJ34UMMVpp4qukyVbTu9zqHB8EqR39F++XAW9f6ViKgepZXLK8EX/viAkVG8PoRQ6RbsKv2xlU8SYE6kEzIhIk/9TK9NexOYnGBhkN7tOEYpURyrLe/0NrOYYaNQEDswcjfibiS1J8zBbRN2KDaDobvLYz3z6a5FA4rMM0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lW2JnQBxoCloQod/dYu3VVXV+SXdwxPcQ3Wc2hvNfcQ=; b=o7cETltOi6rTW56VL31e66Uhf+4t7XLxwkGmgw1aTrp7J6KJ2y3POboSx7V87+BkeVz7PEysCQBZdpAjX2x7PK5k6raWnpIyvEv74SwarZn0IivGpPBMS9nijBR3DXSpXzSYk9J5gwS9ogHUhFWZadXSoj9LrYeN9QRmAJZXpRnQJDKUuNj5WUjnBMY4vuqE+rUhK6USSQv1ZNjWDH/qo5hSsHCjeXyCsUhLTpJ9TQLYFlIwcX7wI22yDIzA4aftBB8hmnNwWeWDo3IpQhwQBqxTcaIoNHSmxY5SfTKY4x+4UtebXYnNfDbHB8EDILYJIcVp5U+yKA1ACExkIcn0Kw==
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5ab::22) by VI1PR10MB3311.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:803:12f::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.25; Tue, 2 Jan 2024 15:40:22 +0000
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::3219:723c:10ee:c70e]) by AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::3219:723c:10ee:c70e%4]) with mapi id 15.20.7135.023; Tue, 2 Jan 2024 15:40:22 +0000
From: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
To: Thomas Fossati <thomas.fossati@linaro.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Hint for a Verifier ... was AW: [Rats] I-D Action: draft-ietf-rats-msg-wrap-01.txt
Thread-Index: AQHaM/AXhUbk9sXSckOKhi/cq9xIybCze72AgBNAYKA=
Date: Tue, 02 Jan 2024 15:40:22 +0000
Message-ID: <AS8PR10MB74278EA4BCFFE2EC31E2EFE9EE61A@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
References: <170315091797.55319.6825067742910818727@ietfa.amsl.com> <CA+1=6ydYyxgw0HaRYyTZ3PgJ70gT9yqHSB9Z9pD3pN-BHH3LUA@mail.gmail.com>
In-Reply-To: <CA+1=6ydYyxgw0HaRYyTZ3PgJ70gT9yqHSB9Z9pD3pN-BHH3LUA@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=54796098-7a7b-42b8-9966-4ad96bb9fda0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-01-02T15:32:02Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS8PR10MB7427:EE_|VI1PR10MB3311:EE_
x-ms-office365-filtering-correlation-id: 1cae2c24-ac96-4d61-9acf-08dc0ba921a4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1w52eomyu229as10sEXhXvQLc+Xwl734FEXYtmy9XDHBsKJhVO1GcVcQOlNJRv1lf+GKZs2gYGEC34QTZlyxWKFPy67GPRXgpfs1zx6/4mEeQwkuwPDhGIMa5OLBYaauULJ6RjQwBawzpx3OnnFvVDaFzddysgtY4t/e30c/o6fxcbWy4aNtb14/25HPfhOi1ghfNeSQec9zQW3IwuUSQaf5WMQ2C4i7nm3cdwic3ALnrW5CluAI71bUzyXwLjzxKPYonu1niLMbUtOsGsudQ/d4raYjIRIh5bIctp5ZZdGwL7cbDNLbLUvPWmH97L/osZ8wlNVmL1jeoHl3/U2LGDlTYPVym6aTrndxxdM4dZawUFZqTDCkXqSJXs3IYCE3FL+ocOJfxqN8BWspu2Pgp/Bgy8npUr1Lw96GPzhm1h8vtgf18MZct4YjhLPUoPEq8BbfrdT2sShaEqBRDBqElVh7Eb8KF1P23VdZskc3LwSsmXVfs5JVP9nMF3kky7ACJvqQDvZRA1uyYCzyFMUEFB6ntSyON+Q5iTpBN1D2xlqK3PyVLWSI4yxsQefOXCeLTve2hQP1KBIzCcy6Njg/CbFRHJG7lzrKIpkRwpyC/G4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(396003)(346002)(376002)(366004)(39860400002)(136003)(230922051799003)(64100799003)(186009)(451199024)(1800799012)(316002)(478600001)(966005)(8676002)(8936002)(52536014)(45080400002)(66476007)(110136005)(66556008)(64756008)(66446008)(66946007)(83380400001)(76116006)(9686003)(6506007)(55236004)(71200400001)(66574015)(7696005)(26005)(2906002)(4001150100001)(41300700001)(5660300002)(33656002)(38070700009)(122000001)(38100700002)(82960400001)(86362001)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +bgWbT9WlpZ6d3ldRwcT42PpSwCrpl8TW5+BSVAtF9ysid0/ArGxIn2hoFc01+eWfiYchyUSopOHWhSJQ9WcotSRJAfovnfnVEHtSABgXVmnmJE+TlefX095mySkS3xjST9f74bPZWN/SSO/jKyRl4al6otRTvZhAyznawCwGvvOWJAEy5aUZhtRSrF7o09OXXDDbGnkzkep8jkTbjmhI0a/Kzz2k2rQACt/B06H7aFwg56Z+ypmUs2Z4DfDz+U/5kDHSOcEFFh/ASJGtL/xhHQXUccQ3mC9jXw6xwvAqquFBBntnHb49+nko+wYO83gEqBRS0gqIdRnVhTf89CFRem7NqTVuNNAku7qDBYCqO5FpEkKTxPsAVr70Tpn3vXev3ELJayLWGiCrM8hUQsoaBvC4Z5Qhnzep9f8uqC7Bwmy4yOgz2S5dT4kD9ZC7xbsIob/yMzgpMNbNbL9mKe+R8XZDGpIarWlZvVHpq7KwXlTf40tafEFx6pfo6iR9VVjFgCOcB44UAcd965TtsqZ11uhkiI+QYKkZlxnURwGfTpTlIP3FesuoqRz+MLBHIMyW7yuUL9Uu8/v34+ClWS7Aao3kBHUJWIIaEPvja/U8GHfh97bX3pcdn9dAKFQum16AUUjnF5VtHuaKHnUTww27pOknq5HruApar7Lw1Fa8/WE7W4PePR1T7j1Rx6BJLQE8zKj1/Ndafzd/EfS6Wry7THHAfgwsqIXx8RQmvyZeRDNBRKmcjEOgEJrfHbZdo5Emq/MakO5aT2BlDNQQK7pJ/s0JyDfFjXJiHU/snXycSWT/mt1hemqPLq/b4cGtbf3eEpT4H+fD1Cpg0JZFyQOeBtBRn5tjnWfzFwy6wek81ZRhDHL7mwDmjxaOUOk/Bm+U6GYDrl5TX0/TKihamVvksXom+xgFY65esVPGEVzQyYFcBqiXdlefhwKunWO+zHP4PbyyzKkVO1RQDYgpsP3AINUDEYXOiI7khoRckc1XWegA/pNYLGoBuCS30JnVmwI9gdjMoSokgA8kWhEv+IcreffCn51cHQREw46EuXM5Sg5dsAxXHXFDeCe11QZvSNLEYtq8bs5EzIpBGaZMK8I45cW2+47lfYjBY809L0A9Ykl1ToPqboVS9Vi4AlKPPZceRCGIXfk5VJOsBzBEveR4lnMKzn/CyOWN/fCdbJWjCjB6tzOPXd92W2T8FwxfMDGgyBe041wsfSbab/XRg3x0hiWCV+LUw18txLbrcxxcG4V3kTOXe3Rj91VZL0LmCqT0vCdH0rUxEA6+lhmqaNPg3mFUX+Jd3Y/V9m1bGwKn0+aB4XvlGpGrIIu8N1GPuiYmAzu9fNN2fhEdEBEtc02LYtKT0WTjXOxnavJnd8zILIp8oHMBSR0NVtH6tT62OdBv/ztMJi0N0DjIkbZkDVpophugkNXrBWN/xufFsschaLfV99li0JHXk2TiNjdHu5knSGrE//EcZEBU625u6A0ox0qzOqMnaQVfGPjjyyKhkQDqQJAJjHlHTaWKm14LlHj1p3dQG1lmuxk0cNb+rgsQDV8JXCMBM8xyRpCwGgt/L702qUgNcC0YBkPwUV8Hh0G1kT8GCjeq/NLeRQbiC9X2w==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 1cae2c24-ac96-4d61-9acf-08dc0ba921a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jan 2024 15:40:22.1156 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9J3K/qz6qEtqkIJpSqRd7p84rAmoKUAz5KSYpVntWUnZeOQcY4L/tPNx84If5c9hAqTN/pPpUT4Uub/2WeNjIdq0HpDxOSnA9U3cO4x7z8A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB3311
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/OhiZo-zFYXx4RQ0GTc46wmHSKKE>
Subject: [Rats] Hint for a Verifier ... was AW: I-D Action: draft-ietf-rats-msg-wrap-01.txt
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2024 15:40:29 -0000

Hi Thomas, Hi all,

I believe there is a need to add functionality for helping replying parties to locate Verifiers.
This is a topic that recently surfaced in the LAMPS Attestation Design Team and is documented here:
https://github.com/lamps-wg/csr-attestation/issues/70

The issue is the following: As a design principle, we want the relying party to be agnostic of the attestation technology (and the encoding of the Evidence format). Instead, the Verifier and the Attester have to understand the attestation technologies.

In simple deployments, a relying party just relays the Evidence to a Verifier. In more complex deployments, there are most likely multiple Verifiers and the relying party needs to decide where to send the Evidence.

As described in the above-referenced issue, the suggestion is to include additional information about what the attester believes the correct Verifier is. This is a hint to the relying party. This information would be included in the Evidence, at least if it is based on something like an EAT, but since the relying party is not expected to parse the Evidence, it would be replicated into a "wrapper" outside -- for example into the CMW.

I am wondering what others think.

Ciao
Hannes


-----Ursprüngliche Nachricht-----
Von: RATS <rats-bounces@ietf.org> Im Auftrag von Thomas Fossati
Gesendet: Donnerstag, 21. Dezember 2023 10:41
An: rats@ietf.org
Betreff: Re: [Rats] I-D Action: draft-ietf-rats-msg-wrap-01.txt

Hi,

In this freshly published -01, we added a "CMW collection" modelled on Simon's "EAT collections" [1].  The main driver for this is supporting composite/layered attesters.

The other added bit is the media types registration.

See the "diff" link below for the details.

cheers!

[1] https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/


On Thu, 21 Dec 2023 at 10:28, <internet-drafts@ietf.org> wrote:
>
> Internet-Draft draft-ietf-rats-msg-wrap-01.txt is now available. It is
> a work item of the Remote ATtestation ProcedureS (RATS) WG of the IETF.
>
>    Title:   RATS Conceptual Messages Wrapper
>    Authors: Henk Birkholz
>             Ned Smith
>             Thomas Fossati
>             Hannes Tschofenig
>    Name:    draft-ietf-rats-msg-wrap-01.txt
>    Pages:   20
>    Dates:   2023-12-21
>
> Abstract:
>
>    This document defines two encapsulation formats for RATS conceptual
>    messages (i.e., evidence, attestation results, endorsements and
>    reference values.)
>
>    The first format uses a CBOR or JSON array with two mandatory
>    members, one for the type, another for the value, and a third
>    optional member complementing the type field that says which kind of
>    conceptual message(s) are carried in the value.  The other format
>    wraps the value in a CBOR byte string and prepends a CBOR tag to
>    convey the type information.
>
>    This document also defines a corresponding CBOR tag, as well as JSON
>    Web Tokens (JWT) and CBOR Web Tokens (CWT) claims.  These allow
>    embedding the wrapped conceptual messages into CBOR-based protocols
>    and web APIs, respectively.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://data/
> tracker.ietf.org%2Fdoc%2Fdraft-ietf-rats-msg-wrap%2F&data=05%7C02%7Cha
> nnes.tschofenig%40siemens.com%7C0bc7d290475f43a8184408dc02091811%7C38a
> e3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638387485278246935%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
> CI6Mn0%3D%7C3000%7C%7C%7C&sdata=YbdIy5tz4qp1bAbJAJ6YHA7L75WU9m2us0t5u7
> lOTYY%3D&reserved=0
>
> There is also an HTML version available at:
> https://www/.
> ietf.org%2Farchive%2Fid%2Fdraft-ietf-rats-msg-wrap-01.html&data=05%7C0
> 2%7Channes.tschofenig%40siemens.com%7C0bc7d290475f43a8184408dc02091811
> %7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638387485278246935%7CUnk
> nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw
> iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bfQvm7mbwh6z%2FEpc77aotMhV73bZPV
> UUjIZ%2Ffzm6A5M%3D&reserved=0
>
> A diff from the previous version is available at:
> https://auth/
> or-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-rats-msg-wrap-01&data=0
> 5%7C02%7Channes.tschofenig%40siemens.com%7C0bc7d290475f43a8184408dc020
> 91811%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638387485278246935%
> 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik
> 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yRX8Lk2XLU4su3FmNClI16qTBwh
> sDt4qRV5xt54gf8E%3D&reserved=0
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www/.
> ietf.org%2Fmailman%2Flistinfo%2Frats&data=05%7C02%7Channes.tschofenig%
> 40siemens.com%7C0bc7d290475f43a8184408dc02091811%7C38ae3bcd95794fd4add
> ab42e1495d55a%7C1%7C0%7C638387485278403181%7CUnknown%7CTWFpbGZsb3d8eyJ
> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000
> %7C%7C%7C&sdata=uiTcw1o8zlIvXplSg0GbuE5UwDE%2FwriHBEP9WpU%2BAo4%3D&res
> erved=0

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email