[Rats] Re: [lamps] Re: Hint Discussion in CSR Attestation Draft

Carl Wallace <carl@redhoundsoftware.com> Thu, 27 June 2024 09:45 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06E39C14F706 for <rats@ietfa.amsl.com>; Thu, 27 Jun 2024 02:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o8A8Jb1QgCu9 for <rats@ietfa.amsl.com>; Thu, 27 Jun 2024 02:45:46 -0700 (PDT)
Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C594BC14F6BE for <rats@ietf.org>; Thu, 27 Jun 2024 02:45:46 -0700 (PDT)
Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-6b590e36a8dso1801786d6.1 for <rats@ietf.org>; Thu, 27 Jun 2024 02:45:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; t=1719481545; x=1720086345; darn=ietf.org; h=content-transfer-encoding:mime-version:in-reply-to:references :thread-topic:message-id:cc:to:from:subject:date:user-agent:from:to :cc:subject:date:message-id:reply-to; bh=omC/Jn1aMCLB/COS8GUdOBu91XN3c7ayB+pg/lQrOgg=; b=REeY9SAID4ucJbnDzGjOT5IKv+zpzD4YcdUSg7e9yjM0bz/GVbXrIZVhOn+yUFH8JR l4FknDgCx1i5SlycbMTPDREHff2//qN7blckQrstC5cBSLktrNROfR/j88c8qaHJjAzG 6IIjkVAMDJit0WDl9Y1sUoRMTYGQC8JfrHssY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719481545; x=1720086345; h=content-transfer-encoding:mime-version:in-reply-to:references :thread-topic:message-id:cc:to:from:subject:date:user-agent :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=omC/Jn1aMCLB/COS8GUdOBu91XN3c7ayB+pg/lQrOgg=; b=bVeJ6GSX01s/cwWHr0q3+L7S5i/J7CEG47DO+4Yn10HOgdQ8uw/8jNuG2mm61Sp7Ym 5Xe2JlmuCEaizQU4G3nRUx2ReCNCaEZcLiCrkaoIEy0XtQOiKWjayY1V/uNs3/i23duQ akXzxAdg5O2/lrADK3lcp6kn7nyXLCXaxHAUIgIbtrkAFmxOn5MXfPBeJLypavl+qoU5 lPUxM4GvLsNUY7csuqFr5kZ62WGrk76MJS2F3ptlh8d4dmNDCPaR/F2Qp/1s0XJQtREh mrhIeslBT84lYCKnpcCAu3zxW2SvP6Zy8UMsaoRi/jS5ev/3VLTQBTzmzsDRDYp5TP7U zu2Q==
X-Forwarded-Encrypted: i=1; AJvYcCVMmHSvFcfS3IPBu7AHU9goas6evF/qN4hWA3vt0M/S8tBXs+3IsKUgOK0VxvREk+ZQclje9wNmKtZ4ad66
X-Gm-Message-State: AOJu0YyABRvJgindnGmTlH+5oAHTvMB/hOi4T2lnSjZIrBtwLuqxMux2 ZJFPdC3B2oHXoxnhAHHhIHfI6YyL84N2U66vD9pfkYKkp5CzSSYoTH8zwujxp2A=
X-Google-Smtp-Source: AGHT+IFSSni4kkX3iEKVOTHgqwsNPba2FHsVKTb/+waZ6icAwTSWzlqGBnR/LaZwYVdhDCHG/iu5Gg==
X-Received: by 2002:ad4:58e2:0:b0:6b5:6331:4d4 with SMTP id 6a1803df08f44-6b563310642mr78973026d6.51.1719481545071; Thu, 27 Jun 2024 02:45:45 -0700 (PDT)
Received: from [192.168.4.77] (pool-96-255-232-167.washdc.fios.verizon.net. [96.255.232.167]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6b59253752fsm3693836d6.69.2024.06.27.02.45.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Jun 2024 02:45:44 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.86.24062313
Date: Thu, 27 Jun 2024 05:45:44 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Thomas Fossati <thomas.fossati@linaro.org>
Message-ID: <B05EB000-DC3F-4C5E-B612-8C0BE17761C2@redhoundsoftware.com>
Thread-Topic: [Rats] Re: [lamps] Re: Hint Discussion in CSR Attestation Draft
References: <946C676F-8877-403A-86DA-6B8A41063C03@redhoundsoftware.com> <CA+1=6ye36h4hHD5O+To4zuE0bqgz2JwiWNrpCUeSFTL3tdWa6g@mail.gmail.com>
In-Reply-To: <CA+1=6ye36h4hHD5O+To4zuE0bqgz2JwiWNrpCUeSFTL3tdWa6g@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Message-ID-Hash: YIQ37GB6M5CWRBS6LHRKGNX5XEV6GJCO
X-Message-ID-Hash: YIQ37GB6M5CWRBS6LHRKGNX5XEV6GJCO
X-MailFrom: carl@redhoundsoftware.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Smith, Ned" <ned.smith@intel.com>, rats <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: [lamps] Re: Hint Discussion in CSR Attestation Draft
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/OjHZE2O78Uw3zde65PDlIcGpjQ4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

On 6/24/24, 11:28 AM, "Thomas Fossati" <thomas.fossati@linaro.org <mailto:thomas.fossati@linaro.org>> wrote:


On Mon, 24 Jun 2024 at 17:17, Carl Wallace <carl@redhoundsoftware.com <mailto:carl@redhoundsoftware.com>> wrote:
>
> The below was posted to LAMPS but I had missed the introduction of the "hint" notion to the msg-wrap spec and upon a brief review of the latest draft do not understand section 3.3.1, which was introduced in the recent -05 draft, so I replied to RATS. What is this paragraph trying to say?
>
> "A CMW Collection's tree structure is not required to be a spanning tree of the system's composite Attester topology. If a label changes Verifier state beyond a "hint" (e.g., for better Verifier performance or human comprehension), we say that it carries semantic content. When a label carries semantic content that is not bound to other forms of evidence contained in the collection, the collection SHOULD be signed by an attestation key, e.g., by including the collection in a signed EAT [I-D.ietf-rats-eat]."


The PR that introduced Section 3.3.1 [1] has some extra context in its
description that may help understanding Dionna's thinking.


[1] https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/pull/78 <https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/pull/78>

[CW] I read the PR but can't say that it helps much. The phrase "If a label changes Verifier state beyond a "hint"" must be evaluated from the point of view of a verifier, right? If different verifiers may elect to use or ignore a "hint", I don't see how this could be any other way. The rest of that sentence establishes that how a verifier acts upon a "hint" determines whether a label is considered to carry semantic content. This impacts the next sentence, which states that "the collection SHOULD be signed by an attestation key" when a label carries semantic content.  Maybe stating "if an attester expects for a label to change Verifier state beyond a "hint"" would salvage the paragraph. Separately, is "label" right here or should it be "item" or "message"? It might also help if "hint" were defined in this context as well as how the "hint" notion interacts with the last point made in the security considerations section.