Re: [Rats] Attestation for non-TPM based Network Devices

"Smith, Ned" <ned.smith@intel.com> Fri, 01 December 2023 17:27 UTC

From: "Smith, Ned" <ned.smith@intel.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation for non-TPM based Network Devices
Thread-Index: AQHaJHpyv5GP2VKgdk2SFf6YvgUv77CUJ6YA
Date: Fri, 01 Dec 2023 17:25:20 +0000
Message-ID: <9A3015E5-9ADB-4F60-B3CD-E90E2940537F@intel.com>
References: <00faf326-f590-4afd-9451-2ac754ae199d@gmx.net>
In-Reply-To: <00faf326-f590-4afd-9451-2ac754ae199d@gmx.net>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/16.79.23112723
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rBVkTGpcFIqABz9QiNEiwKm9hSflH79R6hU2WBrRWnyDR5+ZLwnX7UNfV1/3IPMvRRTKJJcKdPRSPsEPWmvmI7swwESWKkwiYcOTqZxW+AUbGTi7+BgH7Sa6APvpa2Vl5BlbO7tlL4RolfFwvs/zJ47tdSE1HSACugIJ3kbh8u12/00aS7v6XcUdw/F1O/26emfag9Yc+jDQIdf1ss8ZSZ8LLbBIAuZJfUeJ5VxECbIxXq6EHeNq6K9OFIfZCzh0owyiNAtTt3MyXhXiyTRmkWln4PVLlbxXtPYRCSUtQTMty8kLjJ8BuFGQTAqrooHPxam2rI6YJ+CrCBBbNwm9Q28xnZRWwe5rfQdPbaYDJlZn3gWDbUdIsU/HHBLoI0obmuUDooG3qVDsSdlVEkt1/lKpm32PI6WoJ6kzak8qKYXAdiiIWYFrdHgFRsiii87yhqVyFugwl1e+6Qu24KPo8k5VsASACC2CRjmSGDsF0fO2/tcGLDfEqyoN2r/BDp50mRkekR4v5P53QQa7H3GnQkdDcsLwpzE4lyGPHHaCHa3tYq2ZvFyZHBeACuHPf40OV3tZbcRLChRw0XXvC27xS5PtWunoTbdTXgfXDuyrJeBYrGoeWUMo3NXQnIc+3OameeK01fV7Sd8HJ73n7QS++4C+4EFENG5MHdrTaytAQ3FR2+8TVhxW6U+lyBoqN4XNdDVCSzkvCg6Ba3XOpGANe1q9zFKI+XSaIR+OkPjm3ts4PlGtich3p+snWTKKG84kJdxT0sX2Zya8Cv5CcKeNtwtRirL93OHwrmXA9quy1TqL96hWQ54tBlDNUzFvRNwbRufqz4+MqmF/7asoLhVlOjlxo9HdPzmh50Ll2tJnh97SyRQ0SpAyUVG6bjXxv0QataB4lzwrGImRmsa4FsH0bdp1ow4NeEfU71rDCkpda9CyFt2QXGs/ioyMXUi0gdpizAeYF9FzXpB7J0IipDimF6JLcvFAVpmkEAuDy3bR4de3tu15tJvjpBRbMTC235cF+2eifuuV9UogKCus0XAJhH1gRmJVmHphD+2bVixMCjHP299dQ0YLSuZBHQKz3dZGw+oqXU3w/SFDjwV4YFyp5H+K3sp3Y05ncHU4DdRzd27obJSK4ZN8ZHBcA90ZVqhPX/ouqmoGxcEAiUyW1tr/ho86KeXmLuhhfPtuMV2JDtMnf31y08o8HYIXVGHZ5pZ8S7wkabyUgp24AlRKRjdEknhoRlgL+YfWJj3D3UwcBXiBYaWTphIydncVC3t3XcfK7aZ4A9Jiw11XDVpKxPeuGx6TbbzYMCm2iQ4Rp8XIMloSzu16+JoMC5XizyXL6IrPwwiWCQT3MC2R8WsM2l5VE06ByuCxDRwIa2+ITZ3+OeArqQre31Xh/8DKchiQBLSt5j4pLMI+6HLyHwAgzKVHh7Y+XxYTqwiQetC6M/EVaS3DKUEcaMRrdiikWOqhMtVGDnImawvZuie+F3XZN7BygPwC2FkbAoxR3FEkW+mSo98djYyeYqodh6MKVJJCevRsa4jl1nMJsQLvHupE9sNODZTl6NIC+1CQJLyJgllG6tvXSYAzWsSEtcPeN8VAo6MFwnCsE5opAdwY/FhrwFXRCw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <193D15AD3D7D8046BFBEFC9D08CB537F@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e591fb1-50cf-4f00-3af3-08dbf2927ecf
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2023 17:25:20.9160 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XQpUgPzLdYB7mnjLXxj8HjEIxJIAhXgb8O31EOTW3Var3uL9VfRxZI1XqWGGyq+xSCPQ4WP6Hwyws10NEYbjWQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB8393
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/OnYIlaagZLHGL7vlR7IvJzD4ESI>
Subject: Re: [Rats] Attestation for non-TPM based Network Devices
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2023 17:27:16 -0000

Hannes,
The RATS WG is defining conceptual message wrapper (https://datatracker.ietf.org/doc/draft-ftbs-rats-msg-wrap/) and interaction models (https://datatracker.ietf.org/doc/draft-ietf-rats-reference-interaction-models/). There has also been work on using TLS to convey attestation messages (https://www.ietf.org/archive/id/draft-fossati-tls-attestation-03.html). 

Are you proposing something other than these? 

Thanks,
Ned

On 12/1/23, 9:18 AM, "RATS on behalf of Hannes Tschofenig" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:


Hi all,




the RATS working group has been working on several documents that define
how TPM-based evidence is conveyed from a networking device to the
management infrastructure. Examples include
draft-ietf-rats-yang-tpm-charra and draft-ietf-rats-yang-tpm-charra.




I was wondering who in the group is interested to work with me on a
generic approach for conveying attestation information that goes beyond
TPMs?




Please drop me a private message.




Ciao


Hannes




_______________________________________________
RATS mailing list
RATS@ietf.org <mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>

[Rats] Attestation for non-TPM based Network Devi… Hannes Tschofenig
Re: [Rats] Attestation for non-TPM based Network … Smith, Ned
Re: [Rats] Attestation for non-TPM based Network … Ira McDonald