IETF Logo Mail Archive

Re: [Rats] Dealing with Attestation Roots

Eliot Lear <lear@cisco.com> Fri, 24 April 2020 07:16 UTC

Return-Path: <lear@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D759D3A0DEB for <rats@ietfa.amsl.com>; Fri, 24 Apr 2020 00:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTGz2NN8SNCt for <rats@ietfa.amsl.com>; Fri, 24 Apr 2020 00:16:16 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D1B13A0DE9 for <rats@ietf.org>; Fri, 24 Apr 2020 00:16:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3519; q=dns/txt; s=iport; t=1587712576; x=1588922176; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=MapnhHf6UhJZC8RBlKi2aRRZRwGOQn7fXowgKVrOqvI=; b=HGSrjsKS+a4Regl9bcJf/sCTDgWRxEZJeByJqVE5CEvQsTweGLovqnSJ QZVXjAHBcehfONhmuJEz14q57uOYDjM4Ayo5wCSJblyVx0Aq3glVG1p2w wD4d4LGWojKswrGJn1NYSdRisFberQa9QHu+T99zWflAw/9sEfRIEv8de w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AEAQDVkaJe/xbLJq1mGwEBAQEBAQEFAQEBEQEBAwMBAQGBe4ElgQWBQSASKoQfiQKIF4l1iViIDAoBAQEMAQEvBAEBhEQCgko4EwIDAQELAQEFAQEBAgEFBG2FVgyFcQEBAQECASNWBQsLBBQqAgIhNgYTgyaCTAMOILBudYEyhU+CYA2CIoE4jFOCAIE4HIJNPoIehUIygi0EsVFKgk+CapBHhEYdnGubeY0zg0ICBAYFAhWBaSKBVjMaCBsVZQGCPj4SGA2aAIV/PwMwAo9AAQE
X-IronPort-AV: E=Sophos; i="5.73,310,1583193600"; d="scan'208,217"; a="25608750"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Apr 2020 07:16:05 +0000
Received: from dhcp-10-61-109-59.cisco.com (dhcp-10-61-109-59.cisco.com [10.61.109.59]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 03O7G4op019203 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 24 Apr 2020 07:16:04 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <089B4CD9-64FD-491C-8E92-7235A11F9080@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0CEB94BE-1E98-4165-8292-D50F8E348234"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Fri, 24 Apr 2020 09:16:04 +0200
In-Reply-To: <089577da-e46c-5f9c-ef08-30a325ea9cfc@gmail.com>
Cc: Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
References: <49d8907c-7637-3d21-0619-4999565fc50e@gmail.com> <7C65B977-FA56-4118-BA8B-121BD9697F7C@island-resort.com> <d67985a1-97da-3e23-81e6-1b58b61e1d1a@gmail.com> <FE63538E-389A-4F07-B8DB-6B875D27C3D0@island-resort.com> <089577da-e46c-5f9c-ef08-30a325ea9cfc@gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Outbound-SMTP-Client: 10.61.109.59, dhcp-10-61-109-59.cisco.com
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/PWW2BW349XOhIabJhkrSFLQeH3k>
Subject: Re: [Rats] Dealing with Attestation Roots
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 07:16:18 -0000

Hiya

> On 24 Apr 2020, at 05:31, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
>> The two EAT implementations I know of, use other means to find the verification key. One by key ID, another by a combination of claims inside the attestation.
> 
> Somewhere there must be a trust anchor or a trusted public key, right? How do you locate it expressed in practical terms?  

Yeah, “combination of claims inside the attestation”?  Isn’t that a self-assertion?

Eliot

v2.23.0 | Report a Bug | By Email