[Rats] draft-ietf-rats-architecture-04

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 09 June 2020 07:13 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98BD73A0A1C for <rats@ietfa.amsl.com>; Tue, 9 Jun 2020 00:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Y1qJcaik; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Y1qJcaik
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r5yc2tBKGVSL for <rats@ietfa.amsl.com>; Tue, 9 Jun 2020 00:13:18 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2049.outbound.protection.outlook.com [40.107.20.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DAA03A0A6E for <rats@ietf.org>; Tue, 9 Jun 2020 00:13:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PYwTiOs3WWMffpslBZkwKEgoTrcHciDtoFWtxp+V9H4=; b=Y1qJcaikHetvHVk9Qa45rh4efuWVYtM1RSiK97+fnuuUEaEn5ShV8Q7Ql7lYog9oB47TlF0bS6sFlM7cPLP2j4lDSsw8ipYfYvEB+yv+CAhj++7Lpj4BJcLEkkPfQkda3EVQm+PnsicdCrOn5rC2ENigBxBYNs7cgWnOxLZrIRM=
Received: from AM6PR04CA0027.eurprd04.prod.outlook.com (2603:10a6:20b:92::40) by HE1PR08MB2633.eurprd08.prod.outlook.com (2603:10a6:7:37::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18; Tue, 9 Jun 2020 07:13:09 +0000
Received: from VE1EUR03FT025.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:92:cafe::b9) by AM6PR04CA0027.outlook.office365.com (2603:10a6:20b:92::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Tue, 9 Jun 2020 07:13:09 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT025.mail.protection.outlook.com (10.152.18.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Tue, 9 Jun 2020 07:13:09 +0000
Received: ("Tessian outbound 3e82c366635e:v59"); Tue, 09 Jun 2020 07:13:09 +0000
X-CR-MTA-TID: 64aa7808
Received: from 2a0a5155bf5f.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 93245333-C2A0-4A32-B072-3A467D2ECE56.1; Tue, 09 Jun 2020 07:13:04 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 2a0a5155bf5f.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 09 Jun 2020 07:13:04 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NPNpmdavbsgLheuRBXrjYAC1HlW7V+KOUNJeB7OREKPWX6z6kUtmemifNbgQ45vg4drwjF0qK4VlY1zOkQkqTs0hxMJraXtDKCnWQLDQdju6iX7ZjK6/BAhUyKFWp6dACZCWUJJMYsCaWZUThkIRNviI5npl/596j5cKNeuxlC6sdFc1dzi+Ij7fctaZ1Vhs5+2VjqeG7g9P7L5q/GEgmuJv6v8P/TbyNQYnQugjKwG5G5k4QTQ1LhPPoqtLH7sUV6glp5xpvAn7fLtPeXp3r06KDrcJgjWxpReA93WPBdqEBxpYM9+KKngRHSL4fm+eiocaf/JmdRn9w8g7pPyrfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PYwTiOs3WWMffpslBZkwKEgoTrcHciDtoFWtxp+V9H4=; b=dcNZLeHwVzjuYC5HRNiWWoydPQn2IK57fo9CazgundcCKMQlvHKQEAstOvujJp/XPZDkzKXPpq/g8uXAaBGSh7M5xWCZndvBRbgD7+UwqeU9O4AvazMMNc2AUf2Watgom7JcYEhSbbRpVQMepqoNbfzisARfMhB8LUskb2oG6rHxIzAEo3kv52SixuW+9saQSqYq1M44YIAxjlLuzmUrfoXZ5s+yHGOvmhLQJxKgCt48vQaeVOeVQ+DQBfO41w4ReLSpF8g7VuYz9YqGKreJ6n27jwcTH9+JV6GYep8dwpaXCXCXFoaZ70RTAL7s1SLkqaUyGQLYFEvMeA2n3ahJ2A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PYwTiOs3WWMffpslBZkwKEgoTrcHciDtoFWtxp+V9H4=; b=Y1qJcaikHetvHVk9Qa45rh4efuWVYtM1RSiK97+fnuuUEaEn5ShV8Q7Ql7lYog9oB47TlF0bS6sFlM7cPLP2j4lDSsw8ipYfYvEB+yv+CAhj++7Lpj4BJcLEkkPfQkda3EVQm+PnsicdCrOn5rC2ENigBxBYNs7cgWnOxLZrIRM=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB4131.eurprd08.prod.outlook.com (2603:10a6:208:129::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.20; Tue, 9 Jun 2020 07:13:03 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3066.023; Tue, 9 Jun 2020 07:13:03 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: draft-ietf-rats-architecture-04
Thread-Index: AdY+J0/pF7zZ3ON/SC6hTZ7MnKDnLg==
Date: Tue, 9 Jun 2020 07:13:03 +0000
Message-ID: <AM0PR08MB37168B75C592DA7892179957FA820@AM0PR08MB3716.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 99bb5e43-0de1-4330-866e-82082b76ac7e.0
x-checkrecipientchecked: true
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [156.67.194.193]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 7d5a6e49-1f8a-4a1c-00c1-08d80c449067
x-ms-traffictypediagnostic: AM0PR08MB4131:|HE1PR08MB2633:
X-Microsoft-Antispam-PRVS: <HE1PR08MB2633F0A5000616580F32F7A2FA820@HE1PR08MB2633.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:4941;OLM:6790;
x-forefront-prvs: 042957ACD7
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Ubk+4YDxX+Yh8A0HA53HImjV9FiulOggzG4bGcc2NqdH+45F1XUO8w5yIvFf5NitAZ0GaU8IGiTuzJtWX+PvuOiUIvKstRObTqSiYA6Gpj4p9dkyM5uyG69JT6oKLu56L3dUav0b96fJ0LNyWKFSJVjKLtmaPPC/GuuGNddHFWKBRYN2tL9e7KhnTi/C2lly7K4J08znRXUrMJVWlIhkNJPy9VuZTSxAOfyDZzHXg2voys456MeqKN1jl+s6leUkIfIA2WZk7RWmtE+rqMJoKRPHYlLm+vJ1LlyQfWmIpPF1MGhKwEu/03xcBTVB7TVHgAJL5pWu8bStDHRTP3rvNA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(39860400002)(376002)(366004)(136003)(396003)(2906002)(186003)(8936002)(8676002)(52536014)(83380400001)(86362001)(478600001)(66946007)(66556008)(316002)(5660300002)(66446008)(71200400001)(76116006)(33656002)(26005)(6916009)(64756008)(7696005)(9686003)(55016002)(66476007)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Pu6FX6XgsG53fWlVkO5aSKLIjY09duwzGrb+gwq9FCPu0G6KzNg0xCVNi+vRjdjn6vTORL2O/KkfxIKGlPKusUdUTJv1HdTIvSItkEks1zpvn6tEoX6VEMTY3DN9MMdR/9cO+c34IFLZwWtMSsS2joZ3e0fR/HbnEcJcUY8Wyyc1874XvtQn+eDP47NOEHVhbF3kPSCLWBBcW1BtqnGE8raHQAgl7Ertejrx0xkfrNxYWIrJrn486dOVz8DAw9WYpsCWAL8lam4n5YvpEYIijEyiKjwi022Hd+b7VBxFxdrx1eXnQObu+zT2hcVnkDCVm3r4bJf1fs3o4otHnt1O3CBqJ0Vka0OrjVVYjnwrv9YZLFy/WmAG75KBgnlzAfwlosMeg6PUzbceAXE9hpJ6CTxZaz3hQYw1Y3BGRqKlejILbPDZ8SHps55BOGspChdMCU2t2rqSyrHIatlXBel6wyH7cRRz/zbdzDr8GqtmIHUA7a2XZTT8q6QB5QwMytUx
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB37168B75C592DA7892179957FA820AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4131
Original-Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT025.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(136003)(39860400002)(376002)(396003)(346002)(46966005)(86362001)(186003)(47076004)(55016002)(9686003)(2906002)(6506007)(316002)(83380400001)(8676002)(7696005)(70586007)(82310400002)(52536014)(356005)(5660300002)(26005)(70206006)(336012)(36906005)(8936002)(81166007)(478600001)(6916009)(82740400003)(33656002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: b3129b33-97e2-4983-c9e1-08d80c448cc7
X-Forefront-PRVS: 042957ACD7
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Te3aVaTspO7hfPGYJmcaomWY7CkoJDCz3fdnEgOXd/iw90OzJMaIRwlYrfHUxdwq7hOJ5r+dc5NUpz7NQfafIVqrxSxMu6zZSnZSlLaKoac31/ciRMd3K7vnmYg+WfIQMa2DqeBtwVN+LtbOED6Hhs39DMIRe/6AgzRl4JLpZ6ToGLD6W+idMvzZokFlM+Yp3nw6JRv/bxYTfdVtHyXD1xBOk2nsUYNkhBYeEfts+dc3NQmiXQl7NCdSC0da9EkVQZWGvJS7Vr86PS8Js70YoQEdf9K2Ol/ZexXCljY8wFzRmvKMWD2yqKdtv16Vx57A53yB8GTlZTnhkfA9pYT1POKuejxyS4ZDMI3U8xWqUQDhB880dCCg8LhNB9lhlTRANPDYSZxM2Wkc3CTMMsAL4A==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2020 07:13:09.1774 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d5a6e49-1f8a-4a1c-00c1-08d80c449067
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR08MB2633
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/mq-fA4N31Qp9NGSU9MIeBlevXpo>
Subject: [Rats] draft-ietf-rats-architecture-04
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 07:13:22 -0000

Hi all

I have re-read the architecture document and IMHO it is still far too complex. It makes the reader believe that attestation is some rocket-science concept, which it just isn't. After such a long time the document is unnecessarily hard to read and understand.

Here is the story as I see it.

In the basic form a device puts a bunch of claims together and then signs them. The device is the attester.
Then, this information is sent to another party, the relying party, which uses this information for some kind of decision making.

Of course, there is some prior setup that has to happen (provisioning of keys during manufacturing) and some assumptions have to be made as well (attestation code on the device has to be well protected, code isolation being used, etc.).

Then, there is the a complex case where the relying party cannot use the received information directly. This is most likely related to any form of software measurements. If you send a hash of a bootloader to some relying party you cannot really expect it to be used for anything. The reason the relying party cannot use that information directly is because it does not know what software the device is really supposed to be running. Hence, there is a need to consult another party (let's call it the verifier). The assumption is that this party knows what the expected fingerprint is and hence what software is running on the device.

That's all. There is not much more complexity to this topic.

So, where do all these terms come from? Appraisal policies, evidence, endorser, ...

I would delete them and see whether the idea still gets across.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.