IETF Logo Mail Archive

Re: [Rats] New RATS Architecture document

Giridhar Mandyam <mandyam@qti.qualcomm.com> Mon, 07 October 2019 21:03 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 449261200A1 for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 14:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LjqLZho6XINH for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 14:03:02 -0700 (PDT)
Received: from alexa-out-sd-02.qualcomm.com (alexa-out-sd-02.qualcomm.com [199.106.114.39]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAE03120020 for <rats@ietf.org>; Mon, 7 Oct 2019 14:03:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1570482182; x=1602018182; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=HHDNMBL/02ujA7b0X4EYkhzAxy/q/5jmwM5ZQEeeh+s=; b=TfL6MdL69Zn7pyhbjYNDUIFJVF6I9IBrIfulLDkPvxnj/HH1EkZ54lOr WPYlIRSw8y80jqSBEUu4UIrEh00RNoRqnNaK/OQfTG4+mKNaW4dmn/AF1 0jGhK0IjEMuvjyyjJ/JNpCQyYdiMhLSpp3PkrF6uT/3kZcYFTFc0cPT9m A=;
IronPort-SDR: 6nKvcH509UgL0bwPlZ3seggDqD6ucNHu/wQTuRtrEd+WQ2rQWJc5B9xqvB/WvScsyF3S3i6KHk 4ih1YkmuRJxT60H1FxFvRz8WWBwk1C5e54S6aMivMoUMv1D1wMPnUCrFQRwPNnD89A+a3STdN/ aX4ctyrSP1erEA8cyx8EMeVSpphWrTEeUGUI8AfUilFSoiL/rkQnOB4RH1tGXQ6d3hUUz4PlJW Y83rjY55n9FctCPhL95DSGc4fwNm+FIWCWIIXJzgmS7a75u+iiBzguk0fGg9HCdYSLbYTdLdE+ E9s=
Received: from unknown (HELO ironmsg03-sd.qualcomm.com) ([10.53.140.143]) by alexa-out-sd-02.qualcomm.com with ESMTP; 07 Oct 2019 14:02:59 -0700
IronPort-SDR: noKfXJHWen3BqOuO6buVfKdl69mcmyO/2MizwDOAUr5CANOOI88O2oL0PstB/RWVtvwk03q9HR 6CsrQl9ivweLawKeJvAcqM4E5owEJtftRNnRMYfitM38y2xSx/WDTcLrQD+N+WIIc5EryPor0F pKpS/Lt0TrWj6z8/A4i/067p2mseTGBA9bRp5E99Y+ywBQMqZPzup6pFf6hkMLJhfZ7Q5kcEiI 3jP4LegHk+HniSLiSEqdOcjZcdM95Z9Bk2/0zM88O4GA+5HK8RSqRBBtrdb66tE8BQcBtvmhag kZyNe1mR6hriHEeE/0UTuB61
Received: from nasanexm01d.na.qualcomm.com ([10.85.0.84]) by ironmsg03-sd.qualcomm.com with ESMTP/TLS/AES256-SHA; 07 Oct 2019 14:02:59 -0700
Received: from NASANEXM01C.na.qualcomm.com (10.85.0.83) by NASANEXM01D.na.qualcomm.com (10.85.0.84) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 14:02:58 -0700
Received: from NASANEXM01C.na.qualcomm.com ([10.85.0.83]) by NASANEXM01C.na.qualcomm.com ([10.85.0.83]) with mapi id 15.00.1473.005; Mon, 7 Oct 2019 14:02:58 -0700
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] New RATS Architecture document
Thread-Index: AQHVZ9l0CvdpLTeRnUKRQb/BzQqfg6clFv1ggCqIMdA=
Date: Mon, 07 Oct 2019 21:02:58 +0000
Message-ID: <6619cceb1f3b400dbd9dbbce51c6fcfb@NASANEXM01C.na.qualcomm.com>
References: <471c785f-1cd8-62ff-431a-075ce9c35058@sit.fraunhofer.de> <fe9e3870aaa6419697db4536e1f0718c@NASANEXM01C.na.qualcomm.com>
In-Reply-To: <fe9e3870aaa6419697db4536e1f0718c@NASANEXM01C.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.80.80.8]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/QcXqeEPg-AZOjuH5-WPH2MXJCu0>
Subject: Re: [Rats] New RATS Architecture document
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 21:03:05 -0000

I have read through the latest version of the document.  At this time I do not think this document is ready to be the RAts architecture specirfication, and would object to its adoption as a Working Group draft.  I do believe the group needs an architecture document, however.  So if the editors can address my primary concern - a) below -  I would be happy to withdraw my objection.

-Giri Mandyam

a) I have asked the editors twice on the mailing lists for a justification as to why this is a standards track draft and not an informative one.  I have not received an answer, so I assume that there is no reason.  Note that comparable documents such as the TEEP architecture document and SUIT architecture document are informative.

b)  "... this document provides normative guidance how to use, create or adopt network protocols that facilitate RATS".  So in the context of EAT, does this mean that guidance provided in this document supersedes the EAT, CWT, and JWT specifications?

b)  "... trustworthiness claims are accompanied by a proof of veracity.  Typically, this proof is a cryptographic expression such as a digital signature or a message digest".  This is a misleading statement, as it could be interpreted to cover self-signing (see [3] for example), and I don't believe self-signing conveys any indication of trustworthiness.

c) As per h) of my previous review [4], I still cannot figure out how the concept of delegated attestation (e.g. Sec. 5.4 of [5]) would fit into this architecture.  For an informational document, it may not be strictly necessary to specify an architecture that can support delegated attestation since an informational document would likely not be expected to cover all scenarios.  Since this is being proposed as a normative specification however, we should ensure that it does not disallow what could be common remote attestation deployments.

For instance, as per the diagram in Figure 1, all evidence must be conveyed directly to the verifier and the verifier in turn produces "attestation results" to the RP.  But "attestation results" are the "output from the appraisal of Evidence, Known-Good-Values and Endorsements".  I take this to mean that attestation results cannot be evidence themselves.  However, the delegated attestation model in [5] allows for the appraiser (approximately equivalent to the RP as per the RATS architecture doc) to compose "separate layered or orthogonal attestations, involving different proxies, in order to make a judgment".

As per Sec. 4.4 RATS Principals, the multiplicity property may allow for multiple verifiers to take on the role of attestation proxies.  But multiplicity explicitly calls out that the instances of the principals take on the "same RATS roles".  If there are multiple proxies, then it seems that they would be assessing different subsets of evidence and therefore would be occupying different roles.  

d) RATS roles:  composition:  "RATS Principals possessing different RATS Roles can be combined in to a singleton ...".  I can understand some aspects of this property, e.g. combining the RP and Verifier.  But why would an attester and/or asserter be combined with a verifier and RP?  Do you know of an example? 

f) {Sorry to jump back}  Sec. 3.1.  "A Computing Environment with the capability of remote attestation ... is separate from other Attested Computing Environments (about which attestation evidence is created ...".  I could not tell if this definition allowed for solutions such as Android SafetyNet [6], where the rich execution environment (REE) is producing evidence about itself.  Is the intention of the RATS Architecture spec that such self-attestations not be considered valid for remote attestation?

g) Sec. 3.2.  "The RATS architecture anticipates recursive trustworthiness properties and the need for termination".   What is being terminated in this context?

h) Sec. 3.2.  nit.  "For example, design reviews, manufacturing process audits and physical security." This is not a complete sentence.

i)  Sec. 3.3.  "RATS architecture defines attestation Roles ..., the messages they exchange, ...".  Don't specifications such as EAT already define messaging in part?  If so, what would the RATS architecture be defining in addition?  

[1] https://datatracker.ietf.org/doc/draft-ietf-teep-architecture/. 
[2] https://datatracker.ietf.org/doc/draft-ietf-suit-architecture/. 
[3]  https://www.w3.org/TR/webauthn/#self-attestation. 
[4] https://mailarchive.ietf.org/arch/msg/rats/9iIrnD9YixKCuwOGKtvGZIzd_bU. 
[5] J. Guttman et al.  “”Attestation:  Evidence and Trust”.  MITRE Technical Report MTR080072.  March 2008.  https://www.mitre.org/sites/default/files/pdf/07_0186.pdf. 
[6] https://www.w3.org/TR/webauthn/#android-safetynet-attestation. 


-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Giridhar Mandyam
Sent: Tuesday, September 10, 2019 9:29 AM
To: rats@ietf.org
Subject: Re: [Rats] New RATS Architecture document

-------------------------------------------------------------------------
CAUTION: This email originated from outside of the organization.
-------------------------------------------------------------------------

Henk and other editors of the architecture doc,

I appreciate the effort put into this latest revision, and I will review it with a fresh eye. 

I do have one overarching question:  why is this document listed as 'Standards Track' (as opposed to 'Informational')?  I had expressed my concerns about this in an earlier review of the doc:  https://mailarchive.ietf.org/arch/msg/rats/9iIrnD9YixKCuwOGKtvGZIzd_bU. 

Since the editors' team is composed of experienced IETF'ers, I assume that there are solid reasons for doing so.  If you all have stated them before, I hope you do not mind me requesting that you lay out your reasons again because I seemed to have missed it.

-Giri

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Henk Birkholz
Sent: Tuesday, September 10, 2019 6:13 AM
To: rats@ietf.org
Subject: [Rats] New RATS Architecture document

-------------------------------------------------------------------------
CAUTION: This email originated from outside of the organization.
-------------------------------------------------------------------------

Hi all,

we created a fully revised architecture document that maps and represents the state of the current discussion and the material presented at the last IETF meeting.

The current Editor's version can be found here:

> https://ietf-rats.github.io/draft-birkholz-rats-architecture/draft-bir
> kholz-rats-architecture.html

We will submit a new version the day after the RATS virtual interim.

TL;DR
Below you can find a list of essential changes & a list of action items still to be addressed.


This version of the RATS Architecture document:

* does not define or uses the terms "root(s) of trust" (RoT) or "Trust Anchor" (TA) at the moment. (Note: It is a fact that the Asserter Role _is_ a TA for the Verifier Role and that an Attester Role _could_ rely on RoTs. But - this content will not go into the main body of this document),

* does define RATS Roles, Messages, and Principals formerly known as "Actors" (borrowing heavily from ABLP),

* provides an even more "base" interaction model diagram for the RATS Roles than presented in the last IETF meeting slide deck:

> https://datatracker.ietf.org/meeting/105/materials/slides-105-rats-ses
> sb-rats-architecture-interaction-model-challange-response-yang-module-
> information-module-00.pdf

* introduces a framework for "level of confidence" in the trustworthiness of an Attester and the endorsement of the protection characteristics of its "Attesting Computing Context", allowing for other entities to use this framework and fill it with, e.g., openly defined levels of confidence metrics,

* is not based on the primitive of "trust" but the concept of "trustworthiness" as illustrated by the RATS charter,

* simplifies the definitions of Attester and Verifier that seemed to have caused some unfortunate confusion following the proposal of Giri and starting with commonly-accepted definitions and then justify why they may need to be modified,

* differentiates between the Attesting Computing Environment and the Attested Computing Environment better, which both are components of an Attester,

* uses the "Claim" concept as a building block to compose Evidence, Known-Good-Values and Endorsements. Conversely, the "Assertion" concept is dropped in this proposal (as initially suggested by Laurence, IIRC?). 
(Note: this was done to simplify the discussion about the information model. Please also note: Due to the {J|C}WT definition of "Claim", a key/value pair is implied, which is already a data model decision and not mandated by an information model), and

* analogously, now uses the term Known-Good-Values instead of Attestation Assertions.


For future versions the authors intent:

* to elaborate on the use of RATS Principals, including more exemplary 
diagrams of RATS Role composition and interaction between RATS 
Principals based on the use case document (and by that address a unified 
mapping to TEEP, RIV, and models that use EAT),

* to shift some of the focus on technical-trust as proposed by Thomas. 
(the Endorsements provided by an Asserter are a first step into that 
direction),

* still not to define the roots of trust terms nor invent new words for 
them :) But - start to reference them on a minimal level and define a 
base set of primitives they can provide in order to describe what they 
actually are and can do in the context of RATS as proposed by Ira, Simon 
and Thomas,

* to introduce and define a concise scope for layered attestation, 
addressing, e.g., the staging of Computing Environments and the 
(un-)availability of an Attesting Computing Environment at certain 
points of time, or, another example given, addressing the 
differentiation of an attested boot sequence of an Attester and an 
Attester running TEEs or rich systems for years,

* to address the change of Roles of a Principal over time as proposed by 
Ian,

* to move the remaining architectural sections in the EAT draft into the 
RATS Architecture draft, and

* to shift some of the focus on the out-of-band trust establishment in 
order to illustrate a coherent RATS ecosystem (e.g. the provisioning of 
key material is not include in the "base diagram" anymore for now - this 
will be more elaborated on in future section of the architecture).


Viele Grüße,

Henk






_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats
_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email