Re: [Rats] use case document updates on Roots of Trust
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Fri, 13 September 2019 19:52 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F50F12011D for <rats@ietfa.amsl.com>; Fri, 13 Sep 2019 12:52:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HJxhA5QG8e68 for <rats@ietfa.amsl.com>; Fri, 13 Sep 2019 12:52:15 -0700 (PDT)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88FA2120116 for <rats@ietf.org>; Fri, 13 Sep 2019 12:52:14 -0700 (PDT)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id x8DJq9GA019866 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT) for <rats@ietf.org>; Fri, 13 Sep 2019 21:52:11 +0200
Received: from [192.168.16.50] (79.206.150.82) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Fri, 13 Sep 2019 21:52:04 +0200
To: rats@ietf.org
References: <4155.1567948986@dooku.sandelman.ca> <64BD12AA-951A-468A-9F08-D442054605AD@island-resort.com> <de6ff852-062d-805d-3eed-10aca60502b2@sit.fraunhofer.de> <CAN40gStH5jUCJeVggREr3ABoFw7K97F=KtoJOSR_X+LWNLB+JA@mail.gmail.com> <CAN40gSu13DKkyahHA3_Cbt5j7Gsh=uGh5ic7fS3AvDGP3K1cug@mail.gmail.com> <5276.1568315351@dooku.sandelman.ca> <92137679-7DEA-42AD-B8D1-F3B909C77459@akamai.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <5ea250a8-021c-379c-7479-fcdaa9c1d482@sit.fraunhofer.de>
Date: Fri, 13 Sep 2019 21:52:04 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <92137679-7DEA-42AD-B8D1-F3B909C77459@akamai.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.206.150.82]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/QjVV3ZJLAsvK5YHIYPNpFfNEaoA>
Subject: Re: [Rats] use case document updates on Roots of Trust
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 19:52:18 -0000
I don't know what a trust root is, but a trust anchor does not reside on the Attester (with respect to the evidence that is created) while a root of trust does. That is kind of one of the primitives why they are differentiated. Specific comments in-line: On 13.09.19 00:31, Salz, Rich wrote: > I do not see a meaningful difference between "trust anchor" and "trust root" and "root(s) of trust." All of them: > - Are pieces of data (certificate or key is not meaningful Well, if the entities certificates and the entities openssl software components are the same thing (because they both are pieces of data), then I think I would agree here. If it is relevant to the workflow that one is an executable that resides somewhere and one is a document that can be presented, I am more inclined to differentiate the entities TA from the entity ROT, too. I am aware that the analogy is a bit clunky and someone can surely can come up with a better one. > - Used to verify something such as a certificate or signature Some roots of trusts do that, other roots of trust don't do that (e.g. doing the opposite: an RTR for creating the signatures, digests, or evidence). So that cannot be a common denominator either, I think. > - Are trusted by the application, based on actions that are "out of band" of the application itself That in fact is indisputable and probably the reason why both trust anchor and root of trust include the term "trust" :) In essence, I simply think it is just not that simple - to say "they are the same" and then only focus on similarities to bolster that argument. Viele Grüße, Henk > > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- [Rats] use case document updates on Roots of Trust Michael Richardson
- Re: [Rats] use case document updates on Roots of … Laurence Lundblade
- Re: [Rats] use case document updates on Roots of … Henk Birkholz
- Re: [Rats] use case document updates on Roots of … Ira McDonald
- Re: [Rats] use case document updates on Roots of … Ira McDonald
- Re: [Rats] use case document updates on Roots of … Smith, Ned
- Re: [Rats] use case document updates on Roots of … Ira McDonald
- Re: [Rats] use case document updates on Roots of … Henk Birkholz
- Re: [Rats] use case document updates on Roots of … Smith, Ned
- Re: [Rats] use case document updates on Roots of … Henk Birkholz
- Re: [Rats] use case document updates on Roots of … Michael Richardson
- Re: [Rats] use case document updates on Roots of … Salz, Rich
- Re: [Rats] use case document updates on Roots of … Carl Wallace
- Re: [Rats] use case document updates on Roots of … Henk Birkholz
- Re: [Rats] use case document updates on Roots of … Laurence Lundblade
- Re: [Rats] use case document updates on Roots of … Jeremy O'Donoghue
- Re: [Rats] use case document updates on Roots of … Salz, Rich
- Re: [Rats] use case document updates on Roots of … Carl Wallace
- Re: [Rats] use case document updates on Roots of … Michael Richardson
- Re: [Rats] use case document updates on Roots of … Michael Richardson
- Re: [Rats] use case document updates on Roots of … Michael Richardson
- [Rats] 答复: use case document updates on Roots of … Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] 答复: use case document updates on Roots… Carl Wallace
- [Rats] 答复: 答复: use case document updates on Roots… Xialiang (Frank, Network Standard & Patent Dept)