IETF Logo Mail Archive

Re: [Rats] TPM background for RIV

Guy Fedorkow <gfedorkow@juniper.net> Wed, 09 September 2020 18:31 UTC

Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C57883A0C25 for <rats@ietfa.amsl.com>; Wed, 9 Sep 2020 11:31:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=SCx66Jw2; dkim=pass (1024-bit key) header.d=juniper.net header.b=bP3oEvVy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DM9VqgPnyx_A for <rats@ietfa.amsl.com>; Wed, 9 Sep 2020 11:31:50 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4945F3A0C21 for <rats@ietf.org>; Wed, 9 Sep 2020 11:31:50 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 089IHouk031135; Wed, 9 Sep 2020 11:31:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=kgHTb0uWIXTh9nb4v0dFe59Icy3bxGPI2ol0gRzn138=; b=SCx66Jw2liq81BNCrIhzLsR9GdKNDC+Gty0cF+qEO1c8SX7tmVqFxDC51q+Umd2mz+cr 2cx18KjHVyDji6ML1gNm/U9fo97KDl6dhibNx/sn8PrDo63KHvG0uzUDytwTL0I1v0lf NXcx2BaBWx438sO4fjQUdoMpB4YA4AoOM1vapkxkADHbn02MJfNMh4RUhwltnCOpe9vv EZ5PhOan03kYwuEIM6S/nDSJegPua1XKqElBUauv6qj53+uznbKmkXOLE1BlF2PXXBN0 yugXSX9cbAVqVlvI13cXZBl2/cISXkBnaREMEXMCbYAHsN+5r0r/7W6cv2xzvvl3W7O2 Tw==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2055.outbound.protection.outlook.com [104.47.36.55]) by mx0a-00273201.pphosted.com with ESMTP id 33c9pnph5y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Sep 2020 11:31:49 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ui52Y66FIw78zpdPRlOg9v59+P0oUt75Cj2agIfJBcqLIq6tshd6AuAb2+quBzMQh3HzI2wTNDg4vehHkwCzdm70vC9Mu5MBTH0+S1aqlml81x1EgUfcewM/blw+VmBB2mNDjroJDco6HldYbDN3VzT5XlAQj0fsRjydAQ35Fwsof9Us0XBe5D0NPmBFnrB1VUFUe5yXf/evaLXzN2Sp1QmqHb10tyPe9IfQnDIgdnKtH3hdgPEhemYxkAKJ/kOxlPwrmzUQGe4vIUlNLNfCX0FqPMLOH178w/FXYfL48foVf081VjjSqzSgVMgJ3g2e0pIArJkvzcgbVygWRLNYpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kgHTb0uWIXTh9nb4v0dFe59Icy3bxGPI2ol0gRzn138=; b=SrrcarX7P38Qh6Ay+o6psYpTI9182n7Wb05YqTyTnbNz9eJjhsEWL+gJa31i9IQuvhThxxFCVD/6/owESthE1fElRn6oahwEtTWhePp8YpWfgQOtHTNA2ypprhOAC6+wTvOXuY4u6nKotoF4jRwTJo7wFjbUJbKvFgcBNtA2i6H23TMxunGBP1QhY/0HEPj2Hw7vm8YJEJODEVXn3dWEUQXUnlj0oIbfBS+5FfpnrebdyrfFL+gXF6EfniuddpVnf+tAmWA7XnzWvm1jCqXAOWQmpXZ+Y6lKZjxlYMHeyP4lPOrJs5Rn2uQP6q7xB5rxE7g1/WBvx4CuORp5/UfWaA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kgHTb0uWIXTh9nb4v0dFe59Icy3bxGPI2ol0gRzn138=; b=bP3oEvVyoOEWvF6rmrDcVCswaJFMp4zAtvhtNroc7imwQZsJ7b9QsLbmX1IKj/VpPFb/CalZJqASL+mYbU6+Fe4d+vvmHBdT34qU1K0jdwd7ZJOuXpwkAESgYBka3gv535gVg7vMCCMBCDySTYozcpPKYVSSDLbTkCyQB8BgK88=
Received: from DM6PR05MB6889.namprd05.prod.outlook.com (2603:10b6:5:204::22) by DM5PR05MB2828.namprd05.prod.outlook.com (2603:10b6:3:55::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.7; Wed, 9 Sep 2020 18:31:48 +0000
Received: from DM6PR05MB6889.namprd05.prod.outlook.com ([fe80::951c:3bee:1ef0:7e1c]) by DM6PR05MB6889.namprd05.prod.outlook.com ([fe80::951c:3bee:1ef0:7e1c%2]) with mapi id 15.20.3370.016; Wed, 9 Sep 2020 18:31:48 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] TPM background for RIV
Thread-Index: AdZ7FCxmPJt+FRfUTmKTg8duYuoerAADxjaAAAL6pYAADeL4AAATAFYAAABjigABuI2sgADSBPNAAATBqIAAOV1LMA==
Date: Wed, 09 Sep 2020 18:31:47 +0000
Message-ID: <DM6PR05MB68898B4F3DA6F009A7B1F241BA260@DM6PR05MB6889.namprd05.prod.outlook.com>
References: <DM6PR05MB6889971FB32A359EFFF85D21BA570@DM6PR05MB6889.namprd05.prod.outlook.com> <CAN40gSuS_5skTXE-g1UpeaqO2Ms-QXSG2Jhs7npXf8MgBV001g@mail.gmail.com> <19865.1598394565@localhost> <CAN40gSvibdR2S3Q9KzyU2=6Q8-6_WHdRRj5S5tMGRUAJCSvxUg@mail.gmail.com> <28707.1598451066@localhost> <CAN40gSvePkMps8nvHwUH4GndxOcDgRRSb+oPeQy-90fn98q9TQ@mail.gmail.com> <EC0128FB-C4A5-473D-824A-DD340569EEF1@intel.com> <DM6PR05MB68896AEC22B8227D38EF0140BA290@DM6PR05MB6889.namprd05.prod.outlook.com> <29331.1599577581@localhost>
In-Reply-To: <29331.1599577581@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-09-09T18:31:45Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=ac8ca668-97d1-4ad4-8a32-3285f7dd6e94; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 0f6208fb-f184-440b-7df3-08d854ee9cbc
x-ms-traffictypediagnostic: DM5PR05MB2828:
x-microsoft-antispam-prvs: <DM5PR05MB2828842A069D8D4C7080A710BA260@DM5PR05MB2828.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:381;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: znKPrx8qnYsb7WOfdL4pFlu1MelBeEtdyN6bmdfmyAbwLVsMoe1eaYmftVsEAPiOX9LygjQXMGNJqT/1M3VMOREpwh6h0phQZ1fhUCevriZ0CccVo9kfQqqmVCQ4DZAcINddzbGtyfdTDOAPwnfJA5bx42VT2Q+t84CPo4mimYyDDHI3vWAYGRmtSJnDyccfabUx1QTtdnWOK97o21UMFzklMLOVEKkWDncuBWWae20W+k95HTRzzQrYvYMzoGC2QDr2aEgV1VwSmNhUNgdCg/FcG45R9ieUhy5LpvUmkUWpqg7BjKBDTeEUjnBZipbjrkkUvhFmubMD4y7MQMxwOw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR05MB6889.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(376002)(396003)(366004)(39860400002)(8676002)(186003)(83380400001)(8936002)(99936003)(2906002)(26005)(71200400001)(86362001)(4326008)(55016002)(9686003)(316002)(6506007)(33656002)(478600001)(76116006)(66574015)(66616009)(66446008)(66556008)(66946007)(7696005)(5660300002)(64756008)(53546011)(52536014)(66476007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: dgXgWOUEGA7JZ62mVaRsf+OqKhsgP/gTQt4TmA6jj1U2qqrCYQvMjHG6XF2ogKBox+VMi/MofU7TJipEdSRdy3vJrm+FY0gFa8bd3nY74Hwm34cdrAnQv7vrR+gd3Big+eE9SoC150SvyzGHUAmyAqT0x+loZIRU/Khc1mBF286S13gerUEHFXNwXCk0h4702KoCbj+Z0I5jFWjZ0Xzr8MsLWz1hzKenRf1JoX2SBjnusMQ2gBLY3K1+VBKQGnQhhZnC/6bUWfdrUYtWDbCK26JqnOy2tWWZq8qzEesaRhXP7mu06J4wip7HOtQpl1YJ/w1+MiUHCzrDraEevld5gWyQm36AhFwVFyCTkpR/Y0sLDHGxPx4J+GL4igNYKQUxK5SrfzPfBvXb7VhKQdIouxosuf68ZeZUM9BVGONvmE1PwNtFGfwCZlDbF3O9oamioAPRB4uD5QKe9ugu6MjR+OwQQ9YwDi1ld51ujGSKzSszbFzyLdioKin2jRva0ty43tUb//93kGQwr+9P7iwR1A5vFaao1+Tj4vahIsvwU4HKYG225K4Y4vKjlCbMRsXdpWWLLm/Dd9BNy2sywj3wJppL74Y3RN7XZ19Lt8Kt8JY14ESjXbTeIO/0KAJiY3d1Fo7Nf1jcH+b4iGaQjB+32A==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_04E6_01D686B5.F1FA65D0"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR05MB6889.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f6208fb-f184-440b-7df3-08d854ee9cbc
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Sep 2020 18:31:47.9854 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ta4YTKRlQTZhwjBbJlVUn5zwyzZUw0nPbYqr01R7Trs4IFjKYLWkhkgjoA3crz03mu/M0aroFvZNXBHoZqQqDQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB2828
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-09_13:2020-09-09, 2020-09-09 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 phishscore=0 clxscore=1015 impostorscore=0 mlxscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 bulkscore=0 spamscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009090162
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/8Gy065Q-XDFyGNQwDSWH04thAl0>
Subject: Re: [Rats] TPM background for RIV
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2020 18:31:52 -0000

Hi Michael,
  I'd go with Option (b).  I'm not sure why we should worry about TPM profiles.
  Could you be more specific about the dumbness you have in mind?
Thanks
/guy



Juniper Business Use Only

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Tuesday, September 8, 2020 11:06 AM
To: rats@ietf.org
Subject: Re: [Rats] TPM background for RIV

[External Email. Be cautious of content]


Guy Fedorkow <gfedorkow=40juniper.net@dmarc.ietf.org> wrote:
    >   Sorry for being slow on this.  I agree with Ira, that the RIV doc
    > could not qualify as a TPM Profile.  There's a lot of in a TPM; to make
    > a profile, it would have to all be sorted into Include and Exclude
    > piles.

    >   Although I don't think this is the crux of your question, many of us
    > have shied away from specialized TPM Profiles for business reasons.

So, not being steeped in the art of TCG Profiles, I would respond with...
. o O ("The Emperor has no clothes")

Either:
    a) RIV should be extended such that it's a proper profile.
    b) TCG Profiles aren't that interesting or useful, so why care?

    > Staying in sync with PC Client has enabled everyone to benefit from
    > enormous production volumes.

It seems that the PC Client Profile has been hacked and abused a lot, and might not be ideal for routers.

I think, but I could be wrong, that router manufacturers might have the right volume, and maybe fTPMs are more reasonable now and would reduce the cost.

    >   But let me know if I'm missing the point of your question.

It seems that RIV needs more PCRs, and it can't rely upon them being available, so it's doing dumb things.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email