[Rats] Re: Hint Discussion in CSR Attestation Draft

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Mon, 24 June 2024 07:07 UTC

Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BEFAC1519A3; Mon, 24 Jun 2024 00:07:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.006
X-Spam-Level:
X-Spam-Status: No, score=-7.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YmtTgjJUi6oi; Mon, 24 Jun 2024 00:07:05 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3603C15155F; Mon, 24 Jun 2024 00:07:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.net; s=s31663417; t=1719212819; x=1719817619; i=hannes.tschofenig@gmx.net; bh=TLZU/yGN3jXREUtgfuc0XFfVsSLqn5ywCLYPnN7ypc0=; h=X-UI-Sender-Class:MIME-Version:Message-ID:From:To:Cc:Subject: Content-Type:Date:In-Reply-To:References:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=K6vMaWd0T/Wbf1v9uwfLJCHnU4Nx3TqKpQ9L2+9iweyDGkY/0m1k6c6v5wKw/0l/ QpdV4duzWmVizJRUcF1wL+6NVPTc7CzDujmRASyySxc2QQSDGjanFHjcya4+OeiE+ IHYFJkma5+KaWAFDIwB5xPZ9lMTgaJo/ZBsclhMsayceyGb97lVKEs0YWvDsLP5gw /NHavFQOyuHZqyn9VocPJvB2Ep1TH2VFv6pDFUiWG9MhZN2JjPicZe5BFPCMinLRN Z2i2U2PZWD1C4AzqiNB1RD6W4cRCpsRB/yX+TObQ/FvlUFN/qPTw+K8ll9hPdvgHG IXBgTazqj/QYgbd7sQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [109.43.50.121] ([109.43.50.121]) by web-mail.gmx.net (3c-app-gmx-bs24.server.lan [172.19.170.76]) (via HTTP); Mon, 24 Jun 2024 09:06:59 +0200
MIME-Version: 1.0
Message-ID: <trinity-32a52fe3-0e9f-40a8-851b-3aa374416722-1719212819311@3c-app-gmx-bs24>
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: Thomas Fossati <tho.ietf@gmail.com>
Content-Type: text/html; charset="UTF-8"
Date: Mon, 24 Jun 2024 09:06:59 +0200
Importance: normal
Sensitivity: Normal
In-Reply-To: <CAObGJnO6bn5xEpqPxc46HRh3v2BnmxbE0YXwfNv9BtQnNV9Mag@mail.gmail.com>
References: <AS8PR10MB742727BFEC71CB78468FB0E7EECD2@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <0145e095-e684-d2ee-58d5-41aee54a4b3b@ietf.contact> <2627.1718830718@obiwan.sandelman.ca> <FB01F359-84F4-4AAD-82F7-1CF2356DCD4B@redhoundsoftware.com> <CAObGJnO6bn5xEpqPxc46HRh3v2BnmxbE0YXwfNv9BtQnNV9Mag@mail.gmail.com>
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K1:EIPxKEnKQo7eDwBx0W4UgA8ToQXZKc0qka12/0pKFoTB1LuO1Fp6fs4LqvyAPmZcyc7lE ftSQYcEvpwe0zSUjqYFzvCBhtxJ5XwdnhCvc/FGhCBjqjL9CEV/7B4SqFBnKlkX5wuhwx4W0l96f S5P4deRXVaixQAsKoPqNelogqos/IZGLjsDQgPu50xDbhADI/fQUf4x1z2Qf1AfkcLT0qNZDhGJB jnxVlxKxA8BohfphTM79EktGJWjeZutHUFgxsRqm81dmWKnA0YkUKruHw11j7fsu96rbv/SdTBzt VY=
UI-OutboundReport: notjunk:1;M01:P0:YF111Drqukc=;eBAPQuUMfTFIeJQqzYYLdO4maIl g+tdzbKX1Eot1TxlAARYe9nZCtovgx4PMuzbhEqkwOtkwvP1L1YD/PE9dmi/ubw0eNLYq5J2s lSq6Ko7eUaWbahRy5bOCpzRN8JTUigj8Pf5+nfPNBwT4PN/k35Vcmr9/SXP9zxT+/rhpRqAgq udfaSa7Yjc1/9lcj+5eDRvsI4EyA2yI5IETxHZaO7F5c3I81AQKs4EwyaoxlZitujw8bF89YM hxjnmIZRZ9z1By2W/83KTs/nbaKcI/u9oRX3n86Kh6RpEuY6EhCCu30rnwl2zOqNG2B7rJGVD AbtoSmXhE8g9CoqrYrKtY1x9TgzgKBv/43AkE0yPuO1f4ZzDTd97+C+ECB7c1Up2E1RE6w6U/ gaWYoegPGtvlkGzesFPjNzUbb8E8hNjh+wOHrbjLyzos70QkqFkK+lzhoxcoPVcfI484Z9HV1 /DFA6jwRQta7DfccUZmoHmp5Dts3BD+fs6Ex/fQRKiiK3ls3i7cUnzYSNE1hjWNdHJ4/lsSRO yokzsxD3e2CcD0Rz6duuhnPQZiQK59XdVLVfrs+fJeNtyPaI5iepH0j4Qv23jFwWK5ZYrKUvw aAdFPoUln1VM3TjV9yNjbXBN58YVw9Ebd7N6pMSdD0QgSCvreVCSIWyt/pByenhSTAlBDTje5 jrUOk/YduuuAWGAZZbVzrJlFxptggesIKzR/Kc8kiqHsJORVmWVlu2KNbWqVLaE=
Message-ID-Hash: P45LCFAXT3DHZGF3WE3VMVSPCBUU7EFZ
X-Message-ID-Hash: P45LCFAXT3DHZGF3WE3VMVSPCBUU7EFZ
X-MailFrom: Hannes.Tschofenig@gmx.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Carl Wallace <carl@redhoundsoftware.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Henk Birkholz <henk.birkholz@ietf.contact>, "Tschofenig, Hannes" <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, rats <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: Hint Discussion in CSR Attestation Draft
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/S1S8S5zNYhjjCo_Ewl36KJMiXn4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

 
Hi Thomas,
 
thanks for this good description about the purpose of the hint.
I am going to suggest to have this text added to the CSR attestation draft.
 
Ciao
Hannes
 
Gesendet: Freitag, 21. Juni 2024 um 20:56 Uhr
Von: "Thomas Fossati" <tho.ietf@gmail.com>
An: "Carl Wallace" <carl@redhoundsoftware.com>
Cc: "Michael Richardson" <mcr+ietf@sandelman.ca>, "Henk Birkholz" <henk.birkholz@ietf.contact>, "Tschofenig, Hannes" <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "rats" <rats@ietf.org>
Betreff: [Rats] Re: Hint Discussion in CSR Attestation Draft
Hi Carl,

On Fri, Jun 21, 2024 at 8:24 PM Carl Wallace <carl@redhoundsoftware.com> wrote:
> On 6/19/24, 4:58 PM, "Michael Richardson" <mcr+ietf@sandelman.ca <mailto:mcr+ietf@sandelman.ca>> wrote:
> <large snip>
> ht> In the CSR attestation draft we suggested to use a hint,
> ht> i.e. information that helps the relying party to select a verifier
> ht> that can help process the evidence. Since this hint will not be used
> ht> in all deployments, for example in deployments that only have a single
> ht> verifier, this hint is optional. As such, those who do not want to use
> ht> the optional hint do not need to look at it. For the other use cases
> ht> it provides value. Hence, I don’t really understand the objections
> ht> and I don’t want to remove the hint!
>
> I guess I've lost track of who and why this is being objected to.
>
> [CW] As an attester, how would you populate the hint field?

That may be information that is injected at manufacturing time into
the device and updated via its device management infra. An example
here [1].

[1] https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-22.html#section-4.5.1" target="_blank" rel="nofollow">https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-22.html#section-4.5.1

> As a verifier, how would you consume the hint field?

You wouldn't. The hint is a routing label that is used by the relying
party to decide which verifier to contact for handling this specific
piece of attestation evidence. When evidence reaches the verifier the
hint is no more.

cheers!
--
Thomas

_______________________________________________
RATS mailing list -- rats@ietf.org
To unsubscribe send an email to rats-leave@ietf.org