IETF Logo Mail Archive

[Rats] 答复: 答复: use case document updates on Roots of Trust

"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Tue, 17 September 2019 02:21 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A4C71200D7 for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 19:21:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3pyc3PubbE59 for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 19:21:48 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42E151200F4 for <rats@ietf.org>; Mon, 16 Sep 2019 19:21:48 -0700 (PDT)
Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id C6FAF85ED4BCAFB3B412; Tue, 17 Sep 2019 03:21:45 +0100 (IST)
Received: from DGGEMM404-HUB.china.huawei.com (10.3.20.212) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 17 Sep 2019 03:21:44 +0100
Received: from DGGEMM511-MBX.china.huawei.com ([169.254.1.135]) by DGGEMM404-HUB.china.huawei.com ([10.3.20.212]) with mapi id 14.03.0439.000; Tue, 17 Sep 2019 10:21:42 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: Carl Wallace <carl@redhoundsoftware.com>
CC: Laurence Lundblade <lgl@island-resort.com>, "Salz, Rich" <rsalz@akamai.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: 答复: [Rats] use case document updates on Roots of Trust
Thread-Index: AQHVZkiAoyvOdUUcvE+GB+JTLAoWhqcjT1WAgAAfeQCAAAi6AIAABZQAgARrVYCAADiRgIAEmqqAgAEFdwCAAVVasP//k1qAgACGwDA=
Date: Tue, 17 Sep 2019 02:21:42 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13E8F7902@dggemm511-mbx.china.huawei.com>
References: <4155.1567948986@dooku.sandelman.ca> <64BD12AA-951A-468A-9F08-D442054605AD@island-resort.com> <de6ff852-062d-805d-3eed-10aca60502b2@sit.fraunhofer.de> <CAN40gStH5jUCJeVggREr3ABoFw7K97F=KtoJOSR_X+LWNLB+JA@mail.gmail.com> <CAN40gSu13DKkyahHA3_Cbt5j7Gsh=uGh5ic7fS3AvDGP3K1cug@mail.gmail.com> <5276.1568315351@dooku.sandelman.ca> <92137679-7DEA-42AD-B8D1-F3B909C77459@akamai.com> <BAA4C3C3-C98B-4BA7-8C89-A169DD99EF86@island-resort.com> <D9A4F66D.EB1C1%carl@redhoundsoftware.com> <C02846B1344F344EB4FAA6FA7AF481F13E8F7836@dggemm511-mbx.china.huawei.com> <3BB4DD7C-B19B-40D0-B6DD-8976ADE85EDA@redhoundsoftware.com>
In-Reply-To: <3BB4DD7C-B19B-40D0-B6DD-8976ADE85EDA@redhoundsoftware.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.159.76]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/S1Vmkwi1tr5fJQnpa-OOUOPf7qU>
Subject: [Rats] 答复: 答复: use case document updates on Roots of Trust
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 02:21:50 -0000

Can you give some other examples?

-----邮件原件-----
发件人: Carl Wallace [mailto:carl@redhoundsoftware.com] 
发送时间: 2019年9月17日 10:19
收件人: Xialiang (Frank, Network Standard & Patent Dept) <frank.xialiang@huawei.com>
抄送: Laurence Lundblade <lgl@island-resort.com>; Salz, Rich <rsalz@akamai.com>; Michael Richardson <mcr+ietf@sandelman.ca>; rats@ietf.org
主题: Re: 答复: [Rats] use case document updates on Roots of Trust

The definition of a trust anchor does not limit the scope to certificate chains. 

> On Sep 16, 2019, at 8:51 PM, Xialiang (Frank, Network Standard & Patent Dept) <frank.xialiang@huawei.com> wrote:
> 
> Hi Carl,
> The other big difference between them is the object they deal with: RoT is for integrity measurement value chain, CA is for certificate chain.
> 
> Hope it is helpful.
> 
> B.R.
> Frank
> 
> -----邮件原件-----
> 发件人: RATS [mailto:rats-bounces@ietf.org] 代表 Carl Wallace
> 发送时间: 2019年9月16日 20:26
> 收件人: Laurence Lundblade <lgl@island-resort.com>; Salz, Rich 
> <rsalz@akamai.com>
> 抄送: Michael Richardson <mcr+ietf@sandelman.ca>; rats@ietf.org
> 主题: Re: [Rats] use case document updates on Roots of Trust
> 
> I took Rich's statement to be more from a relying party perspective and your detail to be more what one might find in a policy describing nature of the root of trust, which is not that different from how one may describe a trust anchor/CA in a PKIX context in a policy that describes how a CA are operated, etc. Two sides of the same coin.
> 
> On 9/15/19, 4:50 PM, "RATS on behalf of Laurence Lundblade"
> <rats-bounces@ietf.org on behalf of lgl@island-resort.com> wrote:
> 
>>> On Sep 12, 2019, at 3:31 PM, Salz, Rich <rsalz@akamai.com> wrote:
>>> 
>>> I do not see a meaningful difference between "trust anchor" and 
>>> "trust root" and "root(s) of trust."  All of them:
>>>    - Are pieces of data (certificate or key is not meaningful)
>>>    - Used to verify something such as a certificate or signature
>>>    - Are trusted by the application, based on actions that are "out 
>>> of band" of the application itself
>> 
>> This is not how I understand a root of trust, nor how I think it is 
>> generally used in the TCG or TEE worlds. I think a root of trust 
>> involves a CPU, memory and SW that actively does something like boot 
>> and measure a device. There is usually a boundary around it so that 
>> other software on the device, like the high-level OS, can’t corrupt it.
>> When it is doing reporting as in RATS it will have a private key that can do some signing.
>> When it is doing trusted/secure boot, it will also have a public key 
>> to verify the software it loads.
>> 
>> LL
>> 
>> 
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email