IETF Logo Mail Archive

Re: [Rats] TPM background for RIV

Guy Fedorkow <gfedorkow@juniper.net> Tue, 08 September 2020 12:57 UTC

Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D27C43A12A0 for <rats@ietfa.amsl.com>; Tue, 8 Sep 2020 05:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=XF4reV4g; dkim=pass (1024-bit key) header.d=juniper.net header.b=SZuGN9ub
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BPdUcFTgx3xJ for <rats@ietfa.amsl.com>; Tue, 8 Sep 2020 05:57:42 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3E903A12AA for <rats@ietf.org>; Tue, 8 Sep 2020 05:57:42 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 088Cvcth008114; Tue, 8 Sep 2020 05:57:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=Hr2hFFK19WSwAiiaKyCohESEj3szpOF4lANFCcgi9BI=; b=XF4reV4gg+oPKmpz/I5UZwhT+eY5CFdZHuAJ2ftxqiQ7sFP3C3WrLBnRZDWAxWIEJZLW v6kLaOp8sFfRHpNxJCDKeihELpwa52QPPt9eluQ7YOSM7nihUYjC/rxfhcHfPkwOecTB kBQ/TRjpYVhz8nQPtZwC6bJ2sw4Pqp0dtGKTT/hnxhOab1njsFwzaQVh1S6tAktfoZzo iggtAFK9kCBZDbnvuvYbSx1+KCWkA1ihSmi/Q9WeoiGtBPQfxRZxQo6apKQ1U8OUQidO y+N9qDPqSAPLzzdiH2RbGq/pIhkifVLLRiSxqU+5mb3eDzsJsnWX/6t0pxdda7sP5Gnx sA==
Received: from nam02-bl2-obe.outbound.protection.outlook.com (mail-bl2nam02lp2059.outbound.protection.outlook.com [104.47.38.59]) by mx0a-00273201.pphosted.com with ESMTP id 33dk7hsr8t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 08 Sep 2020 05:57:41 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YkrFpLAp9gsRs/PdnGFxpdxORD+KG9KJz0dgmHi8oPMcpYIWbxfxZ9M7aPS6ccDPUER1xlJWKRG+UZKClmkp/DOu8eJCJi0/qf3bhpMrdrRCqc5Q/QPf3FOhx+fSwbkguLGNVCn5blIrugDqSzzbwj5N/ENXiKktKIn8W5B2XQRg/9dfSjvXtRbHa8/dHpJS8lm4GhmlokTeNr+rprWBqGIJW4nks8TxmV9Jrk4vyXvhAF80ztE6pIC01uyoy2eDebkSg8hRdXcrJ+VPzOOmThAI+a9BWOBYR3DiNOrImYFN/mDwT019pPcO1FTUO/QG4P1OdKDJr1elplJA5ia5iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hr2hFFK19WSwAiiaKyCohESEj3szpOF4lANFCcgi9BI=; b=i2u0XIJUKiW5MkhjSVdOxRUaOl/3myhDsOwiDrtQAgKN5BaLBRayJYJEioyE7LCHLyfIyX7zvCj1tMs3UuyVSSiyNAJMLji/8EH9KnK0RXDEatv66zajVEG4wmeGyxj+rEleH3cyC6cMlE6ISt6Sj0lEdNW/keEDaUG1Ry57/8Z7sDDaMLav5rEZ9SS1VxLV70X1R3QhFEyrOWQvQXg2xn0NW7WNeC3AKzcREHdsYR0LZ/StiipMHQ7SsGCqdCP25kU1379Qoou0fXAaAFb3sXEnXRZeomq7SAy9okNNoQnVjkFSO6MoGu71Ft5qCxNLgDz4HujVzPyN8CIlVODKzQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hr2hFFK19WSwAiiaKyCohESEj3szpOF4lANFCcgi9BI=; b=SZuGN9ubFPc26JrkdSodOwCUuC4KFQXvtZHh3ThMEFv/j6yv/vGDtxXkxNA40mK7MV5B6GJ4meMYzPR7JdOjrlQW+W5CH4h9M41w/EhRs51eQz3tn9QgQc1UPd0xMMcWMBAqcQPiJeMZ7ID7JiCL4djON5P+waOZsMM7F7bxRdc=
Received: from DM6PR05MB6889.namprd05.prod.outlook.com (2603:10b6:5:204::22) by DS7PR05MB7349.namprd05.prod.outlook.com (2603:10b6:5:2c7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.7; Tue, 8 Sep 2020 12:57:33 +0000
Received: from DM6PR05MB6889.namprd05.prod.outlook.com ([fe80::951c:3bee:1ef0:7e1c]) by DM6PR05MB6889.namprd05.prod.outlook.com ([fe80::951c:3bee:1ef0:7e1c%2]) with mapi id 15.20.3370.016; Tue, 8 Sep 2020 12:57:33 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: Michael Richardson <mcr@sandelman.ca>
CC: Ira McDonald <blueroofmusic@gmail.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] TPM background for RIV
Thread-Index: AdZ7FCxmPJt+FRfUTmKTg8duYuoerAADxjaAAAL6pYAADeL4AAATAFYAAABjigABuI2sgADSBPNA
Date: Tue, 08 Sep 2020 12:57:33 +0000
Message-ID: <DM6PR05MB68896AEC22B8227D38EF0140BA290@DM6PR05MB6889.namprd05.prod.outlook.com>
References: <DM6PR05MB6889971FB32A359EFFF85D21BA570@DM6PR05MB6889.namprd05.prod.outlook.com> <CAN40gSuS_5skTXE-g1UpeaqO2Ms-QXSG2Jhs7npXf8MgBV001g@mail.gmail.com> <19865.1598394565@localhost> <CAN40gSvibdR2S3Q9KzyU2=6Q8-6_WHdRRj5S5tMGRUAJCSvxUg@mail.gmail.com> <28707.1598451066@localhost> <CAN40gSvePkMps8nvHwUH4GndxOcDgRRSb+oPeQy-90fn98q9TQ@mail.gmail.com> <EC0128FB-C4A5-473D-824A-DD340569EEF1@intel.com>
In-Reply-To: <EC0128FB-C4A5-473D-824A-DD340569EEF1@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-09-08T12:57:31Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=954477dc-0472-459c-886c-094e0e09aaf9; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [24.61.11.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 8017f267-0a34-4ccf-ad6b-08d853f6c0bf
x-ms-traffictypediagnostic: DS7PR05MB7349:
x-microsoft-antispam-prvs: <DS7PR05MB7349428AF95E802B253DA1C9BA290@DS7PR05MB7349.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tJzh6OJXHeQ3a/KuxJDsfRCt3LtAF5jR99Az19dyjQXhgMktS1MLskvu1fWUWlB4XQdMWe3Jex78YtItK90tWHZmQ9XuZGzAtgd1Nj4ElLnB2dk1eAcLmRP9o/5CbBf3NuNoGc/v/rdF8Pn/+AatRmCWqFUzlq7eSu7rFwgP8dtZT7PXqwMmlr6CcyldfJ9+2gg3FNXLm76zfa/RwLRJcp49Gig6nYzkxHTvuXVofUX+/a5oZZIsaXdBSXqutg6R7wOPhLShC/YG449EhkZE+3r/nFhrwD/l7DI/vKnMb2A/sL44kHPXEdWcx6niiebsZnM6mfkf7fUVf6Dr9TldGokZaIt2JQxyNorYwzbzVc+AJSGzw3HocuA6RocG6pPbd1Ru5gGE+kTOH4IlZoddqu1f6xYZPanq7rjFIbNbGNlXwl417GzySRjLSlN5hL8wgQyyVUOORCtqRSHMb/RELMbdjcbyXQWRR8vy/mcbaFmn4cNF5RY29M/t9Jqqm2T6xQV7T7CUqlMAWDNyFsQfKA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR05MB6889.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(376002)(366004)(136003)(396003)(66574015)(8936002)(9326002)(19273905006)(33656002)(83380400001)(166002)(8676002)(6916009)(55016002)(4326008)(9686003)(99936003)(2906002)(966005)(54906003)(316002)(76116006)(66946007)(53546011)(478600001)(7696005)(6506007)(186003)(26005)(66446008)(86362001)(66476007)(71200400001)(66556008)(52536014)(5660300002)(66616009)(64756008)(15398625002)(43620500001)(563064011); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: doboHOhtMFrgMP2T9nWy5U9UXkVSj7H/73QR3GjVLD0NTGJLt219Sc5Fc6+wzmTbjEOhD+2PXt6mpm5HkGKFk3h7Va9IZud2fGPQyonc6a5ZC3TVPiMpSGD64WyuU1sTTiEYF+zfobQKTtJwhkdwvDbw7VvyaxQscz27QglQ17HkD6P2Ri4MbBPcHD9q7tedyj3vkdZsnod7ST9bHDbg66p13rZAS2bfI5MpP6X2f7kXiSGCmNhkYzU5LEeW9j2KfqU02essd2c4UR4Aco+bp7P2uDA0BYmVEKx3E4RSAXWz0IqPV6i6QGLO6klqPZm17lN7Bhnps+O63PTuN20DU8Nk7aIb/SNjp7WaDC68EP11oZI6KkBUwcw/r8gFpGyfrHZZYvzKWbu9hwxSDmVEtUHNDZ6T2y2ClC8STMiEkvCvJc9y3KOx2J1D5aUpH+wmdW3vHGt9305shmmIM95Pr+CIkfJwQyTuhiQNqpxLxu2h+bXENjS389n+Vl+e/IyhBDAY+UmrPTB+0hxOVHzzB3E2BgGVuMpJcnYHsMHrXnjfGtCcstp04KatJnN3IxIdGnb1gNinC7nJOxbDf0BZ+NwkmC69T8c1ZCRFFKRFIygwzPt5iP0ycvLO+ywYUm6ceHPbnJ36PLRh/yzpIH6KZA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00B1_01D685BE.1682CE40"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR05MB6889.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8017f267-0a34-4ccf-ad6b-08d853f6c0bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2020 12:57:33.3342 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sxKC/HyO10gNDp9rZdbRghnrOOug4T0sGZx/6RtCSr7hs8NwcP3iwz4xjg6ZfgXHW4ywD9hKzeYSPog/HMkPag==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR05MB7349
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-08_06:2020-09-08, 2020-09-08 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 bulkscore=0 mlxscore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 malwarescore=0 priorityscore=1501 spamscore=0 phishscore=0 impostorscore=0 clxscore=1015 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009080122
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6_Yd7y4Ucykg7ihad0F0WtbUJVo>
Subject: Re: [Rats] TPM background for RIV
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 12:57:53 -0000

Hi Michael,

  Sorry for being slow on this.  I agree with Ira, that the RIV doc could
not qualify as a TPM Profile.  There's a lot of in a TPM; to make a profile,
it would have to all be sorted into Include and Exclude piles.

  Although I don't think this is the crux of your question, many of us have
shied away from specialized TPM Profiles for business reasons.  Staying in
sync with PC Client has enabled everyone to benefit from enormous production
volumes.

  But let me know if I'm missing the point of your question.

Thx

/guy

 

 

 

From: RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> > on behalf
of Ira McDonald <blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com> >
Date: Wednesday, August 26, 2020 at 7:22 AM
To: Michael Richardson <mcr+ietf@sandelman.ca <mailto:mcr+ietf@sandelman.ca>
>, Ira McDonald <blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com> >
Cc: "rats@ietf.org <mailto:rats@ietf.org> " <rats@ietf.org
<mailto:rats@ietf.org> >
Subject: Re: [Rats] TPM background for RIV

 

Hi Michael,

 

The TCG Network Equipment WG could develop a TCG-approved TPM 2.0

profile for network equipment.  The IETF RATS RIV spec could not be that 

official profile, under TCG rules.  It's also not structured in the proforma

structure of a TCG profile.  For an example of that structure, see:

 

https://trustedcomputinggroup.org/wp-content/uploads/TPM_2.0_Mobile_Common_P
rofile_v2r31_FINAL.pdf
<https://urldefense.com/v3/__https:/trustedcomputinggroup.org/wp-content/upl
oads/TPM_2.0_Mobile_Common_Profile_v2r31_FINAL.pdf__;!!NEt6yMaO-gk!RakfIGcck
cPjqLYyrPS4mLzCJMXspXlhuBofV9rKb9S3qJYOB9_zfwLwepOIecp8vA8$> 

 

Cheers,

- Ira

 

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG

Co-Chair - TCG Metadata Access Protocol SG

Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
 
<https://urldefense.com/v3/__http:/sites.google.com/site/blueroofmusic__;!!N
Et6yMaO-gk!RakfIGcckcPjqLYyrPS4mLzCJMXspXlhuBofV9rKb9S3qJYOB9_zfwLwepOISGP2H
qs$> http://sites.google.com/site/blueroofmusic
 
<https://urldefense.com/v3/__http:/sites.google.com/site/highnorthinc__;!!NE
t6yMaO-gk!RakfIGcckcPjqLYyrPS4mLzCJMXspXlhuBofV9rKb9S3qJYOB9_zfwLwepOIKj6U-8
Q$> http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com> 
(permanent) PO Box 221  Grand Marais, MI 49839  906-494-2434

 

 

On Wed, Aug 26, 2020 at 10:11 AM Michael Richardson <mcr+ietf@sandelman.ca
<mailto:mcr%2Bietf@sandelman.ca> > wrote:


Ira McDonald <blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com> >
wrote:
    > Sorry for the confusion.

    > No, the MCP doesn't forbid PCR8-PCR15, but it doesn't prescribe
    > their usage either.  No impact on RIV for network equipment.  I was
    > merely noting that TPM 2.0 Library is largely silent on specifics of
    > PCR usage.  And there is presently no TPM 2.0 profile for network
    > equipment.

So, could RIV be that profile?


--
Michael Richardson <mcr+IETF@sandelman.ca <mailto:mcr%2BIETF@sandelman.ca>
>, Sandelman Software Works
 -= IPv6 IoT consulting =-

 

Juniper Business Use Only

v2.23.0 | Report a Bug | By Email