IETF Logo Mail Archive

Re: [Rats] Attestation Results for Connectivity (was RE: RATS Digest, Vol 35, Issue 24)

"Eric Voit (evoit)" <evoit@cisco.com> Tue, 27 April 2021 14:33 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F8B93A0CB3 for <rats@ietfa.amsl.com>; Tue, 27 Apr 2021 07:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.618
X-Spam-Level:
X-Spam-Status: No, score=-9.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=RjXN7sD7; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=egO4pios
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CebpbB3WGKfd for <rats@ietfa.amsl.com>; Tue, 27 Apr 2021 07:32:59 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E37A93A0CB7 for <rats@ietf.org>; Tue, 27 Apr 2021 07:32:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14823; q=dns/txt; s=iport; t=1619533978; x=1620743578; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=SjrdJroNvKyDYIKSP3GySED+1v+fRCc9N9c+lTGa5k4=; b=RjXN7sD73aOmLGHhlM7pJIOwXkweUQo2BuoIqXhjXqyzD4Sq/t84320w 6yqb7CQGiXjmo1BBMqS9RoqneXJZ7zJbXJoHPCVp1dW4J+Lc5dHDbjit5 hV3CyDNkPLGhqBfcsjynKJQ6Aawdfivj5E8hy9xB0UWDDStooV/L83Afj g=;
X-Files: smime.p7s : 3975
IronPort-PHdr: A9a23:3BQQMBdEPJeJtrXp9GY/JGY6lGM/T4qcDmYuwpM6l7JDdLii9J3+PUvZoO9gl0LNQZ6zw/5BgvDd9aHtRWJG5oyO4zgOc51JAhkCj8he3wktG9WMBkCzKvn2Jzc7E8JPWB4AnTm7PEFZFdy4awjUpXu/vjIXEw/0cwt4OuqzHZTd3Iy70umo8MjVZANFzDO2fbJ1KkCwqgPc/skbiIdvMOA/0BzM93BJYO9Rg2hvIAH7og==
IronPort-HdrOrdr: A9a23:Szd1cqNmIOI1z8BcT4Lx55DYdL4zR+YMi2QD/3taDTRIb82VkN2vlvwH1RnyzA0cQm0khMroAsi9aFvm39pQ7ZMKNbmvGDPntmyhMZ144eLZrQHIMxbVstRQ3aIIScdDIfX7B1RikILe6A63D94vzLC8gd+VrM31pk0dKj1CQadm8gt/F0K/Gkp5WAFJCfMCZeShz+BAoCetfmlSU9SjChA+Lqn+jvDotLajWx4JABY79BKD5AnJ1JfWGwWVty1uKA9n7qwl9QH+4mnEz4Wl98q20xrNk1LUhq4m5OfJ7vtmKIiyhtMOKjPq4zzYJLhJf7GZpjg6rKWOxT8R4aPxiiwtNchy9H/dF1vdyXCGtmWQs0dN11bYxVCVmnflq8DiLQhKdvZpv55TcRfS9iMbzbdB+Z9LxG6Qut52Ch7NjU3GlqD1fixqjUa9rD4el/cShRVkIPIjQYJWxLZvmH99IdMlJmbX+YonGO5hAIX3//BNa26XaHjfoy1G3MGsdm5bJGbEfmEy/uiulxRGlnFwyEUVgOYFmG0byZ47Q55Yo8zZL6VTkq1URMN+V9M+OM4xBe+MTkDdSxPFN2yfZX79ErscBn7Lo5nrpJI4+f+tY55N6JcpgpzOXBd5uAcJCgfTIPzL+KcO3gHGQW27Uzio4NpZ/YJFtrr1Q6euPjaETFwojsu8s/QSCsDWQJ+ISdVrKs6mCVGrNZdC3gX4VZUXA2IZStcpttEyXE/Los+jEPytisXrNNLoYJb9GzctXW3yRlEZWiLoGclG5ke3HnvxgB3bXWLxalXylKgASZTyzqw28swgJ4dMug8ahRCS/ceQMwBPtaQwYQ95O7PokqSyoGGs5mbW52B1Oh5QZ3wlpInIYjdvn0snIkn0ebEMt5G0YmZJxkaKIRd5UofLCgJFvk92/qi2NpSUwignB7ucQzqnpkpWgEjPY4YXm6WF68ugR4gxCYw+XrdtUS/REQZupApsoGBfSQMNS0PFDAnygaG9gJF8PpCFS/BMxCOQZe9dszb2qFiVr8BHfAprYxeeFeqsxTsIaxURrFtr6KMbiKeHgl+UWBsCqdV9FkZNZmSRCK9BFyKfauxv6+rWUTA1a3uWjjqHjBx2XWzm+ywp9zDcBBzRX+3XCVxAvX0d6ILWyRdfc2WQeF8YUAEmjaR0CXnGtnFv0eWCe6q01C+LZkEfx/wGWQu1Ewc6Jhlv3uaz3BWYnSzqLwRU+rw+euPaF7gtaLfVxzekL5CJj7gPG7tO8I9iL82GiJ5GbcuPPwuUJij/EeUnxkicoWskIjB9rBAf4LnV8Qyg6Gizx3gkB/XOZFxgWrEAOtmZq2zpXeyB3pk8jdU7u4KLQyjMQ8/DzaHcdDhYLBzP5WawUuEzsJhR+bsoq6EbJeiTbRLYkHVcmBkuJsb9k00TBKx9/bDaI4dqO8gfYThQ8FYlnMmGRXFb/TDeE6s7ZxUgnnXbN9SG7/7Tpb0jDlaIqQHwNVOcmhcttMvtTm+Gz/oXGqgwKWNZZAwg83xk5vqFbJCVBwOwde1PlWDKfEOVYftYUuyCFroRpBohvI3NkO+Taibi2Aff+TF8OblD9m67QcW0RAKAcNQ4hOCSKBCJmO+t5sX2kTL8DT28YE4cjZdedUMRYt9Y4wNSxLEfw2y3UOjvvkkhk1FC+jlpmV7mx5i+7A7gbDV7GBycho8TQCJaPXeJh9nU6OSU1Hzy5z5exJnIfX0gCO1mCpwXVYj4LyBnNMgWsvqp5sMU81F+XCs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CUCQBHH4hg/5hdJa1agQmBV4EjMFEHdywuNjELiAADhTmIbwOHfoxPhHaBLoElA1QEBwEBAQoDAQEyAgQBAYFbgnUCgXsCJTUIDgIEAQEMAQEFAQEBAgEGBHEThVANhkQBAQEELRMBATcBDwIBCBUxAjAlAgQODQaCZIF+VwMfEAGeRwKKH3iBNIEBggQBAQYEBIUhGIIMBwmBOoFTgSaECYJfg3YXEByBSUKBE0OCXz6EKhoMLIMTgiuBTxoqMQ44KB0mMDBPgRIrngSdFQqDEIEig2WCd5U3EINRoUGQCoUfghOhPwIEAgQFAg4BAQaBVgE3gVlwFYMkUBcCDo4rFhWDOYpcAXM4AgYKAQEDCXyLAwEyXQEB
X-IronPort-AV: E=Sophos;i="5.82,254,1613433600"; d="p7s'?scan'208,217";a="619621663"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Apr 2021 14:32:57 +0000
Received: from mail.cisco.com (xbe-aln-002.cisco.com [173.36.7.17]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 13REWvwD005496 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 27 Apr 2021 14:32:57 GMT
Received: from xfe-aln-005.cisco.com (173.37.135.125) by xbe-aln-002.cisco.com (173.36.7.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Tue, 27 Apr 2021 09:32:57 -0500
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xfe-aln-005.cisco.com (173.37.135.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Tue, 27 Apr 2021 09:32:56 -0500
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Tue, 27 Apr 2021 09:32:56 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LQ4qEC8h+yeOgdFCjwBuHCvqsatDrPFVuiJP42X5bxeMU6M/PN/9Xcmpcr7+pFMnGGcW0cKdfMFRUT98YzKm9/AuvGv3yX9q8VwcHuZb4KQQMfjGeR5WXPTugKxTd6Uk4kxhkmUfRGbf/9KGy1trJov5D8VBLQsiFX2pikG0Yh3FEgFliAzmUHjUEgScMGGV/EBFiAIwPSqcFJmtn3DacDqyt44mPaCxe5oo9TIOO5pOj5h7YYOlvFufkxORpv3NJYBxKTQN0diAIKt/2zUP0xa97VodLisxXsJh3XQ6YfAYzIWnz5FtqJm7GnMzwcgfLw1gROtRASdy+LvenWiVig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p/F931iRHNzukuE8WNQDMmT7+gzkaH8CG619hjouzbU=; b=ASTTJ/jQgfwF4G3dJ6J2ZUSVXcTr/yHBs91ZC/GkmyZjwDy5ZLTsprsJTCBQUBiRiauEw/TDMj8FVPlyNpkrAD6Rg4y7RkZCC/Lf52/Yz+1aSWXxRl+fspdEgES3WicK+JI3gfXRm5wz9BKdrc/OTyl5ckzXSJgoOookz6Xmn/DbtJaa+oENUGP4uYJIGzBU9MUlthMJbXNZuugmqhZKaKIU3dVnXt2cslqgcH6kyre8tFJFu7NQbZwPLAEKAQPNbqW35nOtrHvkFQAeGgXQRxiPcPDKwL3bb/rHj2CohO3sAU4YFzxtnTBNrgrrzsLCA11FXxCodvKSm46HMDzMGQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p/F931iRHNzukuE8WNQDMmT7+gzkaH8CG619hjouzbU=; b=egO4pios54PORml14vqzgX/q87kXX2DRc++o/hcRO8ZqOX001mqj6FU4ddU9B0DQqP8S9RjeISj0D3I4atONNUSSPL8y2qpXb4zuNi1LtE5n2/Gdtkuer+ZLug0VHKHKoE/J+PknsJRdswwqj0LJxCggrpczrXTJxPEL1h4VP0k=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by MN2PR11MB4352.namprd11.prod.outlook.com (2603:10b6:208:18e::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.24; Tue, 27 Apr 2021 14:32:55 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::f571:5dd6:fe20:3ab0]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::f571:5dd6:fe20:3ab0%4]) with mapi id 15.20.4065.027; Tue, 27 Apr 2021 14:32:55 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation Results for Connectivity (was RE: RATS Digest, Vol 35, Issue 24)
Thread-Index: AQHXO20iR9Pq/NHo20aOhUW6mXpsPqrIaNpA
Date: Tue, 27 Apr 2021 14:32:55 +0000
Message-ID: <BL0PR11MB312235650B3093078C862DC0A1419@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <BL0PR11MB3122968A083C121DF9658CEAA1419@BL0PR11MB3122.namprd11.prod.outlook.com> <BYAPR21MB17367913BDC36DB4B56F8CB3A3419@BYAPR21MB1736.namprd21.prod.outlook.com>
In-Reply-To: <BYAPR21MB17367913BDC36DB4B56F8CB3A3419@BYAPR21MB1736.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=dd871adb-83c8-4d63-878d-7a82633b9e79; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-04-27T13:52:53Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [108.18.141.61]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3c244673-915a-4c11-a6c8-08d9098958c8
x-ms-traffictypediagnostic: MN2PR11MB4352:
x-microsoft-antispam-prvs: <MN2PR11MB435276B4346868A2018EB1ADA1419@MN2PR11MB4352.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2657;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uUTXcymR0Ps4Hb+Od3zwJDI+nF3WmRsi+wTPuAMBgvEMSVVFSvgxrnXV/6TaVLF7JhmStVRkWj3KxBQ4mL86pRqfjDAutKH3kCTiKYfg2e+N7lMOB71uSA7sqlF69iDbyA8CCguzNzXaCnq3vQSfpwnDx/4dZigrGNls+kBoFDb7jeuhL11mG8yuzPTxWwqLOJCOQCBq8Y9BGbjb9OZVVCGcXSZsxqXKMuvDoC4K2A9NV4h5LWvTd6Tcvm85pxcVRj7OGl2sgDgblQdSx1jPq/J2IbPUKc4CY59GJI46YlxKFnHnL/G9im/a4IZ3zIvjkyKnqiwiyfQIRnp++y2f3fWXG0iBGT+Ctec0OAri9glgsEAz5HgAIJH0v7uHaIfiHuR2+XT6/VarFzNcqnyGdUSoGMIHUuVml4WvDspRmQYc2WI5JFOj7tWK9VzAIoZC0XGUKt9h466LEFO6Ai9AkA9KwS+aXFVoTPgJgWIAkBwHRq2sp5rXmzlUThSPUjvIaC9f8KNVaSbZGR8GCtG+uac6dJKzzCBZoPgKY8b5PkRFaSWymPoAst5DiLx0IZTOjLIFlirWPPAf3YU8OUi0zebkva9d5wOU48PsVZb123o=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(99936003)(4326008)(33656002)(66616009)(186003)(38100700002)(71200400001)(6506007)(7696005)(55016002)(8936002)(2906002)(122000001)(83380400001)(8676002)(66946007)(26005)(86362001)(76116006)(64756008)(9686003)(5660300002)(110136005)(66446008)(498600001)(66476007)(66556008)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: hZnIOfVgOK4rpdd8C8FtJotgHeYPMYpspKrx48g3H50t1B9ItvqmXTZ45X5v1LmgS9x0nnSDj4EbSjOd9Dywn1woFr4yi/xyYBa4VXApjANPXIhQhOPS5Cru8FYYmuZ4guHiJZV0tll09RAPS+E4suwwh3wn5xR7yZGdf6CipF2o9Kd9sKCqo/5TBKTfCdNZTEjyv/dPTTFNwV+ZYAQK4pG6W/StpuvkL9c9oWSp9jDFyBR9ND7N1cswOFhYKJsRJxHVg6ZYBvj0uIg/0/e7bu5Y/7Gokicjo2pPcwxc3nJloTiu8ZWaRrnl/x0sL3XhtY/FXjXQmorK2Cektt9NY84jySWv+lgmOFBZHHMlW7d8iSPos7OJ59erTzJG9cUCzpnBD99c34kIdLP7JCe0uGmeDraYCyTD2HGe/Z/yGMhldsswsoE2de5m2FNcNMhvtJQ5ytKYjBIddvXh6uAr/hdNGKqeHyz1n3mnoE3Y1hZiGgzN3KcyGfC+PyDKKMHl1mR/QMSUD9LhisFVacFnn/5y5zy9x1Fx4166MS9tIRvYbpvZyD8xLy/7A+nr4KIQ576vKazc+OLwYqIB9fonuef2hw9purdua/HTjXINAgD+GP2ruMUm4y/5uoKz5Fx5rUNU+XUT20l0vp62/SY1/oDCZNGh3zF+hfkuJmy3U64rekeMp+d6MiQ/XMNLPGsz1YcX9ubCN0YbyLVuOoeql0B871ggPBv8klILxWcG0QPHxYDGUyBi/fl+f+XFHe6+xnjxawWb9V33y1u0tXb4wfII2mrM1MHWKyW/Dx+jEmhiGRWwODrfi/oT/7/yR9ddkCy6BgpVd0qRtPIkuPjUvt7i8G1JCbV8oRLgkLpTKdfhG/+LH31MPavirXb9xbQYmrvpIGIUoUCc5BlvhjwQxgP6ko5uiAqifVtHMeym4+zr334O87/NVpBhSeDy6H5gPmOKcBcF28MF7johdY+xgWRK1Si4IU8IcZMyO5vy+P/APRBoLGuESxucwTkbVtQx6EOmpTlHSFa2ZhDDYU3Xu8Vehh9hF0DcSgIuhDIn7brClEk/PjOPK7KTaIyqFMGyQJ04ouFjWvDvBFiaqQ1jp5SG8dYcevvtOGADnhenFHQarM3N+L8tots/sFp6KxvqzAVL6m6j+ez+4oFRMboY1X88ikp2eDSBsCQYsy0tRrrAyRK22MWh9ZKlIJoD9Ae/aZzpf/hLjjGS6R3inQjtRnTPT8JLoYUlLqxC+F3wg3a5s3/eWY2gng0pJvujfL69RIlg7OskI5zfrkqweyBj9aIvYQezjsD4fS2pWVoBFguK7+tOeqKHs8Z8ue/LXMjb
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0088_01D73B50.AF703D70"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c244673-915a-4c11-a6c8-08d9098958c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2021 14:32:55.3590 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MZr4JmlqVbjpiSjaLUdayhXaQl++F5HSbF/VYnb4HUWJwOcNKy27HHkrTuXgrqtl
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4352
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.17, xbe-aln-002.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Td0_dWZqeXSmqxbtm-Ie322p8X4>
Subject: Re: [Rats] Attestation Results for Connectivity (was RE: RATS Digest, Vol 35, Issue 24)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 14:33:04 -0000

From: Dave Thaler, April 27, 2021 9:56 AM



[.]

[DT9]: Does this mean that the Verifier can authenticate both the hardware
and the firmware? 
[EV9]: In draft-voit-rats-trustworthy-path-routing, we broke out hardware
and firmware.  However I was unable to find a real case where a customer
might be good with the hardware being ok, but they were not ok with the
firmware being not ok.   So from the perspective of the Relying Party +
Verifier B, if Verifier A finds any issue here, then flag it.   In general,
it is useful to collapse failure states where the Relying Party + Verifier
will take the same action no matter what.

 

>From most practical perspectives F/W==H/W as the latter comes with implicit
trust

 

Agree.  This is why (from the perspective of the Relying Party) it is safe
to collapse them when we are simply making an affirming or detracting claim.


 

Taking that argument, it would imply the same for all layers of the
evidence.

E.g., the bootloader, the OS kernel, the application communicating with the
Relying Party.
So why would you stop at firmware?

 

<Eric> I think it is up to the Relying Party to determine what elements they
might actually choose to differentiate.  Initially with
draft-voit-rats-trustworthy-path-routing, I had separated hardware from
firmware.  But I simply found nobody who had an Appraisal Policy for
Attestation Results who ever wanted a differentiating level of granularity
as part of the link layer establishment phase.     Per your comment below,
the draft progresses, then we absolutely should explore the right
granularity here.  

 

Also a separate point: the TAM in TEEP is an example of a Relying Party that
needs to know, if the software/firmware is not in compliance, which
component(s) are the ones out of compliance, since it's the remediation
server that needs to force an update of said components.

 

<Eric> I am good with whatever breakout the WG is appropriate.   I do think
we should differentiate between admission control actions which are relevant
for the link, and remediation efforts.  The remediation server will likely
need a lot more detail than we would want to continuously send over EAP.

 

Eric

 

Dave

v2.23.0 | Report a Bug | By Email