IETF Logo Mail Archive

Re: [Rats] Clarifications around Endorsements scope

Laurence Lundblade <lgl@island-resort.com> Tue, 03 August 2021 01:45 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96D8C3A08D5 for <rats@ietfa.amsl.com>; Mon, 2 Aug 2021 18:45:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJtIFS4m6jrj for <rats@ietfa.amsl.com>; Mon, 2 Aug 2021 18:45:09 -0700 (PDT)
Received: from p3plsmtpa07-03.prod.phx3.secureserver.net (p3plsmtpa07-03.prod.phx3.secureserver.net [173.201.192.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A736C3A0884 for <rats@ietf.org>; Mon, 2 Aug 2021 18:45:09 -0700 (PDT)
Received: from [192.168.0.100] ([71.92.144.145]) by :SMTPAUTH: with ESMTPSA id AjUSmqYIdVya8AjUSmxtVw; Mon, 02 Aug 2021 18:45:09 -0700
X-CMAE-Analysis: v=2.4 cv=CJzv4TnD c=1 sm=1 tr=0 ts=61089fa5 a=E5cCtQzjhQJ5yJ7bKjC7Hg==:117 a=E5cCtQzjhQJ5yJ7bKjC7Hg==:17 a=K6EGIJCdAAAA:8 a=l70xHGcnAAAA:8 a=MeRMvhQMjAxElfBdaAkA:9 a=CjuIK1q_8ugA:10 a=ZCAh1D_vlQN-fB71-z8A:9 a=soxLNY7vRCgqa3W2:21 a=_W_S_7VecoQA:10 a=L6pVIi0Kn1GYQfi8-iRI:22 a=JtN_ecm89k2WOvw5-HMO:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <9E20F408-7861-469F-86CE-F1B059F4056F@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C6ECEA13-F8D3-4750-8FF2-A5D897A4619B"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Mon, 02 Aug 2021 18:45:07 -0700
In-Reply-To: <232F4918-132C-4E87-B63D-0EF6E774FBF9@island-resort.com>
Cc: "rats@ietf.org" <rats@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <7F564CFE-FF77-4FAC-9C05-D15C15838B63@arm.com> <b13cf1f6-abed-2754-0f29-37efa0c21921@sit.fraunhofer.de> <7F067E63-5D5C-46ED-A7E9-8063228E8CA8@island-resort.com> <22B21E04-F259-4544-8B78-A046E40AAC3F@arm.com> <90355B7B-4C7B-417B-AB7C-6DA73E49227B@island-resort.com> <1498EE50-0965-4868-973C-4C4D99D8B49F@island-resort.com> <24353.1627849509@localhost> <E1D04B37-7050-471D-A925-DED1E6BD36C8@island-resort.com> <26617.1627929239@localhost> <28CB839D-AD2F-4E3E-BA37-5D039537CF76@island-resort.com> <20964.1627934424@localhost> <232F4918-132C-4E87-B63D-0EF6E774FBF9@island-resort.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-CMAE-Envelope: MS4xfI+duzuK/33DGmR/GCbv1fc6s8WnL96vXg24GmzfYqStk7AhB+eH3/KZtuDIgV053XXFAYpPKTTDdiT+imRShqswCvSO3hDvBVXL+EBN2CDLkt/QcXgm FZotduRUtQcmwdRCJiHDTOBJDW6mu7plh5Y0/xOE5knkgSXZCMIS7GJBBVPUlmq8coWCCBTzsvUS0XKEJQTgbf6d7nki4lBnYQmW2iPxnDWQujXJZ86fQLWP
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Ul9ovYdE42K1Wsu-qnb_89WhwFo>
Subject: Re: [Rats] Clarifications around Endorsements scope
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 01:45:15 -0000


> On Aug 2, 2021, at 1:53 PM, Laurence Lundblade <lgl@island-resort.com> wrote:
> 
>> 
>> On Aug 2, 2021, at 1:00 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>> 
>> 
>> Laurence Lundblade <lgl@island-resort.com> wrote:
>>   mcr> If you are going to create a certificate-like entity using EAT, and there is
>>   mcr> a nonce, then you have to decide who creates the nonce.
>> 
>>> This thread is not about EAT in particular, nor about creating
>>> certificate-like entities.
>> 
>>> It is about trying to clarify understanding of an endorsements.
>> 
>> I don't think you want/need nonces in endorsements or certificates.
>> They don't add anything if you have more than one entity acting as a Verifier.
>> 
>> I think that the equivalent "notBefore" and "notAfter" is appropriate,
>> possibly with application of similiar considerations as per:
>> 
>> RFC 8739 [Support for Short-Term, Automatically Renewed (STAR) Certificates
>>   in the Automated Certificate Management Environment (ACME)]
>> 
>> such that you would renew Endorsements frequently, rather than attempt to
>> revoke them.
> 
> Yes, agree with all that.

Also, sorry if my mentioning nonce in the example was confusing.

LL

v2.23.0 | Report a Bug | By Email