[Rats] Re: Security considerations of remote attestation (RFC9334)
Henk Birkholz <henk.birkholz@ietf.contact> Thu, 30 January 2025 11:52 UTC
Return-Path: <henk.birkholz@ietf.contact>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C8B9C151084 for <rats@ietfa.amsl.com>; Thu, 30 Jan 2025 03:52:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.459
X-Spam-Level:
X-Spam-Status: No, score=-2.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.355, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ietf.contact
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M13e7JDTFIEY for <rats@ietfa.amsl.com>; Thu, 30 Jan 2025 03:52:06 -0800 (PST)
Received: from smtp06-ext.udag.de (smtp06-ext.udag.de [62.146.106.76]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2410C14F6A1 for <rats@ietf.org>; Thu, 30 Jan 2025 03:52:05 -0800 (PST)
Received: from [IPV6:2a01:599:411:47d2:106a:d8cb:3bdf:72d5] (tmo-100-55.customers.d1-online.com [80.187.100.55]) by smtp06-ext.udag.de (Postfix) with ESMTPA id 960B2E02B1; Thu, 30 Jan 2025 12:52:03 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ietf.contact; s=uddkim-202310; t=1738237924; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lRtMbAL9ZK6RPggu2nNxINwvNm7/6xH3v5kAxrOB1AQ=; b=wxgvflk1eYBqQbKs4xFXl5cBqAOa1DHuJfSBkCXmoXeWRISlUBFZkPQnjwUvd2Q/E0/ckm 2Alv3x3Jk/C3m8tR4/j/ruHNfvNl6x2ZQlGg7bQvKMVavzliAmyKQYgAHfO0vhtFs96JWW +HQyVK46hnkTespCAVG1rWrkStJKgYkCMQtKlc2auFoD34xLPDCJALCsuauzhDRf5HzWtP OWss8NnF4MkOxGPQdBSQOk5DC1tPprqlgSFMbvdI0XOtuG62VrJNUxf5xe9hjA+wgh98a3 Ye7L6n+4LtmtR6hCCHK88ngZoigVQJwjjLrE/9/nEAWjJARaX9is0r3SZrC09w==
Message-ID: <cc3990dd-f5ec-273f-abfd-dde3acd54c23@ietf.contact>
Date: Thu, 30 Jan 2025 12:52:03 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: "Smith, Ned" <ned.smith@intel.com>, Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <4ffdd034-05ec-4565-9cad-b40ff82f83fc@tu-dresden.de> <57ff8532-ffa7-4dfc-8f51-2bb8764e4a25@gmail.com> <0bf9fa63-3d3e-47fc-b757-d7f8c0d3fa9c@tu-dresden.de> <8f765ee8-08e4-4fd6-9362-aee70e0b09fc@gmail.com> <CO1PR11MB5169C33046305CE096FEA36DE51C2@CO1PR11MB5169.namprd11.prod.outlook.com> <003f6611-efd4-4b41-8bd8-a1e8d89dab8a@tu-dresden.de> <2753ea96e5c842e2832b68e762638760@huawei.com> <2ce75ea8-791b-4d42-be64-326309b70fbe@tu-dresden.de> <CO1PR11MB5169293FDD81C96F542A4D91E5E32@CO1PR11MB5169.namprd11.prod.outlook.com> <4fe69a8b-ff45-45c3-88f1-59bf22c4d185@tu-dresden.de> <CAHbuEH6+A9z2P2mK1mUJUMCkC5VbawU5B09k6s1pm0YwXJygEQ@mail.gmail.com> <775705ed-44d3-8c67-198d-1b6363892793@ietf.contact> <210cc843-b50c-4115-ac6e-c12e9f45461f@tu-dresden.de> <e4a7dc89-57d8-1817-5673-c44721a9d959@ietf.contact> <554d067d-7660-4c10-b98b-79921dec1326@tu-dresden.de> <c91a4168-680e-1932-60b8-3828be35ca34@ietf.contact> <CO1PR11MB5169B2854A7EA62D198C8FFCE5EE2@CO1PR11MB5169.namprd11.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@ietf.contact>
In-Reply-To: <CO1PR11MB5169B2854A7EA62D198C8FFCE5EE2@CO1PR11MB5169.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp06-ext.udag.de; auth=pass smtp.auth=henk.birkholz@ietf.contact smtp.mailfrom=henk.birkholz@ietf.contact
Message-ID-Hash: WU3GR4UCSKKLAIY6X7OFTYGQTG5K7VXU
X-Message-ID-Hash: WU3GR4UCSKKLAIY6X7OFTYGQTG5K7VXU
X-MailFrom: henk.birkholz@ietf.contact
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Panwei (William)" <william.panwei@huawei.com>, John Kemp <stable.pseudonym@gmail.com>, "rats@ietf.org" <rats@ietf.org>, Dave Thaler <dthaler1968@googlemail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: Security considerations of remote attestation (RFC9334)
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/UtJW06cvetg28rnXrCQVUAK1hjc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi Kathleen, hi Ned, I'd like to start with a disclaimer that I am not trying to be difficult, but careful. On 24.01.25 19:46, Kathleen Moriarty wrote: > I think we can drop this unless we plan to include a statement about > authentication in association to attestation and there are plenty of > times where you will use both together and many where they will be > distinct. > I am not certain how that statement aligns with: > https://datatracker.ietf.org/liaison/1897/ In particular with the following quote from that IAB statement:> one particular concern is refusing access to open-source or > customized software by web servers that otherwise don’t require any client > authentication I might be wrong, but as an individual I read this as an IAB concern that remote attestation without authentication poses certain risks. When I read your statement, then what I think you are saying is that remote attestation could be realized without authentication of the involved RATS roles and I am uncertain how that would work in practice or how that would align with the IAB statement. Please let me highlight again that this might just be confusion on my part - but I'd feel better, if I understood why Dave's principle is dangerous taking into account the highlighted context. Viele Grüße, Henk On 29.01.25 22:14, Smith, Ned wrote: >> I am pretty sure that nobody intended to start an axiomatic proof > > I think this is true. > > I think Usama is trying to map the various hand-wavey statements (that > weren’t trying to be expressed in a way that makes sense for formal > methods) into something that is meaningful to formal methods. But maybe > Usama / others who are familiar with formal methods could show their > work so to speak and explain where the various statements fall apart, > but more importantly, what would a statement look like that is useful? > > -Ned > > On 1/27/25, 02:29, "Henk Birkholz" <henk.birkholz@ietf.contact> wrote: > > Hi Usama, > > of course I might be wrong, but I feel pretty confident saying that Dave > and Ned meant: > > "if you have an authentication procedure in Internet protocols, in > principle you can augment that with remote attestation." > > I am pretty sure that nobody intended to start an axiomatic proof with > that. Dave and/or Ned, please tell me, if I am wrong. > > > Viele Grüße, > > Henk > > On 24.01.25 20:03, Muhammad Usama Sardar wrote: >> Sorry but mathematically the three statements are quite different. >> Please see inline. >> >> On 24.01.25 18:38, Henk Birkholz wrote: >>> Hi Usama, >>> >>> the text you quote is me paraphrasing Dave who was quoted by Ned >>> recently. >>> >>> As reference: >>> >>> A quote from Dave here (for quote attribution): >>>> https://mailarchive.ietf.org/arch/msg/rats/5343t-tb2Fam-i663H1kh5oQuMk/ > <https://mailarchive.ietf.org/arch/msg/rats/5343t-tb2Fam-i663H1kh5oQuMk/> >>> >> Dave says "Every authentication use case is an attestation use case." >>> A quote from Ned where he restated Dave: >>>> https://mailarchive.ietf.org/arch/msg/rats/5UUvmi8lHLuyq4fthLK1MJO41YM > <https://mailarchive.ietf.org/arch/msg/rats/5UUvmi8lHLuyq4fthLK1MJO41YM> >>> >> >> Ned says: "Dave Thaler observed at the outset of RATS that every authentication use case is potentially also an attestation use case." >> >> With "potentially", this is a much weaker statement than what Dave >> originally said. If you follow the responses, I already disagreed to >> that as well. [1] >> >>> A quote from Kathleen where she disagreed with Dave's statement: >>>> https://mailarchive.ietf.org/arch/msg/rats/pH77KM4gCHZ7_DENXPhoKWnL5NI > <https://mailarchive.ietf.org/arch/msg/rats/pH77KM4gCHZ7_DENXPhoKWnL5NI> >>> >> And your paraphrasing >> >> > "every authentication procedure can be augmented with a remote >> attestation procedure" >> >> is yet quite different from above 2 statements, showing that the two >> procedures are kind of complementary rather than one being stronger than >> the other. >> >> [1] https://mailarchive.ietf.org/arch/msg/rats/Hkajhpd4PI1y2l-VL6jgvBt4__g/ > <https://mailarchive.ietf.org/arch/msg/rats/Hkajhpd4PI1y2l-VL6jgvBt4__g/> >> >> >> >> >> _______________________________________________ >> RATS mailing list -- rats@ietf.org >> To unsubscribe send an email to rats-leave@ietf.org > > _______________________________________________ > RATS mailing list -- rats@ietf.org > To unsubscribe send an email to rats-leave@ietf.org > > > _______________________________________________ > RATS mailing list -- rats@ietf.org > To unsubscribe send an email to rats-leave@ietf.org
- [Rats] Security considerations of remote attestat… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Alexander Stein
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Jens Finkhäuser
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Carsten Bormann
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Carsten Bormann
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Laffey, Tom (HPE Aruba Networks)
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Jens Finkhäuser
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Dave Thaler
- [Rats] Re: Security considerations of remote atte… Dave Thaler
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar