IETF Logo Mail Archive

Re: [Rats] EAT claims needed by TEEP

Laurence Lundblade <lgl@island-resort.com> Sun, 14 November 2021 03:00 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3A53A0BC9 for <rats@ietfa.amsl.com>; Sat, 13 Nov 2021 19:00:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcMopC9t-XUI for <rats@ietfa.amsl.com>; Sat, 13 Nov 2021 19:00:08 -0800 (PST)
Received: from p3plsmtpa07-01.prod.phx3.secureserver.net (p3plsmtpa07-01.prod.phx3.secureserver.net [173.201.192.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9391D3A0BCD for <rats@ietf.org>; Sat, 13 Nov 2021 19:00:08 -0800 (PST)
Received: from [192.168.1.3] ([75.80.148.243]) by :SMTPAUTH: with ESMTPSA id m5kVm7DKBQa1im5kVmyfOA; Sat, 13 Nov 2021 20:00:07 -0700
X-CMAE-Analysis: v=2.4 cv=NqAUz+RJ c=1 sm=1 tr=0 ts=61907bb7 a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=NEAV23lmAAAA:8 a=K6EGIJCdAAAA:8 a=48vgC7mUAAAA:8 a=8pif782wAAAA:8 a=o83nqyVRAAAA:8 a=pGLkceISAAAA:8 a=y6WFtdQdAAAA:20 a=qlatCZPWAAAA:20 a=l70xHGcnAAAA:8 a=7CQSdrXTAAAA:8 a=gQTjKwe51YLmF0SftC8A:9 a=QEXdDO2ut3YA:10 a=MDABLX8d_eUA:10 a=JDrJ-FpfaccA:10 a=53J-nn582usA:10 a=v0q9iAG2u5yYbvOaDLoA:9 a=_7nm22IpyiC43WuM:21 a=_W_S_7VecoQA:10 a=L6pVIi0Kn1GYQfi8-iRI:22 a=w1C3t2QeGrPiZgrLijVG:22 a=JtN_ecm89k2WOvw5-HMO:22 a=a-qgeE7W1pNrGK8U0ZQC:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <25610F00-E534-485F-9F85-B68B2129153B@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1F718D24-8049-4658-AF69-1226090927E4"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Sat, 13 Nov 2021 19:00:07 -0800
In-Reply-To: <889A0B21-72EB-42EF-887E-348579A5B562@island-resort.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, teep <teep@ietf.org>, "rats@ietf.org" <rats@ietf.org>
To: Ira McDonald <blueroofmusic@gmail.com>
References: <BL0PR2101MB102770B8E03B95A44497004CA3190@BL0PR2101MB1027.namprd21.prod.outlook.com> <7607E6BF-459C-4A32-AAE2-08117A97E06B@island-resort.com> <BL0PR2101MB1027EA205417DAF375BA7085A3160@BL0PR2101MB1027.namprd21.prod.outlook.com> <B1FDD70B-2530-454C-90AF-F44EEDC4F1F3@island-resort.com> <AM6PR08MB342916CCDD01E8698BB3C883EF170@AM6PR08MB3429.eurprd08.prod.outlook.com> <2D53BD60-4FA8-4153-B28B-585E902845AE@island-resort.com> <AM6PR08MB423141370A5CE9DEF6C732C69C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <3370D92E-23C2-41C3-B86F-A65C168E9082@island-resort.com> <AM6PR08MB42311D76B24E866812171BDC9C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <CH2PR21MB14640330E3DA58D2144659F7A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <C9FCDB94-1734-4F6C-B6D9-DDB384827E06@island-resort.com> <CH2PR21MB146427B07435A5F36DAE5782A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <27150.1636465193@localhost> <A40BE985-E12E-4B5E-8995-F4408134AEE4@island-resort.com> <398725.1636575788@dooku> <43D84D56-26B1-4726-A3AC-E918071592BB@island-resort.com> <CH2PR21MB1464E91FD236666F94C3A380A3939@CH2PR21MB1464.namprd21.prod.outlook.com> <CAObGJnMh0+GFySpovD-YoSF34o+cMEj-h+NSMUoEiBHT8WadWQ@mail.gmail.com> <21384.1636638211@localhost> <CAN40gSvom7aQ4j5YXx+HX-UNwcsDE6SwiZvWGPjH9YoRY1KpFQ@mail.gmail.com> <889A0B21-72EB-42EF-887E-348579A5B562@island-resort.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-CMAE-Envelope: MS4xfCCE+1xW2P6nhzhG4u595faB4njf1m3GLdID8nXG2kfsGU6HnluJBvHEd1Ui4Q1oJ8zePEzlAm8wSIuvpdZlzWVJnY6jtxWPpbPLgPB5rgIu0UJg39Ll 9cvOaGUTnu8Xy2eaWV4g1Ztly8jTXZMrj49R+kkqbESTnGdLt1eY/FR+0iPt/ahSgqXaefOZfJKTnwalMyF8DxKG6C3vsjPDCyIpAkPupZobzN8QDleNjX4w q5rHDiXgQi8IryBadwkgOwaIGzGivd0aPSKUlhq5i9w=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/VJxxAE49khRLZIXw_GkHlhO-jdA>
Subject: Re: [Rats] EAT claims needed by TEEP
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2021 03:00:14 -0000

I’m update the PR for thi <https://github.com/ietf-rats-wg/eat/pull/139>s a lot:

* It is for OEM’s to identify individual products, models and variants

* It is only required to be unique for a given OEM. It is the combo of OEM ID and class that globally identifies a product. This allows re use of internal product schemes, allows them to be very short and doesn’t require engaging with some global identification scheme (but an OEM can use a global scheme if they want).

* The receiver of this MUST treat this an an opaque binary byte string (This is the same as UEID). The receiver can only use this for lookup in a database and comparison for equality.

* The sender can base this off of OIDs, URLs, UUIDs, an RNG, internal product codes and so on, but they SHOULD make it not human-readable (hash or such).

* I really don’t think we want to identify that it is an OID, URI or such because it is more work for the receiver to decode and because we don’t want the receiver doing anything with the internal structure.

* Added examples (that check against the CDDL).

LL



> On Nov 12, 2021, at 8:46 AM, Laurence Lundblade <lgl@island-resort.com> wrote:
> 
> I’d like to articulate the larger frame up for identifying HW in EAT. The applicability is all HW, not just TEEs.
> 
> I think it is the concatenation of these three:
>    - OEM ID
>    - Model/Class
>    - Version
> 
> EAT draft 11 is missing model/class. It is good that TEEP brought this to our attention.
> 
> I have preference for “model” over “class”. Lots of things have model numbers (cars, TVs, phones…), and we know what is meant by a model number. The term “class" confused me and may confuse others (perhaps because there was little descriptive text or examples of real devices and “class" is usually for broad taxonomies like fruit vs vegetable).
> 
> I think the current proposal <https://github.com/ietf-rats-wg/eat/pull/139> of a byte string for model/class is fine. I don’t see the point of it being an OID or URL since it is not a global identifier.
> 
> I think having general HW identification split into three is useful because sometimes you care solely about OEM, sometimes you care right down to the version number.
> 
> The OEM ID must be a global identifier, but model and version are local to an OEM. Each OEM has their own model number scheme and that is fine. The product team for a particular model comes up with their version scheme, and that is fine. This seems parallels how the world mostly works for all sorts of HW.
> 
> The main thing a recipient does with an OEM ID and model is lookup them up in a database or compare them for equality, so we don’t need to specify any internal structure for a recipient to decode. The simpler they are, the better.
> 
> Version is different. We like comparing it for greater than and less than because there’s a good possibility that two versions of the hardware are compatible with some SW or such. Compatibility is less likely for models so lookup/equality is enough. To allow version comparison, EAT uses CoSWID version identifiers <https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-19.html#name-version-scheme> which indicates how comparison works.
> 
> Another very useful thing here is to re use identifiers that already exist. In EAT the OEM is identified by existing OEM databases (PEN <https://en.wikipedia.org/wiki/Private_Enterprise_Number> or IEEE OUI <https://standards.ieee.org/content/dam/ieee-standards/standards/web/documents/tutorials/eui.pdf>, aka MAC address) or a 16-byte random number (which can be a UUID). We want OEMs to be able to re-use their extant internal model and version number schemes, so they are both strings (and can also be UUIDs).
> 
> Here’s real examples:
> 
>    OEM: 49279 (PEN actually assigned to Tesla)
>    Model: “X"
>    Version “2.3.2” (CoSWID type 1, multipartnumeric)
> 
>    OEM: 00A0C6  (OUI assigned to Qualcomm)
>    Model: “Snapdragon 888”
>    Version: “23” (CoSWID type 4, decimal)
> 
>    OEM: D0D003 (OUI assigned to Samsung)
>    Model: 042aea10a0f14f2d391373599be69d53a7 (One-time randomly generated model ID for Samsung’s implementation of a particular ARM TEE)
>    Version: “1.3c” (CoSWID type 2, multipartnumeric+suffix)
> 
> By one-time generated, I mean that an RNG was run once off the device and written down to be used for years to identify the particular TEE model/class. If it is a UUID, then it isn’t generated on the device being attested to, but on some administrative laptop or such, written down and the same one used for years on millions of devices.
> 
> LL
> 
> 
> 
> 
>> On Nov 11, 2021, at 5:38 PM, Ira McDonald <blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com>> wrote:
>> 
>> Hi,
>> 
>> +1 to Brendan's point about why "human-readable" strings are a *bad* idea for 
>> hardware type identifiers.  
>> 
>> +1 to Thomas and Jeremy's observations.
>> 
>> Cheers,
>> - Ira
>> 
>> Ira McDonald (Musician / Software Architect)
>> Chair - SAE Trust Anchors and Authentication TF
>> Co-Chair - TCG Trusted Mobility Solutions WG
>> Co-Chair - TCG Metadata Access Protocol SG
>> Chair - Linux Foundation Open Printing WG
>> Secretary - IEEE-ISTO Printer Working Group
>> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
>> IETF Designated Expert - IPP & Printer MIB
>> Blue Roof Music / High North Inc
>> http://sites.google.com/site/blueroofmusic <http://sites.google.com/site/blueroofmusic>
>> http://sites.google.com/site/highnorthinc <http://sites.google.com/site/highnorthinc>
>> mailto: blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com>
>> (permanent) PO Box 221  Grand Marais, MI 49839  906-494-2434
>> 
>> 
>> On Thu, Nov 11, 2021 at 8:43 AM Michael Richardson <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>> wrote:
>> 
>> Thomas Fossati <tho.ietf@gmail.com <mailto:tho.ietf@gmail.com>> wrote:
>>     > Besides, it looks like we'd be creating a bad precedent because then one
>>     > could easily argue that *every* claim is possibly just a byte string or,
>>     > pushing this line of reasoning just a bit further, the whole claims-set
>>     > could be seen as one single gigantic opaque claim.
>> 
>> ! make me think about the multiple levels of "comment" that occured in the
>> JCL days, where commands were comments...
>> 
>> Brendan Moran <Brendan.Moran@arm.com <mailto:Brendan.Moran@arm.com>> wrote:
>>     > Strings are not the right choice for machine readable fields. There are
>>     > extremely good reasons not to use them. Please do not use strings for
>>     > model IDs.
>> 
>>     > When you have a string, it is inevitable that someone in marketing will
>>     > realise that it’s human-readable. The next step is that it must be
>>     > controlled to preserve brand image. When this happens, it is also
>>     > inevitable that *wildly incompatible hardware* with *the same function*
>>     > will be forced into the same “model number.”
>> 
>> This has happened multiple times out there.
>> Same box, same case, entirely different CPU inside.
>> 
>>     > By making model identification explicitly non-parseable by humans, we
>>     > prohibit its use as a controllable, human facing identifier. This
>>     > ensures that it has a better chance of being used correctly as a means
>>     > to distinguish between mutually incompatible versions.
>> 
>> !
>> 
>> mcr suggested>
>> 
>>   "There is no global scheme or format for this claim."
>>     ->
>>   "The format for this scheme will need to be specified within profiles that use it."
>> 
>> 
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca <mailto:mcr%2BIETF@sandelman.ca>>   . o O ( IPv6 IøT consulting )
>>            Sandelman Software Works Inc, Ottawa and Worldwide
>> 
>> 
>> 
>> 
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org <mailto:RATS@ietf.org>
>> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org <mailto:RATS@ietf.org>
>> https://www.ietf.org/mailman/listinfo/rats
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email