Re: [Rats] Processing Endorsements and Evidence into Results
Laurence Lundblade <lgl@island-resort.com> Thu, 02 April 2020 23:16 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55CB63A1BEB for <rats@ietfa.amsl.com>; Thu, 2 Apr 2020 16:16:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNa5PQdcf6WZ for <rats@ietfa.amsl.com>; Thu, 2 Apr 2020 16:16:37 -0700 (PDT)
Received: from p3plsmtpa08-08.prod.phx3.secureserver.net (p3plsmtpa08-08.prod.phx3.secureserver.net [173.201.193.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB63A3A1BE8 for <rats@ietf.org>; Thu, 2 Apr 2020 16:16:37 -0700 (PDT)
Received: from [192.168.1.78] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id K94djw0q0TNSkK94ejhxhW; Thu, 02 Apr 2020 16:16:36 -0700
X-CMAE-Analysis: v=2.3 cv=eK1tc0h1 c=1 sm=1 tr=0 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=03-ksFfLAAAA:8 a=K6EGIJCdAAAA:8 a=48vgC7mUAAAA:8 a=0XtbOteLAAAA:20 a=i_8hBTfFLagU8Q0TGiIA:9 a=c6GuGxQ_Xn8yV_wa:21 a=z0KEw3SM1kpy0gVc:21 a=QEXdDO2ut3YA:10 a=lU-0xsz7CH3h1eLVqfkA:9 a=LnTrinoH8vITzVH8:21 a=CvZZ8uSvMHfhXvZv:21 a=5hKFfqA6wIeRMB7y:21 a=_W_S_7VecoQA:10 a=xzjcLgdzzKJd7D42GW5i:22 a=L6pVIi0Kn1GYQfi8-iRI:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2A36B59F-3E37-4974-88EA-25B8B8DF57E6"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 02 Apr 2020 16:16:35 -0700
References: <C3BC4E14-8BF8-4CD5-882B-F7AAF4B9155F@island-resort.com>
To: rats@ietf.org
In-Reply-To: <C3BC4E14-8BF8-4CD5-882B-F7AAF4B9155F@island-resort.com>
Message-Id: <BB724659-3075-4ED2-8745-BACBD0D17C2B@island-resort.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfMtgu9MUGY0Fi/UWR96bhFFV9zLFiR/7MzIKKGk+vWDDRUmhirlsw86qy3HP43ulQqW5ndsKc8fpVw7eMWYHhMa5TC9Ahs1SLUi7hNltaB0AgDKw8Mxy +lnW4dNwA7M+++oPUvWsWK2muTj4TAUsg04rqwilYgh9asRgFZHOATdb
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/VS-pAO2Io33EagbtpLutIrnUpAQ>
Subject: Re: [Rats] Processing Endorsements and Evidence into Results
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 23:16:43 -0000
Let me make this much more concrete with an example. I’m using JSON representation of CWT/EAT/Endorsements with C-style comments for reading ease.
Endorsement
{
“trust-evidence”: “all”, // E0, I just made this up
“field-upgradable”: true, // E1, from draft-birkholz-rats-endorsement-eat-00
“shielded-secret”: internal, // E2, from draft-birkholz-rats-endorsement-eat-00
“common-criteria”: https://www.commoncriteriaportal.org/files/epfiles/0879V3a_pdf.pdf”, // E3, from draft-birkholz-rats-endorsement-eat-00
}
Evidence
{
“iat": 5734873409823, // C1 time stamp for evidence creation time(eg) from EAT draft
“security-level”: 4 // C2 the security level is “hardware” from EAT draft
“debug-disable”: “permanent” // C3 debug is permanently disabled for all but the OEM from EAT draft
}
Results
{
“field-upgradable”: true, // R1, from draft-birkholz-rats-endorsement-eat-00
“shielded-secret”: internal, // R2, from draft-birkholz-rats-endorsement-eat-00
“common-criteria”: https://www.commoncriteriaportal.org/files/epfiles/0879V3a_pdf.pdf”, // R3, from draft-birkholz-rats-endorsement-eat-00
“iat": 5734873409823, // R4 time stamp for evidence creation time(eg)
“security-level”: 4 // R5 the security level is “hardware”
“debug-disable”: “permanent” // R6 debug is permanently disabled for all but the OEM
}
In this example, the RP is probably feeding this into a risk engine so they want all the details.
Here’s another very abbreviated example with made up claim names:
Endorsement (not showing any signing)
{
“expected-hash”: “TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZW”
}
Evidence
{
“actual-hash”: “TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZW"
}
Results
{
“verified”: true,
}
This all seems like the eventual logical result of the EAT, endorsements and architecture drafts to me.
LL
> On Apr 2, 2020, at 12:36 PM, Laurence Lundblade <lgl@island-resort.com> wrote:
>
> Now that we have a first draft describing endorsements <https://tools.ietf.org/html/draft-birkholz-rats-endorsement-eat-00>, and they look like Evidence and Results, it seems interesting to consider some of how the verifier uses Endorsements (reference the architecture diagram below).
>
> Let’s say there are three things in the endorsement, E1, E2 and E3, three things in the evidence, C1, C2 and C3 and three in the results, R1, R2 and R3.
>
> Then three simpleton top-level cases:
>
> 1) An Endorsement is passed through and becomes a result: E1 — > R1
> 2) A Claim is passed through and becomes a results: C1 —> R2
> 3) Some endorsements combine with some claims to become a result: {E2, E3, C2, C3} —> R3
>
> However that seems to be too simple and I think there has to be some sort of a primitive endorsement, call it E0, whose semantics are that some or all of the claims can always be believed. I think that means 2) doesn’t really exist, but has to be this:
>
> 2) Some claims can pass through with the use of the primitive E0 endorsement: {E0, C1} —> R2
>
> One way E0 could be defined in the draft describing endorsements <https://tools.ietf.org/html/draft-birkholz-rats-endorsement-eat-00> is that it is a list of the labels of claims that are trusted to be passed through. For numeric labels a range INT64_MAX to INT64_MIN (or -infinity to +infinity) indicates all claims are trusted. It could also list specific ones that are trusted.
>
> From the TEE, FIDO and Android Attestation views of the world where measurements aren’t a primary thing and secure/trusted boot is required and always on, a common model will be to pass everything through to create an aggregate result. It could be represented this way:
>
> E1->R1
> E2->R2
> E3->R3
> {E0,C1}->R4
> {E0,C2}->R5
> {E0,C3}->R6
>
> I think this goes on to submodules too and has some relation to the attempted to propose a connection type. Endorsements may be able to say how submodules are trusted. There might even be an E00 primitive that says the lead attester is allowed to say how submodules are trusted. This whole line of thinking was partly prompted by this issue <https://github.com/ietf-rats-wg/eat/issues/58> against EAT and comments from Giri and Dave.
>
> LL
>
>
> ************ ************ *****************
> * Endorser * * Verifier * * Relying Party *
> ************ * Owner * * Owner *
> | ************ *****************
> | | |
> Endorsements| | |
> | |Appraisal |
> | |Policy for |
> | |Evidence | Appraisal
> | | | Policy for
> | | | Attestation
> | | | Result
> v v |
> .-----------------. |
> .----->| Verifier |------. |
> | '-----------------' | |
> | | |
> | Attestation| |
> | Results | |
> | Evidence | |
> | | |
> | v v
> .----------. .-----------------.
> | Attester | | Relying Party |
> '----------' '-----------------'
>
>
>
>
>
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
- [Rats] Processing Endorsements and Evidence into … Laurence Lundblade
- Re: [Rats] Processing Endorsements and Evidence i… Laurence Lundblade
- Re: [Rats] Processing Endorsements and Evidence i… Smith, Ned
- Re: [Rats] Processing Endorsements and Evidence i… Dave Thaler
- [Rats] debug disable (was Re: Processing Endorsem… Laurence Lundblade
- Re: [Rats] debug disable (was Re: Processing Endo… Dave Thaler
- [Rats] Endorsement ID and verification key (was P… Laurence Lundblade
- Re: [Rats] debug disable (was Re: Processing Endo… Laurence Lundblade
- Re: [Rats] Processing Endorsements and Evidence i… Smith, Ned
- Re: [Rats] Endorsement ID and verification key (w… Thomas Fossati
- Re: [Rats] Endorsement ID and verification key (w… Laurence Lundblade
- Re: [Rats] Endorsement ID and verification key (w… Smith, Ned
- Re: [Rats] Endorsement ID and verification key (w… Laurence Lundblade
- Re: [Rats] Endorsement ID and verification key (w… Henk Birkholz
- Re: [Rats] Endorsement ID and verification key (w… Thomas Fossati
- Re: [Rats] Endorsement ID and verification key (w… Guy Fedorkow
- Re: [Rats] Endorsement ID and verification key (w… Laurence Lundblade
- Re: [Rats] Endorsement ID and verification key (w… Laurence Lundblade
- Re: [Rats] Endorsement ID and verification key (w… Smith, Ned
- Re: [Rats] Endorsement ID and verification key (w… Guy Fedorkow
- Re: [Rats] Endorsement ID and verification key (w… Laurence Lundblade
- Re: [Rats] Endorsement ID and verification key (w… Shwetha Bhandari (shwethab)
- Re: [Rats] Endorsement ID and verification key (w… Guy Fedorkow
- Re: [Rats] Endorsement ID and verification key (w… Laurence Lundblade
- Re: [Rats] Endorsement ID and verification key (w… Guy Fedorkow
- Re: [Rats] Endorsement ID and verification key (w… Smith, Ned