IETF Logo Mail Archive

Re: [Rats] EAT Review Comments

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 10 December 2021 13:08 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B22B93A0CE8 for <rats@ietfa.amsl.com>; Fri, 10 Dec 2021 05:08:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=c44+lHwt; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=c44+lHwt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5nHpoznsD-ew for <rats@ietfa.amsl.com>; Fri, 10 Dec 2021 05:08:27 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0625.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::625]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3DC73A0CE2 for <rats@ietf.org>; Fri, 10 Dec 2021 05:08:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZfqYmvwg/OvbzzZS08+yXaKlADmkDmYFtHtDPFgYUkw=; b=c44+lHwtzsyM1fjhKfOckYs3E53ByfEUlhVemXEdGsOVMntkIeV3t5l6Vw4E7047rN1OkPl1jtZjq9U7H/RqrEX3EG1y/jiWTUcdiobcj5muR5caLSjSaKxZrpSECaQC27LeoGDvGSSN7XpD8GEoesGtK6rjfKBwz/qLQzmwBYc=
Received: from DB7PR03CA0076.eurprd03.prod.outlook.com (2603:10a6:10:72::17) by DB8PR08MB5099.eurprd08.prod.outlook.com (2603:10a6:10:ea::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Fri, 10 Dec 2021 13:08:20 +0000
Received: from DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:72:cafe::19) by DB7PR03CA0076.outlook.office365.com (2603:10a6:10:72::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.17 via Frontend Transport; Fri, 10 Dec 2021 13:08:20 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT042.mail.protection.outlook.com (10.152.21.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.12 via Frontend Transport; Fri, 10 Dec 2021 13:08:20 +0000
Received: ("Tessian outbound 157533e214a9:v110"); Fri, 10 Dec 2021 13:08:20 +0000
X-CR-MTA-TID: 64aa7808
Received: from d869de4fafbf.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 994EFF9B-6995-4F6C-A732-8CD06E8DE23F.1; Fri, 10 Dec 2021 13:08:13 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d869de4fafbf.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 10 Dec 2021 13:08:13 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g4B8/AVv/z9Yw4uEESYNTP4f7bXBpgwxPVHXMplJ6d4N+3EPkbs/YXPYRwwT8W8M+retyoy+VJmMfIfa3Po9sVrzZk9nI86gSnZjiese9VKQSUwEMuL9g4m4H6KbPV0VBQvMJX215rKSW31l6jq3w79Kts8W8sliZeKXVfp14T882KQZvlwEgqtubDvMy/C6wDgic53huJK21igHR0113TWcWXJJmcSpQq5yWNThDgXHLktUNhJZzB5i0aOKS1p0WWRSDygG/WZpKjgRLdMvHRNgDuAidSEv2HTT8aONvC1F4wXmMVFXYZEIacVHMBaGXtkAkwVuDZfYBOAlsU7MmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZfqYmvwg/OvbzzZS08+yXaKlADmkDmYFtHtDPFgYUkw=; b=AX5jRMwuF5bOj8Bqzm4abs0GVs+8GXjRmghTSSrt4hqXUGhUFDeL17R1h7lPmxxP7bjk5VxOpeaxajK9HqPDoDJpyCVW3Qsbox8oCsXKZ/Yqb88FDCruGCHYD/WPWr4nSB0RNEEK4H5QTyKbvQMmPGG6JgIQYiBOMtn7KIrfjcqn8k6RFThzMAEgllJ7K/7wdrqC0S5L9A8merJKzLSVi6OiyMfb1KO0H2kqcdN4bmK8HwMtZQxxmk/tzgPZ6AGSNO2SH0s5VdiMuzpaoMfBJ0Oyc/fElowqBHIUI150+Va429/w7EFiKXF44KkABRDTtBEhXxS97E/2Wi29JxHSCA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZfqYmvwg/OvbzzZS08+yXaKlADmkDmYFtHtDPFgYUkw=; b=c44+lHwtzsyM1fjhKfOckYs3E53ByfEUlhVemXEdGsOVMntkIeV3t5l6Vw4E7047rN1OkPl1jtZjq9U7H/RqrEX3EG1y/jiWTUcdiobcj5muR5caLSjSaKxZrpSECaQC27LeoGDvGSSN7XpD8GEoesGtK6rjfKBwz/qLQzmwBYc=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DBBPR08MB4345.eurprd08.prod.outlook.com (2603:10a6:10:c7::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Fri, 10 Dec 2021 13:08:12 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::dd96:eb7:b263:b290]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::dd96:eb7:b263:b290%4]) with mapi id 15.20.4778.015; Fri, 10 Dec 2021 13:08:12 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] EAT Review Comments
Thread-Index: AdfrXtD82TqKBMPPTvW26/ecfE3BXwAVcq+AAExCBMAALQl5AAAATmAQAAoje1A=
Date: Fri, 10 Dec 2021 13:08:12 +0000
Message-ID: <DBBPR08MB591587BD43179151349FF555FA719@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com> <7e8275a1-10ce-bff8-9252-8c0d32d3e395@sit.fraunhofer.de> <DBBPR08MB59152EA489927AC3C1E59B69FA719@DBBPR08MB5915.eurprd08.prod.outlook.com>
In-Reply-To: <DBBPR08MB59152EA489927AC3C1E59B69FA719@DBBPR08MB5915.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: CD836A537ECB384E8B6DB213FF0AE165.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: ba9d26cd-1b84-44ee-4c64-08d9bbde2379
x-ms-traffictypediagnostic: DBBPR08MB4345:EE_|DB5EUR03FT042:EE_|DB8PR08MB5099:EE_
X-Microsoft-Antispam-PRVS: <DB8PR08MB50999223F1A8DC1B9BF3016EFA719@DB8PR08MB5099.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:7691;OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 5zVXMe6X04fgomcXS/ewLfFB537zIZWbdGonR4t/xRFRC3Z3CWqvmwXBLuFCa62bAEKp5tnTDvDuXt/3EhKqfh9B9RmNu59zLoUEeJ7/5A2Q8geAYvnGfAshqKuaiOXPSY50BwjqFhuEJ1mWlE+zBeqQ8dK2PWMocrg4uNtrrXiCGxstE5efcswyVx+CzsXjGAiWERO4uTg4yc78UrXwhYX+C0jl0E/EgmmE1to3/whFGrP2Q2swVgCrYQN85OjXH7BrwLOtNkXG5pzTM9USUqxjxVQU6tQe3I2anKgWCGxRzqem6mvOvz0ANpqlRBnf21kNR/JrcAni0/8k3rcqfsMzkkm6snCENdJaEEHn5KxCTXstG+WlNLiD0Sgzn690pUIN0bUn3BSniL5obUCikkHGTJcQqyk70BbTg7lGA65tlZLpv/NZ/F4ANrriMoC/kRkcDJeHrblKYqk9wgDp9xGefRrzzLDF2/XE5dav+479eh6qSfz4cLS+JNGiXFESwYApOxslNl4FFpY5K1shFS2/tWiJJLj/41C0vB1MTEi9HPd1SAwS4jQ+wIXL+9/O8PEb/uUz7UsPLMIn8hzgeq3RWPa+KS3qFO4mwAKQBrv/DWPwSmuQIVTCK/2y0jJpYXXzTcxHR0+gcBSmc4bc0qX0s4LHcASxK3VtzBk4N1Y60Yjt0EUNItf29Ch+Ui0CHbER2ziCSPH66lZdUg+GUsb2HLNP4lVz0Bar8GlOUVqK+NhRlakswFykqI4XxG9h7NRzRH3ExVVt1AFXhZjebmHBb8XIr9tATNlBw4sjYL0x42dz6i9Ytnr/GShhIMyA
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(9686003)(52536014)(33656002)(76116006)(66946007)(66446008)(110136005)(53546011)(2906002)(66556008)(64756008)(71200400001)(26005)(66476007)(55016003)(38070700005)(7696005)(966005)(5660300002)(122000001)(86362001)(186003)(508600001)(2940100002)(4326008)(8676002)(6506007)(38100700002)(83380400001)(8936002)(316002); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4345
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2393b9ae-1134-4923-b66d-08d9bbde1ed0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: eljJa3UCAff9H9FjPkn8w8MOiJc7Wwvxo5j7fWaCyNuYG+tNJ+BPcY1AS74Rdm4XyAx1NBTwu6W8MedRHWg1CO28MiwXT6Tr4RTWYwWhBmAsF9pJvThZin8+mIN55fm7j+fZOaaZYin2XwDTdnXlCneBwK40i++pbWvGqCwyiEhki+sTeDK0xCGnw+vSKKn9aANfE0XVSn9IBtkNujj+CkRdGCG2+hZNbG8b8IBM+kCDdaDJGMkRazXV5F2p5ite39LOFzaBSs+6GBxwW1RRBVpX6TJjVUlvDcrz2V6XMjZqWmxfhw21tAfznkXiHJdvoGK3PidBvw/z9MJSJpdBU9tU2il86DgXc+2m9XFK/U0jkY+nhXrrhVdn6EAkQreZAO10EEIgQRTCaRNMpDZVPApcywZOi63SfOLvQutzr+13bHVb4gBY2nbRWUf3KInE56soBqPVcQJHXC8opheszdLuSwvAHTlLjQ1HS9/PiJrb+sV8+z+3S+lJYRUoj7cjZ8/+NO8jdj6jfAGU1J95+MWq0lEHhEzNw4a2RP4UbLSIndtcWVuzpLzdVmqWgS53fV39yER6fp7rGW9Qhh7x7VEeHQppi14ZqQMhGYuKpG0xKee0TtencAowFs4DE9o8CDMtntn14EgcJ/9wjHUGiDQ1bQ1pAc1cL2eowiaGREqak5aCkNawmBianJ56SyGzlOl2pQEDyy8cJ45yXFgjTTKV8VQFpuuyNczQdcr+QzUly1CxVPKavfa1HY0DvQNZYsVVdeeuZ8gNdSsJeaARg7PkSkGto2hnRBmgeqqxpA4a1wQeU4JXp/loaYjRq/2s
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(46966006)(36840700001)(2906002)(5660300002)(336012)(966005)(70206006)(86362001)(53546011)(7696005)(33656002)(8936002)(4326008)(6506007)(186003)(70586007)(82310400004)(8676002)(52536014)(316002)(356005)(26005)(2940100002)(9686003)(36860700001)(81166007)(83380400001)(508600001)(47076005)(55016003)(110136005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2021 13:08:20.1765 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ba9d26cd-1b84-44ee-4c64-08d9bbde2379
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5099
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/VfP-4gIPkP6kWKgGfpqN7X5uaag>
Subject: Re: [Rats] EAT Review Comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2021 13:08:32 -0000

Let me answer the last point in my email below, namely how do we deal with the claims in our implementation.

We have two places where we store our code for the attestation functionality used by the attester. One is in the Trusted Firmware-M, which is used on M-class devices, and another one is in Trusted Firmware-A, which is used in A-class devices. The architecture of A and M class is different but we managed to use the same codebase in both projects but there are a few differences, namely
* how the interaction between the normal and the secure world works, and
* how the underlying software (bootloader and low level OS) exposes the measurements of software up to the attestation service.

The attestation service, in both cases, waits for incoming requests to provide an EAT back to the calling party. The request comes with a nonce and that nonce is included in the EAT. The attestation service then populates the EAT with claims, as we describe in https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-08. This document describes how to populate the claims so that they make sense in the A- and M-class environment.

Could an implementer add another claim to our implementation? Sure. For example, a location claim would be an option. Obviously it only makes sense if you have a GPS receiver attached to your device and that GPS receiver is accessible to the attestation service. This would not be something most devices have but some may. We don't provide an implementation for it right now and a developer would have to enhance the code.

Here is the code for the trusted services in TF-A:
https://git.trustedfirmware.org/TS/trusted-services.git/?h=integration
(Note the branch "integration")

Here is the code for TF-M:
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/

There are several other services included in these two repos besides the attestation service. I have spoken about the bigger picture at this event: https://www.youtube.com/watch?v=rqbYig3aXg0

Ciao
Hannes

PS: FWIW Our code uses t_cose, qcbor and the PSA Crypto API under the hood.

-----Original Message-----
From: Hannes Tschofenig
Sent: Friday, December 10, 2021 8:58 AM
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>; Laurence Lundblade <lgl@island-resort.com>
Cc: rats@ietf.org
Subject: RE: [Rats] EAT Review Comments

Hi Henk,

You write:

> My biggest point of concern is the scope creep into JWT.

> EAT was intended to be a CWT (more on that detail below). The
> implementation complexity of including JWT now is kind of mind-boggling.
> I have been for a while and will continue to be in strong support of
> moving JSON encoding related normative text out of the EAT core
> doucment to supplemental EAT document.

> Fundamentally, I am still opposed to EAT being a CWT. It allows to
> include any kind of CWT claims from an increasingly growing CWT Claims
> registry. I am allowed to include a nonce and a cnonce Claim
> simultaneous due to that. Or simply mix an exi Claim in. How shall an
> implementation act on that? That is a valid EAT composition. Is
> "ignore what you do not understand" the strategy here? That is not a
> really useful approach, if your goal is to establish an interoperable
> way to assert trustworthiness. I'd very much prefer a better scoped
> usage scenario for EAT for RATS by making an EAT something more
> specialized than a CWT (on the CBOR tag level). Maybe someone can
> explain to my why this is not an implementer's nightmare as I might
> miss something obvious here.

We are long past the point of deciding that an EAT is a CWT with special claims. Companies have spend a lot of resources implementing it that way. Practically, there is no problem since you will not randomly add claims to an EAT. As stated in the draft, a profile needs to determine what claims must be present and what to do with optional claims. Then, this is not an issue at all.

Can you have a look at how this works in existing implementations and why this is not a problem at all.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.39.1 | Report a Bug | By Email | System Status