IETF Logo Mail Archive

Re: [Rats] draft-ietf-rats-architecture-04

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 16 June 2020 08:51 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A5EF3A1147 for <rats@ietfa.amsl.com>; Tue, 16 Jun 2020 01:51:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=zBP0mTAk; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=zBP0mTAk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gb8-NpvzbnTe for <rats@ietfa.amsl.com>; Tue, 16 Jun 2020 01:51:34 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150058.outbound.protection.outlook.com [40.107.15.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF44B3A0C9C for <rats@ietf.org>; Tue, 16 Jun 2020 01:51:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eq86TQLE1JuN/pvnvdenOvc4t19+61F4S2ri61AgtDU=; b=zBP0mTAkykvSOUbQ9a494wo0ZxUGLFU8N8Yy7gPKZq+jp1qkPE0Xcv7bUXeVljanAlzeQGF2UhU6HUL7ezI05QUSO312D0VoLItduXvwM2u4gUX9FwxHsmq+HjHACgmDzkkxQ2Wwgv4UAPuy1qgHBMZrB8Z9LN8+zwjM8eWooic=
Received: from AM6PR01CA0041.eurprd01.prod.exchangelabs.com (2603:10a6:20b:e0::18) by DBBPR08MB4281.eurprd08.prod.outlook.com (2603:10a6:10:c4::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18; Tue, 16 Jun 2020 08:51:30 +0000
Received: from VE1EUR03FT038.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:e0:cafe::45) by AM6PR01CA0041.outlook.office365.com (2603:10a6:20b:e0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.21 via Frontend Transport; Tue, 16 Jun 2020 08:51:30 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT038.mail.protection.outlook.com (10.152.19.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18 via Frontend Transport; Tue, 16 Jun 2020 08:51:30 +0000
Received: ("Tessian outbound 79611f28bf50:v59"); Tue, 16 Jun 2020 08:51:30 +0000
X-CR-MTA-TID: 64aa7808
Received: from 6e3b5026e4b2.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id D12A92FA-C9DC-4875-9895-B0A694C9354C.1; Tue, 16 Jun 2020 08:51:25 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 6e3b5026e4b2.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 16 Jun 2020 08:51:25 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V6TUzf4NFgZsfdkBx4Hw4usxkj2C1ItMMUC9QcmuHVytQomqnRFSao7E8Y604Zhrv14bwYA+D1pi/DIJ0+xlpKbzJlOwyByDImA6bSb9W3pqh02QEREpmYwoyaqELRvl41avrgs+sZSoOIvFBzcn3aclrbgquJbO1BuqQZ5lc6rDawD+PVCsyHqLDAJHyp9vAVYXybI6wPN7wS5JtZvjmMX3TLOXHcYG58eNTSlQvbVEJVOUKplgzfep88CZDmHs9BtGs0H0r+iojfa4Mo9qPfUVGznsLUcY9ZlSJWvEyaqoWnRTiN+Z86t7cwwlv9d+IlTR+hHTBALNtO0CUxT0Ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eq86TQLE1JuN/pvnvdenOvc4t19+61F4S2ri61AgtDU=; b=Zrd29UJg13c9Ba25pccCjF1ZGdj/+G9y4uTH1UQBs2ENWhShYTfpKJxt1PzPggn7UmrCXhcPseUEgGtp7fKGPUCID8BBCMh4GPr81tV+jwDqHSk6QqpyH2Y5eAMwOf6OuFM1QZ4sZ1s2ITozdTJNTgSdrTwd6foWslMKUpU9KC9H9ofCHIgH7jqPgFCtG5lyeFX/ro9Nf/OIVz08HppNeXJ4CpUgX+sseJfP2As1mxYPKWDAaLg7q59BZkYoLG9O7mNissRIfEyrKfO5azWsHX3P9jVhJg4xcGBBFMKSFZdQwcxJFSIOCbsZo7GRj6396ro1zj8cgczPKV5s7mdOMw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eq86TQLE1JuN/pvnvdenOvc4t19+61F4S2ri61AgtDU=; b=zBP0mTAkykvSOUbQ9a494wo0ZxUGLFU8N8Yy7gPKZq+jp1qkPE0Xcv7bUXeVljanAlzeQGF2UhU6HUL7ezI05QUSO312D0VoLItduXvwM2u4gUX9FwxHsmq+HjHACgmDzkkxQ2Wwgv4UAPuy1qgHBMZrB8Z9LN8+zwjM8eWooic=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3651.eurprd08.prod.outlook.com (2603:10a6:208:d4::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18; Tue, 16 Jun 2020 08:51:23 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3088.029; Tue, 16 Jun 2020 08:51:23 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] draft-ietf-rats-architecture-04
Thread-Index: AdY+J0/pF7zZ3ON/SC6hTZ7MnKDnLgFV2EuAAA6dVIA=
Date: Tue, 16 Jun 2020 08:51:23 +0000
Message-ID: <AM0PR08MB3716CE71E3C556DE964C5AE9FA9D0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB37168B75C592DA7892179957FA820@AM0PR08MB3716.eurprd08.prod.outlook.com> <ED486BA3-D772-4F60-A3C7-ABC95072F0A1@island-resort.com>
In-Reply-To: <ED486BA3-D772-4F60-A3C7-ABC95072F0A1@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 2f5c10c9-ca43-478c-be0a-70c8f7c9b7bc.1
x-checkrecipientchecked: true
Authentication-Results-Original: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [156.67.194.193]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 4549c64a-bc52-44ad-b5aa-08d811d2768b
x-ms-traffictypediagnostic: AM0PR08MB3651:|DBBPR08MB4281:
X-Microsoft-Antispam-PRVS: <DBBPR08MB428159D7270A9C129B0AB3B2FA9D0@DBBPR08MB4281.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:8273;
x-forefront-prvs: 04362AC73B
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: dW2usVe9AFIrki7dJlvwDy8m21+Yv9IK0hfgC/sk1WEoNj2t7SmPsSlVWllX0cWbRLhoaRU3Ka4QR0c8M7p4rBTGlGTFoYHBdRmKntLKepsBVcvY+is8iAkUdiGb+bVXL+22YH9zmbDMm75iMWIpk3c9P1jp0+Dmxogp33X7VZF3QnvURBZwLQTR6uKMDLRz+0iAPjLz2iobtqeVvkc+ubtv2cVAjX9i5Op3tBz3hrADuY19U8HUw8AEtujddHWS6dHYAiqbxb/d47oUYgDYJLw1++JRDPJn9hD+03Lfj8ShCKGMVzIWwPQ6knttKKkOvsgj14IAR07b7As2O0GcqXfukWgGt+rBoS0xxPpJC4v3FJGD6FNQdHiwlIfus9+48O74/0x/CtasOLg89IsLCw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(346002)(136003)(376002)(39860400002)(366004)(83380400001)(166002)(9686003)(2906002)(26005)(55016002)(71200400001)(33656002)(4326008)(64756008)(9326002)(186003)(53546011)(478600001)(6916009)(966005)(6506007)(66446008)(66556008)(76116006)(52536014)(66476007)(66946007)(7696005)(8936002)(316002)(8676002)(5660300002)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 1EfLR6ycvn8xEh90VNvhGiMjdxhzf3B5e4Y28K4abiRPbk9a5Nz3DMTOu8VZzqlh62oJv+2YSiJatQaOptFbwFzHelITmm7ngQX1ducdBfjhn+BK4zIVtpe12r/hD3SGkOOov6p9KkrtCtNkkWM52C9nbXI7ZKssyrMmrvJRGlayfkVWtxRM1tzTbmRgzURzMYSF9Z4F7x85eHkaZKZIy8B2VpE36N6w0GiTTLHF0hhO8QVTgehdGOrfEJM9xfB/gb1klsOQeo73yuLW7qyyW9qhQ5GMElKEbZFi1FIjYCKrHN+oDFWOqAeorsP0bdTb5ihLo4J8gpLQKzyYdjEWvloNj7IhV68xkfsZG83aqKa9OQJtu0XlXalRRmgKw1qCLLPCcZMgQkh4kNHDkZ7nK9W0cNeDNhHNrEm1CN3KxyETQg+iZxguFKYXZ5N2UtnVDv9x0ANgMvWYj5TBBNwog8GvyFDVcAWBtiV953f88E1CCPpe98kRKD9cWZoC7R3X
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716CE71E3C556DE964C5AE9FA9D0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3651
Original-Authentication-Results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT038.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(346002)(136003)(376002)(46966005)(82740400003)(478600001)(5660300002)(2906002)(52536014)(82310400002)(336012)(4326008)(81166007)(6862004)(70206006)(70586007)(83380400001)(36906005)(7696005)(33964004)(316002)(47076004)(55016002)(26005)(9326002)(53546011)(8936002)(6506007)(86362001)(9686003)(966005)(166002)(186003)(33656002)(356005)(8676002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 09d44844-aad3-49e1-06c3-08d811d2728b
X-Forefront-PRVS: 04362AC73B
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: thXeO/y02VVFoCIyxUK9d2cnRIJmgToUtztQ5iWNFOnMA8JjVaxLynB3IG8fwlezGccjrwLGte888vtYHwUSHHKbGoL31uimdrYE4nv7VyDYF7aNDvMSn0fp0qntAU3zaNa5bXlU0GQ3Iw/jzFZXioEajuN7t4HQMU5Xu6aEI5XeuAbXfgofMu9pviB7MnC9sH3ybJpaIDxQJfawadb+p/W1ak/KSNbBluRe2YDQ+pPzOyhnPgO3Uj6h2zxmZ30pafGIlYMsiNLV54Ie23PNWm4PyzF9gaEB/v1zGq5F1M0PvpyuBRFliRQZF2ulih6cwRsOeZI0nuU0a++5JQ57O2WyA0TQUYzxtB3XsdTdiiOTXrI5HKYCfO1kp0h719he6PX/TZbv0XUsfqVhZI//ZEAUW53SHxv3dlERDRmikUpQGClfm4PAcO0sONB5bUZjncmg9C6zXjV5qDqf+9FEuSEFg4g46aPIZIjqH7YQM+Q=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2020 08:51:30.1097 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4549c64a-bc52-44ad-b5aa-08d811d2768b
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4281
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/3yUNht0XUIw45sFohEicf_EmeCc>
Subject: Re: [Rats] draft-ietf-rats-architecture-04
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2020 08:51:37 -0000

Hi Laurence,

as you explain below it might help to replace some of the terms with others. I think the description does not make it easy to explain the concepts to those who should actually be using them. I did the review because I tried to explain the concept in a lecture to students.



For example, the term “information” (or claims) sounds a lot simpler to understand less sophisticated than “evidence”. Particularly, when the term “evidence” is then described as “A set of information about an Attester that is to be appraised by a Verifier”. (The definition later provided in the text is actually better but does not match the definition earlier in the document. Inconsistency likely caused by duplicating text throughout the document.) I earlier description is IMHO actually wrong. For example, why does the verifier needs to be present in all scenarios? In fact the models in Section 5 suggest otherwise. Why cannot a device send the claims to a relying party? The case where you need a verifier to interpret the claims may be a corner case in some environments. Why is the information about an attester? It better describe the characteristics of the device, as it is said in Section 8.1.

If you look at the whole exercise from a 10,000 foot view then we are essentially using design patterns from the identity management space and apply it here with slightly different information. That’s in a nutshell where the models in Section 5 came from.

Ciao
Hannes

From: Laurence Lundblade <lgl@island-resort.com>
Sent: Tuesday, June 16, 2020 3:37 AM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: rats@ietf.org
Subject: Re: [Rats] draft-ietf-rats-architecture-04

Hi Hannes,

I think readability of the document could be improved and maybe some simplification would be OK, but I generally think most of the core entities and messages make sense.



On Jun 9, 2020, at 12:13 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:

Hi all

I have re-read the architecture document and IMHO it is still far too complex. It makes the reader believe that attestation is some rocket-science concept, which it just isn’t. After such a long time the document is unnecessarily hard to read and understand.

Here is the story as I see it.

In the basic form a device puts a bunch of claims together and then signs them. The device is the attester.
Then, this information is sent to another party, the relying party, which uses this information for some kind of decision making.

Evidence is just the name for “this information”.



Of course, there is some prior setup that has to happen (provisioning of keys during manufacturing) and some assumptions have to be made as well (attestation code on the device has to be well protected, code isolation being used, etc.).

Endorsements are the mechanism by which this happens.



Then, there is the a complex case where the relying party cannot use the received information directly. This is most likely related to any form of software measurements. If you send a hash of a bootloader to some relying party you cannot really expect it to be used for anything. The reason the relying party cannot use that information directly is because it does not know what software the device is really supposed to be running. Hence, there is a need to consult another party (let’s call it the verifier). The assumption is that this party knows what the expected fingerprint is and hence what software is running on the device.

Which is why the terms Verifier and Results are used.


That’s all. There is not much more complexity to this topic.

I personally would be happy without the Owners and the Appraisal Policies in the architecture as they seem obviously implied, but not enough to ask they be removed.


So, where do all these terms come from? Appraisal policies, evidence, endorser, ...

I would delete them and see whether the idea still gets across.

I think more clear writing would help.

(We could put text in https://www.scribens.com and look at the Flesch and Gunning Fog indexes for readability under statistics)

LL



Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email