Re: [Rats] draft-birkholz-rats-network-device-subscription-00

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Tue, 28 July 2020 14:18 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 665273A0CB9 for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 07:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8OuCssehDXd for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 07:18:10 -0700 (PDT)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD1E83A0CB5 for <rats@ietf.org>; Tue, 28 Jul 2020 07:18:03 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2GrAwBBMyBf/xoHYZlgHAEBAQEBAQcBARIBAQQEAQFAgUqBe4EegTMKhCqQeiWcDAsBAQEBAQEBAQEGAQEbEgIEAQEChEoCgiIBJDgTAhABAQYBAQEBAQYEAgKGRQyDU4EDAQEBAQEBAQEBAQEBAQEBAQEBARYCQ1USAQEdAQEBAQMjDwEFQQwECQIOAwQBAQECAggBHQICRwgIBgEMAQUCAQGCV0sBgnsFkyWbBHaBMoVSg0aBQIEOKoZGhigPD4FMP4ERJwwDglo+glwCA4RygmAEj1mDCYcAm2gpB4FagQiBCAQLh0GRDAUKHoJ7gSKIJ4R+Bo4hhVGMRp8aAgQCCQIVgWoxgUpNJC6DCglHFwINlyOFRHICNQIGAQcBAQMJfI5rAYEQAQE
X-IPAS-Result: A2GrAwBBMyBf/xoHYZlgHAEBAQEBAQcBARIBAQQEAQFAgUqBe4EegTMKhCqQeiWcDAsBAQEBAQEBAQEGAQEbEgIEAQEChEoCgiIBJDgTAhABAQYBAQEBAQYEAgKGRQyDU4EDAQEBAQEBAQEBAQEBAQEBAQEBARYCQ1USAQEdAQEBAQMjDwEFQQwECQIOAwQBAQECAggBHQICRwgIBgEMAQUCAQGCV0sBgnsFkyWbBHaBMoVSg0aBQIEOKoZGhigPD4FMP4ERJwwDglo+glwCA4RygmAEj1mDCYcAm2gpB4FagQiBCAQLh0GRDAUKHoJ7gSKIJ4R+Bo4hhVGMRp8aAgQCCQIVgWoxgUpNJC6DCglHFwINlyOFRHICNQIGAQcBAQMJfI5rAYEQAQE
X-IronPort-AV: E=Sophos;i="5.75,406,1589234400"; d="scan'208";a="23355635"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jul 2020 16:18:00 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CsBAAVMyBf/1lIDI1gHAEBAQEBAQcBARIBAQQEAQFAgUqBey9vVzAsCoQqkHslnAwLAQMBAQEBAQYBARsSAgQBAYRMAoIgAiQ4EwIQAQEFAQEBAgEGBG2FXAyFcQEBAQQjDwEFQQwECQIOAwQBAQECAggBHQICRwgIBgEMAQUCAQGCV0sBgwCTJJsEdoEyhVKDRoFAgQ4qhkaGKA8PgUw/gREnDAOCWj6CXAIDhHKCYASPWYMJhwCbaCkHgVqBCIEIBAuHQZEMBQoegnuBIognhH4GjiGFUYxGnxoCBAIJAhWBaiMNgUpNJC6DCglHFwINlyOFREExAjUCBgEHAQEDCXyOawGBEAEB
X-IronPort-AV: E=Sophos;i="5.75,406,1589234400"; d="scan'208";a="118519588"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jul 2020 16:17:58 +0200
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id 06SEHvU0015920 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Tue, 28 Jul 2020 16:17:57 +0200
Received: from [192.168.16.50] (79.206.156.41) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.487.0; Tue, 28 Jul 2020 16:17:52 +0200
To: Dave Thaler <dthaler@microsoft.com>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
CC: Wei Pan <william.panwei@huawei.com>
References: <BL0PR11MB31221B4EE75AADDB4685CBDEA1950@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR2101MB1027CB2B71CA83305B9608BAA3730@BL0PR2101MB1027.namprd21.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <0428729f-5754-8b19-6bbf-378aa123c799@sit.fraunhofer.de>
Date: Tue, 28 Jul 2020 16:17:50 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <BL0PR2101MB1027CB2B71CA83305B9608BAA3730@BL0PR2101MB1027.namprd21.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.206.156.41]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/WnxyU5StiPQZvpbug_N_hcCe82o>
Subject: Re: [Rats] draft-birkholz-rats-network-device-subscription-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 14:18:14 -0000

Hi Dave,

a clarifying question:

What exactly do you mean by the "who" in "a subscriber knows who to 
subscribe to"?

The I-D does not come with its own join/rendezvous/discovery capability. 
That either comes related with YANG Push ("call home"). That would be a 
"who" on the entity level.

Another possibility is that you mean a YANG RPC with the "who"? That 
would be a "who" on the management interface level.

Or you could mean one of the Attesting Environment of a composite 
Attester. Tha would be a "who" on the Attester level. And that is done 
via the included data store.

Or do you mean something I am missing here?

Viele Grüße,

Henk

On 28.07.20 16:10, Dave Thaler wrote:
> I asked in the meeting how a subscriber knows who to subscribe to, and I believe the answer was
> that CHARRA answers that.  Well I looked in draft-ietf-rats-yang-tpm-charra-02 and it does not
> contain any mention of the subject.  I think one or the other of the two drafts needs to address
> this issue.  My preference is that it be in draft-birkholz-rats-network-device-subscription since
> that's the draft that talks about limitations like
>> Evidence is not streamed to an interested Verifier as soon as it is generated.
> Which certainly still applies, it's just another case... you didn't know to subscribe to it until
> after the evidence was generated when it booted.
> 
> Dave
> 
> -----Original Message-----
> From: RATS <rats-bounces@ietf.org> On Behalf Of Eric Voit (evoit)
> Sent: Wednesday, June 24, 2020 9:41 AM
> To: rats@ietf.org
> Cc: Wei Pan <william.panwei@huawei.com>; Birkholz, Henk <henk.birkholz@sit.fraunhofer.de>
> Subject: [Rats] draft-birkholz-rats-network-device-subscription-00
> 
> Hi All,
> 
> This draft defines how to subscribe to a stream of attestation related Evidence on TPM-based network devices.  When subscribed, a Telemetry stream of verifiably fresh YANG notifications (which are generated when TPM PCRs are
> extended) are pushed to the subscriber.
> 
> This draft integrates:
>   *  Section 5 of draft-voit-rats-trusted-path-routing-01
>   *  Elements of draft-xia-rats-pubsub-model
> 
> Thanks!
> 
> Eric, Henk, and Wei
> 
> 
> -----Original Message-----
> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
> Sent: Wednesday, June 24, 2020 12:19 PM
> To: Eric Voit (evoit) <evoit@cisco.com>; Wei Pan <william.panwei@huawei.com>; Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
> Subject: New Version Notification for
> draft-birkholz-rats-network-device-subscription-00.txt
> 
> 
> A new version of I-D, draft-birkholz-rats-network-device-subscription-00.txt
> has been successfully submitted by Eric Voit and posted to the IETF repository.
> 
> Name:		draft-birkholz-rats-network-device-subscription
> Revision:	00
> Title:		Attestation Event Stream Subscription
> Document date:	2020-06-24
> Group:		Individual Submission
> Pages:		20
> URL:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-birkholz-rats-network-device-subscription-00.txt&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029115135&amp;sdata=MnEJ5ZwAh4BlTNs09fk0Vr1H39j5N%2BJdyBQHNJp7BdY%3D&amp;reserved=0
> Status:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-birkholz-rats-network-device-subscription%2F&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029115135&amp;sdata=qukLQaq17P4ts20nW1L%2B2dB9zIM9XB9SRcscFWcOeLw%3D&amp;reserved=0
> Htmlized:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-birkholz-rats-network-device-subscription-00&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029125095&amp;sdata=Q0TfFjrfHZU%2FKFOT3li4JG0QoBa3Vo%2FkHTp00T6GbZY%3D&amp;reserved=0
> Htmlized:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-birkholz-rats-network-device-subscription&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029125095&amp;sdata=RLSvdRTcWX4Gew50X2DL7t2pE7N%2FA%2BKWrAVz0NhsbiA%3D&amp;reserved=0
> 
> 
> Abstract:
>     This document defines how to subscribe to a stream of attestation
>     related Evidence on TPM-based network devices.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 
>