IETF Logo Mail Archive

Re: [Rats] Early AD Review of draft-ietf-rats-architecture-13

Laurence Lundblade <lgl@island-resort.com> Sun, 14 November 2021 19:40 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A05DC3A00AD for <rats@ietfa.amsl.com>; Sun, 14 Nov 2021 11:40:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBMOIxwJxPUI for <rats@ietfa.amsl.com>; Sun, 14 Nov 2021 11:40:48 -0800 (PST)
Received: from p3plsmtpa07-08.prod.phx3.secureserver.net (p3plsmtpa07-08.prod.phx3.secureserver.net [173.201.192.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C67A3A0062 for <rats@ietf.org>; Sun, 14 Nov 2021 11:40:48 -0800 (PST)
Received: from [192.168.1.7] ([75.80.148.243]) by :SMTPAUTH: with ESMTPA id mLMtmUcxbZuUymLMtmOmKE; Sun, 14 Nov 2021 12:40:47 -0700
X-CMAE-Analysis: v=2.4 cv=Wa3J12tX c=1 sm=1 tr=0 ts=61916640 a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=TWq6ZYQzAAAA:8 a=PG1pwhlirxYvpwVtNWAA:9 a=QEXdDO2ut3YA:10 a=1c9j3uhK2sgju7F0HaYA:9 a=PtiT540HSzMoNq8a:21 a=_W_S_7VecoQA:10 a=yB1HRgoHU1y-6sIQOLQA:9 a=sqhVb688EjfxRK8J:18 a=HXjIzolwW10A:10 a=T6a71-JsGAwA:10 a=rIyanEyMZ4lcgHv4kgMA:9 a=Z8XnbLO82l24wXpo:18 a=ELI009spOhp4_qEUuRHw:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <C72EDDB3-31EE-4905-BB7A-5DB9E874EDF9@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DB4EFFDA-C52D-4D48-94E7-4343B9430FE5"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Sun, 14 Nov 2021 11:40:46 -0800
In-Reply-To: <BN1P110MB093950BBE53B1AF523934E82DC959@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Cc: "rats@ietf.org" <rats@ietf.org>
To: Roman Danyliw <rdd@cert.org>
References: <BN1P110MB093950BBE53B1AF523934E82DC959@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfBt6AevLAZCvK2p2jwZsVRt/bm/zLQnVt2vEpxrvHb3bjLSPBsY4+r2ShqI15wsNDfB28Ws3Sx3pqLkRujaHLPH9yW05JOJIhx3st5wC06VLPleRaDH9 jV8L08lO9JZysyjiv4iFitf2Q4tTpmKs2o0+BvDsCEE0wzLsO1tGM2lJnAPd6LYwomvEnvp65187T5anCN9FB5ZTLO3aOUIRqIk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/X25xMLKhBJREOHLRLvVhtNQ3aGg>
Subject: Re: [Rats] Early AD Review of draft-ietf-rats-architecture-13
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2021 19:40:54 -0000


> On Nov 12, 2021, at 1:15 PM, Roman Danyliw <rdd@cert.org> wrote:
> 
> ** Section 7.1  I got a bit lost in the repeated use of the word trust as a verb, noun and adjective.  It seems like two properties should be described:
> -
> - (authenticity) Trusting that information came from a expected entity/role
> 
> -- (correctness) Having confidence in the veracity of the information being provided (e.g., the processes used by the verifier to process the evidence or compute ).
> 
> I'd recommend being clearer on what kind of trust is meant.

Yes, perhaps trust here is more about the trusted entity behaving as they said they would. For example, actually doing a verification correctly when they said they did a verification, keeping keys safe… Authenticity and integrity follow from that.


Also, I think that there are two trust flows here. The description bounces between them without explicitly saying so. Here’s clips from my slides from IETF 108 describing that.

LL

v2.23.0 | Report a Bug | By Email