IETF Logo Mail Archive

[Rats] 答复: RATS use cases review

"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Thu, 11 July 2019 04:05 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27EBD1200D5 for <rats@ietfa.amsl.com>; Wed, 10 Jul 2019 21:05:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y7hFfbvR3LZR for <rats@ietfa.amsl.com>; Wed, 10 Jul 2019 21:05:49 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43F0D120098 for <rats@ietf.org>; Wed, 10 Jul 2019 21:05:49 -0700 (PDT)
Received: from LHREML714-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 65E0F2993742124BF947; Thu, 11 Jul 2019 05:05:47 +0100 (IST)
Received: from DGGEMM401-HUB.china.huawei.com (10.3.20.209) by LHREML714-CAH.china.huawei.com (10.201.108.37) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 11 Jul 2019 05:05:46 +0100
Received: from DGGEMM511-MBX.china.huawei.com ([169.254.1.140]) by DGGEMM401-HUB.china.huawei.com ([10.3.20.209]) with mapi id 14.03.0439.000; Thu, 11 Jul 2019 12:05:42 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] RATS use cases review
Thread-Index: AQHVN0iOwrIacuq7sEebRdnNWEQFKKbEuWZg
Date: Thu, 11 Jul 2019 04:05:42 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13E7C7CA5@dggemm511-mbx.china.huawei.com>
References: <CAM+R6NW1KSf3ziAp8TqnTNwS+a7Y+4TuTDTPVZC8Ae32noXMYA@mail.gmail.com>
In-Reply-To: <CAM+R6NW1KSf3ziAp8TqnTNwS+a7Y+4TuTDTPVZC8Ae32noXMYA@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.159.76]
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F13E7C7CA5dggemm511mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/YfOQYoIg7wXY9dhkDyINo2JCpX0>
Subject: [Rats] 答复: RATS use cases review
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 04:05:52 -0000

Hi Jessica,
Good point and topic!

Categorizing the use cases on the type of information collected is a possible, but maybe not the best way. Since this kind of difference seems to have no much influence to the RATS protocol design.

I have no definite answer to it now, but propose more options for discussion:

1.       Define different use cases for device/service types: network device, IoT device, web service, NFV, …

2.       Define different use cases from different functional requirements: boot time attestation, running time attestation, periodic attestation, on-demand attestation, on-change attestation, mutual attestation, batch attestation, pub/sub mode attestation, …

3.       Trigger condition of RA: device initial provisioning, device reboot, device post-update, line card insert/removal, some key event on phone/IoT device (i.e., execute key app, read important data), …

4.       Partial combination of the above use cases

B.R.
Frank

发件人: RATS [mailto:rats-bounces@ietf.org] 代表 Jessica Fitzgerald-McKay
发送时间: 2019年7月11日 1:54
收件人: rats@ietf.org
主题: [Rats] RATS use cases review

Hello, all,

I  took a careful read of the use cases document. I notices that Sections 5.1 - 5.6.2 each are variations on the themes of attesting to a device's:

- identity
- hardware inventory
- software inventory
- firmware
- configuration

Section 5.1 is fairly explicit about that.

Section 5.2 seems to be describing a particularly reslient remediation to hardware/software vulnerabilities (presumably discovered via a device's hw/sw attestation?).

Sections 5.3 and 5.4 are concerened with the configuration of a device's hardware or software TEE.

Section 5.5 describes how these forms of attestation are directly applicable to critical infrastructure. While I am sure there will be protocol restrictions for that type of device, the idea of what is being attested to is the same here as it is for other device types.

Section 5.6.1 seems to be relatively the same as the TEE/ML use cases. And, 5.6.2 admits to being essentially a subsection of the same.

In this light, the right approach is to organize the document around the information that is being attested (the above list, plus end-user information (section 5.6.3), geographic attestation (section 5.7), and connectivity attestation (section 5.8)), with perhaps additional information on how these types of attestation can be combined in support of things like, say, critical infrastructure security, etc.

What does the work group think?

Thanks,
Jess

v2.23.0 | Report a Bug | By Email