Re: [Rats] Call for adoption (after draft rename) for Yang module draft

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 23 November 2019 06:33 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48BF0120833 for <rats@ietfa.amsl.com>; Fri, 22 Nov 2019 22:33:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ya49dh1FUVgM for <rats@ietfa.amsl.com>; Fri, 22 Nov 2019 22:33:38 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23EA812022D for <rats@ietf.org>; Fri, 22 Nov 2019 22:33:37 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [89.248.140.12]) by relay.sandelman.ca (Postfix) with ESMTPS id 1BE211F450 for <rats@ietf.org>; Sat, 23 Nov 2019 06:33:36 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id D04467D4; Sat, 23 Nov 2019 14:33:38 +0800 (+08)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "rats\@ietf.org" <rats@ietf.org>
In-reply-to: <MWHPR21MB07840B6CF7BEE0A11ABE54BFA3700@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <8B173958-FC2A-4D1D-A81C-F324AB632CD7@cisco.com> <147F9159-6055-4E55-ABDC-43DFE3498BF1@island-resort.com> <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <HE1PR0702MB375366C5F7FE5C497C35D73B8F740@HE1PR0702MB3753.eurprd07.prod.outlook.com> <7106C9D3-8ED1-419E-81F8-4CDA799BEDAE@intel.com> <MWHPR21MB07844F61BEFAE03F9E7DD290A3770@MWHPR21MB0784.namprd21.prod.outlook.com> <6E7D64B4-2049-4D0A-ADC5-CA3F0647779B@island-resort.com> <MWHPR21MB07840B6CF7BEE0A11ABE54BFA3700@MWHPR21MB0784.namprd21.prod.outlook.com>
Comments: In-reply-to Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org> message dated "Fri, 15 Nov 2019 07:38:32 +0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Sat, 23 Nov 2019 14:33:38 +0800
Message-ID: <10511.1574490818@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/YpvigY4dOBESA_igUb7lFqCH04k>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Nov 2019 06:33:40 -0000

{why do people insist on CC people who are on the list?
Do you enjoy getting three copies of emails with different headers}

Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>; wrote:
    > I have not yet seen a compelling reason to use a pull-based mechanism
    > instead of a push-based mechanism via another protocol the routers
    > already support.

I agree.

    > In order to know who to pull data from, the Verifier has to have some
    > indication from the Attester that triggers the attestation request
    > indicated as Step 1 in draft-fedorkow-rats-network-device-attestation.
    > So in reality, there has to be a step before step 1,
    > whereby the Attester does something that makes the Attester
    > discoverable by the Verifier.   That step could have included the EAT
    > or the TPM data

I have a todo item to write up:
  1) a use case for Attestation at BSKI onboarding time.
     (really this is a RIV sub-case, I think)

  2) a document explaining how to carry EAT in BRSKI voucher-requests and
     RFC8366 vouchers.

That works well for initial attestation before a device is accepted onto a
network, but does not manage the ongoing safety of the device.  An open item
in BRSKI is finding a way to signal that a device supports RESTCONF, and
should have it's configuration loaded in that way.
That signaling could very well indicate that attestation is available that
way; well actually I think that once RESTCONF is up, the controller can
discover that it supports our EAT-YANG-module.

Having said all of this, I was surprised that my question on Friday's meeting
about what claims would be in the EAT that be returned from
entity-attestation-token-challenge-response did not elicit more understanding
and aha.

I want to be clear: I object to including the EAT in the *TPM* module,
because:
  1) it's mixing two different things and there is no reason a device
     that supports one should have to support the other.
  2) I believe that the use case is completely different.
  3) returning EATs is way too important to get it wrong like this.


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>;, Sandelman Software Works
 -= IPv6 IoT consulting =-