Re: [Rats] draft-ounsworth-rats-x509-evidence-00

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 09 November 2023 13:40 UTC

IronPort-PHdr: A9a23:gNC7pRxvDnHmQkDXCzKPy1BlVkEcU8jcIFtMudIu3qhVe+G4/524Y RKMrf44llLNVJXW57Vehu7fo63sCgliqZrUvmoLbZpMUBEIk4MRmQkhC9SCEkr1MLjhaClpV N8XT1Jh8nqnNlIPXcjkbkDUonq84CRXHRP6NAFvIf/yFJKXhMOyhIXQs52GTR9PgWiRaK9/f i6rpwfcvdVEpIZ5Ma8+x17ojiljfOJKyGV0YG6Chxuuw+aV0dtd/j5LuvUnpf4FdJ6/UrQzT bVeAzljCG0z6MDxnDXoTQaE5Sh5MC0ckk9vBDH09CzcZpbBjSmgi81m2A6UG9erbaEZfm/84 J5aE1zh0DoWZz8kzUX+358V7upR9R6ggBc4mLyIQb+vL9hZTpvTfvYRGDVOYppjcjJYOduOY YIfA7AfPedZitDeuXVX8QSvLDidWMf1yzB6vGSt5oQlj/kzGiba3A09Jt8QiU6OlYTQKYYfX d2olrHk8BqeZKlpyGatsIrQdAEMhqmPd+tUKpPRkmpsRhqYhXeRo6HUOmOs3PUdikew0bRvX LuFiXA3lzxD4Qihz8kiqbPzosUP0VXE8y8l5J80KojrAF4+YMSjFoNXrT3fLYZtX8c+Fnlho z1polVnkZuyfSxPxZgoyh3WMaPBfZKB/xTjU+icO3F0iSEtdLG+gkOq+FO7gq3nV8ay2UpXt CcNjNTWt34M2hCSosiKQ/dw5AGgjB6BzQnO7OFDL00u063dLp8q2LkrkZQP90/EG0fL
IronPort-SDR: 654cdf7f_3rwpaP6F1MEYYU1QcZ9MqDOpJR5Ftr1yqdiugPI6fGFuAAo 8TT58VyLliqLKptkRq9xN3Car8HogZTW8KiPvDA==
IronPort-PHdr: A9a23:R6cUVhdHCa2/++LINRV/VHDHlGM+/N/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGveZDIgzPHkNJ86BaYZ/DRVrATVxK4s od6ZTiz1ig+BmV6+TnKm5xxkZ9/iUfywn43ydvYYaaec6FMIoLjR8g4Ylp5UMV0XHEeDb/gX a4RFtFZD+hRv4WnuVsPrD7nJheCXb/w2xZ5tyPSx6w14d46Sjrvw1A9DdkprHTVsez4Kp4oC 9nk6bTpwDn+cqlO9QrStYOSTQFw8amORbRhXO2JymN2M1icjg6z6t38Yji31+4ggm3L1uBxR duAoFB5pAgoiDqx1vsRuMr5iIsbxHP+zwE+2p0wJduyFGpiYNHxQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvmbequhuEylWvyYPDF4g3xoYvSzikX6/Uuhz7jkX9KvmBZRr yVDm8XRrH1FyRHJ68aGR/c8tkes0DqCzUbSv8lKO0kpk6rcJZM7hLk2k5sYq0PYGSHq3k7xi cer
IronPort-Data: A9a23:3pf+Fa75FeVt93CGjj13JAxRtHfCchMFZxGqfqrLsTDasY5as4F+v jQfWWDUPPiCNDCnL4x0O47j8U0OupCDztdqSwVspH1mZn8b8sCt6fZ1gavT04N+CuWZESqLO u1HMoGowPgcFyOa/FH3WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2+aEuvDnRVvW0 T/Oi5eHYgT8gmYlaj58B5+r8XuDgtyi4Fv0gXRjPZinjHeG/1EJAZQWI72GLneQauG4ycbjG o4vZJnglo/o109F5uGNy94XQWVWKlLmBjViv1INM0SUbriukQRpukozHKJ0hU66EFxllfgpo DlGncTYpQvEosQglcxFOyS0HR2SMoV+yJjpe3qZ7PWvwlSFKHuvmKlBDHkPaNhwFuZfWQmi9 NQDLSwVKB2TjOLwzqiyV+9sgcouNo/nMevzuFk5kGqfXKlgGM+SBfyQure03x9o7ixKNfbTY clfYzt1bxTHZw9nIVYLTpwklfquhn7xficepF/9Sa8fvDCKlVIui+aF3Nz9f4XVRtR1n3ahq 0HM4WDmDT4QC/+b1m/Qmp6rrqqV9c/hY6oIHaGj3v9nnFPVwXYcYCD6TnPi/KL82xH7Ao0Ob hVOpWwwqO45skKxR8T7Xxq2rWTCshN0t8dsLtDWITqlk8L8ywiDD3UCTjlPZcZgs8kzRDcw0 USOkc+vDjtq2IB5g1rAnltNhWrqYXJHHnxIfiIeUwoO7v/qpYx53FqFTc9uHOTxxpf5EC35i WLC5iUvpaQhvehS3YWC/HfDn22NoLrNRVUL/Qn5ZD+uwT54Q4+HXLaWz2bnw8xOF6una2WQn WMlnpGe5d8eDJvWmy2qRv4MLY6T5P2EEWP9h3hzE7kI6gad+3yqVt1V6zRQfU1sMtg2fAH4R ErpvSJQ+55hE3+4ZoBnY4+KKpoLzIqxMf/HR/zrft51TZwpTzC+/QZqfl+242DhtGMOgJMPE 86XXuj0BElLFJk96iS9Qtks9IMCxwc89Dv1fo/6xRH26oiuTieZZpldOWTfc91jyr2PpTjU1 NNtN8Gq7RF7e8+mawn19b8jF3w7HUIZN7vX9fMOLvWiJzB4El4PE/XSmLMtW7J0lpRvy9vnw CuPZV96+nHe21v8NgS4WlJyYujOXLF+j04BEw4CAFKK40UnMKGTtPoxVp1vZrQ21v1R/dgtR dk/RsiwKPBuSDPGxjcjUafAvLFSLBSGuAbfEBemMR4efoFhTTPn4tXLXBXi3whQAzuVtfkRm ayB1ATaSsAHHyBnPtfnWMyyxnzguEotuf9AcHbJBvJxe0zc1pdgBAKsr/0wIuAKcQ7iwBnD3 SmoIB4on8v/iK5rz8vsmoa/sJaPL+tyOmF4Dlvrx++6GgeC91Xy3LIadviDeA7scV/d+YKgV L1z9O79OvhWp2R6mdNwPJgzxJ1v+ua1gaFRyzllO3D5b16LLLdECVve1Oltspx9/JNoiTGUa GmupOYDYa6oPfn7GmE/PAAmN+SP9c8FkwnosMgaHh/I2z9VzpGmD2NpIBi+uA5MJuBUMaQk4 9sbluw41gidsicuY/G61n161mLUNXERcbQVhrdDCq/Rtwcb4FVjY5vdNyzI3K+ye+h8ancNH DvFq5fB1pJ9x1XDeUUdDXLi//RQrrVQtQFozG0tHUWomN3EjaUzhDlUwyUGfjpIxzoW1tBDG 3VZGHB0AY6s/D5YotdJcE7xOgNGBTyfolfQzXlQnkLnbkCYbE7/B0xjBvSo42Yi7HN6QjhX2 Jq62VTVe2/mU++p1xRjRHM/jeLoSOJA0zHrmeelLpyjJIY7az+0uZ2eTzMEhDW/CPxgmXCdg /dh+dtxTqjJNSQwhakfIKvC3JQyTCG0HkBzcctDzogoQ16FICqT3AKQIX+fYslOfvzG0XGpA vxUe/5gaU6M6zasnBs6W4g3PL5GrNw47oEje5TqB1I8nZmxkz5LiK/Upw/C3DIFYtM3ncgEf 9abM3rIF2GLnnJbllPctMQOaCLyfdAAYxa6x+yvtvkAE5UYqux3bEUuyf2Osm6INBd8tQeh1 O8Zi3Q6E8Q5oWi0o7bRLw==
IronPort-HdrOrdr: A9a23:wFzdCqzwaj9fBfaIfBgaKrPwC71zdoMgy1knxilNoHtuA66lfq GV7ZcmPHrP41wssR4b9OxoR5PwJk80maQY3WBzB9eftWvd1ldARbsKhbcKqAeAJ8SRzIFg/J YlU5IkVZnbC19kgd3h6BS5FdEBzbC8gcWVrNab9SwxCTxNL5tbySdVMG+gYylLrQB9dPwEKK Y=
Message-ID: <02ede7ed-abb3-ca25-3b93-3ae7fc0035e7@sit.fraunhofer.de>
Date: Thu, 09 Nov 2023 14:32:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: rats@ietf.org
References: <6FCC00F5-1FAE-4CCD-9ED2-DA2BA923E7F7@island-resort.com> <011801da130d$74579390$5d06bab0$@gmx.net> <PH0PR02MB7256944BAD4E6910520FD6FAF2AFA@PH0PR02MB7256.namprd02.prod.outlook.com> <013f01da1310$53dc4540$fb94cfc0$@gmx.net>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <013f01da1310$53dc4540$fb94cfc0$@gmx.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 4JUPtHWed1YthP4bsYXbfrRnn4GHwBQ5hZvYb7W5V96O8uCv2Fqi3gDE7t0gBbioDelbwm6eDG0HjpXebj9w0BCC5czr2bMSyOzPS5YgiMpTiOZIpg18oAP3sg/uwcRubrwsjbu3QTLwgAJ/rj4D0Eh595XIga+zdqWWNpguv1OYja0dcrcRV98ywltwhW61xEGl3tAgl30Ib2DsgpmdGMJA7RPheFNNNTOQB+FnqhFgSDZudxGtEEwxkxYnRIYrL4jfxg83//+9gThvw2TISdqvYC5oEtxncMJXEeeF91thIh0TcD3sWOm79Hjtb7pU0fwgfi+HBpB+VwswiHirOeTe7XELXsC8hE+xPnoFP8soL174CMta2FwGdyLJUaI95VLUYqKiP2lRoYcMaC8DL1wVOAUipMoKn4nlk8H7BNribHtCAVobFa5hWjRKTxXBTDgHCqmJbshBhV5ptxpCkSSYzKU50ExbSaJP4IHA1aUNcqlWbFVcPyvvvjF0AaS/r2w7FlUEt7n3HF7FnMeKIRI7fg+x89MhDAZyEIpEB6LIJfmSlPkq0UVaJuN3Lo8v4ckUnQ6hA4XSzhX1E76qHi2YFlF8SRFjV4b2bCtAV9+ItMs0hRIy8jEEjMKDguLBn+vzqehCBl81sMWaQpR5rpzxyARCDn0jXQy7g1nZAhDysrmKjq+qRGofyJeqbPsEE7IUCvSb9Be7hW8iza9ojM8Jji3kMHD7ZSiFs1kQaNEoAXONyQ+hn6cGcSwgbpXyusNaAF0gTpV4CFUhtMExBdeR+X/lQ8vhFNntuUoXQ7P3CU4DOKPzt2OG9qOQNnZVMK5fWKe1QkEWuNe9vH4Zi0c44jVPwRGE7HWT09RYYjYBxPJYNLnufhiKLhvSumKufJVNMEUM1y2OjJRmCwcIh7WY77XF2LkUFoChnGfo8YKEdV3u6e3ebk1i92vzB3zVjWgW8mn6tnHXYb7j7i3mFc4jnJMWPp0Be4/MeZSgYvhtwKDW9XqYJ5ThNOZtu3UM7VFVDHRQuWkSgCvefMkKXkeEcsuCuOEifnsGdeEbh1eZZuQ7v/QTXx3oDMCou/gfV8nAVDi1ENweff/z5E/hqQz6sBoNH094dGVaIUESLtHMehXtiZfxl+e17futuYbDbUoy5caO6mw8pfQz3aQTs+3pHGHOOo4LHfNN5+Hzw0wx6OuRCaCgkcFaXvqW9ccBNSDV8chisVYjxzt+HMUQTZF9lcT/qjlxOzBSTJ0yjCGB1sxNQpklr2wm/xry1GqrDBdyn4ve/kdhwZsVXuOBwMxdnO3h607+X5yVzhw758vzcxEswTUDrBAjP2PIdQ9niAlgy4RM6eJ6M92+S1STUCMe9efDk4mNxdx7Z4WC1aF5l0UJhnEXcg3ax51h60WTPh8Hm5biuiLkQOz0u/Xb9Xt/WJbDCLsPdfH7CgtFAb6L9mGwb0XnVmGXf250ADJwud4ygKLCL8Xsj/7RJalERtvgfBwHPjYOSYosZtUw02cJ6We3/nTaF03r199NH9A7jveLSE5TtMYP9ImdWZvpAdg0bi8o7Y0KGKIJMKSFZcR9ARjtSDUfZ8eLb/rf+HgMFdekfvKWlL1WdgPIvydww1gc7qu0CaeTsbiQ8apOY0A=
X-MS-Exchange-CrossTenant-Network-Message-Id: ab3c4a0f-8669-4cdf-b8e8-08dbe1285b80
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Nov 2023 13:32:45.4360 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: UnE1H32jUgD/uZ23geXCtWD58w0nWV70DJW2Zw478XV9VHkmImXp2w/GIm1LO7ogsg2zNohy3O8JJJex4d/rGsnairfdxs7XYljLQlIVzxI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEZP281MB2820
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/bJTfEOIVyB1F9Sfk-8u5fCNJbXE>
Subject: Re: [Rats] draft-ounsworth-rats-x509-evidence-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2023 13:40:15 -0000

Well....

they are self-assertions included in Evidence (as roots of trusts cannot 
produce Evidence about themselves).

Theses assertions about roots of trusts will have to be checked (I am 
deliberately not writing appraised) by a Verifier, to see if they match 
the capabilities of said root of trust's Endorsements.

But I agree, these Claims can appear in Evidence.


On 09.11.23 14:26, hannes.tschofenig@gmx.net wrote:
> Hi Jeremy
> 
> We briefly talked about the relationship between the DLOA claim and the 
> newly defined FIPS claim in the draft.
> 
> The difference is that DLOAs are essentially endorsements and the newly 
> defined FIPS claim is evidence. The idea is that the device performs a 
> self-test to compute the value.
> 
> Ciao
> 
> Hannes
> 
> *From:*Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
> *Sent:* Donnerstag, 9. November 2023 14:08
> *To:* hannes.tschofenig@gmx.net; 'lgl island-resort.com' 
> <lgl@island-resort.com>; 'rats' <rats@ietf.org>
> *Subject:* Re: [Rats] draft-ounsworth-rats-x509-evidence-00
> 
> Hi Laurence,
> 
> The existing DLOAs claim is one way that FIPS and/or CC claims could be 
> transmitted (since that is exactly what it was defined for).
> 
> Jeremy
> 
> On 09/11/2023, 15:06, "RATS" <rats-bounces@ietf.org 
> <mailto:rats-bounces@ietf.org>> wrote:
> 
> *WARNING:*This email originated from outside of Qualcomm. Please be wary 
> of any links or attachments, and do not enable macros.
> 
> Hi Laurence,
> 
> The charter says:
> 
> “
> 
> Standardize data models that implement and secure the defined 
> information model (e.g., CBOR Web Token structures [RFC8392 
> <https://datatracker.ietf.org/doc/rfc8392/>], JSON Web Token structures 
> [RFC7519 <https://datatracker.ietf.org/doc/rfc7519/>]).
> 
> “
> 
> CWT and JWT are mentioned as examples. The group already works on 
> another evidence format, namely the TPM-based stuff.
> 
> I would say that the document fits nicely within the scope of the charter.
> 
> Regarding the document split. I am open to discussions about your 
> suggestion, which assumes adoption in the group.
> 
> Ciao
> 
> Hannes
> 
> *From:*RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>> *On 
> Behalf Of *lgl island-resort.com
> *Sent:* Donnerstag, 9. November 2023 13:59
> *To:* rats <rats@ietf.org <mailto:rats@ietf.org>>
> *Subject:* [Rats] draft-ounsworth-rats-x509-evidence-00
> 
> I think it might be better to split this into two drafts.
> 
>     First, define how to put CWT/JWT claims into ASN.1 and make an X.509
>     attestation token.
> 
>     Second, define the FIPS and CC status claims for CBOR, JSON and ASN.1.
> 
> I wish we didn’t have to do the first, but understand that we might. 
> Note that the RATS charter says we work on CBOR and JSON. There was a 
> little discussion about ASN.1 back in the early days and we certainly 
> put it off back then. There was also YANG discussion. Search the RATS 
> mail archive for ASN.1.
> 
> I’m much more interested in the FIPS and CC status claims. I would like 
> to define them for CBOR, JSON and ASN.1. If they are booleans this is 
> trivial. The would get registered in the CWT and JWT IANA registries.
> 
> One of the reasons I’d like to define them for CBOR and JSON is so 
> there’s a known and accepted way to translate their ASN.1 claims into JSON.
> 
> Also, the X.509 definition should be for Attestation Results as well as 
> Evidence. There’s no reason to restrict it and there’s no work to allow 
> use as Attestation Results.
> 
> LL
> 
> (sent incorrectly the first time only to the rats-chairs; meant it for 
> the list)
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

[Rats] draft-ounsworth-rats-x509-evidence-00 lgl island-resort.com
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Henk Birkholz
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 hannes.tschofenig
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Jeremy O'Donoghue
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Henk Birkholz
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 hannes.tschofenig
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Henk Birkholz
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Carl Wallace
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Jeremy O'Donoghue
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Carl Wallace
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Henk Birkholz
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Carl Wallace
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 hannes.tschofenig
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Henk Birkholz
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 hannes.tschofenig
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Henk Birkholz
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Smith, Ned
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 hannes.tschofenig
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Carl Wallace
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 dthaler1968
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Henk Birkholz
Re: [Rats] draft-ounsworth-rats-x509-evidence-00 Mike Ounsworth
[Rats] x509 evidence for keys John K
Re: [Rats] x509 evidence for keys Smith, Ned