IETF Logo Mail Archive

[Rats] RIV and the RATS architecture

Guy Fedorkow <gfedorkow@juniper.net> Thu, 31 October 2019 19:27 UTC

Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 877AA120A01 for <rats@ietfa.amsl.com>; Thu, 31 Oct 2019 12:27:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gz69aaPoNJdH for <rats@ietfa.amsl.com>; Thu, 31 Oct 2019 12:27:11 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DCED120A04 for <rats@ietf.org>; Thu, 31 Oct 2019 12:27:11 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x9VJQeeZ017254; Thu, 31 Oct 2019 12:26:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=PPS1017; bh=waIIE4VZNfAYY0G++4x1NvmNwQvl3aCsUxZ921+v9zY=; b=sjBSjHDsIhjD7RPBsuMdUmuAcdSgcr8TsinqJkpugqh1y1FknH4gBYChXOvNMy8n27dm 8Dk+KXWrvQ+IRfm3FctVd5AWzIJWXjqUEcGOjou82lceC35FENTH4KaSwAhq0473o5Qx 40Odoi4X8hBTnSp06rzYlzp8VIvQeIg9SAKB37xT8g8FjNdK82ZGJ810+NXNBWGDenT0 FIYsBlxtsd0hg5m+T0pII1yZpbwAnOqCCLosOyUIP7DBHed0zXaENycCJj/Hp6ZmclJX tch27J+ZDSCD5xoAvLl/Kf1vRXDBMeoZfVyhAXnUNi6MbNAqlv1RnN1W14LedXwz4zA9 EA==
Received: from nam05-dm3-obe.outbound.protection.outlook.com (mail-dm3nam05lp2055.outbound.protection.outlook.com [104.47.49.55]) by mx0b-00273201.pphosted.com with ESMTP id 2vydkdjdc6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 31 Oct 2019 12:26:58 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EnhES1yfeJaIuuune0qEVcYt0pO45VmB7qEwvmRJo5vYQq7Mj3XG5VEpGZ9SRj97q78FRLODmVgDPmBCA6bCZ/+9YqnDoOHXxbd7CMMb0PXFgOjELT9BVRMNZ5l4JdGFogEEDaX+b8ZCxSnz8gFZ3Afxz/hWvTs0B3VHZDyvUR5vzhHxa6gxKGU7BMGD6t6yyJhI9y7GeU9qaqvMsYkYI5vRkNMBdwoZ40Zlqa7O2tXJu2QJIw9DlAdwsRBdw0cdoFsmD1nniwm22iYm90C5QCtKWTovp8a+Zj9UV3tJ0SWjPP9nQFVPH0Cgh5hxZqLhMJ6Gbzxiv9JQ79MnEMxdUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=waIIE4VZNfAYY0G++4x1NvmNwQvl3aCsUxZ921+v9zY=; b=Rot13Qj9hcDTrOD/+OjTSw6Xn02A88rNsXa3nNRTlnpjkx5FnQ3Yz9UgJ5wS+izBXJXZQYzKEmPTPVQ4oGqq4q6kn8OhRoMUQBTMb0xEeNDYLk/lToOYtZou9x8P7x1hwodqQ/Nu0cFP9vD4QL2ybOYPx4AoFd48lhRYJKtUacALeV/vdKVbZF2JQKHwux8M3WGLAZh0ZDIih51yW9nbFwsljHPK0T3QW0sw5dqBcb7l8WGqLtJnG7KuJXhphbeaJrPUQo4U2YEFywdDx7NILFmK+6fkQBpa+Rm0sDpEKSTAw5Tk3JibiiVY141qKy00Q+PTHSOdAwiua9LcftOkiw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
Received: from BYAPR05MB4248.namprd05.prod.outlook.com (20.176.251.147) by BYAPR05MB5496.namprd05.prod.outlook.com (20.177.127.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.13; Thu, 31 Oct 2019 19:26:56 +0000
Received: from BYAPR05MB4248.namprd05.prod.outlook.com ([fe80::dd02:9d00:19f6:b4e]) by BYAPR05MB4248.namprd05.prod.outlook.com ([fe80::dd02:9d00:19f6:b4e%6]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019 19:26:56 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>, Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, Thomas Hardjono <hardjono@mit.edu>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "Smith, Ned" <ned.smith@intel.com>
Thread-Topic: RIV and the RATS architecture
Thread-Index: AdWQISZnKaC7gFC9RTeTGiVYLOxchQ==
Content-Class:
Date: Thu, 31 Oct 2019 19:26:55 +0000
Message-ID: <BYAPR05MB4248980FA30CDF1ABCCC7E78BA630@BYAPR05MB4248.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=gfedorkow@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-10-31T19:26:53.5191743Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=c07f85d3-3baa-4bca-9285-7a27b371dd42; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.3.2.8
dlp-reaction: no-action
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 78d8307e-7a65-421d-7e48-08d75e384aad
x-ms-traffictypediagnostic: BYAPR05MB5496:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR05MB5496315C770E35128EB2D2EBBA630@BYAPR05MB5496.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02070414A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(376002)(39860400002)(136003)(346002)(396003)(189003)(199004)(81166006)(256004)(7696005)(5660300002)(66446008)(99286004)(7736002)(8936002)(74316002)(86362001)(33656002)(9326002)(81156014)(6306002)(76116006)(606006)(66476007)(66556008)(9686003)(64756008)(486006)(8676002)(316002)(54906003)(236005)(476003)(55016002)(25786009)(66946007)(6436002)(3846002)(26005)(14454004)(4744005)(71200400001)(71190400001)(966005)(66066001)(790700001)(6116002)(186003)(6506007)(2906002)(52536014)(478600001)(102836004)(4326008); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB5496; H:BYAPR05MB4248.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hgzady6cQ8vdroNl0Y5MEQk4vdJp/WhgYKTJmCpptF+2cBD+jUXn/4IdUMFYywupeX1Kng0qq6GQ0TMw/VbwOgOQWFeLSNGfRvNNmdFZzyj84dns9LQLGSENBCdQBD6gDF5GDTgHo8xQbyEmiCrhN+Ol+F1/XuOdT0qotnGEbE56UXpEsIHLpxSgrEdsUsdzP9T3pKv3qHzJ3f4cyPBXPlxiJLiPOfLFbyCTjVAlO/gfsNjEylxpFR7U5wvlHrMM3Ft7gjRg5GAVfDgqIUc0iC1bE+AATddjeFrFYhfsIQKiCUhK5LNP7CiJ5v/8k9O1xAjuPHmTH/O84UU0m5h0LWGLT8Cp1s8klvUMaRsXzz1fBYT7CDQpc5lA3v9afVJMOuRsRzalY1DDdKykgF/skxcZ3BGbeQMTDVzzqSOK5gL0VT+Bd+YXHwJXwC4p5EWuuzpAatan5DwlHOnFPEVGPpS1v1ep6Xw7u4zUASGAIUA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR05MB4248980FA30CDF1ABCCC7E78BA630BYAPR05MB4248namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 78d8307e-7a65-421d-7e48-08d75e384aad
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 19:26:55.8516 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VQ+m0fWKaLrJSDdqdYo3WXXJG+tRHYuTk82jkjJbRuLftt6eUWkEggAvqtD5uPO39H90YjehkfI0ZC+f9sY88A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB5496
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-31_07:2019-10-30,2019-10-31 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=999 clxscore=1011 impostorscore=0 malwarescore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910310193
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/bnR8u0y4t57VUK4ms9ClxuN5GSk>
Subject: [Rats] RIV and the RATS architecture
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 19:27:16 -0000

Hi Dave,
  Thanks for your doc https://tools.ietf.org/html/draft-thaler-rats-architecture-00.
  Do you have a view as to how the TPM-based attestation described in RIV would fit with the proposed categorization?
https://tools.ietf.org/html/draft-fedorkow-rats-network-device-attestation-00

  It doesn't seem to be a passport, since the attester only provides raw evidence, not a pre-approved passport
  It doesn't seem to be a background check, as it's the verifier that collects and analyzes the evidence.

  I'm not sure it matters to RIV, as we haven't drawn much distinction between the relying party and the verifier...  As you say, if they're on the same machine, the distinction is almost moot.  And if they're not, I think the communication is out of scope for RIV (if not for RATS).  But it would be good ensure the architecture and the applications of it actually do fit together...

  Thanks
/guy






Juniper Business Use Only

v2.23.0 | Report a Bug | By Email