Re: [Rats] I-D Action: draft-ietf-rats-tpm-based-network-device-attest-05.txt

Guy Fedorkow <gfedorkow@juniper.net> Tue, 27 October 2020 20:33 UTC

Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A85CA3A159A; Tue, 27 Oct 2020 13:33:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=bJm07vyq; dkim=pass (1024-bit key) header.d=juniper.net header.b=BPi7PDP0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywIrv_TSM8FC; Tue, 27 Oct 2020 13:33:24 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 942353A159C; Tue, 27 Oct 2020 13:33:24 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09RKQnf2018739; Tue, 27 Oct 2020 13:33:24 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=jLE0OI9kD+fLGhd39jkX+ygIyUU0OWObdwy0iRygzAc=; b=bJm07vyqI24/YFiPrdF6aXhyImh6VNTvzCKaO97zuT5B6IgqZ3wPdYhlrKfe/ouNYTIP zxKv8kaBtQsySYkjrU5PRgFgXBgCUUTAbJYiGbUmXL9mgA3P7QFB/j0EncUJH7idOt41 WFWga1awLIebO2t3h8D5dZ3gbiXHmikU0RLN2vDwlB9KpuwjFAAS+0H9KsEorOJbNo5I 5OYkwXEAiH+lQDyKJVS3395BuvM3olNpHVBkzpQ7ndsjs+WhBf5Mgy0oCH6C5PMdI0JM RPj8gGBDOGFpvcrqrkIki9oBF19Wm2rOzjEUzf73hPI2Wr05oPZdzmoVOK9cxfe/7s6r gQ==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2171.outbound.protection.outlook.com [104.47.55.171]) by mx0a-00273201.pphosted.com with ESMTP id 34cj7vwagk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Oct 2020 13:33:24 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aEvBJiJzHvFi9izSOfcJzLYI4LRFupQ4UTHsVeXDA2yWgRqAmAZ1cZYgw2tppl4tc2KScdk+MbCGh67bGKN3VUdvRiKq7VOYx+K78oQf+yuSlxnk1DSDismdidLQHYuqPlPbHddpXU1HAdN2DIacKJY36ewXPCeH9X1L00KW+/Inb5cmMnSrFIPpXhbIrP+6ZRrJI2UjBlDCoYyGoaLOEbU5T28skXfCjYAU47haverLmxpob/k227KTfOJJ3XaiBiYe3Bnw+A3oqVJ4Yw63SuWDYQ8nLfUEk0Ba0f8BnUQpNz+JiiycP7qf24C1Bw72rM4zJFR9wdph6wlMSflvmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jLE0OI9kD+fLGhd39jkX+ygIyUU0OWObdwy0iRygzAc=; b=dK3XP6atgwXGDbqDbtarVde/8sOir1s1JPrDpb7g5iJu8r3vkihC8fdga7+3EQF4ecRTidyNLB/ZJgbdf8VGC8UAo/J9LQHoH44uVG0RLi+7X8OZDdYQpNlkz5U9wP4eW6/wfnhiJLW8CHj5m4H08ThIHVlgE8fFWz/r430+4cOtb0FzFTfrmOjjDin9vEvJM+c7TUptdtdYsNkL5WBxQsXB8p3DoRRHIVTOuRqMR9CEZglRUVNrsLZZzgg8AamfH5ZeZefYrLrIDvkviCRfQvdd9fNJ/m+FD5cAWkn9dHUk/Zvrdw8znT7s2tKeHMEJ72aCX3QryK24bVj9sfWAHA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jLE0OI9kD+fLGhd39jkX+ygIyUU0OWObdwy0iRygzAc=; b=BPi7PDP0DA997pGxu4+0z0RISJaO71If0hFuMZ5CYvIFa92u2WOivuS0niFKVbxQNvORN5GaZjpnbE2NvYWdL5ah4VoQoQB6bIiKAH79JB2LxHt5rw+dpo3UtSdmdnBfmUbFlPd2S1sgVFOd/Y2dXOWkrm/E+Ylo9onamft6lYE=
Received: from BLAPR05MB7378.namprd05.prod.outlook.com (2603:10b6:208:298::10) by BL0PR05MB5508.namprd05.prod.outlook.com (2603:10b6:208:6c::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.4; Tue, 27 Oct 2020 20:33:22 +0000
Received: from BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::ed9a:1675:208f:4600]) by BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::ed9a:1675:208f:4600%3]) with mapi id 15.20.3499.017; Tue, 27 Oct 2020 20:33:22 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: "rats@ietf.org" <rats@ietf.org>
CC: "rats-chairs@ietf.org" <rats-chairs@ietf.org>
Thread-Topic: [Rats] I-D Action: draft-ietf-rats-tpm-based-network-device-attest-05.txt
Thread-Index: AQHWq8F7YsqzDldsd0e0zdGQRheW7amqSnEAgAGec9A=
Date: Tue, 27 Oct 2020 20:33:21 +0000
Message-ID: <BLAPR05MB73789E5508ACA80E834E39D4BA160@BLAPR05MB7378.namprd05.prod.outlook.com>
References: <160373503765.26087.6796865607217511838@ietfa.amsl.com> <BLAPR05MB7378D4884A906FD47F6657B1BA190@BLAPR05MB7378.namprd05.prod.outlook.com>
In-Reply-To: <BLAPR05MB7378D4884A906FD47F6657B1BA190@BLAPR05MB7378.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-10-27T20:33:20Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=c713eb96-e3c5-4c69-ab86-9c25b19547e7; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [24.61.11.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 33bec7bc-ce4c-4763-c79d-08d87ab78c11
x-ms-traffictypediagnostic: BL0PR05MB5508:
x-microsoft-antispam-prvs: <BL0PR05MB5508B802505F54876F1A4F53BA160@BL0PR05MB5508.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: grEUrU8k07a9bXa9OQ1z/YvLR+ON324zmROUDpQRMwVEdLj2WjQuHhAQFpIaken3q+6jHxAWitZv+yhsz7ze03NT7MQNp0sec6EM+vPzilOcmgJpKEjfGCud7kSqFDX6VCTA6KgLhN8pxeDV4qXhZZLlFPwDFoLZOvUuZckuS6YDBoOZ9IJr8HYV3fuvoBsDbcH9H3kn5XTUPFIydL25FxAr8VdpnlzEnJjMpfuuo4G/016fOoP0KuqQ8TU7+u+8KaKzXkjVfr4gdcbhvIPgiM1bcKEM+Gyzqljg3xDCaWIFZ/Jh1gHoIFNFzfAgjNL8ceBc342RvmwqQx+e94TM0JgUG53S7HUJ1Vnm9R/kRlXt+WfLXsDIyZwlntfdwk2rjqTnPBN/XCVPNigRzyemRA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR05MB7378.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(366004)(346002)(39860400002)(376002)(26005)(64756008)(66446008)(83380400001)(478600001)(316002)(71200400001)(7696005)(66574015)(450100002)(5660300002)(4326008)(2906002)(52536014)(53546011)(6506007)(186003)(55016002)(76116006)(33656002)(6916009)(66476007)(66556008)(8676002)(9686003)(8936002)(66946007)(966005)(86362001)(4001150100001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: ORUIUcyAFvTvWYVzFKcGwqi5H2f08sT0gUH/mj25w1eawrvI/StdNABuV4poRkUpoOb5HbChRmMTEoqARG9GDUBqwWRz18fMsX/T2FJLA3blJNR8dms2xJv87TTT6birnJ5wN3iuTugx5cWwDrp4RIZDuiIYZ++sCSWSNkyVisPgMMQ42w7bj4NnsP3xYgv1vicR47gAwwsjfO99MSx3PNUnRm6yZlOH4ubw+XhXtfJpukFxhUvDZGBiuy1UEV2uUmVUXaj0EIIejQXTEObUWZ0hex5z3FO2GNBgWgov4ey0QeYGRRXS5jDF5ZfWXUwP9WYUKjfSw1svsO9sfPXrACrlZDBFLKjYNsvhKgIWkzP8SYsV0nLwxxaayU4hpJCcCZgtqLvo8Ts3W4pQ5kX82zQ9ZHldIZRvVG0jQWSGfO6wrGdNbsmJrMKHbB8WfDVl87AUE3H1C5rf7ELJh2HQzndf4c+Ym0xT4RF+xmAoikp/epuIchHWiwC6kexuGdflMreIlRLNWGHeAbX22/v6IVEDEKmod2w7mMXheSuAAO1a/41+6rhGH8uIVZW/QkPPstw8IY3l9y/5o8iFHh965xk3jvAxhrrqU6QEr6QABYE3gxfy6nAjOIzsSyO/Hk1Ua8jZnkCX7sKe76jo5WoK9A==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BLAPR05MB7378.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 33bec7bc-ce4c-4763-c79d-08d87ab78c11
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2020 20:33:21.8304 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HOjlkpR4RGpTU7RLJjM0k5xfkSQOlqbdD7aU8tiYKdPAvP4tTqi6v8ziYcCYZC1xW0csGTkyEXsMfg5IU+eZqA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5508
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-10-27_15:2020-10-26, 2020-10-27 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 impostorscore=0 clxscore=1015 priorityscore=1501 adultscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 suspectscore=0 lowpriorityscore=0 bulkscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010270118
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/H1j09GWNKLDK2Dazl4uYt-mMX-s>
Subject: Re: [Rats] I-D Action: draft-ietf-rats-tpm-based-network-device-attest-05.txt
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2020 20:33:28 -0000

Henk Birkholz <henk.birkholz@sit.fraunhofer.de>de>; Dave Thaler <dthaler@microsoft.com>om>; Smith, Ned <ned.smith@intel.com>om>; Panwei (William) <william.panwei@huawei.com>om>; Mark Baushke <mdb@juniper.net>et>; Ira McDonald <blueroofmusic@gmail.com>om>; Bill Sulzen (bsulzen) <bsulzen@cisco.com>

Greetings colleagues, I've checked in the -05 version of the RATS RIV specification.  As far as I know, this version addresses all the comments from WG Last Call, plus others from earlier reviewers.
  Please take a look, and if your remark wasn't addressed properly, let me know and I'll correct the corrections.  And of course if anyone spots collateral damage, please point it out!
  Thanks all
/guy



Juniper Business Use Only

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Monday, October 26, 2020 1:57 PM
To: i-d-announce@ietf.org
Cc: rats@ietf.org
Subject: [Rats] I-D Action: draft-ietf-rats-tpm-based-network-device-attest-05.txt

[External Email. Be cautious of content]


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Remote ATtestation ProcedureS WG of the IETF.

        Title           : TPM-based Network Device Remote Integrity Verification
        Authors         : Guy Fedorkow
                          Eric Voit
                          Jessica Fitzgerald-McKay
        Filename        : draft-ietf-rats-tpm-based-network-device-attest-05.txt
        Pages           : 43
        Date            : 2020-10-26

Abstract:
   This document describes a workflow for remote attestation of the
   integrity of firmware and software installed on network devices that
   contain Trusted Platform Modules [TPM1.2], [TPM2.0], as defined by
   the Trusted Computing Group (TCG).


The IETF datatracker status page for this draft is:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-rats-tpm-based-network-device-attest/__;!!NEt6yMaO-gk!TB2y-zn6l6cA57KkgR_-lgmWRtPHcbBhAin0NFydKucXTTIvEY_o6fkG1_i7HIYHiPg$

There are also htmlized versions available at:
https://urldefense.com/v3/__https://tools.ietf.org/html/draft-ietf-rats-tpm-based-network-device-attest-05__;!!NEt6yMaO-gk!TB2y-zn6l6cA57KkgR_-lgmWRtPHcbBhAin0NFydKucXTTIvEY_o6fkG1_i74K3PRzY$
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-ietf-rats-tpm-based-network-device-attest-05__;!!NEt6yMaO-gk!TB2y-zn6l6cA57KkgR_-lgmWRtPHcbBhAin0NFydKucXTTIvEY_o6fkG1_i7EVVqwYo$

A diff from the previous version is available at:
https://urldefense.com/v3/__https://www.ietf.org/rfcdiff?url2=draft-ietf-rats-tpm-based-network-device-attest-05__;!!NEt6yMaO-gk!TB2y-zn6l6cA57KkgR_-lgmWRtPHcbBhAin0NFydKucXTTIvEY_o6fkG1_i7CSmkfSE$


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
https://urldefense.com/v3/__ftp://ftp.ietf.org/internet-drafts/__;!!NEt6yMaO-gk!TB2y-zn6l6cA57KkgR_-lgmWRtPHcbBhAin0NFydKucXTTIvEY_o6fkG1_i71-Q1Ydk$


_______________________________________________
RATS mailing list
RATS@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/rats__;!!NEt6yMaO-gk!TB2y-zn6l6cA57KkgR_-lgmWRtPHcbBhAin0NFydKucXTTIvEY_o6fkG1_i7w-wSnkI$