Re: [Rats] Composite Evidence

"Eric Voit (evoit)" <evoit@cisco.com> Fri, 24 January 2020 00:13 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E898512001A for <rats@ietfa.amsl.com>; Thu, 23 Jan 2020 16:13:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=TmsEWtoH; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=ul1nfLK0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bXsdR_HYa1Pt for <rats@ietfa.amsl.com>; Thu, 23 Jan 2020 16:13:09 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0EBA120019 for <rats@ietf.org>; Thu, 23 Jan 2020 16:13:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13472; q=dns/txt; s=iport; t=1579824787; x=1581034387; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=Mb0iAcRWUOIrkkdsEOXmZZ7XSNuCFUod8OkFk+8Zcqo=; b=TmsEWtoHRfvSk0adksLjHPxnMTrVwNZWTDy0ZBTEDxQMZ75Kg4aC0NgH OQLak5cmp36O+lnconLX+aIY7ohGtoI+4NqkwQ/rIt0rXMxMfM3Si03j7 pxA53NdU2BZmPabJahCZFqYhzxqwInBZ7YJBGpTmsUsWxnRTFwtjier6b E=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3Aqi/azxPIhj3ZkajJH84l6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEuKU/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBj2MvnrcwQxHd9JUxlu+HToeUU=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AdAQBONSpe/4cNJK1lHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgWkFAQELAYFTJCwFbCstIAQLKgqECINGA4sPToIRgQGXDoEuFIE?= =?us-ascii?q?QA1QCBwEBAQkDAQEYCwoCAQGEQAKCHiQ2Bw4CAw0BAQQBAQECAQUEbYU3DIV?= =?us-ascii?q?eAQEBAQIBAQEQEQQZAQElBwwLBAIBCBEEAQEBKgICAiULHQgCBAESCAYUgwW?= =?us-ascii?q?BfU0DDhEPAQIMohoCgTmIYXV/M4J/AQEFhQ4YggUHCYE4AYFSiicODxqBQT+?= =?us-ascii?q?BEUeCFzU+gmQBAYEwARIBIYMOMoIsjXaIYZgLdgqCOYNngjiBIY8PmneOXps?= =?us-ascii?q?IAgQCBAUCDgEBBYFZCihncXAVO4JsCUcYDYgBCwEXg1CEUUOFP3SBKYlpgSI?= =?us-ascii?q?BgQ8BAQ?=
X-IronPort-AV: E=Sophos;i="5.70,355,1574121600"; d="p7s'?scan'208";a="708755764"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Jan 2020 00:13:06 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 00O0D2kR001666 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 24 Jan 2020 00:13:06 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 23 Jan 2020 18:13:05 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 23 Jan 2020 18:13:05 -0600
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 23 Jan 2020 19:13:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=do2XGEd4J0nNjds4AajNBdx1gNF9mcuTuqP2X08dCmmzZa1soB1stBQ4bA8N1qAe/cM0GPp1Rv7CjgdVK+RkFrKmFpv2ZWfXfbgRn7vWdxZd2lkQQI9f6iB3mhpSGXzjIxNuUnH3ibkQuuwnD+kluxsEmOdP74/gxN/xEIyq98vy4chxp3PN1rvsgtfaJ9jpDJ4lZrJfaf/8JN/p+Ir9EIp3Zti5GY9QTuAbgaVi/8wvP3SjEUGDTnczVlfaZ8ytARZEp9DqET4Qk3GpvTaWpHQvdp79Mnlsp2FlOJQGyic/gRHwi7DNYwXiKt/LLwrGSVAJtYmExTLpmroUb1+8Bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w5tlnPEC5SX2rnhFqsF2uGjdqZkUieuGXHewacy5gR0=; b=XqtIY0CJApWRc34pxjdhQtWeXzQJTc6MGUvBoLm+veAt8x3Gcdf6rBSsPjpIGGCiCQDpKkabNAUlgkvMLEKWGEo9aaAok3rt2lcd5VWFUGemXU6/Qtsb0UCDXMNkFmB8ZTdN4L9v0+AKlCG1TogX+3A0CGETEvRr7Ws0Xujry0sQqATHlIkjTpoepQ9Y8Nd8fhS+ER7MZKEzBs4VVYjJ/pBRjVCSN4uRkgWNv4oM063WhEnm1kniyiGtjxQmNLywDUXEyQ+yg/7ZR8eVEFwmk6VaRGwLRz9/Kx17TOVbbR62p3mFHZSEDuusU5o9v6D/Vg1N8hsNqCB7jReWxK/C+A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w5tlnPEC5SX2rnhFqsF2uGjdqZkUieuGXHewacy5gR0=; b=ul1nfLK0pRd3uh5cQjnGM4vCFBTFG7pg1H22sPt+LfGTItd8wsNiBqtuuefnMCVFXxDsz26SvmanTVWGN1zoHReSqyJDlRPbXr53MvDfMIs8h7j0GFAwdhALacgAZxHNaLIKQ+87vT9AmE/fdaLFWj8gL/StEAfLMkbmQZ3o3dY=
Received: from BYAPR11MB2536.namprd11.prod.outlook.com (52.135.226.32) by BYAPR11MB3174.namprd11.prod.outlook.com (20.177.127.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.20; Fri, 24 Jan 2020 00:13:00 +0000
Received: from BYAPR11MB2536.namprd11.prod.outlook.com ([fe80::20d1:96f3:bde9:17e5]) by BYAPR11MB2536.namprd11.prod.outlook.com ([fe80::20d1:96f3:bde9:17e5%5]) with mapi id 15.20.2665.017; Fri, 24 Jan 2020 00:12:59 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "Smith, Ned" <ned.smith@intel.com>, Michael Richardson <mcr@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Composite Evidence
Thread-Index: AdXRgB49sEcLGXWTRbyFhaWoEjRAwwAWWlWAAB2RpAD//6sSAIAAlNyA//+lU4D///EWUA==
Date: Fri, 24 Jan 2020 00:12:59 +0000
Message-ID: <BYAPR11MB253690686524F2557CEE33FCA10E0@BYAPR11MB2536.namprd11.prod.outlook.com>
References: <BYAPR11MB2536867559E1A20682A1FC2BA10F0@BYAPR11MB2536.namprd11.prod.outlook.com> <25403.1579747229@localhost> <BYAPR11MB2536EEF62BD7B1C53EC59659A10F0@BYAPR11MB2536.namprd11.prod.outlook.com> <85492C6F-E854-448F-9507-BBAC25455392@intel.com> <14896.1579811757@localhost> <B7A7F7E5-EC09-44C4-AE02-C480E6D7F8D9@intel.com>
In-Reply-To: <B7A7F7E5-EC09-44C4-AE02-C480E6D7F8D9@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fb2b330a-f983-484b-e05d-08d7a0622be4
x-ms-traffictypediagnostic: BYAPR11MB3174:
x-microsoft-antispam-prvs: <BYAPR11MB3174287E03B9B0CE8FF2EB69A10E0@BYAPR11MB3174.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02929ECF07
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(376002)(39860400002)(136003)(346002)(189003)(199004)(478600001)(66446008)(66616009)(316002)(9686003)(64756008)(76116006)(86362001)(110136005)(7696005)(55016002)(52536014)(66476007)(66556008)(186003)(8936002)(8676002)(81156014)(81166006)(71200400001)(33656002)(26005)(966005)(5660300002)(53546011)(6506007)(66946007)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3174; H:BYAPR11MB2536.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cEz3o4FZbjgCp8lM4MlQdfLGeitzRrjbZoEtAHTnffZwg2ZaVGz6YEHhyvC2HlbtA44O5fYgO3Oju0hZbUMasFTHvTi4Yrbc12l3ElXl1ocrodL5K0JYiUP81zBEFVzr7xwL2D/LygprUHLEcUoa4JuLbcoTTJJxZY7UXL/18VXlabGYvPnrbtTE9JEbR+XfHrWivulWGKd08HiGlfj27vDNtqPPetBGLeiFgHK1gV8p/aOqT5g+w4nGualJj3ZYvga9RzQr23kBOMntaRFBlA+5Snw/vPEoaDtzc7UXWvBeEoZXE8Ltv+1ylu4MjrSGDRpBOmygGJw+EQruuoYtkReHNw3fhZ70/nYP1lSDYpowYfS1RxeZZstsYi0szu61ZwekfSoUTXZTxbmt11zPxqPVF7aVoPANdo1pv1ddls1g0mgVZ1/I+KLjQBzKLHHEqeRqLiH69kSwwZh87UDXktogCKq+DGerBZub7AMpO6o=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0205_01D5D221.1EE908C0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: fb2b330a-f983-484b-e05d-08d7a0622be4
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2020 00:12:59.8164 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WMZOQaY09ZFEEvBbJUu/BV4EAlf2nuJX9ACy3TiPYY4s5I+qwhYtpzD4yx+uyS3p
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3174
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/cRQmOTTRtWKu56EBvWv3gm6m3X4>
Subject: Re: [Rats] Composite Evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2020 00:13:13 -0000


> -----Original Message-----
> From: RATS <rats-bounces@ietf.org> On Behalf Of Smith, Ned
> Sent: Thursday, January 23, 2020 6:11 PM
> To: Michael Richardson <mcr@sandelman.ca>ca>; rats@ietf.org
> Subject: Re: [Rats] Composite Evidence
> 
> See [%] marker inline below.
> 
> On 1/23/20, 12:36 PM, "RATS on behalf of Michael Richardson" <rats-
> bounces@ietf.org on behalf of mcr@sandelman.ca> wrote:
> 
> 
>     Smith, Ned <ned.smith@intel.com> wrote:
>         > The semantics of 'union composite evidence' (below) seems to suggest
>         > that the local Verifier that produced 'ar' is itself an attestable
>         > claim. The Attester asserts that the Attestation Results from a local
>         > Verifier are trustworthy and that they originated from a sub-
> component
>         > of its Target environment.
> 
>     Yes.
>     As explained by Eric in his diagram, the "ar" results might not be produced
>     locally, they may be the result of a trip to a different (remote) verifier.
>     Or as you suggest, they may be produced within some TEE, for which there
> are
>     evidence claims about why it's trust worthy.
> 
>     I think that this all maps to what I understand about TEEP actually.
> 
>         > Another way to think about it is the Attesting environment knows
> that
>         > the Target environment includes a Verifier and wants to assert that
> the
>         > Verifier has trustworthiness properties - possibly by returning its
>         > SWID tag value. The Remote Verifier can then evaluate the
>         > trustworthiness of the SWID tag.
> 
>     Sure, that is a specific way.
>     I think that the Chassis+Line Card situation also can work as an example.
> 
>         > Based on that, if the Remote Verifier trusts the Local Verifier then
>         > the local Attestation Results are not claims asserted by the Attesting
>         > environment, but claims asserted by the Local Verifier. The only claim
>         > that seems to make sense from the Attesting environment's
> perspective
>         > is that an 'ar' value from its Target was forwarded to a Remote
>         > Verifier. Signing the local Verifier's ar payload just asserts that the
>         > forwarding action has taken place. This is an argument for defining an
>         > 'Attestation Results forwarded' claim. Maybe this isn't that valuable
>         > in terms of a trustworthiness claim?
> 
>     [%] I think you are saying that rather than documenting that we forward a
> union
>     of evidence and attestation results, that we document that will create a
> kind
>     of evidence, which includes attestation results?
> Maybe. It really is a case of multiplexing several conversations over the same
> conveyance mechanism, but otherwise conversations could be de-
> multiplexed (without creating unnecessary cross-dependencies). For example
> in both Passport and BK-Check topology models, a message is simply relayed.
> The endpoints are still the way they're defined in the Roles Arch diagram.
> 
> Email may not be the best way to try to illustrate but here goes. I assert that
> Eric's diagram can be recast into two graphs where graph (a) is the sub-
> component attester (A1), the local verifier (V1) and a relying party (RP). The
> second graph (b) consists of the top level Attester (A2), a remote verifier (V2)
> and the same relying party (RP).
> Looks something like:
> (a) A1 --- E1 ---> V1 --- AR1 ---> RP;
> (b) A2 --- E2 ---> V2 --- AR2 ---> RP.
> 
> However, since A1 and V1 don't have a conveyance path to RP, they use the
> one established by (b). The Combination topological model shows a case
> where the Attester is relying/forwarding attestation results. Normally, an
> attester doesn't consume attestation results. This same thing is happening in
> Eric's example because AR1 is piggy backed with E2 on its way to V2 and AR1
> is also piggy backed with AR2 on its way to RP.
> 
> I don't think we want to position that because AR1 is piggy backed with E2
> that this creates a new type of Evidence (E3). It is still just (AR1, E2).
> 
> If it makes sense to define "routing claims" that assert that A2 intended to
> piggy back AR1 with E2 then that should imply that if E2 = (c1) and c2 =
> routing claim then E2' = (c1, c2). The conveyance still carries (AR1, E2') , but
> possibly the c2 claim names AR1 as the piggy i.e. c2.name = "AR1".
> 
> V2 can verify the c2 claim and create an AR2' claim c3.name="AR1" and send
> (AR1, AR2'); where AR2 = (c4,...,cn) and AR2' = (c3, c4,...,cn). RP can similarly
> verify c3. Namely, the c3.name="AR1" claim is inspected to have payload AR1
> as piggy.
> 
> The "routing" claims are ancillary to the basic roles and messages that are
> the core basis for trust among the endpoint entities -  IMO. The core flows
> are separable from routing. Routing shouldn't lead us down a path of having
> new types of evidence (E3).

I agree that routing itself doesn't imply a new type of evidence.   What we do have at Attester is some trigger for when to collect the specific set of claims which are needed by the Relying Party to accomplish a particular use case. 

Eric

>         > If however the Attesting environment wanted to make a stronger
>         > trustworthiness assertion it would have some other way to collect
>         > Evidence about the Targeted sub-components (who must already
> have their
>         > own Attesting environments). But if the Attesting environment could
> do
>         > this then it must be the same environment as the sub-components'
>         > Attesting environments. In which case, there is no need for a local
>         > Verifier - it is just complexity for complexity's sake.
> 
>     I think that I agree.
> 
>     It could be that there are competitive or regulatory reasons why the Lead
>     Attester does not wish to reveal the types of the line cards attached.
>     Consider an automobile (or passenger rail car, or human-rated Rocket)
> that
>     needs to attest that it has four good tires (which passed their 20,000km
>     inspection), but which does not wish to reveal which manufacturer
> provided
>     those tires.  Passing on evidence directly would be a problem.
> [nms] Privacy is an important consideration. If Evidence is privacy sensitive,
> then it can be encrypted. The routing claims don't require transparent
> Evidence to name them. Could compute a hash of E or AR or if endpoints
> have security associations, then E and AR can be encrypted and a digest of
> ciphertext becomes its name for the purpose of routing claims (see my
> response above).
> 
>         > The case of a local Verifier working with a remote Verifier is
>         > semantically the same as a Remote Verifier working with another
> Remote
>         > Verifier. So, I don't see why Evidence and Attestation Results formats
>         > need to do anything special - like 'union composite evidence'.  It just
>         > says that Verifier1 may evaluate Evidence about Verifier2 before
>         > trusting Attestation Results from Verifier2.
> 
>     Thus my query up at [%].
> 
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats