Re: [Rats] RATS Digest, Vol 17, Issue 4
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Wed, 02 October 2019 11:14 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1BC120044 for <rats@ietfa.amsl.com>; Wed, 2 Oct 2019 04:14:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Flek7ikqblmZ for <rats@ietfa.amsl.com>; Wed, 2 Oct 2019 04:14:40 -0700 (PDT)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 288AF12000F for <rats@ietf.org>; Wed, 2 Oct 2019 04:14:38 -0700 (PDT)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id x92BEYNh005121 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Wed, 2 Oct 2019 13:14:35 +0200
Received: from [192.168.178.8] (134.102.43.219) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Wed, 2 Oct 2019 13:14:29 +0200
To: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, "rats@ietf.org" <rats@ietf.org>
References: <mailman.449.1570007494.9499.rats@ietf.org> <HE1PR0701MB22674914B23AB5DD29405A2C8F9C0@HE1PR0701MB2267.eurprd07.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <3ab45d4d-eb44-0c55-98b6-8167f694714b@sit.fraunhofer.de>
Date: Wed, 02 Oct 2019 13:14:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <HE1PR0701MB22674914B23AB5DD29405A2C8F9C0@HE1PR0701MB2267.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.43.219]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/cW-kFL_mymqP6Yb-XUO86jn0tiQ>
Subject: Re: [Rats] RATS Digest, Vol 17, Issue 4
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 11:14:43 -0000
Hi Ian, as you 2nd Hannes comment & we also successfully confused Jürgen with it, I think we have to address this structure issue soon. Please find preliminary proposals and comments in-line: On 02.10.19 11:52, Oliver, Ian (Nokia - FI/Espoo) wrote: > HI, > > I'm in agreement with Hannes regarding the structuring of the document > and how the division between the concepts and terminology is made. > > The terminology needs to be properly grouped together with the diagram > being almost the first thing presented such that a pictorial overview of > the relationships and terms can be ascertained by the reader. It appears > that some terms are also being introduced and defined in the concepts > section which I feel should be "less" formal. If we would define the architectural constituents (and that term itself... I know) in the Terminology section that would pull a lot of content out of section 4. Let's assume that leaves enough intact text for now. We would retain the "in-a-nutshell" section and reintroduce Creation, Conveyance, and Appraisal of Evidence there. That should be enough to understand Figure 1 that complements that section, too. Then - all terms and architectural constituents (which of course are named and therefore are terms...) go into section 2. Does that sound sensible to you? > > Section 3: Does the RATS architecture provide a framework for > anticipating trustworthyness changes? I'm not 100% clear what is meant > by this line. Yes - in general. But currently, the text is weak on elaborating on that. State transition will become its own section, I think. > > Section 3.2: I wasn't sure if this is a definition of trustworthyness or > a statement about how the architecture established trustworthyness in a > system I'd rewrite this as below if the latter is the case: > > "The trustworhyness of the remote attestation environment is also (or > should also) be taken into consideration and the RATS architecture > addresses this" Will add trustworthiness to the terminology section :) Also, section 3.2 is too concise, I think. Being actually trustworthy and then the trustworthiness of RATS "capabilities" (e.g. the creation of evidence) are subtly different things. For both the following statement is true: "Ultimately, a portion of a computing environment’s trustworthiness is established via non-automated means. " > > Are we also addressing the how aspect of this? Yes - created Evidence is very often (but not exclusively) about the trustworthiness of an Attester. Created Evidence must always be trustworthy, though (coming back to the subtle differences hinted at above). > > Do we also need to address roots and chains of trust/trustworthyness? I think so. Not everybody thinks so :) The current compromise that has the best consensus is to refrain requiring roots of trusts in the body of the document, but elaborating about these core components in an appendix. Maybe it is warranted to address them in a section in the body, but for now we are composing a corresponding appendix. > > > > Figure 1 & RATS Roles > > If I take existing remote attestation systems then it appears to me that > the role of Attester is extremely broad taking into consideration quite > a large amount of RA implementation and also, to give a concrete > example, a large amount of the functioning of TPM 2.0, particularly the > Quoting, PCR and Sigining mechanisms to my understanding of this. If > this is the point then I'm quite fine with that. Yes, it is rather broad. But that is okay because we want to be inclusive wrt existing solutions and to be able to create a unified vocabulary/terminology for semantic interoperability between solutions. Also, we are in the process of adding more complex compositions than the very simplified Figure 1. Most prominently the compositions presented by Dave. > > (Sorry to use the TPM+RA example, but it is widespread and we do have a > working system that I'd like to be more compliant with this specification) > > t. > > Ian > > Viele Grüße, Henk > > > -- > > Dr. Ian Oliver > > Cybersecurity Research > > Distinguished Member of Technical Staff > > Nokia Bell Labs > > +358 50 483 6237 > > ------------------------------------------------------------------------ > *From:* RATS <rats-bounces@ietf.org> on behalf of rats-request@ietf.org > <rats-request@ietf.org> > *Sent:* 02 October 2019 12:11 > *To:* rats@ietf.org <rats@ietf.org> > *Subject:* RATS Digest, Vol 17, Issue 4 > Send RATS mailing list submissions to > rats@ietf.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/rats > or, via email, send a message with subject or body 'help' to > rats-request@ietf.org > > You can reach the person managing the list at > rats-owner@ietf.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of RATS digest..." > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- Re: [Rats] RATS Digest, Vol 17, Issue 4 Oliver, Ian (Nokia - FI/Espoo)
- Re: [Rats] RATS Digest, Vol 17, Issue 4 Henk Birkholz