Re: [Rats] Quantum-safe attestation

"Smith, Ned" <ned.smith@intel.com> Sat, 05 September 2020 08:00 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5DA73A09BB for <rats@ietfa.amsl.com>; Sat, 5 Sep 2020 01:00:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ZBKfQsZGLg3 for <rats@ietfa.amsl.com>; Sat, 5 Sep 2020 01:00:25 -0700 (PDT)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1D243A09A0 for <rats@ietf.org>; Sat, 5 Sep 2020 01:00:25 -0700 (PDT)
IronPort-SDR: iaTHxzWeN5DrnI+IGKvWT0ufw5RWsjQZe0pGIMb2Y4aIdMLqQ80qwpyHJ0QnD2KSAewsLWSLRy iVZHF6xZ15Cw==
X-IronPort-AV: E=McAfee;i="6000,8403,9734"; a="137365870"
X-IronPort-AV: E=Sophos;i="5.76,393,1592895600"; d="scan'208";a="137365870"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Sep 2020 01:00:20 -0700
IronPort-SDR: cq8p9nk2BNMTw8ZZdS7AhCbG5/nnjGyr2Yf+CWmvHQHWyeUOAbcfJwgEzLWzEziLYX/syurPKv 2+mbgvU0rZZw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.76,393,1592895600"; d="scan'208";a="332433959"
Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by orsmga008.jf.intel.com with ESMTP; 05 Sep 2020 01:00:20 -0700
Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sat, 5 Sep 2020 01:00:19 -0700
Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 4 Sep 2020 08:46:10 -0700
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Fri, 4 Sep 2020 08:46:10 -0700
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.109) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Fri, 4 Sep 2020 08:46:05 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gcc1SirLyCblgKwO1vLFbpUqODdX6u2pq0Uhm9BLixPlQ2hbGkMnZCy/AlxIAIJrooL64nTDme86KZ29wT4mOcJsr8Y2NWHrsvBR3UfRfxEzdk+urZ0RK7Vpmgm7OXwZNYqvQvXZVVJPMtrE42d0LbCkck19GEaOly8Yf6hSYWVqDVziLI1MnWFNd35ZvFSq0UGtKXDBviGNkVPyUxDZ3tCrb4iphKBmiHjSeAFnRhZJmrlcgSV9Xf0tGQXIAnq85hShA1ItMBpbX2fpM6XNsKN7odoXbWYcXOzo7iN9NhNmJxovJBayN1I4l7XA2ewqn/5ddyGXYTLN1KFGilTkVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPkJ8y9zr79lwt81VeU6rsh6DEwVfRPVfL1BubyKKDQ=; b=Kz6Zm4uwrLFYMDW1TM/N+sfhymQquIx0BJ2Mz236D1jgV6MV4BVCEL5MwwEWLYtGIEvzWHbbgvFKPh5FZJLuO4AnVNHzVXhOaAX8mKrbHwpqdi2+mY7/GXXQZmU5E+S6s6k0UYCxM9PyZpH7u6zWv+2bSn5+nvt0ofRJtHyDptyzlRW13pqRrwxxxU5MSiyZIIACJi5r0G4t0J+/4OshCX9YJXZ+qWw/J4Pb2N32U+LsihLT+Naj5btEq44zuFlWmLlfxSOz3Y6nxYhvyIwyvnAEvgFlbleyp+T00TprP+wcScdzhhUJctCSOFJberKqPjHepygkWST1PjwjaiLX8A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPkJ8y9zr79lwt81VeU6rsh6DEwVfRPVfL1BubyKKDQ=; b=uTQcRp8/T8ktsJE112zvyo22a9EWYx0jLqhXyraIg81wr+16hsLYnOL6EUTUIzwe7JvLu32bbPvbPMBVKg7te7xgZXDLdPva/nRhpo45RSjtLaXmBUHOWc/yxqzC0c/Y7eXy0GSHsMvAZ8pCJuGfiN/eBuWHRxRkk6z3JxlS+Co=
Received: from MWHPR11MB1439.namprd11.prod.outlook.com (2603:10b6:301:9::20) by MWHPR1101MB2142.namprd11.prod.outlook.com (2603:10b6:301:56::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Fri, 4 Sep 2020 15:46:01 +0000
Received: from MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::1fe:5ef0:8591:7fef]) by MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::1fe:5ef0:8591:7fef%8]) with mapi id 15.20.3348.015; Fri, 4 Sep 2020 15:46:01 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: "Panwei (William)" <william.panwei@huawei.com>, Laurence Lundblade <lgl@island-resort.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Quantum-safe attestation
Thread-Index: AQHWekEeIP9eQ6iMVEqQ7Ver6ARrXKlHw0aAgAASk4CAAEKsgIAQIpsA
Date: Fri, 4 Sep 2020 15:46:01 +0000
Message-ID: <09772CAD-9F7E-4966-91C8-EA19CF4F9075@intel.com>
References: <B12C563A-066F-4FB7-934D-48D1373206E5@island-resort.com> <28631.1598303815@localhost> <265F46D1-76F8-4B0B-9390-AB15A44E0B0D@island-resort.com> <b7e3ca1ba4624f259eeea84869faa291@huawei.com>
In-Reply-To: <b7e3ca1ba4624f259eeea84869faa291@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: huawei.com; dkim=none (message not signed) header.d=none;huawei.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [50.53.43.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a9d8e832-0cc8-454c-4414-08d850e9a025
x-ms-traffictypediagnostic: MWHPR1101MB2142:
x-microsoft-antispam-prvs: <MWHPR1101MB2142C2700150A02A2B0652CEE52D0@MWHPR1101MB2142.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: n/gNz5c/F/cRH0edABbaARfO7FzaAEQSf/1c2TGI1USPmIibvv5TrVHEUIVyBxhKkmW2gBHm8r1MvDQe8lNjzGoNCYRAqdol9UCGduhB3otlzsaqA7YsA51xPDTOdmNjnvcxyujeXsZa8SFJ8FnjnRcL3gaV5UTvDhppFPem89IY0tvwUJwSTJaHJYfqf1C3gCC/vJUvsflN8HRkaQJr1vQ55ZGMzry34pb48KVaNHzl/B51N57O+0Zu2EFp5+cH6l1pivAZA6TrkMA6tDtKyTp1Eoooawq6QbQxESgXYHzQfCkmjSV+AhhRWBCcEWNHeb+jAruHozLcVsTc2PK/19vef5jMQ22Ka1Hv0FRzzSc20j/GdDeuGcn5umEft4/l3XnplmHmw5XjsO3iBNTcrg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1439.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(396003)(136003)(366004)(39860400002)(316002)(66556008)(83380400001)(66476007)(966005)(66946007)(26005)(66446008)(64756008)(53546011)(6506007)(4326008)(186003)(76116006)(86362001)(8676002)(2906002)(6486002)(71200400001)(8936002)(478600001)(6512007)(36756003)(5660300002)(33656002)(2616005)(110136005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: qu0bw3eZ19p71X5Ida4BeMS7bN3X2Jp+zR2+UYvp6eu7goVD/F6xQzoZsV6l3rNaQxntODqm2ueNTUC9NafIvd10Bm4bcjDpRstnDuLJ9Xsv0oh5ffvlb4CKKtxMQQIU+9tUgqQUTlTJZ1Zrj57fgv5YoxgZFQlb8cRo4ZSDz/4GCMlnb0i/Gca7YLONnOtZQIbpvAP0ruE74s6RHmIZjsYMnusHttr6/QRURFlDRvHAOohnVTS7VwL+8e4CxkMNQekLgd9qTg6riuo83PVFZSRiddbzxFQNJjqUDz5z8Mv2snP6P0F5geFrgLeIurk7AVh2DvlkP8AIq+VMuBVGy+g7a3D+sHcJZdJDY0gujpsAvcOWt+NZ/CDzSIxtvZ4j4UZERilIkUHxnhMx3GwzREW8RXzQe0SYNoIJ1akqytP/C7v9yZsAOB/lJSeeYm+Znh9LMH2DteJWQ+DCJKGnQWR4yTPb33iywoHorw9GkIYf5GIWp9EktCa3QaLf0AhyeZlETwPaimz+zX4xhp0fo7sfI8gSsk5EfOtAfpmpMQ7Hxyo35lI9LrI5XXed2YhDeSf1sHTFbeK7XXEhQmV1H2Wqj7D+/dj0roMRHaMQyAODwm8Wx2J3ABW1cZavaB/k22gWFvy03+XDrTASmxJQTw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <14E8680D3FC4C947BC960321C94E78B5@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1439.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a9d8e832-0cc8-454c-4414-08d850e9a025
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2020 15:46:01.5184 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7WYJTNlwUmW5B63NcDJdRY5RV39h6DVFAkO0BkWKCzOGGWfKvy7mNMuuEVvmAb5epNM4+Q3b+/S8b4ArAcmM8g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2142
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/cX87Ygp8RSoi2b6dAF0huQwq34c>
Subject: Re: [Rats] Quantum-safe attestation
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Sep 2020 08:00:28 -0000

If the architecture uses 'PKI' or words that imply PKI, please point to those sections in the architecture document.
-Ned

On 8/24/20, 7:22 PM, "RATS on behalf of Panwei (William)" <rats-bounces@ietf.org on behalf of william.panwei@huawei.com> wrote:

    > Laurence Lundblade <lgl@island-resort.com> wrote:
    > 
    > I don’t want the RATS architecture to pick one algorithm or go into detail
    > about algorithms.
    > 
    > I expect the RATS architecture to be fully flexible to use what ever
    > algorithms can do the job. In particular it must not assume PKI. Most other
    > crypto-using IETF standards do not assume PKI. They often work better with
    > PKI, but they allow for other algorithms. RATS needs to be the same.
    > 
    > The particular manifestation I can think of for RATS is that Endorsements
    > must support confidentiality. If endorsements do not support
    > confidentiality an assumption that only PKI-based attestation can be used
    > is made.

    The characteristics of Endorsement depend on what the Endorsement is. I don't feel current architecture assumes the Endorsements are PKI-based or limits the algorithms to only use PKI.

    Regards & Thanks!
    Wei Pan

    > 
    > I don’t know of any other manifestations that moving to quantum-safe
    > crypto would have on the architecture, but it seems worth thinking
    > through.
    > 
    > LL
    > 
    > 
    > 
    > > On Aug 24, 2020, at 2:16 PM, Michael Richardson
    > <mcr+ietf@sandelman.ca> wrote:
    > >
    > >
    > > Laurence Lundblade <lgl@island-resort.com> wrote:
    > >> We probably want RATS architecture to be able to use quantum-safe
    > >> algorithms. On low cost and low speed devices that might mean HMAC
    > is
    > >> used since SHA-2 and such seem to be quantum-safe. On higher cost
    > and
    > >> higher speed devices there may be alternatives that look more like
    > >> PKI.
    > >
    > > Yes/no.
    > >
    > > Use of a keyed HMAC requires a symmetric key, which will be a hassle
    > > to provision the verifier, and effectively locks the device to a single (likely
    > > manufacturer provided) verifier.   It will also raise questions of
    > > non-repudiation.
    > > Better *might* be RFC8778 HSS/LMS Hash-Based Signature Algorithms.
    > > They are bigger, and have a limited number of uses.
    > >
    > > I would say that the architecture does not need to say anything about
    > > the algorithms.  These are functional requirements, not design
    > requirements.
    > >
    > > There will have to be firmware updates to the Attesting Environment
    > > once either we have quantum-safe asymmetric algorithms, or when we
    > > have a QM breach.  That can be done with SUIT signed by RFC8778.
    > > I don't think that our architecture need worry about that.
    > >
    > > --
    > > Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software
    > Works
    > > -= IPv6 IoT consulting =-
    > > _______________________________________________
    > > RATS mailing list
    > > RATS@ietf.org
    > > https://www.ietf.org/mailman/listinfo/rats
    > 
    > _______________________________________________
    > RATS mailing list
    > RATS@ietf.org
    > https://www.ietf.org/mailman/listinfo/rats
    _______________________________________________
    RATS mailing list
    RATS@ietf.org
    https://www.ietf.org/mailman/listinfo/rats