Re: [Rats] Fwd: New Version Notification for draft-birkholz-rats-reference-interaction-model-03.txt

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Wed, 08 July 2020 12:24 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 124033A0962 for <rats@ietfa.amsl.com>; Wed, 8 Jul 2020 05:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Al8KDzBR09i7 for <rats@ietfa.amsl.com>; Wed, 8 Jul 2020 05:24:25 -0700 (PDT)
Received: from mail-edgeS23.fraunhofer.de (mail-edges23.fraunhofer.de [153.97.7.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84B963A0887 for <rats@ietf.org>; Wed, 8 Jul 2020 05:24:23 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2E1BgCeuQVf/xwBYJlXCQEcAQEBAQkBEgEFBQFAgUoCgxeBMwqEKYNJjS8lmy4DTAkLAQEBAQEBAQEBBgEBGA0IAgQBAQKESwKCFgEkOBMCEAEBBgEBAQEBBgQCAoZEDEMBDAGDAIECAQEBAQEBAQEBAQEBAQEBAQEBAQEWAg02HjcSAQEdAQEBAQECAQEhDwEFMwMJAhAJAhEDAQIBAgIJFgcCAicgCAgGAQwBBQIBAReDCwGCewULjW2bBHaBMoNONDwCDkFCgzeBQIEOKgGMXQ8PgUw/gREnDAOBXH4+glwBAQEBAQEVRFaDQoJgBJI3hmmbRSgHgVmBBoEHBAuHNZBzBQodgnOBGogZhHUGjgGRW4oclEYCBAIJAhWBaoF7TSQuIYJpCUcXAg2OVYYegjCFQQNyAgsqAgYBBwEBAwl8h26GLwGBEAEB
X-IPAS-Result: A2E1BgCeuQVf/xwBYJlXCQEcAQEBAQkBEgEFBQFAgUoCgxeBMwqEKYNJjS8lmy4DTAkLAQEBAQEBAQEBBgEBGA0IAgQBAQKESwKCFgEkOBMCEAEBBgEBAQEBBgQCAoZEDEMBDAGDAIECAQEBAQEBAQEBAQEBAQEBAQEBAQEWAg02HjcSAQEdAQEBAQECAQEhDwEFMwMJAhAJAhEDAQIBAgIJFgcCAicgCAgGAQwBBQIBAReDCwGCewULjW2bBHaBMoNONDwCDkFCgzeBQIEOKgGMXQ8PgUw/gREnDAOBXH4+glwBAQEBAQEVRFaDQoJgBJI3hmmbRSgHgVmBBoEHBAuHNZBzBQodgnOBGogZhHUGjgGRW4oclEYCBAIJAhWBaoF7TSQuIYJpCUcXAg2OVYYegjCFQQNyAgsqAgYBBwEBAwl8h26GLwGBEAEB
X-IronPort-AV: E=Sophos;i="5.75,327,1589234400"; d="scan'208";a="18940797"
Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeS23.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jul 2020 14:24:21 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BDBQCeuQVf/1lIDI1XCQEbAQEBAQEBBwEBEgEBBAQBAUCBSgKCKG8DVDAsCoQpkHglmy4DVQsBAwEBAQEBBgEBGA0IAgQBAYRNAoIUAiQ4EwIQAQEFAQEBAgEGBG2FWwxDAQwBhR4BAQEBAQIBASEPAQUzAwkCEAkCEQMBAgECAgkWBwICJyAICAYBDAEFAgEBF4MLAYMAC41tmwR2gTKDTnACDkFCgzeBQIEOKgGMXQ8PgUw/gREnDAOBXH4+glwBAQEBAQEVgRqDQoJgBJI3hmmbRSgHgVmBBoEHBAuHNZBzBQodgnOBGogZhHUGjgGRW4oclEYCBAIJAhWBaiOBV00kLiGCaQlHFwINjlWGHoIwhUEDQTECCyoCBgEHAQEDCXyHboYvAYEQAQE
X-IronPort-AV: E=Sophos;i="5.75,327,1589234400"; d="scan'208";a="30346258"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jul 2020 14:24:18 +0200
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id 068COHNb008693 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Wed, 8 Jul 2020 14:24:17 +0200
Received: from [192.168.16.50] (79.206.156.41) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.487.0; Wed, 8 Jul 2020 14:24:12 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "rats@ietf.org" <rats@ietf.org>
CC: Guy Fedorkow <gfedorkow@juniper.net>, Thomas Fossati <Thomas.Fossati@arm.com>
References: <159419048015.6220.17040386001147920084@ietfa.amsl.com> <56890b74-3b90-fe6f-720c-32f407dc312b@sit.fraunhofer.de> <041629bc-b2a9-fa01-9a0e-cacd783afc53@gmail.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <c4ce79ca-5338-0aaf-be1d-3f49ec5f2899@sit.fraunhofer.de>
Date: Wed, 08 Jul 2020 14:24:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <041629bc-b2a9-fa01-9a0e-cacd783afc53@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.206.156.41]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/cXEvOQ73_tFrlJUuN3WxWBqp8eM>
Subject: Re: [Rats] Fwd: New Version Notification for draft-birkholz-rats-reference-interaction-model-03.txt
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2020 12:24:28 -0000

Hi Anders,

thanks for your reach-out :) As far as I know, session-based creation of 
evidence is map-able to every kind of interaction model. I'll quickly 
illustrate how I think that typically works. Please step in, if I am 
erring here.

Session-based remote attestation "bundles" a certain amount of 
"evidence-generating primitive operations" of an Attesting Environment 
in a way that corresponding results are packaged in relative large set 
of Claims collected over time - in one piece of evidence.

Some solutions call these bundles audit sessions. If these bundles 
constitute evidence that can represent past states, some solutions call 
the resulting evidence secure audit logs.

Looking at the referenced write-up [1], the audit approach seems to be 
combined with a roll-back feature. That is an implementation feature for 
remediation that is typically not directly in-scope of RATS. But - RATS 
of course play a vital role in assessing the need for & and the result 
of remediation procedures, as well as selecting appropriate remediation 
procedures in the first place (see TEEP).

In summary, my early feedback is that the illustrated Protected API can 
be mapped to all three interaction model - it was probably designed with 
CHARRA in mind. Maybe it is useful to note here that a subscription 
session is not the same thing as an audit session.


Viele Grüße,

Henk

On 08.07.20 13:17, Anders Rundgren wrote:
> On 2020-07-08 08:52, Henk Birkholz wrote:
>> Hi list,
> 
> Hi Henk,
> 
>>
>> this version of the reference interaction models I-D now includes the
>> three main models that are used across several related documents:
>>
>> * challenge/response remote attestation (charra)
>> * uni-directional remote attestation, and
>> * streaming remote attestation
> 
> This is great but I don't see that the session-based attestation 
> concept[1] used in Saturn[2,3], is covered by this I-D.
> 
> Best regards,
> Anders
> 
> 1] 
> https://cyberphone.github.io/doc/research/session-based-remote-attestation.pdf 
> 
> 
> 2] https://cyberphone.github.io/openbankingwallet
> 3] https://cyberphone.github.io/doc/security/keygen2.html
> 
>>
>> New diagrams for all three interaction models can be found in section 8:
>>
>>> https://datatracker.ietf.org/doc/html/draft-birkholz-rats-reference-interaction-model#section-8 
>>>
>>
>> As an attester's identity is vital to all interaction models in RATS --
>> but also has severe implications -- we welcome Liqun and Chris as
>> co-authors. They are experts for direct anonymous attestation (DAA) and
>> remote attestation in general.
>>
>> An overview about DAA can be found in section 5:
>>
>>> https://datatracker.ietf.org/doc/html/draft-birkholz-rats-reference-interaction-model#section-5 
>>>
>>
>>
>> Viele Grüße,
>>
>> Henk
>>
>>
>> -------- Forwarded Message --------
>> Subject: New Version Notification for
>> draft-birkholz-rats-reference-interaction-model-03.txt
>> Date: Tue, 7 Jul 2020 23:41:20 -0700
>> From: internet-drafts@ietf.org
>> To: Liqun Chen <liqun.chen@surrey.ac.uk>, Michael Eckel
>> <michael.eckel@sit.fraunhofer.de>, Christopher Newton
>> <cn0016@surrey.ac.uk>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
>>
>>
>> A new version of I-D, 
>> draft-birkholz-rats-reference-interaction-model-03.txt
>> has been successfully submitted by Henk Birkholz and posted to the
>> IETF repository.
>>
>> Name:        draft-birkholz-rats-reference-interaction-model
>> Revision:    03
>> Title:        Reference Interaction Models for Remote Attestation 
>> Procedures
>> Document date:    2020-07-08
>> Group:        Individual Submission
>> Pages:        22
>> URL:
>> https://www.ietf.org/internet-drafts/draft-birkholz-rats-reference-interaction-model-03.txt 
>>
>> Status:
>> https://datatracker.ietf.org/doc/draft-birkholz-rats-reference-interaction-model/ 
>>
>> Htmlized:
>> https://tools.ietf.org/html/draft-birkholz-rats-reference-interaction-model-03 
>>
>> Htmlized:
>> https://datatracker.ietf.org/doc/html/draft-birkholz-rats-reference-interaction-model 
>>
>> Diff:
>> https://www.ietf.org/rfcdiff?url2=draft-birkholz-rats-reference-interaction-model-03 
>>
>>
>> Abstract:
>>      This document describes interaction models for remote attestation
>>      procedures (RATS).  Three conveying mechanisms - Challenge/Response,
>>      Uni-Directional, and Streaming Remote Attestation - are illustrated
>>      and defined.  Analogously, a general overview about the information
>>      elements typically used by corresponding conveyance protocols are
>>      highlighted.  Privacy preserving conveyance of Evidence via Direct
>>      Anonymous Attestation is elaborated on for each interaction model,
>>      individually.
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of 
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
>>
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
>>
>