Re: [Rats] Fwd: New Version Notification for draft-birkholz-rats-reference-interaction-model-03.txt
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Wed, 08 July 2020 12:24 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 124033A0962 for <rats@ietfa.amsl.com>; Wed, 8 Jul 2020 05:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Al8KDzBR09i7 for <rats@ietfa.amsl.com>; Wed, 8 Jul 2020 05:24:25 -0700 (PDT)
Received: from mail-edgeS23.fraunhofer.de (mail-edges23.fraunhofer.de [153.97.7.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84B963A0887 for <rats@ietf.org>; Wed, 8 Jul 2020 05:24:23 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2E1BgCeuQVf/xwBYJlXCQEcAQEBAQkBEgEFBQFAgUoCgxeBMwqEKYNJjS8lmy4DTAkLAQEBAQEBAQEBBgEBGA0IAgQBAQKESwKCFgEkOBMCEAEBBgEBAQEBBgQCAoZEDEMBDAGDAIECAQEBAQEBAQEBAQEBAQEBAQEBAQEWAg02HjcSAQEdAQEBAQECAQEhDwEFMwMJAhAJAhEDAQIBAgIJFgcCAicgCAgGAQwBBQIBAReDCwGCewULjW2bBHaBMoNONDwCDkFCgzeBQIEOKgGMXQ8PgUw/gREnDAOBXH4+glwBAQEBAQEVRFaDQoJgBJI3hmmbRSgHgVmBBoEHBAuHNZBzBQodgnOBGogZhHUGjgGRW4oclEYCBAIJAhWBaoF7TSQuIYJpCUcXAg2OVYYegjCFQQNyAgsqAgYBBwEBAwl8h26GLwGBEAEB
X-IPAS-Result: A2E1BgCeuQVf/xwBYJlXCQEcAQEBAQkBEgEFBQFAgUoCgxeBMwqEKYNJjS8lmy4DTAkLAQEBAQEBAQEBBgEBGA0IAgQBAQKESwKCFgEkOBMCEAEBBgEBAQEBBgQCAoZEDEMBDAGDAIECAQEBAQEBAQEBAQEBAQEBAQEBAQEWAg02HjcSAQEdAQEBAQECAQEhDwEFMwMJAhAJAhEDAQIBAgIJFgcCAicgCAgGAQwBBQIBAReDCwGCewULjW2bBHaBMoNONDwCDkFCgzeBQIEOKgGMXQ8PgUw/gREnDAOBXH4+glwBAQEBAQEVRFaDQoJgBJI3hmmbRSgHgVmBBoEHBAuHNZBzBQodgnOBGogZhHUGjgGRW4oclEYCBAIJAhWBaoF7TSQuIYJpCUcXAg2OVYYegjCFQQNyAgsqAgYBBwEBAwl8h26GLwGBEAEB
X-IronPort-AV: E=Sophos;i="5.75,327,1589234400"; d="scan'208";a="18940797"
Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeS23.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jul 2020 14:24:21 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BDBQCeuQVf/1lIDI1XCQEbAQEBAQEBBwEBEgEBBAQBAUCBSgKCKG8DVDAsCoQpkHglmy4DVQsBAwEBAQEBBgEBGA0IAgQBAYRNAoIUAiQ4EwIQAQEFAQEBAgEGBG2FWwxDAQwBhR4BAQEBAQIBASEPAQUzAwkCEAkCEQMBAgECAgkWBwICJyAICAYBDAEFAgEBF4MLAYMAC41tmwR2gTKDTnACDkFCgzeBQIEOKgGMXQ8PgUw/gREnDAOBXH4+glwBAQEBAQEVgRqDQoJgBJI3hmmbRSgHgVmBBoEHBAuHNZBzBQodgnOBGogZhHUGjgGRW4oclEYCBAIJAhWBaiOBV00kLiGCaQlHFwINjlWGHoIwhUEDQTECCyoCBgEHAQEDCXyHboYvAYEQAQE
X-IronPort-AV: E=Sophos;i="5.75,327,1589234400"; d="scan'208";a="30346258"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jul 2020 14:24:18 +0200
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id 068COHNb008693 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Wed, 8 Jul 2020 14:24:17 +0200
Received: from [192.168.16.50] (79.206.156.41) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.487.0; Wed, 8 Jul 2020 14:24:12 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "rats@ietf.org" <rats@ietf.org>
CC: Guy Fedorkow <gfedorkow@juniper.net>, Thomas Fossati <Thomas.Fossati@arm.com>
References: <159419048015.6220.17040386001147920084@ietfa.amsl.com> <56890b74-3b90-fe6f-720c-32f407dc312b@sit.fraunhofer.de> <041629bc-b2a9-fa01-9a0e-cacd783afc53@gmail.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <c4ce79ca-5338-0aaf-be1d-3f49ec5f2899@sit.fraunhofer.de>
Date: Wed, 08 Jul 2020 14:24:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <041629bc-b2a9-fa01-9a0e-cacd783afc53@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.206.156.41]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/cXEvOQ73_tFrlJUuN3WxWBqp8eM>
Subject: Re: [Rats] Fwd: New Version Notification for draft-birkholz-rats-reference-interaction-model-03.txt
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2020 12:24:28 -0000
Hi Anders, thanks for your reach-out :) As far as I know, session-based creation of evidence is map-able to every kind of interaction model. I'll quickly illustrate how I think that typically works. Please step in, if I am erring here. Session-based remote attestation "bundles" a certain amount of "evidence-generating primitive operations" of an Attesting Environment in a way that corresponding results are packaged in relative large set of Claims collected over time - in one piece of evidence. Some solutions call these bundles audit sessions. If these bundles constitute evidence that can represent past states, some solutions call the resulting evidence secure audit logs. Looking at the referenced write-up [1], the audit approach seems to be combined with a roll-back feature. That is an implementation feature for remediation that is typically not directly in-scope of RATS. But - RATS of course play a vital role in assessing the need for & and the result of remediation procedures, as well as selecting appropriate remediation procedures in the first place (see TEEP). In summary, my early feedback is that the illustrated Protected API can be mapped to all three interaction model - it was probably designed with CHARRA in mind. Maybe it is useful to note here that a subscription session is not the same thing as an audit session. Viele Grüße, Henk On 08.07.20 13:17, Anders Rundgren wrote: > On 2020-07-08 08:52, Henk Birkholz wrote: >> Hi list, > > Hi Henk, > >> >> this version of the reference interaction models I-D now includes the >> three main models that are used across several related documents: >> >> * challenge/response remote attestation (charra) >> * uni-directional remote attestation, and >> * streaming remote attestation > > This is great but I don't see that the session-based attestation > concept[1] used in Saturn[2,3], is covered by this I-D. > > Best regards, > Anders > > 1] > https://cyberphone.github.io/doc/research/session-based-remote-attestation.pdf > > > 2] https://cyberphone.github.io/openbankingwallet > 3] https://cyberphone.github.io/doc/security/keygen2.html > >> >> New diagrams for all three interaction models can be found in section 8: >> >>> https://datatracker.ietf.org/doc/html/draft-birkholz-rats-reference-interaction-model#section-8 >>> >> >> As an attester's identity is vital to all interaction models in RATS -- >> but also has severe implications -- we welcome Liqun and Chris as >> co-authors. They are experts for direct anonymous attestation (DAA) and >> remote attestation in general. >> >> An overview about DAA can be found in section 5: >> >>> https://datatracker.ietf.org/doc/html/draft-birkholz-rats-reference-interaction-model#section-5 >>> >> >> >> Viele Grüße, >> >> Henk >> >> >> -------- Forwarded Message -------- >> Subject: New Version Notification for >> draft-birkholz-rats-reference-interaction-model-03.txt >> Date: Tue, 7 Jul 2020 23:41:20 -0700 >> From: internet-drafts@ietf.org >> To: Liqun Chen <liqun.chen@surrey.ac.uk>, Michael Eckel >> <michael.eckel@sit.fraunhofer.de>, Christopher Newton >> <cn0016@surrey.ac.uk>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> >> >> >> A new version of I-D, >> draft-birkholz-rats-reference-interaction-model-03.txt >> has been successfully submitted by Henk Birkholz and posted to the >> IETF repository. >> >> Name: draft-birkholz-rats-reference-interaction-model >> Revision: 03 >> Title: Reference Interaction Models for Remote Attestation >> Procedures >> Document date: 2020-07-08 >> Group: Individual Submission >> Pages: 22 >> URL: >> https://www.ietf.org/internet-drafts/draft-birkholz-rats-reference-interaction-model-03.txt >> >> Status: >> https://datatracker.ietf.org/doc/draft-birkholz-rats-reference-interaction-model/ >> >> Htmlized: >> https://tools.ietf.org/html/draft-birkholz-rats-reference-interaction-model-03 >> >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-birkholz-rats-reference-interaction-model >> >> Diff: >> https://www.ietf.org/rfcdiff?url2=draft-birkholz-rats-reference-interaction-model-03 >> >> >> Abstract: >> This document describes interaction models for remote attestation >> procedures (RATS). Three conveying mechanisms - Challenge/Response, >> Uni-Directional, and Streaming Remote Attestation - are illustrated >> and defined. Analogously, a general overview about the information >> elements typically used by corresponding conveyance protocols are >> highlighted. Privacy preserving conveyance of Evidence via Direct >> Anonymous Attestation is elaborated on for each interaction model, >> individually. >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> _______________________________________________ >> RATS mailing list >> RATS@ietf.org >> https://www.ietf.org/mailman/listinfo/rats >> >
- [Rats] Fwd: New Version Notification for draft-bi… Henk Birkholz
- Re: [Rats] Fwd: New Version Notification for draf… Anders Rundgren
- Re: [Rats] Fwd: New Version Notification for draf… Henk Birkholz
- Re: [Rats] Fwd: New Version Notification for draf… Anders Rundgren