IETF Logo Mail Archive

Re: [Rats] New RATS Architecture document

Laurence Lundblade <lgl@island-resort.com> Tue, 08 October 2019 01:18 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 956BD120110 for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 18:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-mPKKxBIIsO for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 18:18:26 -0700 (PDT)
Received: from p3plsmtpa11-03.prod.phx3.secureserver.net (p3plsmtpa11-03.prod.phx3.secureserver.net [68.178.252.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6167120019 for <rats@ietf.org>; Mon, 7 Oct 2019 18:18:26 -0700 (PDT)
Received: from [10.120.0.194] ([45.56.150.18]) by :SMTPAUTH: with ESMTPA id He8viS3ZfLmlSHe8viaRXh; Mon, 07 Oct 2019 18:18:26 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <F2D68742-E1E6-4010-B6B2-646ADB78BC24@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_700992F1-74FF-4283-AD98-1DA4E9A1595E"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 07 Oct 2019 18:18:25 -0700
In-Reply-To: <202c09a4-b385-6b7c-cd1d-25562f99850c@sit.fraunhofer.de>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "rats@ietf.org" <rats@ietf.org>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
References: <471c785f-1cd8-62ff-431a-075ce9c35058@sit.fraunhofer.de> <fe9e3870aaa6419697db4536e1f0718c@NASANEXM01C.na.qualcomm.com> <6619cceb1f3b400dbd9dbbce51c6fcfb@NASANEXM01C.na.qualcomm.com> <202c09a4-b385-6b7c-cd1d-25562f99850c@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfIffOq/4TmqU4gmr+AIcOVonq/iECYzFkGK8aumVtHQl7aVjZUO7LaunVXVreBD+et8gKG7f606UsAFE6Wik3EcHXAioHlDV1YIRi6Ns2BwS9eRSyXwz ntDSRi8R/xgwgrZC65WTRWHZi+g5CPcq1Q/shlUsMhSRdjZQf+TpxlDdVEgkCTKMzzHAJYlHXg1p5B+omefGUHvqafEDqdlDJUK+MWp8eHxLDZyavzAuXTfv couDfaLVwqMaRYq9sk6HFA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dIYpLGMPUqv3OuDL9a6bmql4c9k>
Subject: Re: [Rats] New RATS Architecture document
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2019 01:18:29 -0000

Below...

> On Oct 7, 2019, at 3:06 PM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
> 
> On 07.10.19 23:02, Giridhar Mandyam wrote:
> ...
>> -Giri Mandyam
>> a) I have asked the editors twice on the mailing lists for a justification as to why this is a standards track draft and not an informative one.  I have not received an answer, so I assume that there is no reason.  Note that comparable documents such as the TEEP architecture document and SUIT architecture document are informative.
> 
> In order to enable interoperability, a very tight scope of normative prerequisites is imposed on the architectural constituents of RATS by the architecture I-D in the Normative Prerequisite section (that uses BCP14 requirement notation).
> 
> Additionally, the architecture I-D of the "other" WG that is concerned with security posture of ToE - the SACM WG - is an example for also not being an informative I-D.
> 
> As far as I can see the normative prerequisites do not conflict with EAT, but support the architectural parts of EAT (which move into the RAT architecture I-D in any case).

The core question is whether the architecture doc really needs to be normative or not. Would EAT or Yang Model or such suffer if it was not? Does the definition of “entity” or “attester” or “verifier” need to be normative? 

I don’t have a strong opinion, but lean towards informational. CWT and JWT don’t have an architecture document, not even an informational one.

I do have a strong opinion that IETF should not set security requirements on internal of the implementation on a device. This was one of my core objections to use of the term “root of trust”. Henk, it seems like you are suggesting IETF try to set requirements when you say “security posture of ToE”. I think imposing implementation requirements belongs in certification programs run by organizations with the needed legal and financial structure. I don’t think IETF has this structure.

I thus oppose normative status if it based on MUSTs about the implementation like MUST have a protection boundary or MUST defend against side channels.

(That said, I’m fine with us defining claims that describe such security characteristics of the implementation).

LL

v2.23.0 | Report a Bug | By Email