Re: [Rats] RIV and the RATS architecture

"Smith, Ned" <> Tue, 05 November 2019 00:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9FDDE1200CD for <>; Mon, 4 Nov 2019 16:20:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yr6yLkl3Fbi1 for <>; Mon, 4 Nov 2019 16:20:43 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 70EFE120041 for <>; Mon, 4 Nov 2019 16:20:43 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Nov 2019 16:20:43 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,268,1569308400"; d="scan'208";a="220285885"
Received: from ([]) by with ESMTP; 04 Nov 2019 16:20:42 -0800
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 4 Nov 2019 16:20:42 -0800
Received: from ([]) by ([]) with mapi id 14.03.0439.000; Mon, 4 Nov 2019 16:20:42 -0800
From: "Smith, Ned" <>
To: Dave Thaler <>, Henk Birkholz <>, Guy Fedorkow <>
CC: "" <>, Thomas Hardjono <>, Jessica Fitzgerald-McKay <>
Thread-Topic: [Rats] RIV and the RATS architecture
Thread-Index: AdWQISZnKaC7gFC9RTeTGiVYLOxchQDLr02gABJIfYAAAlH2gP//mRuA
Date: Tue, 5 Nov 2019 00:20:42 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/10.1e.0.191013
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-11-04T22:28:56.8907863Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=2fafed79-064d-4630-9794-88013d0e4cae; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Rats] RIV and the RATS architecture
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Nov 2019 00:20:46 -0000

Speaking as a co-author to architecture, I think it makes sense to merge the two architecture documents. A section on 'trust model' seems appropriate, if for no other reason than to capture requirements that are in line with the use cases which focus on distributed computing scenarios. I think this implies centralized "IT" approaches likely are too constraining. PKI may be workable given tolerance for many CAs in a Web of trust model. Other viable trust models could emerge including Decentralized ID (referring to direction W3C is moving with rebooting the Web of Trust). 

On 11/4/19, 14:29 PM, "Dave Thaler" <> wrote:

    Thanks Henk for the note.
    I hope the WG can converge more as I think there is still much confusion, and reviewing
    updated documents will help people to understand concepts better and see where there is alignment and
    where there is still lack of alignment.
    I haven't gotten any direction from the chairs yet as to whether I should update my contribution or not, but
    since there have been specific questions asked on the list (Juergen, Guy, etc.), and apparently some mischaracterization
    in email messages about text in my contribution, I'm inclined to submit an update unless the chairs tell me otherwise.
    I am absolutely open to co-authoring, or contributing, or merging, or whatever else, going forward.
    Looking forward to a productive discussion,
    -----Original Message-----
    From: RATS <> On Behalf Of Henk Birkholz
    Sent: Monday, November 4, 2019 1:23 PM
    To: Dave Thaler <>om>; Guy Fedorkow <>
    Cc:; Thomas Hardjono <>du>; Smith, Ned <>om>; Jessica Fitzgerald-McKay <>
    Subject: Re: [Rats] RIV and the RATS architecture
    Hi Dave, Guy, et al.
    we did a "best fit" matching of use cases with the two message flows "passport" and "back-end", and while it is possible to cluster those with some... leniency, the goal is to provide the basis for mapping by using both roles and message flows in the architecture document. 
    "Passport" and "Back-End" flows really helped to streamline the progress (Thanks Dave). As we (Thomas, Ned, Michael & me, with 'unfortunately' 
    too much input from group members! Thanks all) went through seven examples now (still missing a prominent GP one, I think) we are pretty confident that this works consistently.
    Sorry again that we did not address all issues raised. The priority stack that is our action item list was in a continuous swirl :)
    There will be one or more submissions before cut-off.
    Viele Grüße,
    On 04.11.19 21:56, Dave Thaler wrote:
    > Hi Guy, sorry for the delay, I was at a conference (Open Source 
    > Summit, Confidential Computing Consortium, and Linux Security Summit 
    > were all
    > co-located) all last week and traveling there/back.
    > Responses inline below.
    > *From:* RATS <> *On Behalf Of *Guy Fedorkow
    > *Sent:* Thursday, October 31, 2019 12:27 PM
    > *To:* Dave Thaler <>
    > *Cc:*; Thomas Hardjono <>du>; Smith, Ned 
    > <>om>; Henk Birkholz 
    > <>de>;
    > Jessica Fitzgerald-McKay <>
    > *Subject:* [Rats] RIV and the RATS architecture
    > Hi Dave,
    >    Thanks for your doc
    > bf86f141af91ab2d7cd011db47%7C1%7C0%7C637085028413254093&amp;sdata=kc6Y
    > 4pawY8qtlcCEbuU4jslXVhktsexy8rCHoVv6q%2FE%3D&amp;reserved=0
    > <;;sdata=kc6Y4pawY8qtlcCEbuU4jslXVhktsexy8rCHoVv6q%2FE%3D&amp;reserved=0>.
    >    Do you have a view as to how the TPM-based attestation described in 
    > RIV would fit with the proposed categorization?
    > amp;
    > 16d3410%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63708502841325409
    > 3&amp;sdata=mTKpVUjdcsj5YLY4yfQMSCUi4JRYxroPFzBlBTMdJW8%3D&amp;reserve
    > d=0 
    > <
    > &amp;
    > 616d3410%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6370850284132640
    > 89&amp;sdata=EZTwUJ70nIQCDMwYlmjIN73q8MVZWAQvY%2FeqOOw7prE%3D&amp;rese
    > rved=0>
    > Great question. From my reading of
    > draft-fedorkow-rats-network-device-attestation-00, it's a background 
    > check model, as section 2.3 of your doc explains:
    >>   3.  A Relying Party, which has access to the Verifier to request
    >>       attestation and to act on results.
    > That sentence above is by definition the background check model.
    > That is, the Attester talks to the Relying Party, the Relying Party 
    > then requests a background check by consulting a Verifier,
    > and will accept whatever answer the Verifier decides.
    > There are ways where you could use the passport model for network 
    > device attestation,
    > but your document only covers the background check model.
    >    It doesn't seem to be a passport, since the attester only provides 
    > raw evidence, not a pre-approved passport
    > Agreed, from my reading of your document.
    >    It doesn't seem to be a background check, as it's the verifier that 
    > collects and analyzes the evidence.
    > If I understand your point here, you're saying that the verifier talks 
    > directly to the attester (e.g., by querying the yang module), without 
    > going back through the relying party, and that that seemed to you to 
    > be different from a classic "background check" diagram.  Did I get 
    > your point correctly?
    > If so, then I see it as a variation of the background check model, as 
    > opposed to a separate model per se.
    >    I'm not sure it matters to RIV, as we haven't drawn much 
    > distinction between the relying party and the verifier.  As you say, 
    > if they're on the same machine, the distinction is almost moot.
    > Agree.
    > And if they're not, I think the communication is out of scope for RIV 
    > (if not for RATS).
    > I disagree that it's out of scope for RATS.
    > I have no opinion on whether it's out of scope for RIV, since I still 
    > have some confusion on the intended scope of RIV.
    > I note that your document constrains its scope (in section 1.5) to 
    > only TPM-based embedded devices, and not other
    > types of devices.   I couldn't tell if the scope of RIV and the scope 
    > of the draft (which does not have RIV in the name, or in
    > section 1.5) are similar or one is a subset of the other.   Indeed, 
    > the title of the document is far wider than just TPM-based
    > embedded devices, so in that sense the title doesn't match the scoping 
    > in section 1.5.   Just explaining why there's not
    > enough information for me to have an opinion on verifier-relying party 
    > communication in RIV.
    > There can be other network attestation solutions that look quite 
    > different from the flow in your draft
    > (and I have no skin in this game, so don't have a bias towards any 
    > solution in particular).   For example,
    > some other solution might involve a RADIUS server being a Verifier, so 
    > the verifier - relying party communication might
    > be RADIUS in that example.   There's many ways to construct solutions, 
    > and so I imagine there's probably multiple
    > solutions already out there, since the NEA problem is not new even in 
    > the IETF 
    > (
    > C9dfd693759294a279a9e08d7616d3410%7C72f988bf86f141af91ab2d7cd011db47%7
    > C1%7C0%7C637085028413264089&amp;sdata=ExcrMYn5%2Bvd%2FbSz1%2FZ7Wz4KB0D
    > x%2Bd6KCaU6M2nweXw4%3D&amp;reserved=0 has
    > pointers to RFCs for anyone reading this who's not already aware of it).
    >    But it would be good ensure the architecture and the applications 
    > of it actually do fit together.
    > Absolutely.
    > Dave
    >    Thanks
    > /guy
    > Juniper Business Use Only
    RATS mailing list;;sdata=kxj3Z9NJnOFsek3AScAuAtvvi8c4%2B8gKIpY73qWxq%2FY%3D&amp;reserved=0