Re: [Rats] comments on draft-birkholz-rats-architecture-02
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Wed, 02 October 2019 09:59 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F02EE120857 for <rats@ietfa.amsl.com>; Wed, 2 Oct 2019 02:59:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NkI1OefZWCtC for <rats@ietfa.amsl.com>; Wed, 2 Oct 2019 02:59:47 -0700 (PDT)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE8891200B3 for <rats@ietf.org>; Wed, 2 Oct 2019 02:59:45 -0700 (PDT)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id x929xdxn000907 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Wed, 2 Oct 2019 11:59:40 +0200
Received: from [134.102.174.152] (134.102.174.152) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Wed, 2 Oct 2019 11:59:34 +0200
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>, "rats@ietf.org" <rats@ietf.org>
References: <20190925141802.5kvcriaysbuw5dhi@anna.jacobs.jacobs-university.de> <VI1PR08MB53607670A7762C9EABE9D1A3FA9C0@VI1PR08MB5360.eurprd08.prod.outlook.com> <VI1PR08MB5360B3EFF48F3731D07FB2B8FA9C0@VI1PR08MB5360.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <ccf8d894-1b27-c491-dc50-49e4c6478833@sit.fraunhofer.de>
Date: Wed, 02 Oct 2019 11:59:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <VI1PR08MB5360B3EFF48F3731D07FB2B8FA9C0@VI1PR08MB5360.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.174.152]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dl6tIdg_22BgB2aCphsilJJWeF4>
Subject: Re: [Rats] comments on draft-birkholz-rats-architecture-02
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 09:59:50 -0000
Hi Jürgen, hi Hannes, I'll add some of the reasoning to most of the items below: On 02.10.19 11:11, Hannes Tschofenig wrote: > Clicked the enter key accidentally and sent the mail far too early.... > > Below is another try: > > -----Original Message----- > From: Hannes Tschofenig > Sent: Mittwoch, 2. Oktober 2019 11:01 > To: Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de>; rats@ietf.org > Subject: RE: comments on draft-birkholz-rats-architecture-02 > > Hi Jürgen, > > Thanks for your review. Looks of great questions. > Below is my take on it. > > -----Original Message----- > From: RATS <rats-bounces@ietf.org> On Behalf Of Schönwälder, Jürgen > Sent: Mittwoch, 25. September 2019 16:18 > To: rats@ietf.org > Subject: [Rats] comments on draft-birkholz-rats-architecture-02 > > Hi, > > I am rather new here to please forgive my ignorance. I thought I start by reading the architecture document. Some of my questions may just show my ignorance but then this is what happens if you get fresh reads... > > - What is 'normative guidance'? > > [Hannes] Should just be 'guidance' but on the other hand an architecture document shouldn't provide guidance. > I guess we have to change the sentence altogether from " > In general, this document > provides normative guidance how to use, create or adopt network > protocols that facilitate RATS. > " > To: > > " > This document defines terminology and describes the architecture of the remote attestation procedures (RATS) standardization work in the IETF. Thank you Hannes - the new phrasing is more to the point. The higher level goal is of course to enable readers to build complete remote attestation procedures that are composed out of Princapls that are composed of... and so on. That's not a good start for the text though, especially as we tried to serialized the definitions in an order that was simpler to understand than before. In general, a bit more redundancy to that respect does not hurt, I think. See next point. > " > > - Would it not make sense to also define the terms introduced in 1.1? > > - Claims > - Evidence > - Known-Good-Values > - Endorsements > - Attestation Results > > Perhaps section 1.1 should be folded into section 2 so that all > terminology is defined in one place. What about terms such as > > - Attester > - Verifier > - Asserter > - Relying Party > > [Hannes] I agree with your observations. Section 1.1 should be merged with Section 2 and these additional terms should be added. The intent of 1.1 is... well to give a quick overview. Merging it with section 2 would shift that meaning and would render it to be just a terminology definition. Actually, we thought we were providing a concise definition in 1.1 beforehand (detailed definitions are in section 4), but the goal is to address new readers, such as you, and that apparently did not work out so well :) So we will have to have another stab at this. Is it a good approach to define RATS messages (the first block you highlighted) not only in the section RATS Messages (4.3.2) but in a terminology section, too? I am uncertain how much redundancy is useful. Jürgen, would that have helped? > > - What are 'architectural constituents'? > > [Hannes] Should be replaced with 'entities' There were always multiple opinions about this. Maybe defining architectural constituents would be better? What we meant here are the instantiated architectural components that make entities a part of a RATS architecture, i.e. messages/interactions, roles and principals - which explicitly do not include e.g. persons or organizations. > > > - Separation: > > A Computing Environment with the capability of remote attestation: > > o is separate from other Attested Computing Environments (about > which attestation evidence is created), and > > Does it always have to be separate? Is there an architectural > requirement for these to be separate? > > [Hannes] A figure would help here. In the model we use at Arm with TrustZone for v8-M the computing environment is separate from the attesting computing environment. > Since the term separate is not further elaborated I doubt there is a problem. Yes, a figure would have helped and will help in the future. > > - If you read this document for the first time, it is difficult to put > the various terms together in your head. Figure 1 helps but it comes > a bit late, it would help if it would be shown early. It would have > helped me if all key terms are defined upfront followed by a Figure > explaining relationships or interactions before the discussion of > details starts. > > [Hannes] I have to agree with you. Maybe it helps to move Figure 1 up or to re-arrange other sections. Okay - the question is, where to put it. Probably in the overview section 1.1? > > > - Not sure this helps me understand things: > > (e.g. Prinicipals that are Supply Chain Entities) > > [Hannes] Maybe a complete example would help. Yes, there is the > > - What are Appraisals? Appraisal is the activity (function) that a Verifier conducts. We had a clearer definition of Creation of Evidence (via the Attester) , Conveyance of Evidence (via an Interaction), and Appraisal of Evidence (via a Verifier) in the last version. Due to the refactoring that got lost too much, as I see now. Maybe reintroducing that in the overview will help, too? > - Evidence A RATS message defined in 4.3.2 > - Endorsements Also a RATS message defined in 4.3.2 > > [Hannes] If it makes you feel better I have also been wondering why the attestation community uses so complex terms. > I yet have to find out how to make it simpler (or how to describe it better). Correct terminology is quite of the essence here as, for example, sets of claims and sets of evidence are messages with different meaning. Simplification (or better... abstraction) is the thing we did the most in since the BoF. I am rather certain that we cannot simplify without losing meaning, currently. But we most certainly can work on the description part. > > - Security Considerations > > RATS Evidence, Verifiable Assertions and Results SHOULD use formats > ... > > Should that be > > RATS Evidence, Endorsements, Known-Good-Values, and Attestation > Results SHOULD use formats ... > > to be consistent with terminology? The term 'Verifiable Assertions' > shows up here the for the first time... Yes, that is an oversight. Your text is correct. Which is good, because that means the text at least it was consistent until here and enabled you to find that artifact :) Thx! > > [...] Nonce Claims often piggy- > back other information and can convey attestation semantics that are > of essence to RATS, e.g. the last four bytes of a challenge nonce > could be replaced by the IPv4 address-value of the Attester in its > response. > > Despite wondering whether this is a good thing or a bad thing, I > wonder why this is in the security considerations of the > architecture document. The architecture does not define how Nonce > Claims look like, so why would it discuss specific issues about > Nonce Claims? > > [Hannes] I completely agree with you. Good point, we will move it to the Interaction Model I-D (which is in churn right now, moving from one Model to potentially four models). > > > Thanks again for the great review. Dito! Vielen Dank! Henk > > Ciao > Hannes > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- [Rats] comments on draft-birkholz-rats-architectu… Schönwälder
- Re: [Rats] comments on draft-birkholz-rats-archit… Hannes Tschofenig
- Re: [Rats] comments on draft-birkholz-rats-archit… Hannes Tschofenig
- Re: [Rats] comments on draft-birkholz-rats-archit… Henk Birkholz