IETF Logo Mail Archive

Re: [Rats] use case document updates on Roots of Trust

Laurence Lundblade <lgl@island-resort.com> Mon, 09 September 2019 20:56 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56651200C7 for <rats@ietfa.amsl.com>; Mon, 9 Sep 2019 13:56:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.796
X-Spam-Level:
X-Spam-Status: No, score=-1.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fiBQ3hlygjXf for <rats@ietfa.amsl.com>; Mon, 9 Sep 2019 13:56:13 -0700 (PDT)
Received: from p3plsmtpa09-04.prod.phx3.secureserver.net (p3plsmtpa09-04.prod.phx3.secureserver.net [173.201.193.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B48FF12001A for <rats@ietf.org>; Mon, 9 Sep 2019 13:56:13 -0700 (PDT)
Received: from [192.168.1.76] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id 7QhoiYpEp1Fl57Qhoi9ihJ; Mon, 09 Sep 2019 13:56:12 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <64BD12AA-951A-468A-9F08-D442054605AD@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6155099C-7334-48AF-B15D-5787A09AFFA6"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 09 Sep 2019 13:56:09 -0700
In-Reply-To: <4155.1567948986@dooku.sandelman.ca>
Cc: rats@ietf.org
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <4155.1567948986@dooku.sandelman.ca>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfJnOhH6crJTsaM+CLu1tQK0Xxc2XKyL1KapwQBQjxgxL41OwcA4iQNdYCW4EO3qT9wVUqC1gt/ErbWlR9x/UxJMzM5rp+aVghRvDDQuP/QLgKh4Mtn5g ATpzCMkuKdknnCwdA2ef+l9NlfwZgNAkUF/19gV3QIvinCuEA5PhEMNmUl2guKJ8OhTV3cIL6LD2uzRyYT20x38DRKJp6N+1bIg=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dzyjX-ZLigkXuUOyxgv-iEDYqJE>
Subject: Re: [Rats] use case document updates on Roots of Trust
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 20:56:18 -0000

Appreciate you wading into this with something written and concrete.

As a thought experiment consider adding this to our RATS definition:

A root of trust may also be a simple unsecured user mode application, like an Android, Windows or Linux application that trust has been placed in by a particular attestation system. It is provisioned with a signing key or such and other capabilities so as to be able to produce attestation evidence (e.g. signed tokens).  The application may or may not be signed or authenticated.

In a sense, the usual definition of root of trust applies in that it is something that is unconditionally trusted. In another sense, this is at odds with the usual conception as it is not anchored in HW or to any kind of system or boot SW.

I assuming this addition is too much at odds with the convention usage and there is no support for RATS adopting this definition. This is one of the main reasons I am asking we not use the term normatively.

LL


> On Sep 8, 2019, at 6:23 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> We seem to have regular email disputes on terms like Roots of Trust. 
> I continue to have difficulty with the term. Particularly in the plural
> "Roots" form.
> As I process edits to the use case document, I got a bunch of text:
> 
>   The TCG Glossary also offers a general definition for Root of Trust “A
>   component that performs one or more security-specific functions, such as
>   measurement, storage, reporting, verification, and/or update. It is trusted
>   always to behave in the expected manner, because its misbehavior cannot be
>   detected (such as by measurement) under normal operation. “ 
> 
> {I personally find it very difficult to understand the words as other than an
> alias for Trust Anchor, yet it clearly is something else.  It's hard to make
> my neurons pull up a different meaning.  This is probably something that
> every RATS document should say clearly upon first using the term, in order to
> ease the impedence mis-match with IETF readers as we get reviews} 
> 
> I have included not just Ned Smith's comments about the term Roots of Trust,
> but his survey of the various origins of the term.  I'm sure that this
> belongs somewhere else.
> 
> That diff is here:
>  https://ietf.org/rfcdiff?url1=draft-richardson-rats-usecases-04&url2=https://ietf-rats-wg.github.io/ietf-rats-usecases/draft-richardson-rats-usecases.txt
> 
> and commit is:
>  https://github.com/ietf-rats-wg/ietf-rats-usecases/commit/7386e8c0df11ece66e3c95f85d141a639d440e12
> 
> 
> -- 
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-
> 
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email