IETF Logo Mail Archive

Re: [Rats] Verifier Input instead of Endorsement?

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 07 July 2020 17:06 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF0A33A1173 for <rats@ietfa.amsl.com>; Tue, 7 Jul 2020 10:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wSeBN9H7_ttY for <rats@ietfa.amsl.com>; Tue, 7 Jul 2020 10:06:48 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C7EA3A1179 for <rats@ietf.org>; Tue, 7 Jul 2020 10:06:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 6E1B1389A4; Tue, 7 Jul 2020 13:03:49 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id JcHwDuRmkpkr; Tue, 7 Jul 2020 13:03:48 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 31D5F389A3; Tue, 7 Jul 2020 13:03:48 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 53A09136; Tue, 7 Jul 2020 13:06:41 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Laurence Lundblade <lgl@island-resort.com>
cc: "rats@ietf.org" <rats@ietf.org>
In-Reply-To: <59471994-1797-42CE-AC6F-34F07315ADFB@island-resort.com>
References: <878E068C-DAFD-4441-94F7-BA79CAF7FED6@island-resort.com> <BL0PR2101MB10279501A4ECA5BB7B6AED63A36F0@BL0PR2101MB1027.namprd21.prod.outlook.com> <BF5071AC-0C8D-4B26-8330-8589736B6EF5@island-resort.com> <af8e64b9-41b3-f42a-183d-1c9544fc1d7d@sit.fraunhofer.de> <C4D6DCB6-F0D9-4858-823C-7B045005B48C@island-resort.com> <13132.1593723461@localhost> <6091010E-3F7D-4B45-9B8E-9D954CE03C43@island-resort.com> <24201.1593904708@localhost> <59471994-1797-42CE-AC6F-34F07315ADFB@island-resort.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 07 Jul 2020 13:06:41 -0400
Message-ID: <12354.1594141601@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/eCfVIx6DqIK0GYzNSmyh0aYA1uk>
Subject: Re: [Rats] Verifier Input instead of Endorsement?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 17:06:51 -0000

Laurence Lundblade <lgl@island-resort.com> wrote:
    > Sorry, didn’t say that right.

    > If we’re going to minimize description of what is above the Verifier,
    > then the term “Endorsement” should be replaced with a more general term
    > like “Verifier Input” or “Attester Trust Criteria” or other.

I comprehend your point.

    > I think there are three problems with the term “Endorsement":
    > - It implies a specific style of input (a signed document) that is too
    > narrow for a general architecture

I don't agree that it has to be a signed document.
I think it could well be configuration information.
But, it might be that, being largely TCG-ignorant, I like the term because I view
it without TCG-approved-eyewear.

    > - It is ambiguous and/or not clear it is even correct. The room in
    > Berlin of experts agreed that Endorsement can’t have keys in them, but
    > there must be a key input to the Verifier.

I would appreciate if Henk, or Dave could clarify this comment.
I can't see why it can't list a set of trust anchors to be used to verify
Evidence.  I assume that's the kind of keys you speak of.

    > - It is TCG-specific. The term is not used in FIDO, Android and
    > TEE-based projects that I’ve worked on.


    > Some text like this?

    > Verifier Input

    > Inputs used by the Verifier to establish trust in Attester, evaluate
    > Attestation Evidence and produce Attestation results. It may include
    > cryptographic keys, known-good/reference values, static implicit claims
    > and policy configuration.

I'm okay with this description, but I don't understand the dislike for
endorsement.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email