[Rats] PKIX Attestation design team meeting notes 2024-02-26
Mike Ounsworth <Mike.Ounsworth@entrust.com> Mon, 26 February 2024 18:25 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB3DC151547; Mon, 26 Feb 2024 10:25:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C7ZcATHefI3Z; Mon, 26 Feb 2024 10:25:45 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 411CBC151540; Mon, 26 Feb 2024 10:25:45 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41QE6pmA017600; Mon, 26 Feb 2024 12:25:42 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:subject:date:message-id:content-type:mime-version; s= mail1; bh=osYSUfZ9+tjk99X8zBvG1rvU2zpkzChGjaJ7K2jgfuk=; b=kPDMbG 3Ei0nH5VQRjvwO1l/undBLMNeKWiqtUisx8kl6Hc38GS0qo9N3sF6IxcjGjbqgqJ KZNXrZNuEwIL7rnAzTF+IqZp4VJl+rUxYPRDK7l1a77vjU79O30ZN+/6t0HBWPA+ 6PlHKL0LtbcWRVxO/Ce/cS1hlyaXW1oARv3n3dXaCyP1R8J2ciQs+/lK7pftj7e0 30dBYsblsOFkmNHrAPEGss+Y0Jb4PvDbZmCtz4ZoNKjBlj06GYAsZZ+gn3bXRsdg 1bse140p3D12wIDta/2lH0PM6YIqkb2RvXgpB+gu4OF4deobmPtWK6TKVdZslezf L9vKVCfgf6dG77Jw==
Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02lp2041.outbound.protection.outlook.com [104.47.51.41]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3wfe14prrt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 26 Feb 2024 12:25:42 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F5q5VbvfuTeRZ9hzY2bbJ5xYOwd4Zq2gG/Bc/W+LubDFgsdsFDohbGL/Csf93xmYk4F0HkotLFiwIKGRiHbQ+icd3mmDCEjXO0LY5CbBWTnLVqvDs31hx2ES9G+Uq9wUubFMqcKeIkYkG7auPb1eHdPhKRuBacEk0yRhrz3MywN2E4z1axvGOKZTknubd7/Roh7AX+K7twzQDCcE6nWJpUf/bw85sHpORBqWjCzVUO2sZNzVuzpG/O5zxh0nerDCP3KaF1rGRC1npG5bzgu9S1Jof4cIV76dS4IKcBYiEp86p8DF5QG0v4fyxvDM+fFO5lKUXNVDBx+Q5CTft6f47Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=osYSUfZ9+tjk99X8zBvG1rvU2zpkzChGjaJ7K2jgfuk=; b=kjzGY14Zt2czNXd/AI+PbTfGQ/DRqZb2OIjJDhT2MVyD1AHE2ULIJ2C0BtYrtWB5ACrnQh3ajyeiy6L6FKiqZsX3WmdR15xe9PPoCee8T6BpEh9IacDtD4tX4akWCX9BAfe4BkVV02CYzVMV2brSOwx6zbSn21jvYKBeoY+TULPtoxNEGvIwvRp8jbDUjtDqUSPbOpfXJ2gz4ApBZSeWN8IR0EGFRINjVChF7Z4kH+UznWsZrntOKYiUinUnsAed3q1Jzk63vx97x1VE5a+E5KPT5AvcfL7hNUl5uUia7kWjaP/rS+Xy3BYznilCO0cMGunit04t1TsA2H0H1BKaHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CH0PR11MB5428.namprd11.prod.outlook.com (2603:10b6:610:d3::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.25; Mon, 26 Feb 2024 18:25:39 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03%3]) with mapi id 15.20.7339.023; Mon, 26 Feb 2024 18:25:39 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: 'LAMPS' <spasm@ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: PKIX Attestation design team meeting notes 2024-02-26
Thread-Index: Adpo4QA5alE/T7BbS+G8DdLCu3w9tA==
Date: Mon, 26 Feb 2024 18:25:39 +0000
Message-ID: <CH0PR11MB5739E7480D10503FE294C8339F5A2@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CH0PR11MB5428:EE_
x-ms-office365-filtering-correlation-id: 6f900d55-2512-45d6-c603-08dc36f85566
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: E+KE4cHUtiObm/4pvVqfRkx5N6UoJY6nEELAhK7ceA3FUjrSLdxLrvVg3w4BCgJ/4ESg3qNVLTBvAIpSMNA7pg0h0wIIctqu3+tl/Mh9MSLO7bop5LwfJ2Hqx1yqfyooLuTQ7ddtSVdWy0AZ07kvM+/yLi+xWj+akN6Dp9SsElt7vMGuqshM83aFf7Tu/V/LiMp8fzAhO2UUtXDM4/F+XBuEAhbgD6vF9Mx6R5vWFFrlInwMKixqqu2MPrbNmperLzYngvUzc/ptotWzbPMySIqaBw50+J+nxKoJnPOKEUOH3nDouCJ+OhZWVrpj3LlHPUZDFqgb3rWCVzXb2juv26WwA3IyiG2uRjv9RMr1cNycS769eT/zp7ZktSnFLStDEpYygs1imgKrXE2xB2QfxtkfcMpc05pzOALM2YhapoLC1mhPysVLWl0ODeXbvu8JOdiRcs0alXz7Kl4FZ73+GCLCeQd3NFX0BinChpXMhxWp+5TK3GLxbEsPnCgc0pitUue8VF0+ltCzEjWuPwFMN4SX8u5jtr/b4oGS+y6YnVlbTVkXUcCpoCROKDEzZwNe+nzpOklKNzzYpySG52U6xsiYMnVyFJZbKh3ljR+/rU582VW4Wu9T02qR1jsshStU31k1MO2rReZpj0EK4dFfsvBSza1gBgQHaOJIKu7wi/FEChLbrkNDdzLkesn3DhU/2WpkP5C1LjYIcOiYV9qSWQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: T5ClVFN9fAT+FVpJelfqHg76koRMWI81UF1jSI661iluK/R+0WNK80A31QWoQr5iCOhHSxYYSnT8nmo0EqqZOXVbhaDRE/AulmJVIfzqL2IS5JC/84D6fRiCaXaeU5SkDx+PBrnbnwfHKmC/sDkY8tu4LajVgdl2SaolM9HkZnZlnkpRM3bGF0VQXi3s/5//OmKDDtojGWJ+h72aS36cyZf9lmbnxmqB3ddBupj57dmgoguTcq58dbLPT1BtXma+SxF8AavDaoQgRlEEYEkSWYBMEPkulJRxk4unCi/BXpNMgYshp/tk0PeaRimjphaqZvLj+fGZlT3Axfc0auZ3wBoYa4csWj5TVb6e+IvUqIgNpULFqhH5ysj8laTO2n7A/6TZTtoSicPR9wQEhNzFJzN+RIn6sM2m0vf0iOVZ6GGBHejQuGKWV3EsxMghsF6yn57fgSD5D4XJjn8rSGfD7afSBJ5G81ZanzkfbvBD0eGx1gofRspqRH2b+zkN6MJO9Lq2HFwaMvCE4C1LgFxF/ak2jY9FsVlswKPqP8v5zAE5mk+wlhPFC2ryyd5XIAHpd6XXevFQrsgTk1kxQ7C7+Lhvyn5oj9wOyn09lAPz1w2vgjOOfrwo3MBaoDddnEAdaV4MrJZr95ZZoIqCZ350E0UagdPsQhxE/sWWgmbPibmUIUKsqYM+u+sDtR/b28k5UMpZflSuiqD6BuECqEfSSHEneNHuQzr0WrafPxkUnMWQ9+ykkFW6yWDMUQASqFlY1yAzhvf6JmgLt1X9LZrnUXKBkpKttgf7tUvl+sx7U4BsUNXKfKchnG9IMu57LavhHK1kh3/I4NzeFOoywbTg9rM84FiMjW3uj/0jZEW2/Qk1ZpjGTiCoI5QFK22Dz9dhbJ8ddufmQPlVrLY7Ayk0KPFQJ9f8mviGW/XNh0bNxn9YT3kCOCj7X6D3gmupNIfQFGRxhEp3/MyqBoaO5+TJJFiatbjl5uIaoqP93v4CgRrs8ozwloKciHmDzMQdZqzXXeGytWIed3COiNv8lakKsuotNG3cz+ZlaVJLQluOdHQPYUdQefJrRpofnC1L6YM+HaLLnU+lh6RzLBDT8b3tpHuL4NpN7HPd/NKY2xSlquu1XFed34yYoca0T+bDi/pTvroRQqRhkPVMqH04Z/kaLUx10ek2bJzya9QHNJeuaILDFH1r1ssccBj3kb2R1xr9IsOk7blKk6Eu4GLT2N9hNpcAUMNX12mptrlPIH/rFEIrKqE9WP89Xtk+BbXDwyVcM5iwe1e54NXFpi5WIFgNSl5McU50xro6EhJvGsgPEuyMhAoC8+Hw+7hXxEI/pkf3PNim7Qxr5I4I0XYpZzhLDSiOMN17pZz2f/xzWUReVnJEkD+yL3x6/iynfzZDjrciqpyLbuN/vIoU0qNJsT6H9kSzt5t7rOt/bv2p6WHze6RAs9RCa5ql81wwrFn0pnKLYN1c4CpXj8fF4bbXabauaxhVojJXSF2UrY8bGDTDphuNXEY2gOBqYKTbAZ7lekgcwzw3xNJt5h2aIBXdTqnDZuQb+T9j4cU465b99HnE8DDJF1fPnAeCx3VdqEeh3DSJGT6YpbGhGuUSxE/aLOoLdw==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_00A3_01DA68AE.E75EF850"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f900d55-2512-45d6-c603-08dc36f85566
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2024 18:25:39.1911 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YiUY36QEIkPwYDdqbiQZCt0wkBUcfWeyq9f5/C+5/SN8n9SvSx+u4C9x7hu1cTCx/iigwZFeKhzpIi6laGX7zKqNiagpYnbKqpIIFcVeMK0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5428
X-Proofpoint-GUID: ZzVIIuo75cZCJiPaJaMfINEltUew9uSD
X-Proofpoint-ORIG-GUID: ZzVIIuo75cZCJiPaJaMfINEltUew9uSD
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-26_11,2024-02-26_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 clxscore=1011 priorityscore=1501 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 adultscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2402260139
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/eJAVCYiJ6ZsSs-M5I3a_WEaA5Wc>
Subject: [Rats] PKIX Attestation design team meeting notes 2024-02-26
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2024 18:25:50 -0000
As always, full notes are on github: https://github.com/lamps-wg/csr-attestation/blob/main/meetingNotes/2024-26-0 2.md Discussions LAMPS > csr-attestation Monty and Hannes' Examples PRs are ready for merging (except for formatting or merge conflicts). MikeO to do this before the 119 submission cutoff deadline on Mar 4. RATS > x509-evidence JP from Crypto4A presented the Crypto4A Attestation format for the group. I think this is a good time to reflect that the CSR work has dominated this design group so far, and the Evidence Format work has happened very piecewise and disjointedly. We should re-evaluate the design goal and scope to decide how big an ocean we are trying to boil. Perhaps we should be trying to reduce the set of claims to the bare minimum mandatory-to-implement claims (each represented by an OID) that a public CA needs, and then allow for extension with future standards or proprietary claims. Perhaps X.509, while common for carrying Attestations, is not the most elegant format, and a new outer ASN.1 structure should be used. We should also think about nesting-vs-flattening of platform attestations, multple key attestations, and potentially attestations of other types of HSM objects. Going into IETF 119, this is a good opportunity to review the C4A document, and restructure the proposal here. - - - Mike Ounsworth Software Security Architect (pronouns: he/him)
- [Rats] PKIX Attestation design team meeting notes… Mike Ounsworth