Re: [Rats] using symmetric keys in an Endorsement/Verifier flow

"Smith, Ned" <ned.smith@intel.com> Mon, 08 February 2021 18:32 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7D9B3A1481 for <rats@ietfa.amsl.com>; Mon, 8 Feb 2021 10:32:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCkrolsNJ9V2 for <rats@ietfa.amsl.com>; Mon, 8 Feb 2021 10:32:33 -0800 (PST)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F16D03A1487 for <rats@ietf.org>; Mon, 8 Feb 2021 10:32:32 -0800 (PST)
IronPort-SDR: UXh0uo17MkpFGDRXeYTONiIMn0IOV/ilmfyPIEfEmzkPJ9b+SO2jIisJpGr3rf6rq7EI3YYgtC 9veHrofb3h2w==
X-IronPort-AV: E=McAfee;i="6000,8403,9889"; a="181904584"
X-IronPort-AV: E=Sophos;i="5.81,162,1610438400"; d="scan'208";a="181904584"
Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Feb 2021 10:32:31 -0800
IronPort-SDR: oRNgicSOS7hq0WJqtl0yRYxKlMdeiPgkHjdTg5Z+6h0dxwvFl9Khh/oKHATMMk70s+oOa9fwrS dxwF2mqqnjZg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.81,162,1610438400"; d="scan'208";a="435720903"
Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga001.jf.intel.com with ESMTP; 08 Feb 2021 10:32:31 -0800
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 8 Feb 2021 10:32:31 -0800
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Mon, 8 Feb 2021 10:32:31 -0800
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.43) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Mon, 8 Feb 2021 10:32:30 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Za0LxGwrSumPG220iPxgQuB6Kg4IZ6oMyfzOIjxvtWjpn+n/4RyytjtfpdkL96aMW3CwWL3G4tU895F11MOFu60TcmejOMWssOvkBHstp+ESMpBf5bH8gNV2Z3slpD2n2ZGPuz4zYgzEauCvO0zA78oGySDWs5OWeOg7ALeLvEslqLYKpotDdaOx9+PSx7Gygh+vhVwUq+Kuz29S3wlyC4u7vxuckMLvMJ1ZbETRd6VO+EQYVx4e4l9zRVrkBEgShZpSKA9gbMmD5zxHIewN7Ge5suQ7IGkk/FKv5JThPF/cl/onDKxy/JpH/AVncvCxI5NxYYEh9AsTbh8nfrRABA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JmCfHdLtZcDRQAe2KVvSGRN0aPed57lgK0mmmjhEjKs=; b=nF6B+H1y6yD1Pr9o+hZHZBQqF12gsBSlN2UgajxyxXg4A5YSdxppWVcDeJYq6cHXZaxNNGddsQPAUBZMrGxN6DSXbe200ltu6oZ8mAH3xjAzGXPvCWWTGdCYPW1ll6ye5PtV5KQSuKM7scacAPuxzKVVQXA7AZFT2AYiEA4a7bpHvIfFYlUrpuTod67UxhMZM7oaPSbh2uhogqhkL6Rt5W7e9d2kT3bxo6dvptuQFh2tV5Zmut/t52qfzwWpfU4vRnF4gGSfr2+iQ6fPC8FCrTA6lkYuGk9OwGufNg0kKDlrmOTYbbjuAY6UZp2uiX6yuSd4EXqQZGwLkM05qrxR/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JmCfHdLtZcDRQAe2KVvSGRN0aPed57lgK0mmmjhEjKs=; b=d853n1oKrFiIB1nJWKg9vE5wb4VnhKEQ7sRhahV5tbv/BL4DjpLfb4NqTQxXA9n6CQwFv2LF8IT/h8nPu38btHrqRChXz5lUOnMf6FcrjkLQZbxVRO1o1sDWTt55PVJPB/OnQSrroZ+PFsdvH6rEx6zi4uROBk+/m5DEfPlL8CM=
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by MW3PR11MB4586.namprd11.prod.outlook.com (2603:10b6:303:5e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.20; Mon, 8 Feb 2021 18:32:29 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::b424:905d:3819:d9f0]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::b424:905d:3819:d9f0%3]) with mapi id 15.20.3825.030; Mon, 8 Feb 2021 18:32:29 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Michael Richardson <mcr@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] using symmetric keys in an Endorsement/Verifier flow
Thread-Index: AQHW/Ad87nuluAxRZkKVUBhhoyzKFapOE1gA
Date: Mon, 8 Feb 2021 18:32:29 +0000
Message-ID: <FC34391E-023A-416B-BD43-39371C8A43D2@intel.com>
References: <31999.1612560697@localhost> <1568.1612561139@localhost>
In-Reply-To: <1568.1612561139@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=intel.com;
x-originating-ip: [50.53.43.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 013d215c-fa93-4bdc-e6a8-08d8cc5fe448
x-ms-traffictypediagnostic: MW3PR11MB4586:
x-microsoft-antispam-prvs: <MW3PR11MB4586774C85238567A69479A0E58F9@MW3PR11MB4586.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: h2wrq4RRpPw09ezX7lEQJaIkow8puveYVHTlH+akhRuUwxcpT0xbPGj0ebyUyIm0aNdm2423ZVIarLjSBiE5wFv2HyrQNFeXL3kwQbOwpTpF/DBHC/IKP92T+mX+6z+VgnyQdtax+Ggnj3Gj/jGwReKhfgJ8w+aSjcutPXvmWX4gpBxPNcQ+88sESfneJCujsCvK4NblaUwp2YlDje08F6SWQzXQ0noPbZdnpoeSBf0Ys/wkb0jj2B0g2SX7LMTt0RjB9GEA6bH7BY7QDeQ8nSoXDBAGHayeufdthgJhqJ3wWHXXh0nh5su3BdDZ5gG5r0hgjyEwoNXLAa4fxBPI6OeV/Lj1wTR+zu2vGV3Y4HpFPs/Q6jhrUg+1FKf5+vlmRI233pvyiY8mT8S1/t0VydNZoM3DaGhGOJ+HEmidMF60LPRUNlmlpEzZeYyHS3KkTJ6HealuwGcbP69X9mZ5l5kxesnkGGnZNcsORTzcXFaMXe175vxkUlgjpvWaBt9yXUvHu8Uh/3YN9uAW7GUQbBkpY5c5Yc/L+n05SkalEVaBioO6jkLAHYcnN1NHWDyHn7crGhlTm5NY1sOFSWoVx/tNqhYCOSuObiLUJJYDBaMGmETN354/cbeEd09XB7ftVIN2MSigdc0IPjeKlcdSMQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(136003)(376002)(39860400002)(396003)(366004)(83380400001)(86362001)(8936002)(5660300002)(76116006)(6506007)(316002)(6486002)(8676002)(966005)(110136005)(478600001)(66556008)(71200400001)(66446008)(66476007)(26005)(33656002)(186003)(6512007)(2616005)(66946007)(36756003)(2906002)(64756008)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?NUEzSzVHQ21USTVFT3VCQ3UxVEcxMU01bjlEUjBsWVNDL3Nsc3d4c1oyOTlS?= =?utf-8?B?MU1obkZ6VDRweWtCTjViR1QrZThmd1UzMlM1TDVyVURySzBBUDJuNlJISXkr?= =?utf-8?B?VHZVNTYrdHIwRWYra1dXQXF2S1JSVTdxOXVKZEhzcmJ3SmxFYnNDUVFpNG1K?= =?utf-8?B?U2xIK0dTYWhTSzlUVTlDTEF1MWFIQTNFUlpaZU8wQkEyVFZwQitURzhzemZq?= =?utf-8?B?OHd3RG44ZitIL3k1dHp2Wk5WamFZM1ZCUlZsNjB2dERTNm9hMHUzclMzdng1?= =?utf-8?B?aitOeGR2MkN3RGMxeUhhcnNoZTBDalQ4ZFBqaXBiYmRFT3RTRVExMW9ZQVVX?= =?utf-8?B?Y3UzMXJTTWEyRmJmSHgxMjF4M1FsU1grOWFmOXdOQmVUVXJZMk9wL0taTzJ2?= =?utf-8?B?TFlNZldEMGVvWXZqNHhLVkZzcUxIUTZ4ckxXK0Z4cWdpcThNbnRBSGQwT3dl?= =?utf-8?B?aHZCc05qcE1MZ3E2Vm9DeVd5MkxLaFpMaFN2cWlXODh4bnlHWXVDWTIybThS?= =?utf-8?B?bUM5NThFZFVPd1VNK0Q3amVNc21wWG10bHpnWlhObVpycE04cDZrU3ZEdEk5?= =?utf-8?B?ZTAyTnErNGcvajRDM1dTZW5PY3dmTDJtcXdBeUxQRXRodzhrQzVnVEdUeTFX?= =?utf-8?B?aXZuOGdFbFNiMXh5WVNyaFc4SjlkUVNEY0VyVWZqK2laUW5HUVFmUkhmclh0?= =?utf-8?B?VU0rTkp1cUpsbVFkbWRqQytmVEs3R085bGxJMHhzWTFiS0FyNTJLUlBkU1Zp?= =?utf-8?B?Y2dRV2hMSkFaRVl6TEFMS3ZWVzBIbGNYSzdKaSsvZTB1YitJNnFRSXB6UTIv?= =?utf-8?B?VUhzWTUzelkzN21OUVFXTHVYODluWGtCL2JsOWpmQUZyVk1tQ0JJekJHWGtH?= =?utf-8?B?OVp3QWkxL05hd0w0bWF0eUROTjYzZnIzUzh0bzdLbDRzV3Q4aDFhanNWSzE3?= =?utf-8?B?MHQrS3dSTHRSWFh5ekc4RFFLTWxNTElTMVBHSlkvb3Y2ZzBtK3JhWEZBNmtR?= =?utf-8?B?SVkxYjNOUE1YSXFHY2dLRWNMVlI0WUhXUjIrNENTNEN6K2o4cUJGV0taTEdz?= =?utf-8?B?K1FIelVwUlRMbklaY053R0d5a2Z3SituSWZiYzRrUFgwdDk2NnNjQ0I1WlRv?= =?utf-8?B?UnZzMmFFNlVVSTNsSG5CN3U2SC82eXo0TDlaeFJlNW93aER4YU5jNE90eHps?= =?utf-8?B?dzJIR081MklvSkRRTFJscGsvS2Yybmx6a0I3NkYrNy90emk3T1kzZG4zajlE?= =?utf-8?B?Mk9mTis2OG1zVnhwTmJsRG1TWXR0aThNWXVVRWJ1WkJQbjVoYXVBU2ZGNFRj?= =?utf-8?B?VGhSR1p1amVKRXdISGlnNWpOT1pXalVpSUVuRUJQSWtMY2doUkM4WWoxbXc4?= =?utf-8?B?MElTbk9sMEMzMWd0S2I0aU5MVWhpbTBGWnR5UkFrN3IwaC9pMG9lSlZRLzNz?= =?utf-8?B?bVcyQVpLc3FZWGR0SERPaUdTYlpRa1hZdnVrN29zaWFNNDNIQnJYN3pjY1Fh?= =?utf-8?B?SHVveGovVm5Ha0ZBc3p5eHlLNENSd29aZWVUZWN4WTlqQ1NCeTh6eVZTaUdN?= =?utf-8?B?eXQwY2F5emZUZVlNSDJMUDRnWFNkRVgxQ2pyTUtJRi9oRCt1SkYrZ1QvU1N6?= =?utf-8?B?bkRPUTRrcDJOUzJ1U214TlhDWXA1VzYzZXRQZjBkN3U2N2NDSGZrVTYwUVN4?= =?utf-8?B?aHgrR0czQTFaUEtDa0JSTk9LcEVMT0VHZTZ2dUVzZzJ6bWd1UjQ5N1pJUVVY?= =?utf-8?Q?podkfgU5txoCh75oIiCiHz3UqPzcSLV2Ka2jV70?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <B0A13F53D3FBB0498B17B77D62E1E398@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 013d215c-fa93-4bdc-e6a8-08d8cc5fe448
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2021 18:32:29.5712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8vELu4upExOGWpoV9KNUzqgjD01dnkvWFT/KFFzHbT3zmjRip26XmB4IwIRKrM2uU7DYT7LHhF6U4wBemg2ubg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4586
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/fD7MRVnlwuD354SNP4oPUWHWg0o>
Subject: Re: [Rats] using symmetric keys in an Endorsement/Verifier flow
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2021 18:32:35 -0000

+1 "Endorsements with symmetric verification keys should write another document"

This is a reason to re-charter. It would allow drafts that address the corner of the diagram that was ruled out of scope during chartering discussion to be written and adopted as a way to clarify content that isn't appropriate to include in an architecture draft.

-Ned

On 2/5/21, 1:40 PM, "RATS on behalf of Michael Richardson" <rats-bounces@ietf.org on behalf of mcr@sandelman.ca> wrote:


    In https://github.com/ietf-rats-wg/architecture/issues/162 it was argued that
    we needed to be clear that:

      "Endorsements should have confidentiality protection when carrying
      symmetric verification keys. "

    but, many of the Architecture Design Team didn't feel that the architecture
    was intended to provide any kind of specification on Endorsements.
    Within the dataflow diagram:
      https://www.ietf.org/archive/id/draft-ietf-rats-architecture-09.html#dataflow
      (attached below, for those who use a fixed-width font)
    That only the "Evidence" and "Attestation Results", which are between
    solid-lined entities was really in scope.  That the rest was for future
    documents.

    We felt that this requirement went into the Design Requirements which the
    IETF usually tries to stay out of, sticking to Functional Requirements.
    Further, we felt that the Functional Requirements in the RATS Architecture
    should not even cover Endorsements.
    At least, not in this edition of the document.

    The recommendation is that those who need to do Endorsements with symmetric
    verifification keys should write another document in which this topic would
    get adequately dealt with.



      ************   *************    ************    *****************
      * Endorser *   * Reference *    * Verifier *    * Relying Party *
      ************   * Value     *    *  Owner   *    *  Owner        *
         |           * Provider  *    ************    *****************
         |           *************          |                 |
         |                  |               |                 |
         |Endorsements      |Reference      |Appraisal        |Appraisal
         |                  |Values         |Policy           |Policy for
         |                  |               |for              |Attestation
         .-----------.      |               |Evidence         |Results
                     |      |               |                 |
                     |      |               |                 |
                     v      v               v                 |
                   .---------------------------.              |
            .----->|          Verifier         |------.       |
            |      '---------------------------'      |       |
            |                                         |       |
            |                              Attestation|       |
            |                              Results    |       |
            | Evidence                                |       |
            |                                         |       |
            |                                         v       v
      .----------.                                .---------------.
      | Attester |                                | Relying Party |
      '----------'                                '---------------'