IETF Logo Mail Archive

Re: [Rats] Attestation Timing Definitions

"Eric Voit (evoit)" <evoit@cisco.com> Wed, 11 March 2020 12:58 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABAE83A1882 for <rats@ietfa.amsl.com>; Wed, 11 Mar 2020 05:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=PmHb0wki; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=IEEqMjcy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MuED-RgVKFwU for <rats@ietfa.amsl.com>; Wed, 11 Mar 2020 05:58:26 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11F563A1881 for <rats@ietf.org>; Wed, 11 Mar 2020 05:58:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25023; q=dns/txt; s=iport; t=1583931506; x=1585141106; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=eTLgkHrfdaQ0cTVkeR2vmu5t+nCXbhmSgmpk0Bs8yEI=; b=PmHb0wkiD/r0BS+MlK7doHV4yi3Qe4MnqgcFxTL8dYvDvxDoiHztkd+5 FlzdL3MOuLRnuo0F338XEW6X/59ourqN02eVoQOd/Q7zW5fSjHzsM1zKo lVb3pN3bo9puq0rbgAwrGhcNpFE9FoVpNJ/9SzwSoJJC9YHQyk+7/tSDu Q=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:g5qkERBZ09MU1We5vgg9UyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qg93kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuIeDtbjASF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DFCADl32he/51dJa1lHAEBAQEBBwEBEQEEBAEBgXuBJS9QBWwrLSAECyoKhAuDRQOKdYJfmBWBQoEQA1QCBwEBAQkDAQEtAgQBAYRDAoIMJDgTAgMBAQsBAQUBAQECAQUEbYVWDIVjAQEBAQMSEQQGEwEBNwEPAgEIEQECAQIWEgMCAgIwFAMGCAEBBAENBQgGFIMFgX1NAx8PAZ59AoE5iGJ1fzOCfwEBBYUeGIIFBwmBOIFTikoPGoFBP4ERR4JNPoJkBIEcEgESASMeFgmCUjKCLI10gneGF5kwCoI8g3KCPJBamzqOfJtUAgQCBAUCDgEBBYFpImdxcBWDJ1AYDY4dg3OKVXQCgSeMNgGBDwEB
X-IronPort-AV: E=Sophos;i="5.70,540,1574121600"; d="p7s'?scan'208,217";a="445686566"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Mar 2020 12:58:24 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 02BCwOVJ001950 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 11 Mar 2020 12:58:24 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 11 Mar 2020 07:58:23 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 11 Mar 2020 07:58:22 -0500
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 11 Mar 2020 07:58:22 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MFxTJxcQRYhoBEnIC8BCnT7llUIZOPJPjkNoLD/tzcEeVxqq7fnHwPco+i3/+zEkgYWBNx+194/rw/8o7LArQFVZGwZ96izW/abjHOHbTvsuVYobgm5u6xqGCBTLqVtuzy+BS9vwOUORHvvGA+aMvlt0yLoGipbxDvsnJlkzMgo04O/OLcOwT1dfR3TddlYxhJNxExYB48avbiwT0y2NugS6cLKt0vqiDqqgTgLJ5t0wzeEQkb0L76pUMcx8bG89HPwMygFtuUHCOUCmCpfIMQovdq2Z1q3sthIzOs23q45JHnUO0pEyrONZe0/XWxfvR5UhVlmH/otGjl6sYRmvTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=xiKa+BJ1PRrNOX9qipmYsR68e8JA5Dg3QM6kcVTPpls=; b=iae9NClocsGWKyXc05UaFkXBTLVaz5QnYUdQjo5LSDBIzJ8apqxLmoOTCyBbkFZrYb/1h01T8Z9VRI3PnQJexnEqJUFet/tGip143mx5qkcnLiRnl0nfsNxc9G71oohhXSJHOtOpPvGd7CkJ8cSv6Qx7BkKc+Hj9vPPGGutASRhye34kyB+SMasZu5NM5hBVJS7hDQbtmh1wsjPHI29IWAQA0eOpfnyLXpnffyuhEDjiXLMiWTi3Lf6kihBpEjmODDL0UThVyBYfhH8DF3ox2CYI2Jy7QFBz7pFiVBCyNhc6d1hBMkPyD3So9vqnX2+g41881qpDWziF47VMgJo3qw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xiKa+BJ1PRrNOX9qipmYsR68e8JA5Dg3QM6kcVTPpls=; b=IEEqMjcy84lhxOp/4TvFGFS4zTWdrJn1k6KwY0I4AAa3VQ9h1TFHdM5RBST4VftyiyowwgS1QSSmak+YefE1B8X4FD10VfzJqYHlBa4r2Di96G2Q5EwsEpaeyIs9jXBtbVCiNqMURKhdfY3O+FlRP2CoOYhhkZgpum6W4kYafio=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by BL0PR11MB3298.namprd11.prod.outlook.com (2603:10b6:208:66::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Wed, 11 Mar 2020 12:58:21 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::ec9a:6707:d1ba:ce30]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::ec9a:6707:d1ba:ce30%7]) with mapi id 15.20.2793.013; Wed, 11 Mar 2020 12:58:21 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "Smith, Ned" <ned.smith@intel.com>, Laurence Lundblade <lgl@island-resort.com>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation Timing Definitions
Thread-Index: AdX3Ey664zQelNNbRnODHHrrt7v6IwADGMYAAAC+SoAAIEJP8A==
Date: Wed, 11 Mar 2020 12:58:21 +0000
Message-ID: <BL0PR11MB31223B9B86C305CF563AD314A1FC0@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <BYAPR11MB31256F11BD86730AF9D21B6CA1FF0@BYAPR11MB3125.namprd11.prod.outlook.com> <CD539706-7F11-4FF1-8483-17F51329C014@island-resort.com> <205E0664-37D1-4BB0-978F-C431BFFB321C@intel.com>
In-Reply-To: <205E0664-37D1-4BB0-978F-C431BFFB321C@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7443507d-7d10-4841-f55f-08d7c5bbe0a4
x-ms-traffictypediagnostic: BL0PR11MB3298:
x-microsoft-antispam-prvs: <BL0PR11MB329827A3876FFD0498D785E5A1FC0@BL0PR11MB3298.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0339F89554
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(396003)(136003)(376002)(199004)(2906002)(26005)(76116006)(5660300002)(66476007)(9686003)(66616009)(66556008)(66446008)(55016002)(66946007)(64756008)(4326008)(81166006)(53546011)(9326002)(6506007)(86362001)(8936002)(478600001)(52536014)(316002)(8676002)(81156014)(186003)(110136005)(71200400001)(7696005)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR11MB3298; H:BL0PR11MB3122.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5L/naCbNHhB/Fpm9De94KIPFZwgB98m8Bh3gB9BD1FN6n+watRdbssQyKCfCCLeCZm6pgutcZPC4iqOTRj48ddLwGtYmof4PNcEB0Rf/Y+QA4QjBvSbeNICIHc3ctT3h5LfgFQl5jRtbc6rtUYmf1NtsEsEdknX9Ga3Vcpbzo/D/qIOoY7aRu+awGGc0frbndJjNGaRkmNjA+SYid31Ecvab4GKJpGs9GVKaYOajTGALvNdO+YGMyC72dLhraYxVSSs/QVCfWmz/cndlqsXbWT4CY+gF/JOugTva8R+bor5Fjq3j++1ygMH76nmYwUqSdgwJ1/71o5M6sDA5c6RoJG21a6W4+FI4vKPt6/zzRKf/r82wvWp9sg/3ncF2uy4FvHH1sROdlzYJGckuCti5326Ak5bkrGKJlK780gcOug8X0MWnjfJ/Y9DU5ulwFfVH
x-ms-exchange-antispam-messagedata: ffoOTgZWkosQPJ6psfW/sxnq1smUgmQotXok1GJgy73Ss0Chec+v6jeHtQBvUfE7AphNYf4IzVTAov2wHyERK+6JrudXSz2txv5F1kFMJM3fNteNAgY5cL+2d4keDkfb8NgvP14pG63qX9k5ZduEJQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0221_01D5F783.352DAD20"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7443507d-7d10-4841-f55f-08d7c5bbe0a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2020 12:58:21.3368 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aVJHghKsUkszDUHcKU/HBY4X84YDTMwyuRBxCLmXtuKfC5dSLsxq5rrhVUTd9qvY
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3298
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/freFSdQvkAC4GA3HC7jTmfavIl0>
Subject: Re: [Rats] Attestation Timing Definitions
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 12:58:29 -0000

Hi Ned,

 

From: Smith, Ned, March 10, 2020 5:26 PM



I second Laurence’s point about Attester sending AR to a RP or Attester sending Evidence to RP. 

The use case would benefit from separating ‘entity’ from ‘role’. The entity implementing the RP also implements a Verifier (V2) (This is because Evidence at time k is different from Evidence at time f. 

 

<eric> Agree.  Hopefully my answer to Laurence clarified that.   If at some point we desire to place a sequence diagram into a draft, then we absolutely need to ensure each row is easily referenceable.

 

Might be better to name them Evidence-E1 (at time f) and Evidence-E2 (at time k). Now the diagram can show E2 from Attester to Verifier-V2.

 

<eric> This is fine with me.  Right now I show "Attestation Result + Evidence".   But there is actually more than that in the variant of the Passport from draft-voit-rats-trusted-path-routing.

 

The RP is accepting two inputs AR1 (at time i) and AR2 (at time h). Note: AR at time k is actually mislabeled Evidence-E2, but also includes a “passport”(?) which is AR1. 

 

<eric> Agree.  Hopefully my answer to Laurence clarified that.   

 

What isn’t shown is AR2 which passes from V2 to RP. This is uninteresting from a standards perspective because it is a local flow. It is interesting from an architecture perspective because the third entity needs policies for both Evidence and A.Results and has to account for all the time variables. 

 

<eric> Wei's email contains a good depiction of this flow.

 

Eric

 

-Ned

 

From: RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> > on behalf of Laurence Lundblade <lgl@island-resort.com <mailto:lgl@island-resort.com> >
Date: Tuesday, March 10, 2020 at 2:05 PM
To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org <mailto:evoit=40cisco.com@dmarc.ietf.org> >
Cc: "rats@ietf.org <mailto:rats@ietf.org> " <rats@ietf.org <mailto:rats@ietf.org> >
Subject: Re: [Rats] Attestation Timing Definitions

 

 

 

On Mar 10, 2020, at 1:09 PM, Eric Voit (evoit) <evoit=40cisco.com@dmarc.ietf.org <mailto:evoit=40cisco.com@dmarc.ietf.org> > wrote:

 

2. Nonce based Composite Evidence Passport.  

This figure matches to the sequence diagram from Figure 3 of draft-voit-rats-trusted-path-routing

   ...----------.                     ...----------.  .---------------.

   | Attester |                     | Verifier |  | Relying Party |

   '----------'                     '----------'  '---------------'

      time(a)                             |               |

      time(b)                             |               |

        |                               time(c)           |

        |<-----nonce--------------------time(d)           |

      time(e)                             |               |

        |------Evidence---------------->time(f)           |

        |                               time(g){@time(h)} |

        |<-----Attestation Result-------time(i)           |

        |                                 |             time(c)

        |<-----nonce------------------------------------time(d)

      time(e)                             |               |

      time(j)                             |               |

      time(k)--Attestation Result---------------------->time(l)

        |                                 |             time(h)

 

Something seems off here. By my understanding of the passport model, the Attestation Result is the passport and can only be created by a Verifier. This diagram seems to show the Attester creating there Attestation Result. 

 

Seems like one fix is to remove the second nonce and time(e) and say the the Attestation Result is exactly the same in both occurrences — classic passport where the attester just passes the result through.

 

The other fix is to have the Attester produce a second Attestation Evidence that includes the first Attestation Result, route that to a second verifier and then on to the RP. Then you have composition.

 

I don’t think Attesters can produce Attestation Results.

 

LL

v2.23.0 | Report a Bug | By Email