Re: [Rats] should base architecture mandate a distributed structure for Endorsements

"Smith, Ned" <ned.smith@intel.com> Fri, 04 September 2020 15:57 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D8CD3A0E7B for <rats@ietfa.amsl.com>; Fri, 4 Sep 2020 08:57:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fo7XIGki_L3c for <rats@ietfa.amsl.com>; Fri, 4 Sep 2020 08:57:53 -0700 (PDT)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EEEF3A0E76 for <rats@ietf.org>; Fri, 4 Sep 2020 08:57:53 -0700 (PDT)
IronPort-SDR: PBXdBU3+lR69z1zdxg2fLfZeYP4RmzIQClbq1aeA7IaHzGVYFJkiydbtre1u9Zux8GYH8bD+KP oiNuQveMsW+Q==
X-IronPort-AV: E=McAfee;i="6000,8403,9734"; a="221977234"
X-IronPort-AV: E=Sophos;i="5.76,390,1592895600"; d="scan'208,217";a="221977234"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Sep 2020 08:57:52 -0700
IronPort-SDR: qlRUgeCEh0zNesNvNq8kT+WhuwMIGf47TwexNsbxzqJnLLyV61QNJ9jiCIL31Pb8k9zjpZCKZb jxHC9Chm90+g==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.76,390,1592895600"; d="scan'208,217";a="405884412"
Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga001.fm.intel.com with ESMTP; 04 Sep 2020 08:57:52 -0700
Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 4 Sep 2020 08:57:51 -0700
Received: from fmsmsx605.amr.corp.intel.com (10.18.126.85) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 4 Sep 2020 08:57:51 -0700
Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Fri, 4 Sep 2020 08:57:51 -0700
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.169) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Fri, 4 Sep 2020 08:57:43 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eJQrzAnXUVmg2+w5nfR07amCUBuD22IHh3M0VkmHZ3Oi+6KVedukQZzqGhg+v2TWntDig8VKI5nRuyUCJziWlN3aJpbPPxRdZZpiXU/fdUP4qoBXtTFAgB+LNr1tjU0MgINsUivhTSf3EzEkXIUaRYGaB4pZzb2aR8vNKnAASHhrpefLH4qbzXiuRJJUDJY/L6dblPLHn59J4CPASz0ZL32cklCirPNwwo03ScpWTt7iA5kMgVX4Cr8ffmBTsu8wHl/RxVBbpyaOjV4XFfd5h62h3pghVKss7haCFoVccfyb/ULuieXzGaNeoQrJpzheeIBu0vKyVtPlSCUieXjunw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+iZqyozGUMnUXkcJphmdFRI3E1tZkCJPTUzLUkrC9Ms=; b=G7OJg4nuKNI2J+klgOA5hCGroM6RX9cB21Av8dd7ZNFMlZHaW6268bsMZy7vkbHbqfDYjyppRZPnhXpgkin7ix1tuR7jqIbrf5PTdV0uXhqIfjp5N/i2xcUsyELOrniz4KUPOkYreN25OMjepnfj5U7krKOl40Iz4Xi1nDjfljdPm4iWR5iIHq9q3QFZlcmr3rvJ6z3ElDp+X3CnSThWbH73Fnit6d5iiYF34hKTIFEhpyiW5PB8rezd+zHyuwKlFTd+SxDruN8cl0usCpolDn7GAfr9vU10xqHFDdpKT1Pdkj5rJ2PoBvF+n+1ZGC1qDtGFPl1dimbQVdVR2MOKlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+iZqyozGUMnUXkcJphmdFRI3E1tZkCJPTUzLUkrC9Ms=; b=mq9mCe1cd4J/Vi4ha27XJ0T2I/Pph6LWbSfCRG2ikbxIr+nOHS2vzxBEuNpq5Uvvi08EoyaLWYNUDuw0SlELLb4nTO/uBdQqNePUetZAGtwThXXXpGYmqPx9ikCYXdyDY+3fbAAlQDnwtp0jnejrkn1HoFg5QpLc7jmpokKAl6I=
Received: from MWHPR11MB1439.namprd11.prod.outlook.com (2603:10b6:301:9::20) by MW3PR11MB4556.namprd11.prod.outlook.com (2603:10b6:303:5b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Fri, 4 Sep 2020 15:57:42 +0000
Received: from MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::1fe:5ef0:8591:7fef]) by MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::1fe:5ef0:8591:7fef%8]) with mapi id 15.20.3348.015; Fri, 4 Sep 2020 15:57:41 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] should base architecture mandate a distributed structure for Endorsements
Thread-Index: AQHWaBtQXcKzImQ9TkyEMExoWpXcxakjpksAgAPOK4CAAPEcgIAv/RwA
Date: Fri, 4 Sep 2020 15:57:41 +0000
Message-ID: <83E20ABA-D8F2-479A-81A2-EB5F471E9F86@intel.com>
References: <B1E7A6D0-4A08-494F-A065-9D1025A4E209@island-resort.com> <4445014C-A191-4885-BE67-5502EF3E551F@intel.com> <413326C7-E1BA-43A1-BAD0-015AC0B5AD0F@island-resort.com> <MWHPR11MB1439D21DA4B20ABCC97214F2E5720@MWHPR11MB1439.namprd11.prod.outlook.com> <2900.1596296932@localhost> <7A5BB0EB-BA4F-4210-87C0-E9F9C6C23979@island-resort.com> <88357bf6-5fe0-ebd3-fd2a-4383223715f5@sit.fraunhofer.de> <64EC2783-2E6A-49BE-901F-9A0B8581F9AA@island-resort.com>
In-Reply-To: <64EC2783-2E6A-49BE-901F-9A0B8581F9AA@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [50.53.43.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 39d39c2a-785c-4af0-84c2-08d850eb4188
x-ms-traffictypediagnostic: MW3PR11MB4556:
x-microsoft-antispam-prvs: <MW3PR11MB4556433EEDAAA546252593B1E52D0@MW3PR11MB4556.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JHSYFzK9a53cwtnJmJ+hIukDMCduKWdbiv151+M+Y6/A9VcChl19KPFK5XaflJajnhGxGXpHXhSw0OUPr2VI82tp5Z8Me3brffW/8X+61PLVaUUTGuJCagNmB6UvnhsFqzave0GO7UG5SJtTcxUJtGVtdQasff9IqnMRaCiueFbZBjx0DmP1vX2MCyJ+cO5HBx6RB4b1bCy7fEJhygvYr8K79bcWPTNbARaRGz8O531Z58yAm912z9t/6P7jYJav/qk3xHqXRTG2lRn7E0SsLtjTQaqllJCPUX3xc1YwRoefH240d+vFzu3zfUBITq5u
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1439.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(396003)(366004)(39860400002)(346002)(86362001)(76116006)(66446008)(66476007)(66556008)(478600001)(5660300002)(36756003)(66946007)(4326008)(64756008)(2616005)(2906002)(33656002)(26005)(6486002)(186003)(71200400001)(6512007)(316002)(83380400001)(8936002)(54906003)(8676002)(110136005)(53546011)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: qqTcxzxXrljKBw1DvSEokTo8ebH4gFJAKpJRJKPOs/iNUvXz94XXPuOTpMbqHkeu7pL62d9Lv1ppfsltfIzYtuxGkEHQLX0QNHYdPiZeg94oyO0owoXEV69HhdS7FXpvytiah+1n96vpGu1TWzA6QoOuzu/QxZigVGfWafY/z90/GN0vHp5Z5oUQcD0qjpO60fV87LWzQH3+Vno7akMQiCPlBgcr4hfrtcKxfOuZQGPXVeKSjxVj06akHSJTTYM1zANi4xzoIba0Y6/P2vEm6wte7SSQIRY3YEfXHUIupP48QeUDdgIvi4b2x0pWPFWUeqREx6UNRUuFGnDJnXtE71IiAOcckyj8FKpeGPKq8GCIvc/HJljuOEJMhyX3vn4mFyxMuSp+Ohcb1lAFU2K8DbQDRVoqpy6MPVpNVZ9eyK7kEw/kQcvqmuQqZ4LHmm9MdzlgEBktbLYrjO99G353YL+GT6Z8LaYS7yYFCyfRTbJFJjX0SyDVFBIche01+HGgkM1X5GlWEU3qklszdvnLjlLwmD9RTMpkNSiRNVPJPM0ERBDWbIVD1UbQ0HL4bgcFNlnpJ8o5z7v9KJBuJe4YEvRVeX9Z7tEykl9U+EfyRhbv1LLUlh5FEb/bEYbQ+aOw2aWXqMhy1zTsKavuxI6LRA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_83E20ABAD8F2479A81A2EB5F471E9F86intelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1439.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 39d39c2a-785c-4af0-84c2-08d850eb4188
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2020 15:57:41.8098 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jcNdkPttwReUCvn4xp0uCCf3awJJPuqLlMble56RMmdYesNLqg08qBze+/HCyV/S88Qn9qB+sNlwZm/qrYq9xA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4556
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/g4lzoNjfGA8JuKb3drkvVQhIi8s>
Subject: Re: [Rats] should base architecture mandate a distributed structure for Endorsements
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2020 15:57:55 -0000

Conveyance of verification keying material would be included given the expectation that the Endorsement arrow is intended to be inclusive (“exhaustive”) of everything an Endorser (mfg, supplyer, vendor) might convey to a Verifier. Given that as a starting condition, there isn’t anything that someone can come up with that this version of the architecture filters / restricts.

Are we OK with the wording in rev 6 of the architecture draft in this regard?
-Ned

From: RATS <rats-bounces@ietf.org> on behalf of Laurence Lundblade <lgl@island-resort.com>
Date: Tuesday, August 4, 2020 at 1:07 PM
To: Henk Berkholz <henk.birkholz@sit.fraunhofer.de>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>ca>, "rats@ietf.org" <rats@ietf.org>
Subject: Re: [Rats] should base architecture mandate a distributed structure for Endorsements

below.

On Aug 3, 2020, at 10:44 PM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>> wrote:

A single vital comment in-line:

On 01.08.20 21:37, Laurence Lundblade wrote:

On Aug 1, 2020, at 8:48 AM, Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>> wrote:

...

There are other use cases in which the Verifier will be configured with all
the information that it needs.  Is a configuration file, loaded by a trusted
operator, a "secure statement"?
I think so, and this is why we used this wording. (B)
My view is that the arrows in the diagram show the complete and exhaustive inputs of relevance to attestation.

Probably adjusting the expectations of the arrows in the diagrams wrt to "completeness" can mitigate this issue at it's root?

Not sure what you’re thinking.

My main thought is that verification key material is one of the most important things in the architecture. It should be explicitly discussed in the architecture (like nonces) and it must be go over the arrow between the Endorser/Manufacturer and the Verifier.

LL