IETF Logo Mail Archive

Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet

"Smith, Ned" <ned.smith@intel.com> Tue, 03 October 2023 22:25 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F93FC15108C for <rats@ietfa.amsl.com>; Tue, 3 Oct 2023 15:25:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id btPG3v7I-qwg for <rats@ietfa.amsl.com>; Tue, 3 Oct 2023 15:24:59 -0700 (PDT)
Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4923AC151065 for <rats@ietf.org>; Tue, 3 Oct 2023 15:24:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1696371899; x=1727907899; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=d/DCbJYc4JUU8rPWnMdEgv6vgDDySZLjOnrvjzPk43w=; b=nQ91cViIOlLlcgxZhEt1xG/MmaRX7017AbfoZIcxVn4pknzBqcN+DWzO ztDJYzPDWfTpHOYtNIJc+nEIdbQPUgAXwp2fa06hRGLbWAxPcZ7M78ne9 YrRbePXZkDyV0Ce2iAhqd8ibC7LxCgI+E4wsFKoLf2xCVCvvAOaqPU5bB U3gbgEsFD7YG20D8ybuunGWajJJx+2BnR0jYZ+JzenqiX7IE91ajNVfxb ZtDYz/L7jPJROWPzD7D/wi0HIMM5wb0f5m9knrx8muVRaK1LbQzRUQ3KI bNxko4yvypslRuRRrtUf2/PB9tnNgObn0w+B3csEWPoiL0V9rfbPTiEdw Q==;
X-IronPort-AV: E=McAfee;i="6600,9927,10852"; a="386863702"
X-IronPort-AV: E=Sophos;i="6.03,198,1694761200"; d="scan'208,217";a="386863702"
Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Oct 2023 15:24:58 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10852"; a="841524255"
X-IronPort-AV: E=Sophos;i="6.03,198,1694761200"; d="scan'208,217";a="841524255"
Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by FMSMGA003.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 03 Oct 2023 15:24:58 -0700
Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Tue, 3 Oct 2023 15:24:57 -0700
Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Tue, 3 Oct 2023 15:24:57 -0700
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32 via Frontend Transport; Tue, 3 Oct 2023 15:24:57 -0700
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.48) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.32; Tue, 3 Oct 2023 15:24:56 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mLC3uo6pDu6jtmIPSc85kzkGXPAjIFzAu4mjlnzY0JtnpuYK0KMgiOcTqSe27QUiku2AlMLmM49jlH5wD0SXHQPnUP3EVIDPZIbDuQeBAo4Jk+zCXeevEKSDWpZkrdocq93nZxAKteGwULNCINK0idt01KxRT1zl9N7EDyhjo42FZ0kNRL5HYDLbItsDyHiQIqVmOyFPn4UJKJZOwri4wahhldhA88dsTR4Q5iQchTUFY4ObwxkxyVVW4K+8yiPosD7OBBQ0qY5/FE053i+ELjDX+ZDOrbEOB1cge8OXUkvyVYGfF+7i0IQHKCpfVLaslIKEC7u/JpPu/jfWzHLJFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d/DCbJYc4JUU8rPWnMdEgv6vgDDySZLjOnrvjzPk43w=; b=X1yyM7DP7j0XV6JCnp4VsBZdhcj0/HByeerJwomIKkfgwP4wYZmmqlvns27kNz8aEtPs20tZdWe1dTC05MJI38s4Tw3AnCWx38uMEnvpi2Y9VQOIYcvmFn+DtJr6L2GucMTHbOiisMTzilILT3MLfDZoF4UZgKV9UvzR1xLTB/rYnNXKuZUSKkiXo9n5CArk/anfjUlqjXYFlZE6j1GKVzjRR/ALptEKZ/hVfBRSP8/or3RSfGW8abEyxwkB4X3hsihm2Rp1DfTd3nQ+LdbulPJulNnuseiQTxRqZfiv0gkC6NfEyzK9zGewdgVla6pV30T89+Ke97EVHfMlKssF5w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by MW4PR11MB7006.namprd11.prod.outlook.com (2603:10b6:303:22f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.21; Tue, 3 Oct 2023 22:24:53 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9%7]) with mapi id 15.20.6838.027; Tue, 3 Oct 2023 22:24:53 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "dthaler1968=40googlemail.com@dmarc.ietf.org" <dthaler1968=40googlemail.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>, "iab@iab.org" <iab@iab.org>, Michael Richardson <mcr+ietf@sandelman.ca>
Thread-Topic: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet
Thread-Index: AQHZ9XFHoYXW2Rzq/U2DeqRmHEHRSbA3VEUAgAEqLoCAAAUagP//rROA
Date: Tue, 03 Oct 2023 22:24:53 +0000
Message-ID: <C199AC7D-74A7-41A9-94B7-812DBED57B29@intel.com>
References: <169627945480.62917.5309122275327869344@ietfa.amsl.com> <16966.1696299372@localhost> <12f601d9f634$abe84ac0$03b8e040$@gmail.com> <CAHbuEH4KLyb-wACba3fOjufDWmkva3sENNy+BmZf-BFT6NK_VA@mail.gmail.com>
In-Reply-To: <CAHbuEH4KLyb-wACba3fOjufDWmkva3sENNy+BmZf-BFT6NK_VA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.77.23091703
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB5169:EE_|MW4PR11MB7006:EE_
x-ms-office365-filtering-correlation-id: f39a65c9-8e1c-4d48-eb60-08dbc45f9118
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XJ7L6fEAguTlbc5QP6AUmPpTL0zdDrHvHul/8wEe9IfcQfuewjChQ5nU03vOoJv+4MV6UIt93e4I3z+SHxBJ0VAP/UzeGgzzZa5iYQ1MVctVVbOGM2goPbIWZIlJYAYr7BjsAnP6jR/MOIvJ5rVmZ2r8luTpaNJsJlpIVNdkUGQHAxa+65RQNxy5g930VBz+wZlY/JXrenRSAgpPpcc2U/E4N+eBqb6girNTYHVHRkeVASwzb7t7jOJ2B6GOpZC5FRd7nd1o2qYZIL/1b+Lcgqxq4fhg9qdPfUZqr4VLjE9dUCMPgcK4gee/D6JMXnJfgG4XvOEImwPxJOd4sRfx6E6ED17VQvRvi7gGMXYIfqB49OMKfCr56+IUTth5h6rAI4lp9pt+sHJTlHrBh0B8GD7DdioKhdiH6J/p68f3LsfSKW0qpJM+wqhxFDin5p4ESlrWbcTfHmi58hNn87K3QisIq81hOH3g8nnHVOjF8ryf0Ih9wmMb6m38FxwnJgMg/JmwV3Rk103bI6GRPbzohoBj/2vdavH8I+StxNR8y9nQpywytKQzd8KG0EmVtuBYqyJB52EYqJSKQ78scMRlgbVbnarh8jfmZ4FVU5qI4Fu6sFKaaiEgoIVeLaT83wfc1guRFl40ASHdOmf/FaA9Jg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(136003)(376002)(346002)(39860400002)(366004)(396003)(230922051799003)(64100799003)(451199024)(1800799009)(186009)(478600001)(2616005)(71200400001)(6512007)(6486002)(53546011)(6506007)(83380400001)(316002)(966005)(26005)(66574015)(2906002)(76116006)(66556008)(5660300002)(110136005)(66446008)(41300700001)(66946007)(64756008)(8676002)(8936002)(36756003)(33656002)(166002)(38070700005)(122000001)(38100700002)(86362001)(82960400001)(66476007)(66899024)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kEQnhOJn9xHW81eSGwfkHUTiO2nY+voIlgFRlwDAu46WqzCaOjnmkEa3FNP936B68Lq4IAatpT+jAewuAP6NTvRiCrfzSQth0l93uV1LlosMYuYZ8+mLsMjgYumnRPnjJlANG1zTew/RmHJzA1PL4NDcfiFkQ+nkEQBjO4R/c8Ovy9w2Ut/egMwijWFa2kOS4C390r/rWTzrXxEgJ3EFfQaLizhsVdQx2gkhve9FeftsJfA2AGzTzY/giuzI3uX3JCf8cGofP/+wRVDtJZMoBDUFL5srwcPiPnoO1NqFTPfPRPAKk5X9Auihh5Wx33HeS/iXRKvn6ugzZWPjP/xpNmERcRUV6basEQAhpi3OweLSoAYKg9yuqrVD022hfm/fBZYQ+YyMiyxNNgqiZxja3ekIMYkqlINU7PUEJaKAJCOqfCAWwfWNt9cbN5FApYon3GdTJPA+gE1+rr/bsh3ar0PHSXmpFsvPgnz6AzQM5JPkpIfU7qL0KkJG9kKC/zCwgQIWp7RmU0a+Y0U4Vodt4GvPcfivosOv1mcxZk8cPTrkQSy9yVTcEGmrsfQybtFIS4j5J7i8LYS+5PAush6A8PBkMzmw7KrCmgPy1Tpdf+wYijNoicLw2SMENxZH49DXXX5J/6VppZHFatNoSw9q8ic5lc2ONqNVmaJ9lgchq3/NeJTDLIPgjxzliWy/xSN3sFQCHbCEPf6oaejZ0bodSReOEmu4M2am3t5CLdoOWiFKO9+XLg/kcotjLIqtXIL0l1JD5CevNFp1/b0AiNVTDgE6M0EjbpwEqRhVyZNbdLqa4hKEjXPHTDKB6vIprvY6wzwwZlVqRpiYNZw4HDjbyNCR3nnurifjTTw57T9gZuPXb02+OPSErfG9+w5nJMwtgt3qOn3OJDCHgH07xAMRZuFelGkDeIxEJNBxoSJuhHKLz2rOugC1y9TFFLmK65Oxdr6IzqsstgG1cwNtu9QwyWf0U6KzQ8G+ZjlwdwGkj5RN6a4jAwpW4JJ8hjyhn3vit2hkqbFELaQVEm62wxQCkXGBzaVnAa0aIDFvR1prtH6z/f+QLRILysBZX4qHNHsu6ThX/wOtisACTufqyTeWi8gke1CJn5MJ9GKw412MKPOze7KChvbQVWca95n6c573dU84ljTP7mXF/R0m2m7ivEQ4Oi4a5g3iBnNismoJP9kAJnQj+c5ONRj+DkGprI0grHGBI8VVJNIbLzG9oxaoK+GgzDR93GpZBjBl++lmLeu19fiGjZNlDdfMAZ8deuA4vGZKeKqeC4dpwXQu0RzTZJX2rgtUC2V+IXS4vZeJzxMkcbDvZWWXHh7vM+Fxbnxq8sLvuzw7A7oDysMtIgsc3hg/mSk8BoML7bu8ma9PC6/IVA8LrodQJoBwe1cP8ZJG4lNQdfFefgNRFcBWFlhXd6tKcZUjFYuIdR+X1RnsOPcUQebN8uJ1/RFWHFc2JLNCRI4YpIWmGKChYu1DSnfSItSvLLPfnUa8CDW6VJyO1o/OnTVH/Pd+BRSVO/YA1hOsQQERO4kmLqyMukh2Rfq1kmqfNVJDWZA8Hx6MEgvE3Qa3qyKcjnCJkCc0EEaJCMyM
Content-Type: multipart/alternative; boundary="_000_C199AC7D74A741A994B7812DBED57B29intelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f39a65c9-8e1c-4d48-eb60-08dbc45f9118
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2023 22:24:53.8171 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1wJineS/zxpqtgXI4XBs3lAZGWqXarsLL5AQtw1NSk1RQEXn8WPdNR7KHYBfiv3/6B/66fsNpqGZuYCnSewzSA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB7006
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/gvUQqKtotr9FjiNRBqMqmPXBmOk>
Subject: Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Oct 2023 22:25:04 -0000

+1 to comments from Michael, Dave, and Kathleen.

I have procedural concerns with the IAB statement as it seems to endorse the opinion of the Web Environment Integrity<https://github.com/RupertBenWiser/Web-Environment-Integrity> authors, which is not an official IETF document AFAIK. Consequently, it is difficult to assess whether the IAB endorsement reflects broader consensus within the IETF.

It is good to see a discussion thread starting that considers issues, use cases, requirements, and concerns of attestation in the broader web context, but the culture of the IETF would be to have that discussion before the IAB formalizes an opinion.

-Ned

From: RATS <rats-bounces@ietf.org> on behalf of Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tuesday, October 3, 2023 at 1:22 PM
To: "dthaler1968=40googlemail.com@dmarc.ietf.org" <dthaler1968=40googlemail.com@dmarc.ietf.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "iab@iab.org" <iab@iab.org>, "rats@ietf.org" <rats@ietf.org>
Subject: Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet

Greetings.

I would also be happy to work with the IAB to create a better statement. I am in agreement with Michael and Dave. The current statement reads as though some uses of attestation were conflated in ways those of us working on it would have been able to assist to provide greater clarity towards the goals of the IAB for openness.

The ability to assure the firmware and software of a system using standards and widely deployed hardware is critical to leveling the playing field for security, better serving those with fewer resources. The technology has the potential to reduce the need for external scanners, while enabling lower cost methods to implement integrity and posture assurance with standard formats and protocols. More likely, it will provide a method of assurance for those with few resources. Those with more resources might use attestation plus external scanning tools that are in use today. These checks on software or system changes also aids in the detection of lateral movement of attackers. The earlier attackers can be detected, the better for those impacted. Attestation provides a standards based method to implement this integrity checking to meet zero trust requirements.

Thank you for considering these comments and the offer to assist.

Best regards,
Kathleen

On Tue, Oct 3, 2023 at 4:03 PM <dthaler1968=40googlemail.com@dmarc.ietf.org<mailto:40googlemail.com@dmarc.ietf.org>> wrote:
Michael Richardson writes:
> IAB Executive Administrative Manager <execd@iab.org<mailto:execd@iab.org>> wrote:
>     > On 25 September 2023, the Internet Architecture Board (IAB) posted a
>     > new IAB Statement on the Risks of Attestation of Software and Hardware
>     > on the Open Internet[1].
>
>     > [1]
>     > https://datatracker.ietf.org/doc/statement-iab-statement-on-the-risks-of-
> attestation-of-software-and-hardware-on-the-open-internet/
>
> It's an interesting statement, and I suspect that I agree with the intent.
> As written, it fails to inform: you need to know what the treacherous uses of
> remote attestation are (and then take two steps not detailed in this
> statement) in order to understand the statement.
> I think that this should be revised, and it shouldn't be so timid.
>
> As an author of RFC9334, I'm rather surprised that this statement was issued
> without any consultation with us.
>
> As written, I find this statement useless.
> I would be happy to work with the IAB to craft a better statement.

I have to say I 100% agree with Michael here.  I admit I too had a fairly strong negative emotional
reaction reading the IAB statement, very similar to early drafts of draft-iab-protocol-maintenance
which I provided feedback about it being potentially harmful as worded, and we worked to
improve it to become a much better document RFC 9413.   I had provided feedback saying
that I agreed with much of the intent, but the way it was worded could be taken to promote
harmful principles that were not intended.   I have exactly the same feedback on this IAB
statement.

Some specific feedback follows.

> the use of such attestation as a barrier to access otherwise open protocols and services
> would negatively impact the evolution of the Internet as a whole

Analogy: disallowing access to those who cannot attest is in many ways analogous to
disallowing access to those who cannot use encryption.   Thus, by extension the IAB could equally say
"the requirement to use encryption everywhere as a barrier to access otherwise open services
would negatively impact the evolution of the Internet as a whole".   I, and I suspect many others,
would disagree with that principle, that encrypting everywhere is important to secure the
Internet and allow open services to continue being open and viable.   I would argue that
a comparison between attest-everywhere and encrypt-everywhere is valid.
(Full disclosure: I am the author of the statement "Every authentication use case is an
attestation use case." and my response here is consistent with that.)

> Adding client attestation into otherwise open systems can significantly reduce openness for the Internet broadly.

I think this is a red herring / mischaracterization.  The use of attestation does not reduce openness any more
than the use of authentication or encryption do.   You might argue that authentication and encryption both
DO reduce openness, and you might have a valid point there.   But in all three cases, I argue it's not the addition
of the technology itself that reduces openness, it's specific POLICIES that one can apply.   And those policies
could be done with authentication (e.g., restricting what type of identity, or what domain you connect from,
what IP address range you connect from, etc.) too.   In my view, the IAB would be better replacing the statement
about attestation with a statement about policy restrictions regardless of whether we're talking about authentication
or attestation.

> Attestation of client software and hardware is distinct from user authentication. User authentication verifies
> the identity of a user or a credential associated with a user, and is compatible with any implementation that
> supports the correct form of authentication.

I appreciate the IAB trying to do a compare/contrast here.  But I think the IAB misses a number of key points here.
User authentication does not mean the request actually originated from that user nor that the user consented to it,
and so is weak security without attestation.  Only authentication with attestation can ensure that it was not
compromised by malware subverting the user's intent, and so the IAB statement can be misread as an argument
against security, much like arguing against encrypting everywhere would.
More on "is compatible with any implementation" below.

> In contrast, attestation of client software and hardware places explicit restrictions on the implementations
> that are allowed to participate in the protocol.

Again, only in the same sense as requiring encryption does.  Specific POLICY can place restrictions on implementations,
but that's the policy not the existence of attestation itself.

> Restricting access via attestation of software or hardware would limit the development of new protocols and
> extensions to existing protocols, lock users into a limited ecosystem of applications, and hamper the ability
> to audit implementations, conduct measurements, or perform essential security research.

One could make the same statement about "Restricting access via requiring encryption would limit ..." or
"Restricting access via POLICIES around user authentication would limit...".  And I suspect there would be
lots of interesting discussion around those two claims too.   Calling out attestation here specifically seems
to me to more confuse the issue than help.

> The IAB invites those in the industry and standards community working on client attestation in open services
> to engage with the relevant IETF working groups (in particular, Privacy Pass and RATS)

To echo Michael's comment, I think those of us in the IETF RATS WG would invite those in the IAB to engage
with the WG to revise the IAB statement.

Thanks for listening,
Dave Thaler






_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats


--

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email