Re: [Rats] Attestation of implementation vs authenticity of service

"Smith, Ned" <ned.smith@intel.com> Thu, 06 August 2020 18:38 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96CDF3A0DD4 for <rats@ietfa.amsl.com>; Thu, 6 Aug 2020 11:38:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kVwVG-51muFt for <rats@ietfa.amsl.com>; Thu, 6 Aug 2020 11:38:51 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EE553A0DD1 for <rats@ietf.org>; Thu, 6 Aug 2020 11:38:49 -0700 (PDT)
IronPort-SDR: BWKZiTOX0I4MCvES6O7K9lx1EaZifNGpN9BqwEeWf5bbxOqFvVm2mmYjqPx89XCxgsvdKCw+aS bb4TMdCSS0Iw==
X-IronPort-AV: E=McAfee;i="6000,8403,9705"; a="140493682"
X-IronPort-AV: E=Sophos;i="5.75,441,1589266800"; d="scan'208";a="140493682"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Aug 2020 11:38:49 -0700
IronPort-SDR: JwvSpVkdqT/mPAondwgqhlwpWAkg69Hyyip6DAPr3JaZGCi2bRV2DbtX13erBEvQigpavb3mM/ CB0+XtyBCrnw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,441,1589266800"; d="scan'208";a="323521722"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga008.jf.intel.com with ESMTP; 06 Aug 2020 11:38:49 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 6 Aug 2020 11:38:48 -0700
Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Thu, 6 Aug 2020 11:38:48 -0700
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 6 Aug 2020 11:38:45 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZNxmhFveuc5W7ilPFtBx8dGsHwYOOOJfFKfvrZ9CDOnZTAJjgIql5uDfbkh69uaa94oe9VdyGktCWiL+tnF8i8mK2clPWtT6DjO6GIpvJXAFaU0w0JzyWM0AzzgPXc+8rhHTUkoUQWjJl16/nmMhrhwODyDy8W2TwrO5gSPzlSMYeuOt9s4sv7/XHgWXABdgVhtooytkDjlNPBIepGdMmT+ZBW4d0cuYYo7GajfKfWg0St5DIudPUPQ3+auirc9KkF/P1c2ZwLNs2KqBVbOJmFHlnkgJS31OeS+M8q3M8+zy70VlCgANwUhxeBH1pfujKzjbmbLD5Zv/18iIxJWrHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Iy25sQ2h4lE2YbsjmDvYNF5YI7VpQpkgshnxjem5k0=; b=eNQqQGqlzRiziewvajZ5wWAMgX7+TyZjaCHLw+UtAbidMbgBmPm4bKvLdutFiebl2IWJLUSletQjh3bRZxgrPa6imzbFTQkMfd9MPAcjgVFGqczbqis8zR4OP1KeThdemIDLH8+z6G7Gv/kE87UFjZr8sM1hJzfXwI5UPNyv7KTOhMgHPpKIOxtTeCe/M2eNb+yztbWANuC5CbhzbC3dPUGvJPRmlTL8LsLtfYdR0QWd5JI5EeWyAA6cwgBt/jH6MlWZD9BIoh00nlWBChcjt6MlMsXIqsRXMQwDS9+gURR3z5Yr7iV7zlQxDLvcIySEsF0X9SYJiHZ5gHUo4i72SQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Iy25sQ2h4lE2YbsjmDvYNF5YI7VpQpkgshnxjem5k0=; b=g847qTowcmLL5/aetYTH+V18F7V/AGwkyCoBpK/dDoGhf4tyHWiAagM9hdlAMQdxUPzbFOaHwWz77jG9mvradkW33l4OK6ZpBmYpnk5Jkr783melZMPREnhp7fC0yxoFI6wWgRWthixQCXXoccd+AEFfqDsPUiIcSdkRmk+MpP0=
Received: from MWHPR11MB1439.namprd11.prod.outlook.com (2603:10b6:301:9::20) by MWHPR11MB1679.namprd11.prod.outlook.com (2603:10b6:301:f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19; Thu, 6 Aug 2020 18:38:44 +0000
Received: from MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::1fe:5ef0:8591:7fef]) by MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::1fe:5ef0:8591:7fef%8]) with mapi id 15.20.3261.019; Thu, 6 Aug 2020 18:38:44 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, Carsten Bormann <cabo@tzi.org>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation of implementation vs authenticity of service
Thread-Index: AQHWacg67ZPAUzhGPkunDF3Tboxri6kpaLyAgACEzwCAAQsqgA==
Date: Thu, 6 Aug 2020 18:38:44 +0000
Message-ID: <C5B1590C-CE1B-4797-BA82-84281BCB8006@intel.com>
References: <0B64B104-1BA0-4341-8470-A17D2C6AC181@island-resort.com> <B61BA81C-6E39-4B3D-83FB-336694E99DC5@tzi.org> <76845355-645C-4BD2-9599-50E33A419C51@island-resort.com>
In-Reply-To: <76845355-645C-4BD2-9599-50E33A419C51@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [50.53.43.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0520ed02-ecfe-4ae3-a410-08d83a37f2bb
x-ms-traffictypediagnostic: MWHPR11MB1679:
x-microsoft-antispam-prvs: <MWHPR11MB1679672ED8418BC7037454D5E5480@MWHPR11MB1679.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /VJf89WlJJL8JKrcraLClaLRxQdKawIcgr5u1K/xJjERBDC/c0DlixAOkwWylGZeqqY/X9aPhO3srgrpLCnjmIEXtrAo1MQmIdMha1+mWuXdJNCd2AdYw6dmwJbqHmS+c3Fwcwui7aSxTCdwcJ3hdYyjI1K+1IWbWhlJd7fUUjHgiB5ZeIvSBLhx0LK+UPdKY2157CWqToLKhoHMD3lnoP7GEZBhY2W+ADkhOzgt8EIVlP1CF/86TXRFNoBU8tC+v5VC1DI2Lmy7TOZUvspxQNwqjKQGbCdWM33sIxrnKlpc5MAehAZX6meBWwgo3X/040q7AvEwN5kpHviwo1i7ki2cYfezLJ2fzIDVN6603s0kfluuJp/69Jbe3eslo2av6AxrTWpNO5RVcZyltfAwMg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1439.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(86362001)(966005)(76116006)(66946007)(91956017)(66556008)(66446008)(8936002)(2616005)(36756003)(110136005)(66476007)(64756008)(8676002)(316002)(26005)(478600001)(83380400001)(71200400001)(2906002)(6486002)(186003)(33656002)(6512007)(4326008)(5660300002)(53546011)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: gJClFzMJgZZb0ca2OUXcoysoYVIlBL7V7F1yIhbdRNaRZOW7x98L0AAnk3YtgSRzTFZ7bLnUn7yq4zsTp9Uhl0KCXXCn6WrPeWLYdd0t+YwAtTrPwRBu0tr+FmL44FPlT3E4wSTv7m7tsae/7lGfPTqdYk9N+1V0tZq4/VUyOAOOQYG0MuHqpRxJuRhrKUBfzotosbauigDuntaidzBtgiiSb7nQSTJ1k2KFS74/6e+toFP0wq36FViRci/zWviUSrrVANgxS4p5MpJI2pzVLhN2py9r2SMXQdmoPRLTZxPyOUNZD8OujpQf0UVQRY2v/EIHMbpKEfTSGsVv9/Lrzd2tJM3nuMk4zeT4HXVo4ouWKc34U53fgAyXKU2iUOYtPASXEqVs09IglItI8o1U6IJAf+KEfUL3eW8fq4SWDYPsIT7fYD4oQsdjz3YCq/ZHa/9pwiekBZExshx4URMueRIqLyIG72eUaunzngwZFyF2LhAJpLV+Np0Hm6lvs6byDRmL9ypPi5OUi+pmwaFB7Tx6HC6ZTBmI/tghKyUJf6HErd+53jyqw8P1aLUKOJyi0mh/cBF1hDCejFNDPa1yDUSe89ScRX1ucWD0wARfxXPkmV7MqP7XfkCp/ihtNhY3xyNgsJu54/8garKJhqGnPg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E13E95B524F0174DBD0524165AF53813@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1439.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0520ed02-ecfe-4ae3-a410-08d83a37f2bb
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2020 18:38:44.1921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eu8znsRxY/a0bUeWLRdmz6iNxv5ThHzIwuj8HpI6IehvrK7wfF+6U7zlFCdoNTenONI7N7vpITZBMkROUbUeuA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1679
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/i6kiES0YdB6fHriTqXGU5HTHVdA>
Subject: Re: [Rats] Attestation of implementation vs authenticity of service
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2020 18:38:55 -0000

The RATS charter refers to "system component" as the initial focus for definition; which includes claims definition. The architecture makes it clear that claims can originate elsewhere as well. It seems reasonable that claims about services could be defined elsewhere, but still be conveyed / appraised using RATS WG defined architecture and technology. Alternatively it could be defined in RATS, but possibly with some charter adjustments to allow "services" scope?

-Ned

On 8/5/20, 12:42 PM, "RATS on behalf of Laurence Lundblade" <rats-bounces@ietf.org on behalf of lgl@island-resort.com> wrote:



    > On Aug 5, 2020, at 4:47 AM, Carsten Bormann <cabo@tzi.org> wrote:
    > 
    > On 2020-08-03, at 20:58, Laurence Lundblade <lgl@island-resort.com> wrote:
    >> 
    >> Service Authenticity
    >> 	• Focus is on the provider of the service, not the HW or SW
    >> 	• The legal entity of interest is the service provider
    >> 	• There is no equivalent of claims, but if there was they would be about the business or person operating the service
    >> 	• Example: a web site
    >> 	• Example: an email provider (IMAP service)
    >> 
    > 
    > Hi Laurence,
    > 
    > if you are talking about HTTPS, there is exactly one claim:  The service is speaking for a specific name (e.g., facebook.com).  All other claims are funneled through this one very special one.  Of course, the TLS handshake could be leveraged to do more than this one claim, but that is not what happens in HTTPS.

    Yes, agreed.

    Any notion of trustworthiness, regulatory compliance and such for a service is implied. We make heavy use of that implication and that is mostly OK. For example, knowing that facebook.com is Facebook Inc allows us to assume lots about the service from what we know of the company. 

    The equivalent for attestation would be just to name the manufacturer of the HW or SW. However, we are going far beyond that with all the Claims in the Evidence and Results.

    Maybe we should have Claims about services? For example, what regulatory statutes they meet. Where are they incorporated. A reference to their terms of service and privacy policy.

    That however seems like a new WG, not RATS.

    LL


    _______________________________________________
    RATS mailing list
    RATS@ietf.org
    https://www.ietf.org/mailman/listinfo/rats