[Rats] PKIX Attestation design team meeting notes 2024-02-12
Mike Ounsworth <Mike.Ounsworth@entrust.com> Mon, 12 February 2024 18:28 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB57C14F600; Mon, 12 Feb 2024 10:28:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsVEBJxlfq4M; Mon, 12 Feb 2024 10:28:42 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94B8BC15153E; Mon, 12 Feb 2024 10:28:42 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41CE8n3H000658; Mon, 12 Feb 2024 12:28:40 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:subject:date:message-id:content-type:mime-version; s= mail1; bh=0tY3cekMLxu/+gdOE4QCL1DcxAVfJbwO5zyIb9Egs9w=; b=QZO6YQ 7xFttAS8Cw4SNS/XEqWOJCNZLG6kUsomAjiN+raIT5oM9oI6msMDdgU8h1/LuOBS a9bdZZ2hnJIM5pRxgDbwrzvYKcCn4rF+7Q82jYnYyc99pTJDjlQFpw9jhhJ22rHw nIiB1A1bfD9JyJw3UEy7EWA/Ehvn82W8FBL01G5Lmez9pRnnvF2q0tV8xn1jZe63 1o4kpiwZLBG6WdPHNm5RB7ADu8wyYx8uHwQhEyHpnu8Zk+uCopu7UIFWquHADuqQ XNjLS9KFQ3zJZLOWh4VFIsHpSQU/RY6b3wKwBjNWk3HXHbrc1CPUhB0yXn8GaPP6 4PY4fAUdonWDLjxQ==
Received: from nam04-mw2-obe.outbound.protection.outlook.com (mail-mw2nam04lp2169.outbound.protection.outlook.com [104.47.73.169]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3w650q6qgq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Feb 2024 12:28:40 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nUmnhlPb3k316ADwAPbsSzj1HqRPToI4kjYv43uf3X8iyO3d0BhE4e1qaxTJ6TsCv+zbdPHbCfyWr1rcv5zbAwrggFlQD/H89LY5CvHgXht0QNMPEXOdydfCRJoASLJRAh7GlE27U0zakA1EcG0TlwX5Bz8miyAqDcBcmj6LtO0+LIuAOMVS98l5hRdvQPMSw0C35LXDiIn6ZAX1JnnQ+uKgtoijdg6Tvv3QDd4xlAF6POD/pqVAu1RSPdBkw2WapWQ5il+i1vZCGKAsrv89bZKFCGNL0xZ5RQTJmY98R31+WwbUF6uxxj9TlWmlQZ9VuoECSt9o6CdfaTgEwZl/qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0tY3cekMLxu/+gdOE4QCL1DcxAVfJbwO5zyIb9Egs9w=; b=EtoIEasw/qxQO5Sk7aMsEc9aU2/wh+d1TizDTLSJcTvhLxcZ49TXE4igTaFOSeU9OD0upSTFNoTEhZPCSlipLZFW7kgm71pz6NSyIk08pioq+idRvJr9+ul5brBFxrwXLrwQp1BHkmFc+0qtKpjth7ozgncxvxD2cuouVar95+DPFGmhBggtsC04sXl0J45M+tROEh6f31heXHlu4pA42tZGMLweuNQxX8FoH/tHXNDjVMT0DTD95F8hEoRLblgtbSoEOKxUohM5Is4Dz73A4uNl3Z1CrEsOKmawdt4m52FXx7dOsvKsnhG6IqLlOYXOitTT+o+aw3J1LkPh6e7lMw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by IA1PR11MB6123.namprd11.prod.outlook.com (2603:10b6:208:3ed::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.37; Mon, 12 Feb 2024 18:28:33 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8%6]) with mapi id 15.20.7270.033; Mon, 12 Feb 2024 18:28:32 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: 'LAMPS' <spasm@ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: PKIX Attestation design team meeting notes 2024-02-12
Thread-Index: Adpd4OUZPhWdhrO3QlWGzYPHe4AEAQ==
Date: Mon, 12 Feb 2024 18:28:32 +0000
Message-ID: <CH0PR11MB5739DAC55045C4EEEFDCC8DE9F482@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|IA1PR11MB6123:EE_
x-ms-office365-filtering-correlation-id: 1d06e11c-91da-4447-91b3-08dc2bf86ad6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uvDfLho5gNLLNBvXgeIdKKlOGDQp/XzSQ7tgYg8fwPCLli2wZzUdWdriuXFxj5C+/XjSmyREghDwhttQ3xG6OyfASlY0diJ9AMtMQnM8kd3K6fYIAau5qTUMGCfShesI4Gcl9njWzaayC/RhnyYnEVh0chdwE1nDkKNXgdmjrQ/ty0ReDPgYQJ8U6Wk18Aiexx31KJz3PnYzgLJNj8qussG8PU1kyXgrGyKBW91qBVxP2BP2utsiQi+NfMusEw3EtQcAplmRA4O0jNDkkh07c+Bk/BSOcpgGEKJW9svv21pwehWnf8w+kQbwa2EbBh6s5RrzBTxLNwWPOctKXmUfkwLt3qoswNGXyJYhp+nVHTBnZrrLvzFCiXWdE0bHqGH+Lf/wTk+Z49HFM9efRPRXPgYhdkrqHeB2+XihapeQ2QxP84OFxM4c2s/eg62FUePfUSXiZ+C7WIkwnqKok9YGBvfyTkzBjXlRDh3zRyG+B+0V+MuisIUCj7GUDUaO1082s2GgobyMNuTCR7Z+uPoll+mHT1LR2Z4YXUkZ1T7FOZWPFulQ/UJWfXzPAMdbvfx6xy7SVazMkVLKeHStUXm++rJftDcCiMhRnmgNbHAREJo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(39860400002)(396003)(136003)(346002)(376002)(230922051799003)(1800799012)(451199024)(64100799003)(186009)(55016003)(41300700001)(966005)(71200400001)(7696005)(478600001)(38070700009)(52536014)(6506007)(2906002)(4744005)(66446008)(66556008)(64756008)(110136005)(76116006)(66946007)(66476007)(5660300002)(9686003)(26005)(33656002)(38100700002)(450100002)(8676002)(8936002)(86362001)(316002)(166002)(122000001)(99936003)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xE8qX7H+eQDD7ZkuesMttopHvlwS3VvE/S/lBHEQEXRk2/115LebnK6mFaCgqluclVAINLMpxyHncAeY2i0tGF63OYquyhB+HgyjliIAcNJQr6D7jrg9sJ2RGbBQYCULmlJxeKm2Pc+yB/CksSp79LR/HdUQnyMyzwB+meZKKXb/u0UiKHDug1iW8l/miBHCbZ+s3iale81jnHVOVwluVB0263GJAfcbpfGFFVF9QfJJO4rpjvDF9iMIvB7AOkA3Awn18u10m+2B94d99Ujk5GMT7lsGfk59MCXTK7AFkdR6dfZZektb8sb92MRoVwxYrNC8mRzZ6NOQthzjlsqZor+eBOTMlO6tbr0b77G7Nj6G4QJn1lecsOu0ULgFot90RsGHaaTEAjiZTPWSZsn9L0ch6oF0t95Xigt7jE1HOI50RXjpbPhz3VhCnWnTQkNPgxPQz1BGv1l7BKGw3TybDTbEedmXab9inU2RL1C4SXlxk9qfCJm+bud17SDWu7c2xFos0NUX4cWGxOs9zpBvmMkkP2yLZY4mHzbwDVhUZo3gCq+RZgILoCc1EZsvklrEL3A6wb479TASt8kl+/DuoXqkqbdFlgpPVyall19kvP2KQJpgBS97m52zGFh6OSlQ8U940oNKN9BNR9VTjqAOyQdeYLGJQNcq5IEOX78V128Hq8MoXoZftF7umCkwQ1oTfaR5hz4avnZd11DHrcSxVEkuZDaFuyeqlCpHjVUgKZj0fIcM/4wjLCS5H9oKZ5rEJnulx84AnYzD1fReS2dZYM598DABN6lFmfGSFUlvg8eyaKADenYD6ljBBmfxRrQc1+e884q26yR+XjtqpWXqw0E5GZ7j6da+uYhXDDwXvmI283Rjwla/8ovkk4ztV6cfV003YpvurmLq/qXrNMwXQBF99fF45ECAPnvkYL7sjgZw/FoHWFTv0ZUiyScIIOjLll+erIzbCnv2SZi/lvmI9JDuUQNMaFF39O5170Ioiy3JL22dsIaaX9Gh250jwynIstvsmUhUZdIPwvDtCpgnIRnMqNDD5tK6KMBGsGy6aMlIiFNqMquphWMD5AQvi0YkhrTq03cR4+fl5OmsQV9hE5YAdeRYtwjrHtG62HcwRJnLkzsn+IzILUrNO3EsrErqATY/msKukQDFc631z44vZxVPA9SfoOIWsJRg68+JQt6McGAiJHD5w/oKlG0AVX9VR7/z/sXPwxyUa/mDbS0UKg8nHVTo/Wp+lp9rdz05oNAdzS2RdT41gXgSvrmtILB9kqKTvEMORb/a+rAa9EZiO0dZ52GyrIN56JE3Ioj0HCZ7kjT/PiE++cfQuoSaxOhss11yTJecfSmggVlfGBt8qAWuEcR/gJGPVzpxaLyLlUW68UNvEkGExq91c6SJTTzfxgVYbh8iZAaqRb2Q0kcdJW7W7IkikY/meHG1STnv9ldmVi+LurIvg5pl/z4PjKN3ckrDgBp1XpnWS/77CHjwqx7Jzx4MeDl9an0LEcSd+54bzTz06X5zu2KJjl8/TpGx0+7lSCWSWqC+gy6UK6q5BRkvnxz09y65hjneXwRfhRMX4JtzfPsy68k7RrQGVOu7j6pfGRG82Pc77m63agBXlA==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0795_01DA5DAE.FCE83520"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d06e11c-91da-4447-91b3-08dc2bf86ad6
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2024 18:28:32.4058 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ju5tG3oSlJ3pMqGE2mSQK+VrKHFUGCjvfW3t7PHNsrw6O5J+gEZgLjI9F4Qrh9965cDLZQHCgX+Hk6Qtm7kAmDWVC5vEqaQ6GcePbyY1A8Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB6123
X-Proofpoint-ORIG-GUID: 6c8uPzSqug10X49Ccg7Fd9Lv7N0hDJu3
X-Proofpoint-GUID: 6c8uPzSqug10X49Ccg7Fd9Lv7N0hDJu3
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-12_16,2024-02-12_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 suspectscore=0 adultscore=0 impostorscore=0 mlxlogscore=955 bulkscore=0 clxscore=1015 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401310000 definitions=main-2402120141
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/iApAB4YVX6UKCn6NhFVehn8WOvU>
Subject: [Rats] PKIX Attestation design team meeting notes 2024-02-12
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 18:28:48 -0000
As always, full meeting notes can be found on github: https://github.com/lamps-wg/csr-attestation/blob/main/meetingNotes Discussions LAMPS > csr-attestation We merged a number of editorial and clarification PRs. Hannes and Monty are still working on the Examples appendices that give examples of how to wrap a RATS PSA Token or a TPM2-Attest to fit into these CSR Attributes. Decision: we will publish what we have for IETF 119, and say that the document is ready for review, except for Appendix A. Examples, which is still being worked on. RATS > x509-evidence We made some small progress on the claims, and then we decided to take a step back and re-evaluate the overall structure. Next meeting, JP from Crypto4A will present the Crypto4A Device Evidence format for the group to see what elements we want to borrow from it. MikeO to circulate Crypto4A's design document to design team members in advance of the next meeting on Feb 26. --- Mike Ounsworth Software Security Architect, Entrust
- [Rats] PKIX Attestation design team meeting notes… Mike Ounsworth