IETF Logo Mail Archive

Re: [Rats] Call for 111 RATS presentations

Laurence Lundblade <lgl@island-resort.com> Fri, 03 September 2021 04:17 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3BA83A0C0A for <rats@ietfa.amsl.com>; Thu, 2 Sep 2021 21:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C61cTKiNLZS7 for <rats@ietfa.amsl.com>; Thu, 2 Sep 2021 21:17:02 -0700 (PDT)
Received: from p3plsmtpa12-06.prod.phx3.secureserver.net (p3plsmtpa12-06.prod.phx3.secureserver.net [68.178.252.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D513F3A0C06 for <rats@ietf.org>; Thu, 2 Sep 2021 21:17:02 -0700 (PDT)
Received: from [172.20.10.7] ([174.243.212.89]) by :SMTPAUTH: with ESMTPSA id M0dQm0j5C1DelM0dQmbTHO; Thu, 02 Sep 2021 21:17:02 -0700
X-CMAE-Analysis: v=2.4 cv=TJKA93pa c=1 sm=1 tr=0 ts=6131a1be a=DJNG6HJ8jDSSNln61/k7mg==:117 a=DJNG6HJ8jDSSNln61/k7mg==:17 a=l70xHGcnAAAA:8 a=48vgC7mUAAAA:8 a=-5G7WBw8qA8OSUmenRgA:9 a=QEXdDO2ut3YA:10 a=hA3n1FvDGFJ9mlDZ:21 a=_W_S_7VecoQA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <6B26C74E-C2F7-4187-A974-C78B4B877F31@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F389FE53-E188-4458-8F91-41F048CD138C"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Thu, 02 Sep 2021 21:16:59 -0700
In-Reply-To: <33dd2eb5-8d7f-777a-6118-419d55e25709@sit.fraunhofer.de>
Cc: "Smith, Ned" <ned.smith@intel.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>, "rats-chairs@ietf.org" <rats-chairs@ietf.org>, Brendan Moran <Brendan.Moran@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
References: <F76B4F71-616B-4111-8570-3B0433EF7272@intel.com> <MW2PR2101MB093822047D53C6A8AD15AED7A3E49@MW2PR2101MB0938.namprd21.prod.outlook.com> <22743.1630510372@localhost> <3A89EB54-4335-4D64-ACD8-7AA75C641AAE@intel.com> <33dd2eb5-8d7f-777a-6118-419d55e25709@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-CMAE-Envelope: MS4xfDgk73Y6P3b4OtL21iQX+HgE2ex+DpUQnU54R9HSa7Lg6Jo47lPFogeE4IFZziWcRlv+YWNzIgMFWQWoW/EAif8AExQe46V/NC4KYezNYm8gdpaizoTY mMWrYYdr/UgRwAHVa9Os3pQeAdpIu8rEMFAUp8TkHbnGbpr/Ep22Fd7/qHtsN0c1YrbRodLikrm5D9nQKoB4U80uUcvDpPPzM3eIYZ1EA6oQNL8MfVeB+pT7 7IED3tCFeu7hzWdtyExD8dz7Uaj08m/8MKVqyi7trWMiPEjJY+QwgxRD5m1OugTk1CQQz38hyixF/7w1pVsoUM+KF3/9zB4i7Ov4FXRQuWNQgvq2ZKWKG32k fc9ggkP5/Y6vBFEU4Fp9ucL9XzLmLT1kjk/T3ssIfcVXeOlajy80fQHxW3eSI5PELwtVbBKg
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/iRBJDEy5D7LROqqodLkKid1-ucM>
Subject: Re: [Rats] Call for 111 RATS presentations
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 04:17:09 -0000

There definitely seem to be a few SUIT-specific claims, so the document should exist and the claims in it should be renamed to be SUIT-specific.

With some clarification, perhaps some become general claims and get put into EAT, but I’m not certain yet. Requests for more details below.

I think device-identifier should be dropped and UEID from EAT used instead.


Claim by claim:

vendor-identifier
From a conversation with Brendan and others, I take this as a SUIT-vendor-identifer. It’s purpose is to match the SUIT SW vendor to the target device and needs to take into account the HW vendor and the SW vendor. Definitely not the same as any EAT claim.

—> rename it suit-vendor-identifier
—> fill in some more details on what it is to represent that came to light in other discussion


class-identifier
Seems very SUIT-specific.

—> rename it suit-device-class-identifier or such
—> fill in a description of how to generate it


device-identifier
Seems like a UEID to me. Drop this claim and use UEID instead (or say why UEID won’t work).


component-identifier
image-digest
image-size
These are characteristics specifically of the *Attester*. Is that what you really mean? What if the Attester is part in HW? What if the Attester is split across a TPM and something other SW? What if the Attester is just a chunk of code in the TEE kernel, but not the whole kernel?

Maybe this should be generic and not SUIT specific if we really want to send sizes and digests of Attesters around?

—> move to EAT if it is general???
—> rename it attester-image-size…???


minimum-battery
This is described as the "configured minimum battery level of the Attester". So, it is not the current battery charge level being reported as a claim, right? Nor is it the minimum battery level required for a SW update, because that is elsewhere in SUIT. So not really sure what it is in Attestation Evidence.

It seems like a generic claim for battery level would be useful in EAT, but that seems a bit complex to design. You’d want the battery capacity and the current battery charge level, perhaps as a percentage. Would that tell you enough to know if you want to go ahead with a transaction? Maybe you want the current drain rate?  Might require a battery person to tell us more.


version
I think we need more details on this to know what to do with it.

—> At minimum rename it so it is not just “version”, so the claim name says what it is the version of.

LL





> On Sep 1, 2021, at 10:13 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
> 
> I am happy with where they are. Adding Brendan.
> 
> As these Claims are "grouped by suit" and in a side discussion I assume there was some consensus on "these are also somewhat different from the Claims currently in the EAT I-D" (please chime in here, if I am putting the wrong words in other peoples mouths here), I see no strong reason for going through the movements of chopping the document up and also make "the remaining parts" retain some sense of consistency and readability as a separate I-D. Unless, there is strong argument for putting the work into separating content (please mind that these are first of all extra steps of work, but also extra references to follow, to keep consistent, to look up, etc.).
> 
> Any additional thoughts on this?
> 
> Viele Grüße,
> 
> Henk
> 
> On 01.09.21 18:25, Smith, Ned wrote:
>> I believe there were several options presented for how adoption might move forward. One option was inclusion in EAT which is already adopted. Maybe we can get a more crisp proposal for which document will contain TEEP requirements then it will be clear what next steps for adoption will be?
>> -Ned
>> On 9/1/21, 8:33 AM, "Michael Richardson" <mcr+ietf@sandelman.ca> wrote:
>>     Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org> wrote:
>>         > I would like to again bring up “TEEP requirements for EAT” during that
>>         > slot.
>>         > The specific draft in question, which has been discussed in RATS
>>         > before, is draft-birkholz-rats-suit-claims
>>     Given the commonality of chairpersonship, and how TEEP is called out in the
>>     RATS charter, RATS should just adopt already.
>>     (sorry if this sat in my outbox a long time)
>>     --
>>     Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>>                Sandelman Software Works Inc, Ottawa and Worldwide
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email