[Rats] Re: Clarifications in draft-ietf-rats-eat
Laurence Lundblade <lgl@island-resort.com> Mon, 21 April 2025 16:17 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@mail2.ietf.org
Delivered-To: rats@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7D1671EE0D48 for <rats@mail2.ietf.org>; Mon, 21 Apr 2025 09:17:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=island-resort.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4TnKSTm4FaDg for <rats@mail2.ietf.org>; Mon, 21 Apr 2025 09:17:58 -0700 (PDT)
Received: from sender4-pp-f112.zoho.com (sender4-pp-f112.zoho.com [136.143.188.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 86EB61EE0BB9 for <rats@ietf.org>; Mon, 21 Apr 2025 09:17:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1745252221; cv=none; d=zohomail.com; s=zohoarc; b=XJtpWUDndnbkLN+lnhgEnA7ry4ilHfDMf/cz0tpbzHGGa5RjfvQhsBxH6IkGERd0I+NoxvccB+E0X6AqnKYPF8xAahacd1hWk052QshXRsOR7f5j8QS5P3mH4ZB/3H74Dsqw9DnMUI88P/XAmCHhQjZZ11gUCsbA7JyTyteg+dw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1745252221; h=Content-Type:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=JbIbOZiVhs84bzyDFii7PImmxZQc6qCXBK1bg+8gjpM=; b=ON2P2qmHhIGjR1icP44nuFw1WZ5rvW9PzNg/JJrW4XhxjaPA1z76G8PFrOcnofI1p6ztudl20ulKmYzvspJK/RO3kU0ICoAKpexcgFhJX/yFqKw52L17/DiMnJOlcoG64uVStoQqTzNoEUySg07TvaWo5r6qULduTO93sHNDnMM=
ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=island-resort.com; spf=pass smtp.mailfrom=lgl@island-resort.com; dmarc=pass header.from=<lgl@island-resort.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1745252221; s=island; d=island-resort.com; i=lgl@island-resort.com; h=From:From:Message-Id:Message-Id:Content-Type:Mime-Version:Subject:Subject:Date:Date:In-Reply-To:Cc:Cc:To:To:References:Reply-To; bh=JbIbOZiVhs84bzyDFii7PImmxZQc6qCXBK1bg+8gjpM=; b=YDCSnaLyvDbuSAClIX4w0zcXdDpZcw4H+JwuVcTaRx5QHH+0HWnpGC7iqPqQiogo T0MFNCb/nhaTvcwatyEX6EW3w3cN4uGIQ/RMO4KW0tNlzQSNtI0bqIv4aUYpBxHaIHD H8gL7M+Pun/cRYF5fgHwTnp2YzVQ2gJjAzXjcplQ=
Received: by mx.zohomail.com with SMTPS id 1745252219198339.7668607849914; Mon, 21 Apr 2025 09:16:59 -0700 (PDT)
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <2C7734EA-6D3F-4F03-AF2D-A5836E9762FF@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FCD471CC-67B9-422F-BC81-879CA986DEC3"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\))
Date: Mon, 21 Apr 2025 12:16:46 -0400
In-Reply-To: <f7429c90-c0a7-4960-869c-f337d16d1e27@tu-dresden.de>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
References: <4abff904-74ef-473f-8b80-6ba563018744@tu-dresden.de> <D6C150AF-DB13-439C-862E-93CEBF573F34@island-resort.com> <LV8PR02MB100170F5C089781552960B6D0F2B62@LV8PR02MB10017.namprd02.prod.outlook.com> <bd70a904-8675-43d6-8113-13ef9107450d@tu-dresden.de> <BN2P110MB11079B13F236A1EC6D6087BEDCB6A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CO1PR11MB5169194808C7046C106F8E01E5B32@CO1PR11MB5169.namprd11.prod.outlook.com> <f75c13f5-f7fe-4065-9c80-1052f8a2f38a@tu-dresden.de> <CO1PR11MB5169DC365AE65ABCD28287EDE5B22@CO1PR11MB5169.namprd11.prod.outlook.com> <92a98a3a-02d0-4ccf-a022-2994cb8bbe7d@tu-dresden.de> <498052C3-13E9-42ED-A9AE-36EA29D93D0F@island-resort.com> <d1c2b9b1-a172-420a-a43c-84658d3c8224@tu-dresden.de> <96365E15-6A4C-43F9-84AF-B958AA0AB5AC@island-resort.com> <f7429c90-c0a7-4960-869c-f337d16d1e27@tu-dresden.de>
X-Mailer: Apple Mail (2.3774.300.61.1.2)
X-ZohoMailClient: External
Message-ID-Hash: DAL5ROT2MS4BNQI7RQYCUQGYPIT43JNA
X-Message-ID-Hash: DAL5ROT2MS4BNQI7RQYCUQGYPIT43JNA
X-MailFrom: lgl@island-resort.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Smith, Ned" <ned.smith@intel.com>, Roman Danyliw <rdd@cert.org>, Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>, "rats@ietf.org" <rats@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: Clarifications in draft-ietf-rats-eat
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/jqJwO4JMrDw3khz8L4ZoEt8VwTs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
> On Apr 21, 2025, at 6:14 AM, Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> wrote: > > Hi Laurence, > > I am happy that we could have a technical discussion independent of RFC. > > One question; mostly agree with the rest. Please see inline. > > On 21.04.25 03:49, Laurence Lundblade wrote: >> I often do not know what someone means when they use the bare term “authentication” — who’s authenticating who based on what secret for what purpose? > Purpose may be hard to put in there in the definition; otherwise I like that. It is nice and precise. >> Just looked at draft-ietf-rats-reference-interaction-models, which I hadn’t looked at before. Yes, that authentication is absolutely required, but it’s not the same as TLS server auth. > If we consider the case of TLS server as RATS Attester, then what is the difference? The section does mention "by using a secure channel including authentication" So TLS should be one way to do it. I believe it’s in the keys more than the protocol. In particular the policy, legal agreements, processes and expectations around the keys. TLS web server auth hinges on business process carried out by CA’s and Internet providers. They issue keys to entities that show they own a domain name. The private keys are used in primarily web servers. The root public keys are distributed in browser software. It’s a whole ecosystem. Attestation keys have a different and distinct ecosystem that centers around manufacturers of HW, SW, systems and such. Often the most fundamental keys are established in a chip fab. For TLS client auth, the ecosystem is often run by big security-oriented government organizations. For example, in the US there are PIV/CAC cards for US government employees. Sometimes I think about it in terms of who you would blame/sue/prosecute if the private key was compromised. Who’s financially and legally responsible for protecting the keys. It’s not the same for attestation as it is for TLS web server authentication. >> I would call the "Authentication Secret” an “Attestation Key” to avoid the ambiguous term that “authentication” is. > I agree. >> >> Maybe we need a rule that terms like “root” and “authentication”, “key” and “trust” be qualified with at minimum one adjective. The term in draft-ietf-rats-reference-interaction-models becomes "attester-verify authentication”. Anyone on this list caught using the bare terms has to take notes at the next interim meeting. Just a thought :-) > Good idea. But perhaps exclude when someone is quoting someone else's draft, otherwise I will be the note taker forever :) Yes, only applies to the original user of the bare term, not those quoting. LL
- [Rats] Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade
- [Rats] Re: Clarifications in draft-ietf-rats-eat Jeremy O'Donoghue
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Roman Danyliw
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Smith, Ned
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade
- [Rats] Re: Clarifications in draft-ietf-rats-eat Smith, Ned
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Deb Cooley
- [Rats] Re: Clarifications in draft-ietf-rats-eat Smith, Ned
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade
- [Rats] Re: Clarifications in draft-ietf-rats-eat Muhammad Usama Sardar
- [Rats] Re: Clarifications in draft-ietf-rats-eat Laurence Lundblade