IETF Logo Mail Archive

Re: [Rats] Function of an endorsement relative to evidence

Laurence Lundblade <lgl@island-resort.com> Sun, 05 June 2022 20:17 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82BB9C14F722 for <rats@ietfa.amsl.com>; Sun, 5 Jun 2022 13:17:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.929
X-Spam-Level:
X-Spam-Status: No, score=-1.929 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Udd04w8-1fL5 for <rats@ietfa.amsl.com>; Sun, 5 Jun 2022 13:17:53 -0700 (PDT)
Received: from p3plsmtpa09-04.prod.phx3.secureserver.net (p3plsmtpa09-04.prod.phx3.secureserver.net [173.201.193.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B917DC1527AF for <rats@ietf.org>; Sun, 5 Jun 2022 13:17:21 -0700 (PDT)
Received: from [192.168.1.7] ([75.80.148.139]) by :SMTPAUTH: with ESMTPSA id xwganpUb0jD1mxwgbn9ybY; Sun, 05 Jun 2022 13:17:21 -0700
X-CMAE-Analysis: v=2.4 cv=NqIUz+RJ c=1 sm=1 tr=0 ts=629d0f51 a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=IkcTkHD0fZMA:10 a=l70xHGcnAAAA:8 a=K6EGIJCdAAAA:8 a=GtP-u2bojSVr7pT9a1AA:9 a=QEXdDO2ut3YA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=L6pVIi0Kn1GYQfi8-iRI:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <14746.1654457673@localhost>
Date: Sun, 05 Jun 2022 13:17:20 -0700
Cc: rats <rats@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <96E9F601-7843-421D-8224-24B4C298D0EA@island-resort.com>
References: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com> <14746.1654457673@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-CMAE-Envelope: MS4xfNMXObGFlzFecVRE07+Y6Rwv7EJPjkOo5B8sPxlmBkdeW5Cn96tYdaGQE8+L8PeAG5EkydUonguzW/rQT4tW3FlsdtCtKxs9kyOrbGYMXmGXAD0SuZaQ prsvRnG4Y3Eh/r9Qj33lgJkwcqABU9P0OUmMVsGCgrsztZ8EjEFW2qMcoKvmIO9WMZ1ttVY764X1SOWKH1lc6dPCaC9XhVE7KyQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/kF-nUf5hyjuWRc_3kIM4C12nSP8>
Subject: Re: [Rats] Function of an endorsement relative to evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2022 20:17:53 -0000

> On Jun 5, 2022, at 12:34 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Laurence Lundblade <lgl@island-resort.com> wrote:
>> Assuming for the sake or argument here that the Attester Manufacturer
>> and Endorser are the same, it goes like this. The
>> Endorser/AttesterManufacturer only puts private keys into devices that
>> it knows are built correctly. They won’t lie. They’ll protect their
>> keys. They produce correct claims. This really is the fundamental work
>> of the Endorser/AttesterManufacturer above all else.
> 
> I'm with until you say, "They won't lie", as it's totally irrelevant.
> 
> Of course malware will lie.  That's the whole point of this process.
> If they keys are protected, then the claims the malware generates will not
> validate.   But, it will try, based upon some private key extracted out
> of some other device that was subject to some silicon level attack.

Yes, of course malware will lie. Any successful attack on the system can result in forged claims. This is true of each and every claim.

There are two paths from the Endorser to the Verifier. One is direct and the other is via the Attester. Both are subject to attack. There’s no reason to assume one path is more secure than the other, though one might be in practice.

The one through the Attester is needed to bind the claims to a transaction being carried out ($$, admission to the network, access to data).


> A piece of Evidence, saying, "I'm security-level FOO", signed by ME, is
> completely meaningless.
> Only after the Verifier has looked up the public key can it have any meaning.
> You know this, you've said exactly this multiple times.

Yes, Evidence is not trusted until Verified. This is true of every claim.

The UEID claim has the same security characteristics as the security-level claim or even the contents of a PCR.

They are all contingent on the Attester Manufacturer building the Attester correctly and they are all subject to the same attacks.

How is security-level different?


> But, only at that point, the "security-level" (or any other integer based
> big/little comparison of stuff) comes out of the Endorsement.   It's just
> wasted bits to put it anywhere else.
> 
> So, it is *NEVER* useful as Evidence.  EVER.
> 
>> The Endorsement can mean “believe all the Evidence from this
>> Attester”. (It might always not be all the Evidence, but it will always
>> be some of the Evidence).
> 
> That's a really bizarre thing to put in an Endorsement.

An Endorsement always means believe at least one claim in Evidence. It has to work like that. You agree with that, right?

If one, why not all? What’s the distinction?

LL

v2.23.0 | Report a Bug | By Email