IETF Logo Mail Archive

Re: [Rats] Verifier Input instead of Endorsement?

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 02 July 2020 13:31 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 855FC3A00D4 for <rats@ietfa.amsl.com>; Thu, 2 Jul 2020 06:31:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XSnzke6wawlP for <rats@ietfa.amsl.com>; Thu, 2 Jul 2020 06:31:16 -0700 (PDT)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 027E33A0365 for <rats@ietf.org>; Thu, 2 Jul 2020 06:31:14 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EYAwDy4P1e/xoBYJlfHAEBAQEBAQcBARIBAQQEAQFAgUqBdYEkgTMKhCeRFJt+BgsBAQEBAQEBAQEGAQEYCwoCBAEBAoRFAoIeASQ4EwIQAQEGAQEBAQEGBAIChkQMg1GBAgEBAQEBAQEBAQEBAQEBAQEBAQEWAkNVEgEBHQEBAQEDAQEhBAsBBS8HCxAJAg4DAQMBAQECAiMDAgInHwECBggGAQkDAQUCAQGDIgGCewULjU2bBHZ/M4VRg2eBOgaBDiqMWQ8PgUw/gREnD4IsLj6CXAEBAoFHgyyCYASPIw8IgnyhUFwoB4FZgQaBBwQLmCgFCh2RGAaNf5FZnmACBAIJAhWBai83gRNNJE+CaVAXAg2XI4VEcgI1AgYBBwEBAwl8jB2BNAGBEAEB
X-IPAS-Result: A2EYAwDy4P1e/xoBYJlfHAEBAQEBAQcBARIBAQQEAQFAgUqBdYEkgTMKhCeRFJt+BgsBAQEBAQEBAQEGAQEYCwoCBAEBAoRFAoIeASQ4EwIQAQEGAQEBAQEGBAIChkQMg1GBAgEBAQEBAQEBAQEBAQEBAQEBAQEWAkNVEgEBHQEBAQEDAQEhBAsBBS8HCxAJAg4DAQMBAQECAiMDAgInHwECBggGAQkDAQUCAQGDIgGCewULjU2bBHZ/M4VRg2eBOgaBDiqMWQ8PgUw/gREnD4IsLj6CXAEBAoFHgyyCYASPIw8IgnyhUFwoB4FZgQaBBwQLmCgFCh2RGAaNf5FZnmACBAIJAhWBai83gRNNJE+CaVAXAg2XI4VEcgI1AgYBBwEBAwl8jB2BNAGBEAEB
X-IronPort-AV: E=Sophos;i="5.75,304,1589234400"; d="scan'208";a="22730635"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jul 2020 15:31:12 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BIAQBO4P1e/1lIDI1fGwEBAQEBAQEBBQEBARIBAQEDAwEBAUCBSoF1NW8DVDAsCoQnkRScBAsBAwEBAQEBBgEBGAsKAgQBAYRHAoIcAiQ4EwIQAQEFAQEBAgEGBG2FWwyFbgEBAQEDAQEhBAsBBS8HCxAJAg4DAQMBAQECAiMDAgInHwECBggGAQkDAQUCAQGDIgGDAAuNTJsEdn8zhVGDZ4E6BoEOKoxZDw+BTD+BEScPgiwuPoJcAQECgUeDLIJgBI8jDwiCfKFQXCgHgVmBBoEHBAuYKAUKHZEYBo1/kVmeYAIEAgkCFYFqIgw3gRNNJE+CaVAXAg2XI4VEQTECNQIGAQcBAQMJfIwdgTQBgRABAQ
X-IronPort-AV: E=Sophos;i="5.75,304,1589234400"; d="scan'208";a="85520169"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jul 2020 15:31:08 +0200
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id 062DV86W028361 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Thu, 2 Jul 2020 15:31:08 +0200
Received: from [192.168.16.50] (79.206.156.41) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.487.0; Thu, 2 Jul 2020 15:31:03 +0200
To: Laurence Lundblade <lgl@island-resort.com>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>
References: <878E068C-DAFD-4441-94F7-BA79CAF7FED6@island-resort.com> <BL0PR2101MB10279501A4ECA5BB7B6AED63A36F0@BL0PR2101MB1027.namprd21.prod.outlook.com> <BF5071AC-0C8D-4B26-8330-8589736B6EF5@island-resort.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <af8e64b9-41b3-f42a-183d-1c9544fc1d7d@sit.fraunhofer.de>
Date: Thu, 02 Jul 2020 15:31:02 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <BF5071AC-0C8D-4B26-8330-8589736B6EF5@island-resort.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.206.156.41]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/kGjU6v_tUHUJZxIbxIAas5Q-MhQ>
Subject: Re: [Rats] Verifier Input instead of Endorsement?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 13:31:21 -0000

Hi Laurence,

while I think that I understand where you are coming from here, I have 
to say that I also think that:

* "manufacturer(s)" is a too arbitrarily restricting term, which is why 
we agreed on endorser
* every arrow is of course "input/output", but we are not calling 
evidence "Attester Output". So, Verifier Input is in contrast a too 
ambiguous category (it does not add any semantics to the arrow)
* the itemized list that starts with key material provides a very 
intuitive example and maybe we could use that kind of list as a more 
prominent example in the arch I-D

The question, if reference values are endorsements or appraisal policies 
or a third item is... probably okay and I am interested in an answer - 
but that is a detail, I think. As long as they are also mentioned, I can 
follow all three lines of thought.

Also, I am in strong doubt that the following statement is always 
correct: "The transfer of all these inputs to the Verifier does need to 
be secured.". I am confused by the exceptions that follow that statement 
which basically say, I think: in some cases they have to be secured. 
Maybe we mean different things by "secured"?

Viele Grüße,

Henk

On 02.07.20 03:46, Laurence Lundblade wrote:
> Here’s rough proposed text and diagram. Not sure where it would go in 
> the doc yet.
> 
> LL
> 
>            *******************   ************     ****************
>            * Manufacturer(s) *   * Verifier *     * Relying Party*
>            *******************   *  Owner   *     *  Owner       *
>                         |        ************     ****************
>                         |              |                 |
>            Manufacturer |              |                 |
>                Verifier |              |Owner            |
>                  Input  |              |Verifier         |
>                         |              |Input            | Appraisal
>                         |              |                 | Policy for
>                         |              |                 | Attestation
>                         |              |                 |  Result
>                         v              v                 |
>                       .-----------------.                |
>                .----->|     Verifier    |------.         |
>                |      '-----------------'      |         |
>                |                               |         |
>                |                    Attestation|         |
>                |                    Results    |         |
>                | Evidence                      |         |
>                |                               |         |
>                |                               v         v
>          .----------.                      .-----------------.
>          | Attester |                      | Relying Party   |
>          '----------'                      '————————‘
> 
> Conceptually there are four main inputs to the Verifier aside from the 
> Attestation Evidence. They are:
> 
>     - Key material for verifying trust in the Attester
>     - Known-good/reference values for comparison with Claims in the 
> Attestation Evidence
>     - Static implicit claims for the particular Attester that are pass 
> to the Relying Party in Attestation Results
>     - Policy Configuration
> 
> Any of these four can come from either the Manufacturer as Manufacturer 
> Verifier Input or from the Verifier Owner as Owner Verifier Input. They 
> key material usually always comes from the manufacturer and the policy 
> from the Verifier Owner, but there is no strict requirement for this. 
> The known-good/reference values and static implicit claims often come 
> from either or both.
> 
> There is no strict separation between Manufacturer and Verifier Owner. 
> They could be the same. There could also be 3rd party intermediaries 
> between the Manufacturer and the Verifier.
> 
> An Endorsement is one established format for some of these inputs. It 
> usually comes from an Endorser that is usually the Manufacturer. It is 
> usually a signed document. Alternatively, the Verifier may perform 
> queries against a database, perhaps one maintained by a Manufacturer, to 
> get inputs. Alternatively, the root key of a key hierarchy may be 
> transferred in a one-time physical ceremony. This architecture sets no 
> protocol or procedure for this input.
> 
> The transfer of all these inputs to the Verifier does need to be 
> secured. For all cases, authenticity of the Manufacturer and Verifier 
> Owner and their inputs are required. Without authentic inputs, the 
> Verifier will not do its job correctly. In some cases confidentiality of 
> the inputs is required. Finally, in some cases the Manufacturer and 
> Verifier Owner will authenticate the Verifier.
> 
> This architecture sets no requirement for a particular protocol or 
> security mechanism. For example, TLS could be used, but it is not the 
> only protocol that could be used,
> 
> 
> 
> 
>> On Jun 29, 2020, at 8:56 PM, Dave Thaler 
>> <dthaler=40microsoft.com@dmarc.ietf.org 
>> <mailto:dthaler=40microsoft.com@dmarc.ietf.org>> wrote:
>>
>> I don’t like the term “Verifier Input” since “Appraisal Policy for 
>> Evidence” is also Verifier Input, so I would find it confusing.
>> I think that the rules for what to put in Attestation Results (bullet 
>> 3), as well as “known-good/reference values” if such exist
>> (and there can be valid policies where they may not exist, or rather 
>> where the policies use more complex rules than
>> a simple test for equality against a constant) are conceptually part 
>> of Appraisal Policy.
>> I do agree that Appraisal Policy can be conveyed to the Verifier in 
>> many different ways, and may be composed
>> of different things from different sources.
>> Dave
>> *From:*RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>>*On 
>> Behalf Of*Laurence Lundblade
>> *Sent:*Monday, June 29, 2020 11:34 AM
>> *To:*rats@ietf.org <mailto:rats@ietf.org>
>> *Subject:*[Rats] Verifier Input instead of Endorsement?
>> Stepping back a bit on the definition of an Endorsement, I think the 
>> four inputs to a Verifier are these:
>>   - Key material for verifying trust in the Attester
>>   - Known-good/Reference values for comparison with claims
>>   - Static implicit claims that are passed to RP's via Attestation Results
>>   - Appraisal Policy
>> These can and will be conveyed to the Verifier in many different ways:
>>   - X.509 certs with extensions
>>   - Signed documents
>>   - HTTP queries against the Attester/device manufacturer
>>   - Remote SQL or some other sort of database access to manufacturer(s)
>>   - Data storage like flash drives the are hand carried into the 
>> Verifier's site
>>   - One-time special file transfers
>>   - Ceremonial procedures with M out of N people physical present 
>> approving transfer
>> It seems like shoe-horning all of the above (except policy) into an 
>> Endorsement, like I’ve tried to do 
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Farchitecture%2Fpull%2F94&data=02%7C01%7Cdthaler%40microsoft.com%7Cf15ace6e8b4b447eebc008d81c5b1f33%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637290524986365098&sdata=2NktPX%2B3LJXjMEjEFoM8kpUIy6yOxte%2BuhFYr1ETN4g%3D&reserved=0>  
>> is too much. I tried this shoe-horning because I think the 
>> architecture document needs to cover all this and Endorsements was 
>> what was in it. A typical Endorsement seems to be just the first two 
>> mentioned, X.509 and signed documents expanding its definition to 
>> include database access is a stretch.
>> Rather than defining Endorsement, I’d like to define Verifier Input:
>>           *******************   ************     ****************
>>           * Manufacturer(s) *   * Verifier *     * Relying Party*
>>           *******************   *  Owner   *     *  Owner       *
>>                        |        ************     ****************
>>                        |              |                 |
>>          Verifier Input|              |                 |
>>                        |              |Appraisal        |
>>                        |              |Policy           |
>>                        |              |for              | Appraisal
>>                        |              |Evidence         | Policy for
>>                        |              |                 | Attestation
>>                        |              |                 |  Result
>>                        v              v                 |
>>                      .-----------------.                |
>>               .----->|     Verifier    |------.         |
>>               |      '-----------------'      |         |
>>               |                               |         |
>>               |                    Attestation|         |
>>               |                    Results    |         |
>>               | Evidence                      |         |
>>               |                               |         |
>>               |                               v         v
>>         .----------.                      .-----------------.
>>         | Attester |                      | Relying Party   |
>>         '----------'                      '————————‘
>>
>> Endorsements must still be mentioned, but as one form of Verifier 
>> input just like EAT is one form of Attestation Evidence.
>> Verifier Input would be defined as:
>>   - Key material for verifying trust in the Attester
>>   - Known-good/Reference values for comparison with claims
>>   - Static implicit claims that are passed to RP's via Attestation Results
>> To do this, I’d replace the current PR 
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Farchitecture%2Fpull%2F94&data=02%7C01%7Cdthaler%40microsoft.com%7Cf15ace6e8b4b447eebc008d81c5b1f33%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637290524986365098&sdata=2NktPX%2B3LJXjMEjEFoM8kpUIy6yOxte%2BuhFYr1ETN4g%3D&reserved=0> and 
>> issue 
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Farchitecture%2Fissues%2F65&data=02%7C01%7Cdthaler%40microsoft.com%7Cf15ace6e8b4b447eebc008d81c5b1f33%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637290524986375092&sdata=GfM5qElO4teNdjfABlmVayeGXuYHWBDqHTVtpeeew7g%3D&reserved=0> I 
>> have on Endorsements with a new PR. It will be a fair bit of work, so 
>> I want to see if there is some consensus first.
>> LL
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org <mailto:RATS@ietf.org>
>> https://www.ietf.org/mailman/listinfo/rats
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email