IETF Logo Mail Archive

Re: [Rats] Processing Endorsements and Evidence into Results

"Smith, Ned" <ned.smith@intel.com> Fri, 03 April 2020 04:20 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 313053A0E1C for <rats@ietfa.amsl.com>; Thu, 2 Apr 2020 21:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wDABPUByQzeU for <rats@ietfa.amsl.com>; Thu, 2 Apr 2020 21:20:11 -0700 (PDT)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C59F3A0E19 for <rats@ietf.org>; Thu, 2 Apr 2020 21:20:10 -0700 (PDT)
IronPort-SDR: 3FzIh4ETNoB7g55w3UcPNtYjzecvfR8NW3wqYeWreL6OtSGOlx6TqzW0x0HyP4l4vc3Ovs562U DBEKzMei0tXQ==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Apr 2020 21:20:08 -0700
IronPort-SDR: ZyDCHiU66z9Wu0Wb44CExUg5qXAWcryrNkCZ5vmMSWt0df9/aenQNBs48gvxyTvTNfTF0lNHrO HUMr33bajfIg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,338,1580803200"; d="scan'208,217";a="238760845"
Received: from orsmsx105.amr.corp.intel.com ([10.22.225.132]) by orsmga007.jf.intel.com with ESMTP; 02 Apr 2020 21:20:08 -0700
Received: from orsmsx122.amr.corp.intel.com (10.22.225.227) by ORSMSX105.amr.corp.intel.com (10.22.225.132) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 2 Apr 2020 21:20:07 -0700
Received: from orsmsx108.amr.corp.intel.com ([169.254.2.172]) by ORSMSX122.amr.corp.intel.com ([169.254.11.66]) with mapi id 14.03.0439.000; Thu, 2 Apr 2020 21:20:07 -0700
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Processing Endorsements and Evidence into Results
Thread-Index: AQHWCSYFjr6P8H2RO0Gpgb6vU8jglKhm7I6A///fdYA=
Date: Fri, 03 Apr 2020 04:20:07 +0000
Message-ID: <B8790B3C-35FF-4709-837D-0BE609678104@intel.com>
References: <C3BC4E14-8BF8-4CD5-882B-F7AAF4B9155F@island-resort.com> <BB724659-3075-4ED2-8745-BACBD0D17C2B@island-resort.com>
In-Reply-To: <BB724659-3075-4ED2-8745-BACBD0D17C2B@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
x-originating-ip: [10.254.67.174]
Content-Type: multipart/alternative; boundary="_000_B8790B3C35FF4709837D0BE609678104intelcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/lY3P1o2HFsS7SHR3FuAj9Awb55Y>
Subject: Re: [Rats] Processing Endorsements and Evidence into Results
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2020 04:20:13 -0000

BTW: Since ‘debug-disable’ is permanent it could probably equally be included in Endorsement.
It is also reasonable that Verifier could downgrade ‘security level’ based on other claims and how they relate to policies. Security level in Evidence is an assertion the attester makes that has to be substantiated in some way. It could also be used exclusively as a conclusion in Results based on review of a bunch of other claims (in other words Attestation Results cold acquire additional claims beyond what originally existed in the intersection of Evidence and Endorsement.

Policies and or standardized profiles decide all these variables IMHO.

But the example seems to be illustrative (if that was the intent).

-Ned

From: RATS <rats-bounces@ietf.org> on behalf of Laurence Lundblade <lgl@island-resort.com>
Date: Thursday, April 2, 2020 at 4:16 PM
To: "rats@ietf.org" <rats@ietf.org>
Subject: Re: [Rats] Processing Endorsements and Evidence into Results

Let me make this much more concrete with an example. I’m using JSON representation of CWT/EAT/Endorsements with C-style comments for reading ease.

Endorsement
{
    “trust-evidence”: “all”,           // E0, I just made this up
    “field-upgradable”: true,          // E1, from draft-birkholz-rats-endorsement-eat-00
    “shielded-secret”: internal,       // E2, from draft-birkholz-rats-endorsement-eat-00
    “common-criteria”: https://www.commoncriteriaportal.org/files/epfiles/0879V3a_pdf.pdf”,      // E3, from draft-birkholz-rats-endorsement-eat-00
}

Evidence
{
    “iat": 5734873409823,              // C1 time stamp for evidence creation time(eg) from EAT draft
    “security-level”: 4                // C2 the security level is “hardware” from EAT draft
    “debug-disable”: “permanent”       // C3 debug is permanently disabled for all but the OEM from EAT draft
}

Results
{
    “field-upgradable”: true,          // R1, from draft-birkholz-rats-endorsement-eat-00
    “shielded-secret”: internal,       // R2, from draft-birkholz-rats-endorsement-eat-00
    “common-criteria”: https://www.commoncriteriaportal.org/files/epfiles/0879V3a_pdf.pdf”,      // R3, from draft-birkholz-rats-endorsement-eat-00
    “iat": 5734873409823,              // R4 time stamp for evidence creation time(eg)
    “security-level”: 4                // R5 the security level is “hardware”
    “debug-disable”: “permanent”       // R6 debug is permanently disabled for all but the OEM
}

In this example, the RP is probably feeding this into a risk engine so they want all the details.


Here’s another very abbreviated example with made up claim names:

Endorsement (not showing any signing)
{
    “expected-hash”: “TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZW”
}

Evidence
{
    “actual-hash”: “TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZW"
}

Results
{
    “verified”: true,
}

This all seems like the eventual logical result of the EAT, endorsements and architecture drafts to me.

LL





On Apr 2, 2020, at 12:36 PM, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

Now that we have a first draft describing endorsements<https://tools.ietf.org/html/draft-birkholz-rats-endorsement-eat-00>, and they look like Evidence and Results, it seems interesting to consider some of how the verifier uses Endorsements (reference the architecture diagram below).

Let’s say there are three things in the endorsement, E1, E2 and E3, three things in the evidence, C1, C2 and C3 and three in the results, R1, R2 and R3.

Then three simpleton top-level cases:

1) An Endorsement is passed through and becomes a result: E1 — > R1
2) A Claim is passed through and becomes a results: C1 —> R2
3) Some endorsements combine with some claims to become a result: {E2, E3, C2, C3} —> R3

However that seems to be too simple and I think there has to be some sort of a primitive endorsement, call it E0, whose semantics are that some or all of the claims can always be believed. I think that means 2) doesn’t really exist, but has to be this:

2) Some claims can pass through with the use of the primitive E0 endorsement: {E0, C1} —> R2

One way E0 could be defined in the draft describing endorsements<https://tools.ietf.org/html/draft-birkholz-rats-endorsement-eat-00> is that it is a list of the labels of claims that are trusted to be passed through. For numeric labels  a range INT64_MAX to INT64_MIN (or -infinity to +infinity)  indicates all claims are trusted. It could also list specific ones that are trusted.

From the TEE, FIDO and Android Attestation views of the world where measurements aren’t a primary thing and secure/trusted boot is required and always on, a common model will be to pass everything through to create an aggregate result. It could be represented this way:

E1->R1
E2->R2
E3->R3
{E0,C1}->R4
{E0,C2}->R5
{E0,C3}->R6

I think this goes on to submodules too and has some relation to the attempted to propose a connection type.  Endorsements may be able to say how submodules are trusted. There might even be an E00 primitive that says the lead attester is allowed to say how submodules are trusted. This whole line of thinking was partly prompted by this issue<https://github.com/ietf-rats-wg/eat/issues/58> against EAT and comments from Giri and Dave.

LL



                 ************   ************    *****************

                 * Endorser *   * Verifier *    * Relying Party *

                 ************   *  Owner   *    *  Owner        *

                       |        ************    *****************

                       |              |                 |

           Endorsements|              |                 |

                       |              |Appraisal        |

                       |              |Policy for       |

                       |              |Evidence         | Appraisal

                       |              |                 | Policy for

                       |              |                 | Attestation

                       |              |                 |  Result

                       v              v                 |

                     .-----------------.                |

              .----->|     Verifier    |------.         |

              |      '-----------------'      |         |

              |                               |         |

              |                    Attestation|         |

              |                    Results    |         |

              | Evidence                      |         |

              |                               |         |

              |                               v         v

        .----------.                      .-----------------.

        | Attester |                      | Relying Party   |

        '----------'                      '-----------------'







_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email