IETF Logo Mail Archive

Re: [Rats] Call for charter consensus

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Fri, 18 January 2019 23:57 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 872A4130F14 for <rats@ietfa.amsl.com>; Fri, 18 Jan 2019 15:57:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -19.053
X-Spam-Level:
X-Spam-Status: No, score=-19.053 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kXXSO7oeoBA for <rats@ietfa.amsl.com>; Fri, 18 Jan 2019 15:57:26 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D67CC130EFA for <rats@ietf.org>; Fri, 18 Jan 2019 15:57:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6976; q=dns/txt; s=iport; t=1547855845; x=1549065445; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=j7nmjJY+QGYGqQQlkgrOjxejPgV2dtMY5+aHvfqzf6k=; b=cRnkMqLRb2G1t530BALueInKnvbR0i/9xqaGDo3hL2rhTjAoNnYNGs72 jEUpDRsof22DHAdK/CsGXm+MVJQXTQj6vW0yEUzJJz/YUPb1XLB9TsBNy tazBtR+NbQ1rOZwWAcu3bOGWjuoUT+s4UrfM6l7jBYO+bcxU98K0bABCi Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAAB6Z0Jc/5RdJa1bCQ4LAQEBAQEBAQEBAQEBBwEBAQEBAYFRBAEBAQEBCwGBVS6BaCcKg3eIGotogWglmAGBewsBAYF3gnUCF4JFIjQJDQEDAQECAQECbSiFSwEFHQYRRRACAQgOBAYCAiYCAgIwFQIOAgQBDQWDIoICq3OBL4VDhGyBC4snDxeBf4ERJwwTgkyETQoUFoMJMYImAolsGYxciz8JApIZGJIUigSQcgIRFIEnHziBVnAVOyoBgkGQITtBMYh1gR8BAQ
X-IronPort-AV: E=Sophos;i="5.56,492,1539648000"; d="scan'208";a="507060189"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jan 2019 23:57:24 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x0INvOkW002723 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 18 Jan 2019 23:57:24 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 18 Jan 2019 18:57:23 -0500
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1395.000; Fri, 18 Jan 2019 18:57:23 -0500
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Laurence Lundblade <lgl@island-resort.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for charter consensus
Thread-Index: AQHUrt88ycN1OAAxL0q/VhBcqW5yZaW04Q4AgADQGoCAAAKCAP//z2mA
Date: Fri, 18 Jan 2019 23:57:23 +0000
Message-ID: <6148663C-0218-4E4B-8967-33B60F629DC2@cisco.com>
References: <6C7E1E60-2507-4B1E-98DB-AB572C239ACD@cisco.com> <B60D5D8B-F434-45CD-9CB6-3C33E1EA91D3@island-resort.com> <20190118184219.GL81907@kduck.mit.edu> <87CF924F-3B71-4639-99B7-7E5A7916ABAF@island-resort.com>
In-Reply-To: <87CF924F-3B71-4639-99B7-7E5A7916ABAF@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.c.0.180410
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.155.84.33]
Content-Type: text/plain; charset="utf-8"
Content-ID: <925B18636B3E3A4681518924EEC7FA6A@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.152, xch-rtp-012.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/lhCBA06K4eNzv62RiZ3BGIhZQzE>
Subject: Re: [Rats] Call for charter consensus
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 23:57:28 -0000

Thanks Ben and Laurence. It is correct that the intent of the preamble was for the list to be a sample, not an exhaustive list.
Adding the bullet makes good sense and I don't think it affects the actual scope of work or goals.

The charter now reads:

--[ snip ]--
Introduction
==========

Relying parties require evidence about the trustworthiness of remote system components [RFC4949] they interact with. Remote attestation procedures (RATS) enable relying parties to establish a level of confidence in the trustworthiness of remote system components by creating and processing attestation evidence. A relying party can then decide whether to consider a remote system component trustworthy or not.

To improve the confidence in a system component's trustworthiness a relying party may require evidence about:
* system component identity,
* composition of system components, including nested components,
* roots of trust,
* assertion/claim origination or provenance,
* manufacturing origin,
* system component integrity,
* system component configuration, 
* operational state and measurements of steps which led to the operational state, or
* other factors that could influence trust decisions

While domain-specific attestation mechanisms such as Trusted Computing Group (TCG) Trusted Platform Module (TPM)/Trusted Software Stack (TSS), Fast Identity Online (FIDO) Alliance attestation and Android Keystore attestation exist, there is no interoperable way to create and process attestation evidence to make determinations about system components among relying parties of different manufactures and origins. 

Goals
=====

This WG will standardize formats for describing assertions/claims about system components and associated evidence; and procedures and protocols to convey these assertions/claims to the relying parties.  While a relying party may use reference values to assess the assertions/claims the procedures for this activity are out of scope for this WG.

The working group will cooperate and coordinate with other IETF WG such as TEEP, SUIT and SACM as appropriate.  The WG will also evaluate prior work such as NEA and proprietary attestation technologies.

Program of Work
==============

The working group will develop standards supporting interoperable remote attestation procedures for system components. The main deliverables are as follows.

1. Specify a terminology, architecture and use cases that enable explicit (a set of verifiable assertion/claims is transported in the attestation) and implicit (a set of assertions/claims is implied by possession of a secret) attestation techniques.  The architecture may include a system security model for the signing key material and involve at least the system component, system component provider, and the relying authority.

2. Standardize an information model for assertions/claims which provide information about system components characteristics scoped by the specified use-cases.

3. Standardize data models that implements and secures the defined information model (e.g., CBOR Web Token structures [RFC8392], JSON Web Token structures [RFC7519]).

4. Standardize interoperable protocols to securely convey assertions/claims.
--[ snip ]--


On 1/18/19, 10:51, "Laurence Lundblade" <lgl@island-resort.com> wrote:

    On Jan 18, 2019, at 10:42 AM, Benjamin Kaduk <kaduk@mit.edu> wrote:
    > 
    > Hi Laurence,
    > 
    > On Thu, Jan 17, 2019 at 10:17:30PM -0800, Laurence Lundblade wrote:
    >> Hi Nancy,
    >> 
    >> The charter lists some types of claims/assertions in the introduction.  That list does not include things like GPS Location, public part of key pairs generated on device, enforced conditions for use of that key, identity of an app requesting a token, and app/user defined claims. Most of these types of claims have been implemented already either by FIDO, Android attestation or other products.  A vision here is that Android or other types of apps prove who they are to the server and pass a lot of data to the relying party via the token, often as input to authentication and financial transaction risk engines. 
    >> 
    >> 
    >> I assume it will continue to hold that anyone can add any proprietary claim they want, but a lot of the types of claims/assertions I just mentioned would be valuable as a standard. Some will be relatively easy to standardize. Some may not be. My first thought is that some of the easy obvious ones should be in scope, but we need to draw a line somewhere so we’re not creating claims forever. Not sure where that line is.
    > 
    > Those are good points.  I think it's probably premature to wire down a
    > specific list of claims at charter time, so the list in the introduction
    > should be treated as exemplary rather than normative, as is typical for
    > charter introductions.  Perhaps we want to add another bullet "other
    > factors that could influence trust decisions" to make that more clear.
    
    
    That definitely works for me.
    
    LL

v2.23.0 | Report a Bug | By Email