[Rats] WGLC Review of draft-ietf-rats-architecture-07
"Eric Voit (evoit)" <evoit@cisco.com> Wed, 18 November 2020 17:31 UTC
Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id C7F333A0CE8
for <rats@ietfa.amsl.com>; Wed, 18 Nov 2020 09:31:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=cisco.com header.b=baLMnIdt;
dkim=fail (1024-bit key)
reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com
header.b=rIEkWBYo
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id IuB3askUps5Y for <rats@ietfa.amsl.com>;
Wed, 18 Nov 2020 09:31:26 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91])
(using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id DA28D3A0CF8
for <rats@ietf.org>; Wed, 18 Nov 2020 09:31:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=cisco.com; i=@cisco.com; l=10260; q=dns/txt;
s=iport; t=1605720685; x=1606930285;
h=from:to:subject:date:message-id:mime-version;
bh=Yv3cv4ZcOt5ZgxcWu1rOfL9ZzsYZ5aXrHYKq3ii45VU=;
b=baLMnIdtpbaelkVsTrKn7fM+uX5DEnhbQjht5IMlkhv5/7t3NRvuz6nn
M0iFShNwWgUjqwWwzeugp7ercM7m4RXbem4Cwkh3bkbGtXvwyPxhGqTls
HYSEORBOOQ707TbNRLprc3MBJ31uT1V1CriwbC4Ax7oGsB3rCXLvari9w c=;
X-Files: smime.p7s : 3975
X-IPAS-Result: =?us-ascii?q?A0BHDAD1WbVffZldJa1iHQEBPAEFBQECAQkBFYFPAoFQI?=
=?us-ascii?q?y6BJy0vLgqHfAOmYIEuFIERA1QEBwEBAQoDAQEtAgQBAYRKAoIlAiU1CA4CA?=
=?us-ascii?q?wEBAQMCAwEBAQEFAQEBAgEGBBQBAYY8AQuGCy4BATgRARo2MBcPAQQbBhSDB?=
=?us-ascii?q?YF+VwMfDwGkOQKBPIhodIE0gTuBSQEBBYUOGIIJBwmBOAGBUoEgij4PG4FBP?=
=?us-ascii?q?4ERQ4cWARIBI4NIgiyNa4JajAabbgqCbYRTgmSUBKF6k1OgVwIEAgQFAg4BA?=
=?us-ascii?q?QWBVgE1aXBwFTuCaVAXAg1WkTqKWHQ3AgYKAQEDCXyMOwGBEAEB?=
IronPort-PHdr: =?us-ascii?q?9a23=3AKUqcSxYmbO3Vq+DfzRUZ0n//LSx94ef9IxIV55?=
=?us-ascii?q?w7irlHbqWk+dH4MVfC4el21QaTD4TW9/wCjPDZ4OjsWm0FtJCGtn1KMJlBTA?=
=?us-ascii?q?QMhshemQs8SNWEBkv2IL+PDWQ6Ec1OWUUj8yS9Nk5YS8fze1OUpWe9vnYeHx?=
=?us-ascii?q?zlPl9zIeL4UofZk8Ww0bW0/JveKwVFjTawe/V8NhKz+A7QrcIRx4BlL/U8?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.77,488,1596499200";
d="p7s'?scan'208";a="593487115"
Received: from rcdn-core-2.cisco.com ([173.37.93.153])
by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA;
18 Nov 2020 17:31:24 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11])
by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 0AIHVOsf023542
(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL)
for <rats@ietf.org>; Wed, 18 Nov 2020 17:31:24 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-001.cisco.com
(173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
Wed, 18 Nov 2020 11:31:24 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-003.cisco.com
(173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
Wed, 18 Nov 2020 11:31:23 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by
xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server
(TLS) id
15.0.1497.2 via Frontend Transport; Wed, 18 Nov 2020 11:31:23 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=ecnHiA0QeBoOywVizjsLBdQsOBwq58d6pf9B/nIBNZX6adDZkQYu/QcmYAwg9rvs6M6xFToRWTYlb81WJjbhycwjEBKYwxPahYNlbgEJoFltxpNN/E/SJvV3l0TkUTdvZayIWUD8kMi4R1CAp/TTy4tKKgmgFHHwH0Qg5WggA4JU6p4tZRjyspVDRKBnwp3uACDvuWBa8HzV9wHRJQk+AYqJH3OrmOVljZhWI2WaFes/KQrc8qivE0zsxC5sHgj76Cra4exExyS0qzKRuJidYHJh2rpOQ9wvXE7bWND1Cw2i7Ro1WR9ofZ2/KWvTKf2DpmT9d3jz48p67y1RLWEagQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DIvo4Wxv2DqOKcPMlqi/vz5zKnhQ5RfxjNjWoZyLckE=;
b=BRMr+uLheS8IKOZYHXDN6WRfIuTMy00scMl/tBog8aqqJkO9RtRR9QMWqTKD3ariha1LcBzqpheg3dU3IulqP2HYbCd2ulMJoBlqENv/BwlXVESw15lFT3pKrPmazmip11tItSl+lcpysikFJ+RBCWO9fHU8lUTHh40WXR4Ys/ADm4LD/MV8CIg2WoBx5SIwd8YqP1n7q5z07yC+f+k3iSc9yUwvPpoRrTIfTAaTY4DWKYpAw/DVpYDmwlAKGCMn53pktvXj/4BEg9zRWE2Wga9OCAgct8HzySbFzD90cv8E5MVH4NvWS/0FVO53CZugAnKv5MNSbuazCgjJbjj8kQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com;
dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com;
s=selector2-cisco-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DIvo4Wxv2DqOKcPMlqi/vz5zKnhQ5RfxjNjWoZyLckE=;
b=rIEkWBYoNZp7sLYVK3D9j88EEdiv6Sb5Xnr2AHu05R+kpkI7QSLAFfPVduJlcdKOMIFsX/eUAHdnZHcnAcgEgEQc1mQ/aaosFNPPDEtadXenXWu7Y4/kQW7bP/g16Z1gExvhSzgDRfJtDfSawvaOJDgTHa+hga0KlWgEkYBWWGQ=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32)
by MN2PR11MB4709.namprd11.prod.outlook.com (2603:10b6:208:267::22)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20; Wed, 18 Nov
2020 17:31:22 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com
([fe80::1d48:9682:b349:ce7a]) by BL0PR11MB3122.namprd11.prod.outlook.com
([fe80::1d48:9682:b349:ce7a%6]) with mapi id 15.20.3499.034; Wed, 18 Nov 2020
17:31:22 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: WGLC Review of draft-ietf-rats-architecture-07
Thread-Index: Ada90JZcs3nUrJBAQ3ylFss/vpaZ5Q==
Date: Wed, 18 Nov 2020 17:31:22 +0000
Message-ID: <BL0PR11MB3122D6CFE059E3969C15E9F4A1E10@BL0PR11MB3122.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed)
header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [75.170.135.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: efe695c6-d4fb-453c-30d8-08d88be7c4a1
x-ms-traffictypediagnostic: MN2PR11MB4709:
x-microsoft-antispam-prvs: <MN2PR11MB47090C1DC8935A027740CC38A1E10@MN2PR11MB4709.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5epAFcMl00YMFmIEQNvLlV9uuzVN0vssUE84a1YWdM0NoWO9xFtbJ149iFJWF8qcFd5msXJZWTDPjM2Z/Cw61CcebZGJndqJzdpfedhezgVm0EEj1zG3xdf2xQniGnfRfFWObU2XaAgww3a+71Ff2nA69D7QCPCtTBtPeXI6J6MBfr43INHJ7b0QndqB6Rr2/errav9Ix+Pw+KHxwz+bHzYsg1oMWSLiLZScACLxlasU1DspRxPZUEHxsqGezsWcLgtY0BDu4REBVm845KAAucuL3oIxY9pE2kv70TnJh8Ezveba89nA8fs0aCMVB9opULn82+WY29ROvdU8qsjz9Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE;
SFS:(366004)(396003)(136003)(39860400002)(376002)(346002)(5660300002)(66476007)(52536014)(76116006)(66946007)(64756008)(66556008)(71200400001)(66616009)(316002)(6916009)(66446008)(9686003)(2906002)(8936002)(8676002)(186003)(7696005)(55016002)(6506007)(478600001)(99936003)(26005)(33656002)(83380400001)(86362001)(66574015);
DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: cNuZgMjHQM4/WytdHM3GbTp3g6pRwQLWEuOO+NrxcZnJ33+RoVeyt9Y4Y+0AwBomK5334njxV6vhBCUU1f/xmwJSOxYHMRZ/5HJYNLbIc4Y14upuSr+R/8YXQSiuL4MgTSGTgp2UqILYT6kfIGRs/dzuHqvPuSWqdb8bsKtVSFKGsJLORcE4jA3R6ghng1uyxANoDYGAsVstIbnaI4xw6M1KOwULYnwTPXBrSxEaCXzrvZbKClFxQ8lzuwqX6Rkwh3cPMcN3EJq76f4Z7PrZ03uR3BkW2c44K3eF04Apu+gMsy5XwTyh/Hdn1OtBdI8QPkk+ZdwL9LsTa9qYAQRJ5neNrPruRoNGNiCRSYl/WNaoUtx6SX6pBjmCjq4gXGMkjRiqQmwHFrJCwegYnpWFF6mMs4Tes6A/yVQEzevqECrnT5d7v4NBjNg4DqkeLyGBw9EqMGDK4nspLDAzw9pBAwyrXhg4IMn9Pw2v5UOe6KxdrzFWeTrDxwYkiOjdBpGi3Y12cl+AzJwtr0LOANTXjzgeFj/Xgb4c2YI8PyQygcokkQV7Vm87qOl4a4o/xvpUnnlJciPZO5Xw5v14jxdht7vjTaX+mPKNtE1z8IVpRNaB0AVflUjJrqzRpooqP8bY1qFx0d1XvNmZ7Jcv+XDoXA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_007B_01D6BDA6.B59797C0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: efe695c6-d4fb-453c-30d8-08d88be7c4a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2020 17:31:22.4730 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wLfSplTkPumilD7KUJAlL5BVDmEPe257Lx1FkgNGYdrgsrSR2xQ1XI7NotHhTois
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4709
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/m65COAszSM7HfqL6O6ciw5AJVVk>
Subject: [Rats] WGLC Review of draft-ietf-rats-architecture-07
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>,
<mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>,
<mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 17:31:28 -0000
As part of WGLC, I have reviewed draft-ietf-rats-architecture-07, and believe it an excellent document. Below are three minor comments and five nits which I believe are worth addressing. Major Comments ----------------------- None Minor Comments ----------------------- Section 4: General Comment (this comment could also apply to Section 12) It is up to the Relying Party to evaluate the Verifier. And not all Verifiers should be seen as equivalently trustworthy. Additionally, any particular Verifier might be able to provide a consistent level of certainty in the "Attestation Results". This is because the capabilities of the Attesting Environment will vary. This section does not hint at the varying levels of certainty in the "Attestation Results" based on the varying quality and quantity of available Evidence of different types of Attesters. I am not sure if this truism belongs in this section. Or if this truism belongs in the document at all. But without having this nuance being described somewhere, it could leave the perception of a higher level of confidence in the Appraisals being from a deployable RATS architecture made than might necessarily be warranted. Note that this issue is also alluded to in Section 7.4 and Section 12. But neither address things like whether Attestation Result values should provide a minimum level of confidence regardless of the type of Attester being evaluated. In the end, I am fine if nothing changes in the document as a result of this comment, but I wanted to have the authors consider whether this is worth a statement or two. Section 5.1 Current Text: If the Attestation Result was a successful one, the Attester can then present the Attestation Result to a Relying Party, which then compares the Attestation Result against its own appraisal policy. Proposed Text: If the Attestation Result was a successful one, the Attester can then present the Attestation Result (and possibly additional Evidence) to a Relying Party, which then compares this information against its own appraisal policy. Alternative way to address comment: In Section 5.3 is a discussion on "Combinations". A final sentence or paragraph could be added on another example of a combination where the Attestation Result from a Passport Model can be a form of Evidence coming into a background check model. Rationale #1: There are multiple statements in Section 5.1, including the diagram which do not show additional Evidence allowed to be included as part of the passport model. We need at least one statement within Section 5 which shows this to be a valid scenario. I do not think Figure 7 covers this option sufficiently. (Note: this goes back to previous email list discussions showing that a even a government issued passport is stamped with supplemental information as people transit country borders.) Rationale #2: Section 8.3 on Attestation Results do not reference "Combinations", nor that Attestation Results can be a type of Evidence. Rationale #3: Section 16.2 includes a Nonce2 as supplemental evidence as part of the passport model diagram. Section 16.3 The notational convention for the use of ' (i.e., prime) after timestamps is not described. E.g. time(HR'_v). I think its meaning can be figured out by the diagram. But it might be worth making it an explicit notification convention. And other subsequent documents might want '' as well. Nits: ------ Section 2: Reference Value Provider Currently: ...Reference Values help Verifiers appraise the authenticity of Evidence Proposed: ...Reference Values help Verifiers appraise Evidence to determine if only known and acceptable claims have been recorded by the Attester Section 3.6: Currently: One significant problem is malware that holds a device hostage and does not allow it to reboot to prevent updates from being applied. This is a significant problem, Proposed: There is a class of malware that holds a device hostage and does not allow it to reboot to prevent updates from being applied. This can be a significant problem, Section 4: Currently: pppraisal policy Proposed: appraisal policy Section 11: Currently: as well as any users the device is associated with. Proposed: as well as potentially any users of the device. Section 12.1 Currently: Key Material Proposed: key material Thanks, Eric
- [Rats] WGLC Review of draft-ietf-rats-architectur… Eric Voit (evoit)