[Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
Anders Rundgren <anders.rundgren.net@gmail.com> Fri, 19 April 2019 06:08 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A05A3120047 for <rats@ietfa.amsl.com>; Thu, 18 Apr 2019 23:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6xJg9vjj_Dr for <rats@ietfa.amsl.com>; Thu, 18 Apr 2019 23:08:16 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79B06120073 for <rats@ietf.org>; Thu, 18 Apr 2019 23:08:16 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id t17so5678024wrw.13 for <rats@ietf.org>; Thu, 18 Apr 2019 23:08:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=9j30vGC7d/fel5I8zDUJADvp/G4Mhn9Sl2KojmoJNvk=; b=Z/RZTyEj6s2BtOKX9IOH+Fr9gT7wkTSCR/dMHhlEQia7B3eFTOZDrtDazOgjTErb/2 ppZHaj8Vz7xWDjcgLAzXffH5HJ4RG4pCIM6FV2QyosFNqHYACnUcfZMogyZqOUxjiKmg gCO9E67OavusYlhd/m55ZvUN9mO4zVcMCT34RyWCdsQ9JjSQjYZVD+abZC/wNqw3M9aa u7Qt3rgohoPJKkdzAYJIY3ZSOlaRGLG89K14y6u3EpQLcVqoupkXN65gLuoo2TQwkIcH f/l86EAqziiRKKLOxHxMfN/XepMZwcMGqZ8qTgjavczK12o29Pilrbh8/wdPWWinqMQ1 jiiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=9j30vGC7d/fel5I8zDUJADvp/G4Mhn9Sl2KojmoJNvk=; b=c515vyULTSvQqegsrJ+qaMdNVZHWo/nnxDJWh8LDAmAy5spIoobDxaV3EvYEoamhI7 FURSdmdqYvBHWknqT2YmRQW9Ef5XXYRdb7nuIOvjBYDUTxbRkg0Z5xppWI1qWBW16A57 PrpDF+soJQ1dme3H5OJX6feV6/tXCEWtSPlqGn4iTe8n16DVwzX27jWWGYRPBwj/Pvua zQIFYeZPEu+z6gIU21KJzCiI0nSI7kGiafYTdNq/TJwwisl0PXKPSSyVErl00xYdZqBG P4xJ1T+rXx0RF9OrsXbD1e30KcC2QJqQNg63MAYNrPaMeq5G3FVFwDT0kU7Zj9Qv/c1k Z5lg==
X-Gm-Message-State: APjAAAXdX32OYu5MgZNXcqAItXOy/JeicPL5FhvTpk+pXpt4LxPQKNor S5QE2QxKllMUPBVj6Af0bGI=
X-Google-Smtp-Source: APXvYqwPcJuULgukWfZrwHsOCWIf4jHdKA++CCGTRyUzPZvZykBu5RD736TBPsC4pYDof3dOWl9okQ==
X-Received: by 2002:a5d:4a4f:: with SMTP id v15mr1457930wrs.5.1555654094963; Thu, 18 Apr 2019 23:08:14 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id s2sm3069591wmc.7.2019.04.18.23.08.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Apr 2019 23:08:13 -0700 (PDT)
To: Thomas Fossati <Thomas.Fossati@arm.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Laurence Lundblade <lgl@island-resort.com>
Cc: "rats@ietf.org" <rats@ietf.org>, Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com> <14288.1553710783@dooku.sandelman.ca> <4EB6FF13-2DAF-4BDC-AC90-C46720D61AF0@arm.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <bf003513-209a-7d5f-a9a5-58ade6c23545@gmail.com>
Date: Fri, 19 Apr 2019 08:08:10 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <4EB6FF13-2DAF-4BDC-AC90-C46720D61AF0@arm.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/miL1Yt_gefrLES7ib8ruyaL0MDE>
Subject: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2019 06:08:20 -0000
Here you have another link: https://developer.android.com/training/articles/security-key-attestation As an application developer I find this scheme and the associated "AndroidKeyStore" quite impractical. The recent addition of "StrongBox" makes it worse. With a two-level TEE/SE session-key based scheme you only need to attest the session permitting you to perform any number of secure operations and close the session with a "commit" which in turn responds with a (session signed) message to the SP that everything went right. Anders On 2019-04-18 15:06, Thomas Fossati wrote: > Hi Michael, > > On 27/03/2019, 18:25, "RATS on behalf of Michael Richardson" <rats-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote: >> (Still looking for some pointers to *attestion* parts of the Android KeyStore.) > > Maybe you want to take a look at [1] > > Cheers, t > > [1] https://arxiv.org/pdf/1904.05572.pdf > > > > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Laurence Lundblade
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] 答复: More use cases for draft-richardso… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- [Rats] draft-richardson-rats-usecases-00 comments Anthony Nadalin
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
- [Rats] More use cases for draft-richardson-rats-u… Laurence Lundblade
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Anthony Nadalin
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- [Rats] 答复: More use cases for draft-richardson-ra… Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Thomas Fossati
- [Rats] Android attestations: Re: draft-richardson… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
- [Rats] aligning the use case documents appropriat… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Shawn Willden
- Re: [Rats] Android attestations: Re: draft-richar… Shawn Willden
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
- Re: [Rats] More use cases for draft-richardson-ra… Thomas Hardjono
- Re: [Rats] More use cases for draft-richardson-ra… Benjamin Kaduk
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson