IETF Logo Mail Archive

[Rats] interaction model and token opacity was Re: Call for adoption (after draft rename) for Yang module draft

"Smith, Ned" <ned.smith@intel.com> Sat, 16 November 2019 02:37 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5207A1200F1 for <rats@ietfa.amsl.com>; Fri, 15 Nov 2019 18:37:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id II1x9QT5G9Lc for <rats@ietfa.amsl.com>; Fri, 15 Nov 2019 18:37:09 -0800 (PST)
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E966120088 for <rats@ietf.org>; Fri, 15 Nov 2019 18:37:09 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Nov 2019 18:37:09 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,310,1569308400"; d="scan'208";a="236285083"
Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128]) by fmsmga002.fm.intel.com with ESMTP; 15 Nov 2019 18:37:09 -0800
Received: from orsmsx111.amr.corp.intel.com (10.22.240.12) by ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 15 Nov 2019 18:37:09 -0800
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.161]) by ORSMSX111.amr.corp.intel.com ([169.254.12.253]) with mapi id 14.03.0439.000; Fri, 15 Nov 2019 18:37:08 -0800
From: "Smith, Ned" <ned.smith@intel.com>
To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: interaction model and token opacity was Re: [Rats] Call for adoption (after draft rename) for Yang module draft
Thread-Index: AQHVnCa9Gk1umARWmkGVqcopiBC2wA==
Date: Sat, 16 Nov 2019 02:37:07 +0000
Message-ID: <7A120109-ED2A-46F5-A419-9AA30D96357C@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1f.0.191110
x-originating-ip: [10.24.10.107]
Content-Type: text/plain; charset="utf-8"
Content-ID: <66908322A61DC547B42C3D347563EE40@intel.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/mjdqpWQbyS0SF7UQ00ZTRXDcTDg>
Subject: [Rats] interaction model and token opacity was Re: Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Nov 2019 02:37:11 -0000

Changing the name since the thread seems to have diverged.

There seems to be a requirement that a YANG expression could contain a RATS 'token' since the wire-format structure (bits that are signed) would not be YANG. YANG would treat the 'token' as an opaque structure.

Also, YANG can be used to model protocol or message flow interactions. Since YANG is a modeling language, there is an encoding (XML?) output that is input into an interpreter(?) that implements the protocol state machine. I presume RESTCONF or NETCONF are examples of protocol state machines that accept encodings of a YANG protocol expression?

The RATS 'token' is opaque to the protocol state machine except as a block used to construct a payload for a RESTCONF or NETCONF defined protocol frame.

If the attestation 'token' is obtained from a TPM, it is still meaningful to refer to is as a 'token' since it continues to be an opaque structure in the above context. (???)

The architecture should be able to disambiguate between tokens that are realized using a TPM vs. tokens realized as a JWT or CWT encoding. This requirement may expand to other vendor specific token encodings in order to satisfy compatibility needs - at least as they exist between Attester and Verifier.

However, it may be appropriate for the architecture to limit the Verifier to Relying Party interaction to a single token encoding such as CWT.  (???)

-Ned

On 11/13/19, 3:32 AM, "RATS on behalf of Schönwälder, Jürgen" <rats-bounces@ietf.org on behalf of J.Schoenwaelder@jacobs-university.de> wrote:

    On Wed, Nov 13, 2019 at 07:24:10PM +0800, Michael Richardson wrote:
    > 
    > 
    > On 2019-11-13 7:14 p.m., Schönwälder, Jürgen wrote:
    > > On Wed, Nov 13, 2019 at 07:04:40PM +0800, Michael Richardson wrote:
    > >>
    > >> On 2019-11-13 1:56 a.m., Laurence Lundblade wrote:
    > >>> Got that one totally wrong. I even knew everything you describe about YANG.
    > >>>
    > >>> I still think it is better if we just stick to EAT / CWT / JWT claims described with CDDL as the way we define claims in RATS, except for a few TPM-specific claims. 
    > >> Nothing I've said is opposed to that.
    > >> I rather agree.  I don't think that EAT is complex enough to require a
    > >> definition in YANG.
    > >>
    > >> But, that also has nothing to do with whether we'd need a YANG signing
    > >> standard if we defined them in YANG.
    > >> We wouldn't, because we'd be signing JSON, CBOR (or XML if someone
    > >> insisted) using JSOE and COSE.
    > >>
    > > I am still confused but so far for me it may make sense to have the
    > > following:
    > >
    > > - A YANG defined transport for "tokens" which likely treats tokens as
    > >   opaque objects.
    > 
    > okay, and we need this in the same document (the same model?) as the TPM
    > stuff?
    
    Likely not.
     
    > I think that the process works okay for TPM, because we don't really
    > expect the system that hosts the RESTCONF interface to actually use the
    > RESTCONF interface to talk to the TPM.  We are just providing a gateway
    > to it.
    
    So which applications are using this RESTCONF interface? Can I somehow
    relate this back to the architecture models? Henk's doc seems to be
    telling me that the idea is that $something likes to retrieve
    "evidence" by invoking YANG RPCs. So what is $something and why is
    the evidence TPM specific?
    
    /js
    
    -- 
    Juergen Schoenwaelder           Jacobs University Bremen gGmbH
    Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
    Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>
    
    _______________________________________________
    RATS mailing list
    RATS@ietf.org
    https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email