Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
Carl Wallace <carl@redhoundsoftware.com> Thu, 20 June 2019 13:31 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1AF412004E for <rats@ietfa.amsl.com>; Thu, 20 Jun 2019 06:31:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nNpd8Un0zHAO for <rats@ietfa.amsl.com>; Thu, 20 Jun 2019 06:31:51 -0700 (PDT)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1636F120045 for <rats@ietf.org>; Thu, 20 Jun 2019 06:31:51 -0700 (PDT)
Received: by mail-qt1-x834.google.com with SMTP id h21so3125233qtn.13 for <rats@ietf.org>; Thu, 20 Jun 2019 06:31:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=Eb4zWZKLsO6t8ObFqUf1yuwtJlln//qRFdd0QptS844=; b=J1YBuq3HR1FL/fjl8Ff4hz5J/Kx3ePrMVaEbFK7THaJ/IJqNKd2k4C9oKCUtcKkkBw UZ8l+K/koAwoRFHPULHYrbV4gJtmnnK9scvUQiwAJ9csAmEGqb3Lky/qqyUdL6Sfwh13 m69X74AVWbt/3wvbepEpUQcdhxD0C6kRDqEj4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=Eb4zWZKLsO6t8ObFqUf1yuwtJlln//qRFdd0QptS844=; b=cOPyW9YYx/r/1xM8Hf6a5/1FdrsIowzz+1s5DlYKSqsySM/5j5T8dccDVHAfHkx8N8 B3GM6P+en5P/E12zH4NMKbtgA/j7t4U9O+Ys22GsM5R54q4lpmNXhMilLyS4vjHsbnwB 7OPORLNBoV2SVp8mXE8T8K2FnSSwlGHN3M7jcIgmDxed33zvPU1xVIBNogG5WA009AdN UaWl/kVrZOZrrvUch9KPhNOyIuzsEocJVJq9XhijZvfYVK6l3YEOb+CzTGAeWVZFeq4i 6/EBoaRmbY8sydSAWqvY+6H3ABoSv2/yeBysFGgfkqmwjDyuS4a9Kd3YeLO/w1pcbVgt m7Rg==
X-Gm-Message-State: APjAAAWbrM7CnPyGTutGL1q2qzpo7Fylqkqp9GqdtN4bWHpzFKVj8s8g Vfw08me8qYXms3gUAdfpHhCErw==
X-Google-Smtp-Source: APXvYqzV/q2Pgl1YogIfzQ0jCfPtk16fSx9mPih80NMSjbKsCaA8axQTlAovdZj2tItcNrMPIPGiJA==
X-Received: by 2002:ac8:28e2:: with SMTP id j31mr71940982qtj.274.1561037510099; Thu, 20 Jun 2019 06:31:50 -0700 (PDT)
Received: from [192.168.2.105] (pool-96-255-231-27.washdc.fios.verizon.net. [96.255.231.27]) by smtp.googlemail.com with ESMTPSA id 47sm11799619qtw.90.2019.06.20.06.31.46 (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 20 Jun 2019 06:31:49 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Thu, 20 Jun 2019 09:31:40 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Shawn Willden <swillden=40google.com@dmarc.ietf.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>, Laurence Lundblade <lgl@island-resort.com>, Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>
Message-ID: <D93100A6.E0A23%carl@redhoundsoftware.com>
Thread-Topic: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com> <14288.1553710783@dooku.sandelman.ca> <4EB6FF13-2DAF-4BDC-AC90-C46720D61AF0@arm.com> <bf003513-209a-7d5f-a9a5-58ade6c23545@gmail.com> <21417.1560911502@dooku.sandelman.ca> <fbc05f84-232b-7ca6-47c1-9b23d73e47ca@gmail.com> <CAFyqnhUkVaYMtjpB9wa4h6hEwd=h3hXHkCr9w8bd8LSXEo0ckA@mail.gmail.com>
In-Reply-To: <CAFyqnhUkVaYMtjpB9wa4h6hEwd=h3hXHkCr9w8bd8LSXEo0ckA@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3643867908_3983767"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/msCvTRFvAvzJMckshkk4bhXiXdg>
Subject: Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2019 13:31:54 -0000
>> <snip> > The Android platform security team considers this an anti-goal. We're very > concerned that the scope of functionality being installed in TEEs is exploding > to a degree that the TEEs are becoming less trustworthy, not more (and they > haven't been particularly good). Not only do we not want to enable > field-installation of TAs, we'd like to constrain factory/OTA installation to > smaller sets (some devices ship with upwards of 40 TAs today), though our > ability to do that is very limited. +1 > > There's a tension here between enabling more use cases and maintaining / > increasing the security of existing use cases. We recognize that GP and many > others disagree with us on how to balance the issues, and that perhaps we're > wrong, but we have to respond to the Android ecosystem as we see it. Re: more use cases, the ability to encrypt a key attestation in TEE/SE for a specific provisioning end point would be nice to have (to conceal a challenge password while in transit, for example). >
- Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Laurence Lundblade
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] 答复: More use cases for draft-richardso… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- [Rats] draft-richardson-rats-usecases-00 comments Anthony Nadalin
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
- [Rats] More use cases for draft-richardson-rats-u… Laurence Lundblade
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Anthony Nadalin
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- [Rats] 答复: More use cases for draft-richardson-ra… Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Thomas Fossati
- [Rats] Android attestations: Re: draft-richardson… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
- [Rats] aligning the use case documents appropriat… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
- Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Shawn Willden
- Re: [Rats] Android attestations: Re: draft-richar… Shawn Willden
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
- Re: [Rats] More use cases for draft-richardson-ra… Thomas Hardjono
- Re: [Rats] More use cases for draft-richardson-ra… Benjamin Kaduk
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
- Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
- Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
- Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
- Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson