Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token
Laurence Lundblade <lgl@island-resort.com> Sat, 30 April 2022 00:39 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A56E0C15E405 for <rats@ietfa.amsl.com>; Fri, 29 Apr 2022 17:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wuF8sm9du4YI for <rats@ietfa.amsl.com>; Fri, 29 Apr 2022 17:39:32 -0700 (PDT)
Received: from p3plsmtpa08-07.prod.phx3.secureserver.net (p3plsmtpa08-07.prod.phx3.secureserver.net [173.201.193.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEA21C15E403 for <rats@ietf.org>; Fri, 29 Apr 2022 17:39:31 -0700 (PDT)
Received: from [192.168.1.224] ([187.223.244.111]) by :SMTPAUTH: with ESMTPSA id kb90nEGyG5jAhkb90n875R; Fri, 29 Apr 2022 17:39:31 -0700
X-CMAE-Analysis: v=2.4 cv=U/RXscnu c=1 sm=1 tr=0 ts=626c8543 a=SqkfMr9+l4TrK72MH+wNQQ==:117 a=SqkfMr9+l4TrK72MH+wNQQ==:17 a=IkcTkHD0fZMA:10 a=48vgC7mUAAAA:8 a=c96ArvtgkWVNjiaUlyUA:9 a=QEXdDO2ut3YA:10 a=zIp9mrmEI6oA:10 a=Z41c59eUDY0A:10 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <82f684aa-4f01-a473-c648-f3c7ff534cf8@sit.fraunhofer.de>
Date: Fri, 29 Apr 2022 18:39:30 -0600
Cc: draft-tschofenig-rats-aiss-token@ietf.org, "rats@ietf.org" <rats@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CE8AEDD2-3CC6-467E-90CD-A0B52D95D6F4@island-resort.com>
References: <82f684aa-4f01-a473-c648-f3c7ff534cf8@sit.fraunhofer.de>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-CMAE-Envelope: MS4xfG39Yt9oIN7vUBdjG2iQm8snY/rijEbnyo9nddqJtkvTLnlcZWku4YMrC6MMRjubm/QYVUi8nq0p9EWLsX5Rzzvw/BgFskHcxri1DNE4xyq+HtZxWnlL pysnxyw/oOrphINEK5Ns/hr8VSrGMmxAyStbNLqx3OulObCTbSRmt+h5Nc4/VIjKDSlIFDuw9aOB5xxvEJXpo4UF8qNyHzOxw6Hjpub23t0Chbzo3FEu5+9b P2hbZ7xiYA/03n801LoHsMakOneZfe8C+o0pky1dB8aZVHk2bmXD5XI0sN7MWtj/
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/mzZWwx0R4NjUEovRllqATRXRTgc>
Subject: Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Apr 2022 00:39:35 -0000
My read of this doc is that it is a definition of token format like an EAT, that borrows some claims from EAT, but is not an EAT. If it was an EAT, or a profile of an EAT, it would say so up front explicitly. Since it’s not an EAT, you can’t rely on what’s generally defined in EAT. For example, you’ll have to write your own security considerations, say if/how additional claims are registered, say what the relationship to CWT is and such. LL > On Apr 29, 2022, at 1:37 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote: > > Hi authors, > > considering this is a -00 it was a quick an comprehensive read. I am aware that in this state the document is basically a list of Claim definitions and corresponding CDDL. > > A few questions and comments: > > 1.) It seems that an AISS is Evidence as it is consumed by a Verifier and reference values and policies are used to appraise it: > >> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-7 > > As "Verification" is a bit of an ambiguous term nowadays, I'd recommend to rename Section 7 to "AISS Token Appraisal". Also, I would clearly state that an AISS token is Evidence early on. > > 2.) The colloquial term "verification service" is used in: > >> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.3 > > which currently only implies that that is a Verifier conducting AISS token Evidence appraisal, I think. Just defining what a verification service is (see 1.) would help as there are other colloquial terms that mean the same thing, such as attestation service (which also are ambiguous). > > 3.) Are the reports mentioned in: > >> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.4 > > self-assertions or Evidence or something else? Are they produced by a RoT or a higher Attesting Environment? Are these states Claims that can be collected from Target Environments that are "the silicon" or are they derived in a different manner? > > 4.) I am wondering which Attesting Environment is supposed to produce the AISS token Evidence. In your definition of a RoT (Which I'll come to in the next item) it is highlighted that a boot loader can be a RoT, which would imply in that example that the bootloader is the first Attesting Environment in layered attestation. > > Is the first Attesting Environment always the producer of an AISS token or can later Attesting Environment also do that? I am asking because, if you look at the scenario from a certain angle, it seems as if the Attestation Environment (bootloader) would collect claims from Target Environments that would be the parts of the Silicon. Is that correct? > > 5.) What's the intended output of an AISS token appraisal? Theft and Overouse seem to be two characteristics as stated in: > >> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.6 > > Are there others? I assume that determining certain Attestation Results is the whole point of producing AISS tokens in the first place. Defining those categories of outcomes seem to be in-scope? > > 6.) In March Kathleen advised the RATS WG to include an explicit definition of Root of Trust in the RATS architecture. AFAIK, that is that only remaining open issue with the document. Maybe we can collaborate on that definition as you started one here and I don't think it's an awful definition? :o) That would be cool and hopefully move the RATS architecture, which seems to be stuck for quite a while now and that issue might have been the reason. > > 7.) I like how most of your Claims used/defined are matching the layout of CoRIM :-) (obviously) and thanks for naming it AISS and not AISST and therefore avoid calling them AISST tokens later :-) > > Viele Grüße, > > Henk > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats
- [Rats] Early feedback for draft-tschofenig-rats-a… Henk Birkholz
- Re: [Rats] Early feedback for draft-tschofenig-ra… Smith, Ned
- Re: [Rats] Early feedback for draft-tschofenig-ra… Laurence Lundblade
- Re: [Rats] Early feedback for draft-tschofenig-ra… Henk Birkholz
- Re: [Rats] Early feedback for draft-tschofenig-ra… Henk Birkholz
- Re: [Rats] Early feedback for draft-tschofenig-ra… Laurence Lundblade
- Re: [Rats] Early feedback for draft-tschofenig-ra… Henk Birkholz