Re: [Rats] About (E)UID's

Laurence Lundblade <lgl@island-resort.com> Wed, 12 February 2020 12:32 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B759412007C for <rats@ietfa.amsl.com>; Wed, 12 Feb 2020 04:32:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fcATMh4QEqTX for <rats@ietfa.amsl.com>; Wed, 12 Feb 2020 04:32:55 -0800 (PST)
Received: from p3plsmtpa12-10.prod.phx3.secureserver.net (p3plsmtpa12-10.prod.phx3.secureserver.net [68.178.252.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CE8C12007A for <rats@ietf.org>; Wed, 12 Feb 2020 04:32:55 -0800 (PST)
Received: from dii-102208.home ([79.168.9.213]) by :SMTPAUTH: with ESMTPA id 1rCDj7kIurDaz1rCGjMYzN; Wed, 12 Feb 2020 05:32:54 -0700
X-CMAE-Analysis: v=2.3 cv=aaQfYigt c=1 sm=1 tr=0 a=OUXnzmuUtImtGdqeZRusCA==:117 a=OUXnzmuUtImtGdqeZRusCA==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=7CQSdrXTAAAA:8 a=0NJgLscnGPKUhOWutvUA:9 a=Tkx-L3YCmDn69NUG:21 a=J321XXAG-n5_8yM6:21 a=QEXdDO2ut3YA:10 a=gxP5RLbsZRMkOIZ5SCgA:9 a=orklrZee2peAq-iU:21 a=Zi5mCs0Y_r6G2bw2:21 a=l1QzKGL8YJIb8P1w:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <07A3E092-068F-4E35-8C39-D290FDB8CFDC@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B98DEE4E-CB61-42B4-93C9-7E66891A2EBC"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 12 Feb 2020 12:32:48 +0000
In-Reply-To: <DBBPR08MB4903356ED09601AA7A6006FAEF180@DBBPR08MB4903.eurprd08.prod.outlook.com>
Cc: "Smith, Ned" <ned.smith@intel.com>, "Salz, Rich" <rsalz@akamai.com>, "rats@ietf.org" <rats@ietf.org>
To: Simon Frost <Simon.Frost@arm.com>
References: <8BDAAE2E-9803-4048-AD5B-59233708E6FB@akamai.com> <1C16DAA0-D03B-417C-894A-30C4015AEED7@island-resort.com> <DBBPR08MB49031E717F69E4CF58CF67A1EF1C0@DBBPR08MB4903.eurprd08.prod.outlook.com> <509C8229-20DC-4888-BE1D-9109733A9E2D@intel.com> <5B9516E6-1441-462E-86D2-B630B32CE1C7@island-resort.com> <DBBPR08MB4903356ED09601AA7A6006FAEF180@DBBPR08MB4903.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfJOe6+xJkC394iAxsb8h8dEtoOP189pnQJj3A2whCRipxIssaXJ9iso7bCO1OMNpmeIcr59Rkozv9KusKHV9ChxadLMwSpliOeb5yv3myMjGn0QKJK01 fhXiFiyVD97PvXvAgecRjhxTAtXh2PAeGBsoec9SVAnAbSmndyoa9nV3ILigsn7oJOYksBTnsw682aC0CwOOBrYl2fMxIoAEZxrEqcSEoxbhtj5S0Y02h0kf un4U8zjnxbCZgTV8tOm9CA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/n2ZbVAwTXKf41xd5fuB3a0ZHOqU>
Subject: Re: [Rats] About (E)UID's
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 12:32:57 -0000

> On Feb 11, 2020, at 3:39 PM, Simon Frost <Simon.Frost@arm.com> wrote:
> 
> I suggest we should change the description of the UEID claim to allow the standard to support more interpretations of what the locus of uniqueness might be to an implementation.

Hi Simon,

Can you say more and / or give an example?

The design goal of UEID is global / universal uniqueness — the locus is everything. It offers the vendor two paths to achieving this.

1) Probabilistically unique large random values that need to central authority and involve no money.

2) Global values assigned and managed by a central authority like IEEE or GSMA. This usually involves money.

1) is flexible in that it allows creation of the value by hashing together enough random bits from sources ready-to-hand (which Thomas points out, PSA is using). 

We can add other global registries if needed (and they truly are global).

LL