Re: [Rats] draft-birkholz-rats-network-device-subscription-00

Dave Thaler <dthaler@microsoft.com> Tue, 28 July 2020 14:10 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1975A3A0CB2 for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 07:10:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2jB_63FOpCON for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 07:10:30 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2109.outbound.protection.outlook.com [40.107.94.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3DB93A0CB1 for <rats@ietf.org>; Tue, 28 Jul 2020 07:10:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qww8qzuX0mAejFxgUcGye1fSk1ll7gPM43JOcvgSOlUBNW8eId16peTJNqFwpd5huY/GyBEkE5lj+FHvZL/x0RuF5ipVSt9yj5Un5xjzLyzHD7azMTkTKzVoVkzqkiud7CrkbQJ5NcE5QaZcOIEZdDXBoUiuEaiiA2Yyn/4cJ5yiKfHWLPPbZsTAYxuFt/gtAFTwemU3KeR/AZxu4iME4gj6OYmikaXs8nRplhG5aRJ83ZHjkOwQ9VjAdXvjwlgbd76ZoNfqyVrX74fShFVXi3K0IjXXikaNhg3+XsQgTqZsm9MrVQKjoelfl0TynsHDLCNgJrHQ9bKiemP18Adfjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rfEfYQtSuWj4/8hiBnN/PIbZbMCSVUBBt+Yd1T3TMD0=; b=XcuvziU4Fp+mVVBiSog+QNhaQ8HEBa0LICPYLt2A5lHGpr6L8V7R6QCxyA6JXe0hFi5Kjx8/XNButIXtgRBxpnG75eRyhEXSEGYiTT9IU7RaayGL/K1FJrNyAkasNJCINcSbFp2/kTDnuN8hcH2YopWh5hR+lnqVNKVFaTLIo/CFGg5hvqMJDGEFpw46UOll+T4rYopB4LWv5IxmFZULYzr8zdX6D0DG8KYlSFaxsMMZWstKYscG6W22vhASYnkVtwr0JrVXP9WJaMwKEjATMPRaaFC1kApRgTMIJr5CFxa8l2nlz/8Y7rCRhgHR3QxkWkLFPdjK45ItOL1hHNb1QQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rfEfYQtSuWj4/8hiBnN/PIbZbMCSVUBBt+Yd1T3TMD0=; b=jczpLgrQ62S4JMXwGF/zMCpAeOtmMBqVzGPHYOqhAtm8XjoNNgr2/1GSx9Ndx0luEXsfexVPsXpprh2xe2t7EH7e7VhCWLYe80ZBKtsx/RGqeNcmZZYFyDEn33J0Nl2TqfSlo3UbQQ0eGWFkjSqUeYy7xQK+dolazsp+7zPqGlg=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (2603:10b6:207:30::33) by BL0PR2101MB1762.namprd21.prod.outlook.com (2603:10b6:207:1d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.3; Tue, 28 Jul 2020 14:10:28 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::f9ee:91d4:b4ce:9ee4]) by BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::f9ee:91d4:b4ce:9ee4%6]) with mapi id 15.20.3239.016; Tue, 28 Jul 2020 14:10:28 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
CC: Wei Pan <william.panwei@huawei.com>, "Birkholz, Henk" <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: draft-birkholz-rats-network-device-subscription-00
Thread-Index: AdZKRjugUmuktT1iTCKR70EUNGNj/gaoi4kQ
Date: Tue, 28 Jul 2020 14:10:28 +0000
Message-ID: <BL0PR2101MB1027CB2B71CA83305B9608BAA3730@BL0PR2101MB1027.namprd21.prod.outlook.com>
References: <BL0PR11MB31221B4EE75AADDB4685CBDEA1950@BL0PR11MB3122.namprd11.prod.outlook.com>
In-Reply-To: <BL0PR11MB31221B4EE75AADDB4685CBDEA1950@BL0PR11MB3122.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-07-28T14:10:27Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=418b9af6-b4d5-4eb1-9d7d-e75014a19a02; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:9780:16f0:9438:ccb1:b4a8:f45f]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ab9940a6-d286-4f90-93a0-08d832fffb48
x-ms-traffictypediagnostic: BL0PR2101MB1762:
x-microsoft-antispam-prvs: <BL0PR2101MB176292B7B6F93212DDD89B27A3730@BL0PR2101MB1762.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1oy82XfGxzVgMfJEiBk0H8Iw2K28qoV4sL1pjO6huWDrmc/snfyFfQNMntZ99DqCkdRp3aPM2F9oI+Ah1HEvkVXaBSzaXKEFAeb34ktg01D6pqYUIfycg2ORHB8bF5ft2l5JqHI31eTO+VRN1aRfLLp58kMM97jlO1dnV7TMXHxucErvOR3iWR5YVqHg0GP8Py8ewXBIyl92m7wY86S2MtNHArEoiUL8bh+ny63fyqGX2uEnU2SY7iSkVmeGqszcMUiJ2nC1ydKi2FtTSq0GpNEf9SuLZGmj0lzS6PInTfoaE65iSf7el8tdVZWhrio7y33tTiYljcTSFmv7cJ7KVyEG9F0H8WuewLLZa7FUv+X9Gn5ux261QVKLTcmVQy4PZ9UIcK+q33tEGINF2GRCeA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR2101MB1027.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(366004)(39860400002)(136003)(376002)(346002)(86362001)(5660300002)(66574015)(8990500004)(6506007)(10290500003)(2906002)(186003)(54906003)(7696005)(110136005)(83380400001)(53546011)(71200400001)(316002)(966005)(55016002)(33656002)(9686003)(76116006)(66476007)(66446008)(8676002)(66556008)(4326008)(478600001)(52536014)(66946007)(82950400001)(64756008)(82960400001)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: tj/uBcxx9gK+xs6+LseEb4blTnhdrgNsb8+g43BNfx01cqxnKErxs59rJq+NZMLgpGe2IvVT7VCbPdkYltgkg5aU11FdFGtTOR4iubHS+6V8AkKeMLYsEcuK2uDA51f9pSk2D+5ddBsf/W8V1nvP6pPugFmjPGJ2ILMd3B6oJrhQxfM2dUW+1oxVYAGyIKd/MK/IxoYYohqmxsz8WEab/6+d0vmP9/wCWLi6yqFkUJ8FLCuqU2qL0KCzjm9AZzVgAUYffVHZzfMjUAfk739BV5+XMK/Ymk+fwZgs/FIwvmQT3AdsG9WAvQt02S3eLimf+Dgu/6kVCKhzFgzxZhH9nfQoNs1kgUFvNI36oinBYaWKO+NxjW30QEnxxUWnMqAh9IxbSnJMlPctFkzuk6DcT/UMoVamxl091gg0dNw65oheug+yr74y+bj0TavBQXpJ+sLcm2sn19Vn9fXUJJFLQ84dDUov229HftVoZqI4OGxApM9GY6WL7Q+kOrfWoH+WYeb5MGdkO8+lFmfMXa+a6JfSBlGTYI4RNyqqeeppriaIuIU5KCcseDtiRIDI++dJlEqu4V71txtaiWtbPx2BlLlCbAnbLIa4tiwWdSHwH7Eegzd+k1OuylpPFtuati29hgLTxNxMFehFOpoJeYwxAT3emXUMp6RG1xsxYiAt8fD9rS6Yg4CjtFzVV22LW3yhJuSX3jf4z2z1KAI8yO9tOQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR2101MB1027.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ab9940a6-d286-4f90-93a0-08d832fffb48
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2020 14:10:28.5902 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oS9Qb85H+KelMQUAzTmLCbsREqrx3pZhbrC7wjD1IuH3CZ4b5Zu+zio8TlyiVWRZelpfE0DYeFhz6e2++t2HRUXWnvyQr8ArjLjb/3wsW7k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB1762
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/sOPRRFSM8XGvrMAm1A-QwC8JdgM>
Subject: Re: [Rats] draft-birkholz-rats-network-device-subscription-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 14:10:32 -0000

I asked in the meeting how a subscriber knows who to subscribe to, and I believe the answer was
that CHARRA answers that.  Well I looked in draft-ietf-rats-yang-tpm-charra-02 and it does not
contain any mention of the subject.  I think one or the other of the two drafts needs to address
this issue.  My preference is that it be in draft-birkholz-rats-network-device-subscription since
that's the draft that talks about limitations like
> Evidence is not streamed to an interested Verifier as soon as it is generated.
Which certainly still applies, it's just another case... you didn't know to subscribe to it until
after the evidence was generated when it booted.

Dave

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Eric Voit (evoit)
Sent: Wednesday, June 24, 2020 9:41 AM
To: rats@ietf.org
Cc: Wei Pan <william.panwei@huawei.com>om>; Birkholz, Henk <henk.birkholz@sit.fraunhofer.de>
Subject: [Rats] draft-birkholz-rats-network-device-subscription-00

Hi All,

This draft defines how to subscribe to a stream of attestation related Evidence on TPM-based network devices.  When subscribed, a Telemetry stream of verifiably fresh YANG notifications (which are generated when TPM PCRs are
extended) are pushed to the subscriber.

This draft integrates:
 *  Section 5 of draft-voit-rats-trusted-path-routing-01
 *  Elements of draft-xia-rats-pubsub-model

Thanks!

Eric, Henk, and Wei


-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Wednesday, June 24, 2020 12:19 PM
To: Eric Voit (evoit) <evoit@cisco.com>om>; Wei Pan <william.panwei@huawei.com>om>; Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Subject: New Version Notification for
draft-birkholz-rats-network-device-subscription-00.txt


A new version of I-D, draft-birkholz-rats-network-device-subscription-00.txt
has been successfully submitted by Eric Voit and posted to the IETF repository.

Name:		draft-birkholz-rats-network-device-subscription
Revision:	00
Title:		Attestation Event Stream Subscription
Document date:	2020-06-24
Group:		Individual Submission
Pages:		20
URL: 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-birkholz-rats-network-device-subscription-00.txt&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029115135&amp;sdata=MnEJ5ZwAh4BlTNs09fk0Vr1H39j5N%2BJdyBQHNJp7BdY%3D&amp;reserved=0
Status: 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-birkholz-rats-network-device-subscription%2F&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029115135&amp;sdata=qukLQaq17P4ts20nW1L%2B2dB9zIM9XB9SRcscFWcOeLw%3D&amp;reserved=0
Htmlized: 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-birkholz-rats-network-device-subscription-00&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029125095&amp;sdata=Q0TfFjrfHZU%2FKFOT3li4JG0QoBa3Vo%2FkHTp00T6GbZY%3D&amp;reserved=0
Htmlized: 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-birkholz-rats-network-device-subscription&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637286137029125095&amp;sdata=RLSvdRTcWX4Gew50X2DL7t2pE7N%2FA%2BKWrAVz0NhsbiA%3D&amp;reserved=0


Abstract:
   This document defines how to subscribe to a stream of attestation
   related Evidence on TPM-based network devices.




Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat