IETF Logo Mail Archive

Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet

"lgl island-resort.com" <lgl@island-resort.com> Tue, 10 October 2023 01:03 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF933C1524AC for <rats@ietfa.amsl.com>; Mon, 9 Oct 2023 18:03:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCyeSkz4hIy5 for <rats@ietfa.amsl.com>; Mon, 9 Oct 2023 18:03:50 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2118.outbound.protection.outlook.com [40.107.237.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F7B2C151087 for <rats@ietf.org>; Mon, 9 Oct 2023 18:03:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f6PE+4NZGwIpnIn1ew7w+ty2Zg6wSBx7AcgLT77+RDqQGMp4yNvkJtSkC+8cYcx1RP0JMERPQCCCh2ejF/TU8pGEejnvCZpB/HxZ8bD8Kh2Xi1h+IYJ6QwpGf9KjDqG1jww5DL8m8lbW5K1PeN/BXQsGuUj36CJMNXu8rVygBY4B6q34hfHauQZOkAvwXkrqrNp2G1SRP24mqIxrZ31C3VPMkBIB1RQxDTZinyJQEEK/UO3te7/y2NPYD1v7wee09t0HVQVAChJVYHPbAdqqk/NeIQoVZ+wxR/tAjsk49BRpe7l5+z/LT/ogBZfJpiuGfQ/WuXiMwxvs5hq4QOJuoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CH3//CC7yqLeDqiFGPB3CNUyQi6Zg1D2fEoSUqF9JoU=; b=hoRgpm32iAfNmregRk7XQIGk+/SPZcaYy9FfgC0cKTsh1qTANFK3V/d1leP2SsDr//9SzUmd2BJEnahDDD4yw/5PU8+m7MXXIo9LsQcvNI4s4DOpI5Rl19ILWEYsLYHb5/BIP5Tg97EO/zY5AI/DQuvH+expJ5K6UUtLgSuLe4wfQ/RkaB43dhuDaY1DOYXn1XVOpqHFnGF1SU+h4kipahYBPsoRK3roHFj++Kxo/Yk3MY0atUZvXtJFbzBZxbWbsY/Yntr1qJz9DuoJzAoK4PArpzLOXY9n3aqLcYX2vTxOrSgJ9W5QqCr9eyK4NZD2UFD8RWmUBFZXFi+CiA8ycQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by LV3PR22MB4440.namprd22.prod.outlook.com (2603:10b6:408:1a3::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.36; Tue, 10 Oct 2023 01:03:45 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::d5c2:9808:442f:aa70]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::d5c2:9808:442f:aa70%6]) with mapi id 15.20.6863.032; Tue, 10 Oct 2023 01:03:45 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: Tom Jones <thomasclinganjones@gmail.com>
CC: "Smith, Ned" <ned.smith@intel.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "iab@iab.org" <iab@iab.org>, rats <rats@ietf.org>
Thread-Topic: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet
Thread-Index: AQHZ9Z+fDqV5ENOyzki94IR1XMKe3LA/bxuAgADTmgCAAMEigIAAyYkAgAABAICAAAL3AIAAEeQAgAAGmACAACH5gIAANC8A
Date: Tue, 10 Oct 2023 01:03:45 +0000
Message-ID: <D0178422-DB44-40D2-B9BD-FD9A3D033DC9@island-resort.com>
References: <169627945480.62917.5309122275327869344@ietfa.amsl.com> <16966.1696299372@localhost> <CAK2Cwb7X+Xri81tKX6Uvci_Ur_h18SKaAi0CQmJZHkVnpA-51A@mail.gmail.com> <87C6E17A-A4E6-49F6-AF51-BC6FD3A06404@island-resort.com> <CAK2Cwb6jy9W=-qJGt8xDEabi_U6qDTSMvv7FFNpqTN1z=qh-6Q@mail.gmail.com> <7897AE41-5DC7-4B9A-A5D6-952E7CBF9B9F@intel.com> <SA1PR20MB5407C5FA816E3DD9C41681578ECEA@SA1PR20MB5407.namprd20.prod.outlook.com> <CE654377-E5D7-41A5-9C98-B948A20F263E@intel.com> <CAK2Cwb7fvH8eqXaP64tkL6BDcCEKa6eBLj-YCdF5CeOXsJOByQ@mail.gmail.com> <7A06930B-77BB-4CD0-A121-655AF09B99D3@intel.com> <CAK2Cwb5Cq0hQDjSpn4rSPGCwizx+8ctTJUF7DNSn9xNZHNfk5g@mail.gmail.com>
In-Reply-To: <CAK2Cwb5Cq0hQDjSpn4rSPGCwizx+8ctTJUF7DNSn9xNZHNfk5g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|LV3PR22MB4440:EE_
x-ms-office365-filtering-correlation-id: fcd1b137-a29e-43b3-c95f-08dbc92cc0c8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zgbVxXmWuAF25PR4DdRqsQfwzmTZFMbrdagPlwtGE1hoARBHHezwrSsOgqxZKCGG0juESqD8EuiCRoWuAZvBOOqz1mz5BW4fQKNAms04FOv9A0O6lWiq39b0JaMUjq8d3JndYoJvwSVjEYL8MvoWWjleIY2c98TRIBfcA6AlQiP8FLpwvBw2Xzdj/J4mrAasI9SEBRdnS5/74gC9KoEwtH5Rg8fDNKLe0W/GBpUs64Na7NfDtvMzL74El8MXmPCWXzMqac+jXyvkQJx93Ye11z+DA2WaxK02W5bDtKeI9pcIX9a8H4IoiLlg8L2xAj9SFDAQRI/wHLhPsfvyOxeJE1DOH3+G1lZmQNVeJGJYNYBIjgNUxr8Wf6FV8TlgUpx1N8SBLma6nvGnnsnnc0O3sf7wk4gSubz3rsP7Nft1AyYF9rTe9PKMvos8E73E8KgB/igq0ktVndkcmOeGqdAfcsQUKVGeOZzi4zct1nbcpXkYk3jw5ZAaFOwpvD8UytBPcg9/zj86y3Fk9xGqCDeiJoQlloh61fg49fFAXEOoCNkPfbPbuoDOP3goOw9uSurqhF6+0L9aBQafWMCDSN0RWnaJdbybMF5b9Lj/+xl9GrPdtgo+IwRfzSj98B1pDNSitKZmKrT7Lm3U+ROmhCN9Ww==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(346002)(396003)(39830400003)(136003)(366004)(230922051799003)(64100799003)(451199024)(186009)(1800799009)(122000001)(86362001)(38070700005)(38100700002)(33656002)(36756003)(66899024)(71200400001)(6512007)(2906002)(478600001)(6486002)(41300700001)(5660300002)(6506007)(4326008)(53546011)(966005)(45080400002)(2616005)(64756008)(83380400001)(8936002)(316002)(66476007)(66556008)(6916009)(91956017)(8676002)(76116006)(66446008)(66946007)(54906003)(26005)(66574015)(166002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: UxWcLYBDCYe6D/AXLMei5pjPvXcyCuxz0Rux8jujzmvVv6x53Y2DhaCPpDnq5gnW4UPe29pCMs9/bEANB/Uby50Isay3dcTMlzB5+/naLPN0HHJxhp1If8eddOOOpc2TlNaJRIwawVeniaDovXPo3pYKMvWuW8p7+qMyVZ/ZpOUH/NlV4kTRrQNFATRsRPQzDjEtJJWNarucp1y0RvijHREWos1De9jcoImPIaVc4TZgzUDGAhH78x5tDxkxZESi7md24/2yQvB8rauHLxzecUL8W9RsVMii72vvu9IxCv4QanE7c/w93B8UbryXTciKowvoYbBC2KnV4XN6TLreYQhTYK5C9LiwAZxW4H2c8dQKNZmOqlCxovVGpnmN4FeUQvwzcDlI+kHQnkFKhM6dJw2qJlQ9PxF3/wH4Gh/Z8koQNpf1qC+QE78YDeS0WZw/PZXRXJoZ88LbkckLj+H23/ngeYXlcVgO4T8xHZjhObj0hZckruLrxZttIjhtO/bQfNDtQ+DE79olIr58S79RCElokmsgYJEebYX9j94kWvAR3GlK+ttpuUAoL0G+Mcp7FJZg9J4vRQGYSh9gZEfoS2y3QcOSsc7/SdBBcCqfht3tpE+gWIf72RO7MtmyTx9w9msCak3vsDs2xDVIU1FaG+++BZq+fz17oOeOyDindZcWNc73i/p31IRjcxkc7Adttvt7FIVbn4Zc4IiEIo8iPD08FX6VwJIg7NnT9780bM6se4t0A9OfwpIejj9mGLGUI4M1BpUL7rk0I43R76AbEIVmAUZPcnVk9ezyFhneOye7/MbRM54MV69vhMCnYr/oND22E8Xo5GcdGGFHfO7iCKn9IS+vi1h70YpS9XlzggiPm62hTroOWvO5sC745dRqw3F+BLTtcGf7DWdydqcsR9XxF2i7lH87k0tso46TI5ryKytYml5ka7I3Q7jRab0yL3+bfHHsM/DYucpNGbfvMKZ1lBMgR0KtEVbxQuUEQ3hGJvWoondsUMxp8R6yLnqyuvnXL6LFldgDJZSKyGdzTmJoOSncmwwkqXRqrSUPidEU+LP5OS5xvm13nLZOTdQach6bSbM9OtsUanY0RtE5cgU8FGHY8aaZqfkc1eHTiRYQAyc+IAbph7RSPsRp3MC916jFvVfWks7K+T6cQ4E9Yx5yvkzhTXD++wXn1UjX6hB9LEZjxuKERP4GkTze0fVfKKQicv3BZjHEJqgmL2lNyZJ3AMSxsjX9UMk2tpqd1SJ0yPLrMXcoj7LaP8KO7hRjzciJmiYtx9Xlk8t9J+0lqNGcKcCBjpw7LB6YruDstzgifH1sxDW8QM+COA8bgvdBs7UxJSGbN/lrblBVrnujY99utoQjmYZ9+yKGd0COFZ6sG60b6GJcToONCBI92Xk3kt8bSw+Vd4iFXvhIs/2kjhZLvhPzD6/Qqn1l8eENOdCbUUxYGahRMAwUzOxVeWqaUOT6Ortb/3XGYluBLrFBm5UE11MQsVm3Tvwm3kSpftm79krmpJC7OCXmr/xNLYzB5ZDJcqNr7Q9An80rYUMEtOyvdYiPEZR4jXIhqON9xS3Z1smjZXxqeZ/ko4exRAKwXWjA0Mt8vcUpKdRaPJhSgA==
Content-Type: multipart/alternative; boundary="_000_D0178422DB4440D2B9BDFD9A3D033DC9islandresortcom_"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fcd1b137-a29e-43b3-c95f-08dbc92cc0c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2023 01:03:45.2659 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: u78YiE/f0neFocj1GeNEf6FAR9dIPloY7tAFO+nS9t2rAZ8IeEEMj86pBYaPOEHzSqfi7eaJNkdj/2ARNev4Zw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR22MB4440
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/nca0v3YsF6E5jBuZZbiE3yJNGXA>
Subject: Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 01:03:54 -0000

Hi Tom,

On Oct 9, 2023, at 2:56 PM, Tom Jones <thomasclinganjones@gmail.com<mailto:thomasclinganjones@gmail.com>> wrote:

I have trouble with much of what NED said.

All of the attestation I have seen comes with machine ID.

That’s not true. A machine ID is not required in RATS, EAT or FIDO attestation.

(s/w id, whatever) And I understand that, nothing can be said about something without some sort of ID/binding for that something.

That’s not true.  You can attest a device is a member of a class of devices using DAA and other techniques. You can also attest things about the state of the device without an machine ID.

I strongly object to any machine that can be tracked to me (even IOT can) responding to any request for any data without my explicit consent. Any collection of attributes that can be followed can become a way to track me.  I have had this particular problem with smartphones walking around in supermarkets. While this problem is not unique to attestation, it really starts with attestation. so  NO ATTESTATION REQUEST FROM ANY site that is not known to me. Would be a real privacy assertion.

There’s definitely a trade-off here. For some use cases, attestation will be able to provide security value without compromising privacy. FIDO is an example. For some use cases attestation may come at too high a cost in privacy and it is fine to not use attestation. Other cases aren’t privacy sensitive.

BTW - my bona fides - I was part of the team at Intel that created the first security co-processor in mid 1990's. I was part of some of the teams at MSFT that struggled with both versions of the TPM.

Please remember the huge outcry when Intel attempted to put an ID in a processor.

The attempt to push this off to a "DISINTERESTED" third party without a funding plan is a non-starter. (SEP field) and I never understood how this attestation could be linked to data later sent from the device anyway.

We’re not defining a single end-end attestation solution for a large number of use cases. We’re defining framework and formats for people to build attestation out of. There’s precedent for this as COSE/JOSE are not end-end encryption/signing, but rather framework and formats for privacy and authenticity that are made use of by other protocols. Similarly CWT/JWT are framework and formats for authentication (and now attestation).

So, yes there is an SEP field here, but that’s OK. COSE, JOSE, JWT, CWT have an SEP field too.

LL



..tom


On Mon, Oct 9, 2023 at 12:55 PM Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:
> There is an architectural document. There appears to be no consideration for human privacy

RFC 9334 does call out privacy considerations relating to humans. It specifically suggests removal of PII from Evidence.
“Another approach to deal with Evidence is to remove PII from the
   Evidence while still being able to verify that the Attester is one of
   a large set.  This approach is often called "Direct Anonymous
   Attestation".  See Section 6.2 of [CCC-DeepDive] and [RATS-DAA] for
   more discussion.”

User privacy threats are often concerned with user tracking and targeting. PI and PII are attributes that allow such activity.
The various drafts that define specific attributes such as draft-ietf-rats-eat-21 - The Entity Attestation Token (EAT)<https://datatracker.ietf.org/doc/draft-ietf-rats-eat/> define attributes that are optional to include in Evidence. Many are attributes that represent a class of device that in most circumstances is ineffective as PII.

The use (or not) of an attribute due to its privacy sensitivity (or not) is a policy decision. The Attester can have privacy policy that dictates which attributes are privacy sensitive. The Attester, as part of reasonable protocol design, can select which Verifier to trust to enforce the Attester’s privacy policy (in addition to locally applied policy).

Attestation that focuses on machine attributes rather than user attributes helps protect personal privacy in that it shifts the focus from humans to machines (of which there can be a large class that are the same). This approach allows user identities and credentials to be omitted while still allowing assessments that can detect malware and compromise.

Cheers,
Ned

From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Tom Jones <thomasclinganjones@gmail.com<mailto:thomasclinganjones@gmail.com>>
Date: Monday, October 9, 2023 at 12:32 PM
To: "Smith, Ned" <ned.smith@intel.com<mailto:ned.smith@intel.com>>
Cc: Tom Jones <rp_tomj@hotmail.com<mailto:rp_tomj@hotmail.com>>, "lgl island-resort.com<http://island-resort.com/>" <lgl@island-resort.com<mailto:lgl@island-resort.com>>, Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>, "iab@iab.org<mailto:iab@iab.org>" <iab@iab.org<mailto:iab@iab.org>>, rats <rats@ietf.org<mailto:rats@ietf.org>>
Subject: Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet

To be clear. There is an architectural document. There appears to be no consideration for human privacy. Can this gap be addressed within this community. Or is there a sep field in operation here. (See someone else's problem, hitch hiker's guide )
thx ..Tom (mobile)

On Mon, Oct 9, 2023, 11:27 AM Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:
> so then, there is no hope for privacy preserving architecture from RATS?

Does “RATS” refer to the WG or RFC9334? And I didn’t say privacy preserving attestation was hopeless.

From: Tom Jones <rp_tomj@hotmail.com<mailto:rp_tomj@hotmail.com>>
Date: Monday, October 9, 2023 at 11:17 AM
To: "Smith, Ned" <ned.smith@intel.com<mailto:ned.smith@intel.com>>, Tom Jones <thomasclinganjones@gmail.com<mailto:thomasclinganjones@gmail.com>>, "lgl island-resort.com<http://island-resort.com/>" <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Cc: Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>, "iab@iab.org<mailto:iab@iab.org>" <iab@iab.org<mailto:iab@iab.org>>, rats <rats@ietf.org<mailto:rats@ietf.org>>
Subject: Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet

so then, there is no hope for privacy preserving architecture from RATS?

Peace ..tom
________________________________
From: Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>>
Sent: Monday, October 9, 2023 11:13 AM
To: Tom Jones <thomasclinganjones@gmail.com<mailto:thomasclinganjones@gmail.com>>; lgl island-resort.com<http://island-resort.com/> <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Cc: Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>; iab@iab.org<mailto:iab@iab.org> <iab@iab.org<mailto:iab@iab.org>>; rats <rats@ietf.org<mailto:rats@ietf.org>>; Tom Jones <rp_tomj@hotmail.com<mailto:rp_tomj@hotmail.com>>
Subject: Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet


> The problem then is that the verifier must state what the use case is in a trustworthy message.

If there is a gap in the RATS Architecture, it is that it didn’t acknowledge the need for a Verifier to present usage/context to the Attester as a prerequisite to disclosing Evidence. And it assumes the relying party doesn’t need to present usage/context to the Verifier before disclosing Attestation Results.



In its defense, the RATS Architecture wasn’t trying to define a protocol, rather a conceptual flow of information. Actual protocols would consider deployment and usage context and address privacy considerations as appropriate. Consider an embedded system behind a firewall, this may not need the deployment context to be communicated in a protocol message since the context is embedded.



-Ned



From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Tom Jones <thomasclinganjones@gmail.com<mailto:thomasclinganjones@gmail.com>>
Date: Sunday, October 8, 2023 at 11:12 PM
To: "lgl island-resort.com<http://island-resort.com/>" <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Cc: Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>, "iab@iab.org<mailto:iab@iab.org>" <iab@iab.org<mailto:iab@iab.org>>, rats <rats@ietf.org<mailto:rats@ietf.org>>, Tom Jones <rp_tomj@hotmail.com<mailto:rp_tomj@hotmail.com>>
Subject: Re: [Rats] IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet



The problem then is that the verifier must state what the use case is in a trustworthy message.

thx ..Tom (mobile)



On Sun, Oct 8, 2023, 11:41 AM lgl island-resort.com<http://island-resort.com/> <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

I think the workable strategy is privacy-preserving attestation. The attestation target (e.g. client device) reveals only enough to prove the security characteristics that it needs to for the use case. FIDO supports this sort of thing.



In some ways, formal, cryptographically secured attestation doesn’t change things. Web sites already try to collect as much personal information as possible. The OS and the web browser defend.



The IAB’s comment, is that web sites and services would deny service unless the client device provided attestation of their SW stack and such. That’s different than the privacy issue.



LL







On Oct 7, 2023, at 11:03 PM, Tom Jones <thomasclinganjones@gmail.com<mailto:thomasclinganjones@gmail.com>> wrote:



Granted that the iab doc is difficult, I would like to state an objection in terms of the user.



No verifier may ever request more attestation than they are willing to first provide.



What's sauce for the goose is sauce for the gander.



That would limit the sites that just troll users to see what they can discover to the sites that the user is willing to trust.



Generally I agree with panwei.

thx ..Tom (mobile)



On Mon, Oct 2, 2023, 7:16 PM Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>> wrote:

IAB Executive Administrative Manager <execd@iab.org<mailto:execd@iab.org>> wrote:
    > On 25 September 2023, the Internet Architecture Board (IAB) posted a
    > new IAB Statement on the Risks of Attestation of Software and Hardware
    > on the Open Internet[1].

    > [1]
    > https://datatracker.ietf.org/doc/statement-iab-statement-on-the-risks-of-attestation-of-software-and-hardware-on-the-open-internet/

It's an interesting statement, and I suspect that I agree with the intent.
As written, it fails to inform: you need to know what the treacherous uses of
remote attestation are (and then take two steps not detailed in this
statement) in order to understand the statement.
I think that this should be revised, and it shouldn't be so timid.

As an author of RFC9334, I'm rather surprised that this statement was issued
without any consultation with us.

As written, I find this statement useless.
I would be happy to work with the IAB to craft a better statement.

--
Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr%2BIETF@sandelman.ca>>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide




_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email