IETF Logo Mail Archive

[Rats] Re: Security considerations of remote attestation (RFC9334)

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Thu, 28 November 2024 10:40 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6A78C157938 for <rats@ietfa.amsl.com>; Thu, 28 Nov 2024 02:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJxlGlVthKIn for <rats@ietfa.amsl.com>; Thu, 28 Nov 2024 02:40:18 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63823C14CF0C for <rats@ietf.org>; Thu, 28 Nov 2024 02:40:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=peMxG176I4utvYpTKbUCUqMXkzd4afxJNDELvyXvF8w=; b=rWJipN4b5SHnfdxajMtZWybCty 4AlDg0dD1tGXvh3NXKIpRetbbY8gt/dqz38qsOipe7fDNrY9xrSDKkqjsUCWTxbD+1whyw1X90uYw Q19j6T2YAD4Kx+ztzlskGpCe/ZI3ZiI+HoiyJPdhaI35He+rar9DSNgUic2e5eznJP1Qye/ghJ+Uc 5VM4BkwhzbmaOftW+fWmbe9E2Awi41VhOJxER4GK3WBuZH34A2vg/SVW00znRhTOJmyAKiEAFNsfT zbs84MWit4LJyWdKYHKmKhUSlvdSJQwvCQLa9lM3WNFKkEaPyezHjQgr9EbOQ30Db60SUPWB2Do9q aMfzTClQ==;
Received: from [172.26.35.139] (helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1tGbwR-00Fc7v-RQ; Thu, 28 Nov 2024 11:40:11 +0100
Received: from [192.168.1.2] (78.55.46.244) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 28 Nov 2024 11:40:08 +0100
Message-ID: <01ede5ee-6e98-4855-b351-5c3c0961f8d2@tu-dresden.de>
Date: Thu, 28 Nov 2024 11:40:06 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Thomas Fossati <thomas.fossati@linaro.org>
References: <4ffdd034-05ec-4565-9cad-b40ff82f83fc@tu-dresden.de> <9EAF6A12-77D4-40A6-9C16-091FCC2085D1@island-resort.com> <2061c4b5-ce88-47ff-b3d4-253c76bfa998@tu-dresden.de> <CAHAF5K0Ho_v5EgCSogMjhE5AsN6oYnnHgvVbAu7iyGp3stXzMw@mail.gmail.com> <c7808768-35ce-4783-bece-124d8748ec0c@tu-dresden.de> <CAHAF5K1Sh0ruzz3+wUOCyPE1OWC+LWjkf0j5FqJEtCRjBO3xkQ@mail.gmail.com> <6ae884d8-b7a2-4e5d-9f36-a819284f7589@tu-dresden.de> <f356d4cfc944484ba53600177001ba30@huawei.com> <42365842-ea0e-4129-8469-9f8a22ac0c7d@tu-dresden.de> <9006a93d-4fdd-18da-185a-d20606bb3d20@ietf.contact> <196f403d-f95a-4f81-b00e-08aace4976cc@tu-dresden.de> <CA+1=6yfED4vPA=SJE6OLK7Tpva6QBKGvOnbVpOUexT_nv2T+jA@mail.gmail.com> <5073b0a0-e938-4299-936b-0dd644ea3f88@tu-dresden.de> <CA+1=6ydHjEf8cBEu0oaa8pHBn_As2dowwoEtrtRHR1U+=Vhscg@mail.gmail.com> <92b82fe0-34e6-4a35-b265-a29466cda69a@tu-dresden.de> <CA+1=6yffVFhnMxcXo2pwD1xFdWdHKCj60zT2RKgAg=5DyBKDXQ@mail.gmail.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <CA+1=6yffVFhnMxcXo2pwD1xFdWdHKCj60zT2RKgAg=5DyBKDXQ@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms080207010504000207020800"
X-ClientProxiedBy: msx-l318.msx.ad.zih.tu-dresden.de (172.26.34.118) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: 7G45CIMZ4VF3KCBQDI7M3JSBWWU2QQFJ
X-Message-ID-Hash: 7G45CIMZ4VF3KCBQDI7M3JSBWWU2QQFJ
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Henk Birkholz <henk.birkholz@ietf.contact>, junzhang <junzhang1@huawei.com>, Giridhar Mandyam <giridhar.mandyam@gmail.com>, "lgl island-resort.com" <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: Security considerations of remote attestation (RFC9334)
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ndv5p-oxFBoK82RlIwHw9xeA7aM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

On 28.11.24 10:42, Thomas Fossati wrote:
> However, if your concern is with:
>
>>   EAT with attester-generated nonce *only* ,
> feel free to disregard my comment ;-)

That's indeed my concern and I think the editors got it right (e.g., the 
broadcast example Giri was mentioning was attester-generated nonce 
only.) But thanks for making it explicit.


Just in case you missed my point below, I would like to ensure that it 
covers my concern or create an issue right away so that it is not 
overlooked.

 > I don't see any open PRs in the 3 repos that are mentioned in the 
"additional resources" of draft-ffm-rats-cca-token. Could you please 
point me to the PR?

v2.46.0 | Report a Bug | By Email | System Status