Re: [Rats] Function of an endorsement relative to evidence
Ira McDonald <blueroofmusic@gmail.com> Sat, 04 June 2022 21:53 UTC
Return-Path: <blueroofmusic@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 330BCC14F612 for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 14:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5m6U9tK12qWw for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 14:52:58 -0700 (PDT)
Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68C49C14EB1E for <rats@ietf.org>; Sat, 4 Jun 2022 14:52:58 -0700 (PDT)
Received: by mail-vs1-xe2f.google.com with SMTP id k4so10526933vsp.3 for <rats@ietf.org>; Sat, 04 Jun 2022 14:52:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i6mdO3jsJuqcv2TDkvwVoblLMpqdXbFHUie76K4AS20=; b=CBmHUwIsK2btfarsF8Rhq6A3dK7x5cin7ovC4dhRI5Nablln33xr4AxSmLAYTGZuN6 nCsiIAKl9iOQ26lh6wLjwYjVeCx07ZPpFEbgeWxV+utatOqqHvE9ryQSDLFSK1pEBqmG nJbIm8xNIMViS9LPXO4DG9Q5ubafXaxZnAxtykG5DekLiyY/F4wLCcgmV+LhjO9mSuB4 kAYTD5u2p5AIK0oF6hVOVwJuqz17nL70a+SsowTIjNFbRnfR+snjLur1zV3bhyem27EG K49jl3xFwlJPYf3YVMB5b7luO/XrlQTV8b0zldcHD0Vk7CS6Qm/ozzf8iJkklEa7ZVlh 6BWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i6mdO3jsJuqcv2TDkvwVoblLMpqdXbFHUie76K4AS20=; b=L2D3tHxkC5vDTrvTvLymqPwCxH3jLycHE013G9diqaNVCpJ39uIbe0rgfovExFpuw3 jJZ4PKsPsnVDKCbtp/CtByf2rz9QRXKdsf6JBsxfsulW5kEzVGtg3hxnMgh8eCbHtiwd Hn/lDkKRHfi3FtIv/7YvrHYTA1F8Jgz3vQRAwanae8e84Q091mWpsO1P94khw8NpG7wH Opb3BLlXbFH20yffui11XFFhYvGo98E0ng6j29RrptWwVnTx5jDLKiGa0kOEn6q3ETMk u17FcXyKttZv+rs0xeb3AQP/w7nFg3zixoKNEbZC46/tbWRuVGRDnReZAseu7AVfz3MM NKaA==
X-Gm-Message-State: AOAM532tEVTOy7+bXpNvaBZMGuqSd/ya/n9PEd8+9gnM6S3U/NyCpwtI mhf7x9SGA8leWHybRYF+F5Gt1LAWX1siojSOFAc=
X-Google-Smtp-Source: ABdhPJwJd3JZmn93VQaieoqt2b/ZWjcyL7CHyoCWu90VUWltYo4jedU/ngOjKaEQ8m58LivpjmTQ0EH2a/9MKQ12O4Q=
X-Received: by 2002:a05:6102:3051:b0:349:ea92:3436 with SMTP id w17-20020a056102305100b00349ea923436mr7300366vsa.3.1654379576292; Sat, 04 Jun 2022 14:52:56 -0700 (PDT)
MIME-Version: 1.0
References: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com>
In-Reply-To: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Sat, 04 Jun 2022 17:51:56 -0400
Message-ID: <CAN40gSsL9DLVY4NC61uZRgjwVYKFt-Op1wMt2yRRc05AeaPGTg@mail.gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>, Ira McDonald <blueroofmusic@gmail.com>
Cc: rats <rats@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7f96305e0a64291"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/oF_HwWmhK_DpF4Du0UWX-0VOGQc>
Subject: Re: [Rats] Function of an endorsement relative to evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2022 21:53:02 -0000
Hi Laurence, I strongly agree with all the points that you made here. And I also specifically point out that the TCG Network Equipment WG (routers, switches, etc.) have recognized all along the varying security-levels in composite device attestation (some elements may have direct access to a TPM, others to a DICE, and others to a MARS - all of which are far preferable to strictly software-based device attestation). Cheers, - Ira *Ira McDonald (Musician / Software Architect)* *Chair - SAE Trust Anchors and Authentication TF* *Co-Chair - TCG Trusted Mobility Solutions WG* *Co-Chair - TCG Metadata Access Protocol SG* *Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic <http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc <http://sites.google.com/site/highnorthinc>mailto: blueroofmusic@gmail.com <blueroofmusic@gmail.com>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434* On Sat, Jun 4, 2022 at 5:16 PM Laurence Lundblade <lgl@island-resort.com> wrote: > This is a step back for framing for the security-level discussion. > > The fundamental purpose of an Endorsement is to tell the Verifier that > they can believe what they get in Evidence. There may be some varying > degree here from claim to claim and device to device, but the basic > principle always holds. > > Assuming for the sake or argument here that the Attester Manufacturer and > Endorser are the same, it goes like this. The Endorser/AttesterManufacturer > only puts private keys into devices that it knows are built correctly. They > won’t lie. They’ll protect their keys. They produce correct claims. This > really is the fundamental work of the Endorser/AttesterManufacturer above > all else. > > For example, maker of a device with a TPM selects a good TPM and also > carefully writes the boot code that does the measurement. They make sure > that the devices that the TPM is soldered into always has the good boot > code. Then they publish the public keys supplied with the TPM to the > Verifier so it knows it can trust the measurements. > > In the TPM world, you can’t really have the Attester send much more than > PCRs in Evidence, but in the non-TPM world, lots of stuff can go into > Evidence. > > Tell me if you disagree with this! > > > By all that, Evidence can be a parallel channel for the > Endorser/AttesterManufacturer to convey claims to the Verifier. > > The Endorsement can mean “believe all the Evidence from this Attester”. > (It might always not be all the Evidence, but it will always be some of the > Evidence). > > By this it is entirely reasonable for security-level to be transmitted > either as an Endorsement or in Evidence. > > > I think there is also room for security-level in Evidence in composite > device attestation. One Attester may have a good way to evaluate the > security-level of a subsystem, perhaps a subsystem that varies from device > to device. > > LL > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- [Rats] Function of an endorsement relative to evi… Laurence Lundblade
- Re: [Rats] Function of an endorsement relative to… Ira McDonald
- Re: [Rats] Function of an endorsement relative to… Michael Richardson
- Re: [Rats] Function of an endorsement relative to… Laurence Lundblade
- Re: [Rats] Function of an endorsement relative to… Henk Birkholz
- Re: [Rats] Function of an endorsement relative to… Smith, Ned
- Re: [Rats] Function of an endorsement relative to… Laurence Lundblade
- Re: [Rats] Function of an endorsement relative to… Henk Birkholz
- Re: [Rats] Function of an endorsement relative to… Eric Voit (evoit)
- Re: [Rats] Function of an endorsement relative to… Michael Richardson
- Re: [Rats] Function of an endorsement relative to… Smith, Ned
- Re: [Rats] Function of an endorsement relative to… Laurence Lundblade