IETF Logo Mail Archive

Re: [Rats] Function of an endorsement relative to evidence

Ira McDonald <blueroofmusic@gmail.com> Sat, 04 June 2022 21:53 UTC

Return-Path: <blueroofmusic@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 330BCC14F612 for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 14:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5m6U9tK12qWw for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 14:52:58 -0700 (PDT)
Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68C49C14EB1E for <rats@ietf.org>; Sat, 4 Jun 2022 14:52:58 -0700 (PDT)
Received: by mail-vs1-xe2f.google.com with SMTP id k4so10526933vsp.3 for <rats@ietf.org>; Sat, 04 Jun 2022 14:52:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i6mdO3jsJuqcv2TDkvwVoblLMpqdXbFHUie76K4AS20=; b=CBmHUwIsK2btfarsF8Rhq6A3dK7x5cin7ovC4dhRI5Nablln33xr4AxSmLAYTGZuN6 nCsiIAKl9iOQ26lh6wLjwYjVeCx07ZPpFEbgeWxV+utatOqqHvE9ryQSDLFSK1pEBqmG nJbIm8xNIMViS9LPXO4DG9Q5ubafXaxZnAxtykG5DekLiyY/F4wLCcgmV+LhjO9mSuB4 kAYTD5u2p5AIK0oF6hVOVwJuqz17nL70a+SsowTIjNFbRnfR+snjLur1zV3bhyem27EG K49jl3xFwlJPYf3YVMB5b7luO/XrlQTV8b0zldcHD0Vk7CS6Qm/ozzf8iJkklEa7ZVlh 6BWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i6mdO3jsJuqcv2TDkvwVoblLMpqdXbFHUie76K4AS20=; b=L2D3tHxkC5vDTrvTvLymqPwCxH3jLycHE013G9diqaNVCpJ39uIbe0rgfovExFpuw3 jJZ4PKsPsnVDKCbtp/CtByf2rz9QRXKdsf6JBsxfsulW5kEzVGtg3hxnMgh8eCbHtiwd Hn/lDkKRHfi3FtIv/7YvrHYTA1F8Jgz3vQRAwanae8e84Q091mWpsO1P94khw8NpG7wH Opb3BLlXbFH20yffui11XFFhYvGo98E0ng6j29RrptWwVnTx5jDLKiGa0kOEn6q3ETMk u17FcXyKttZv+rs0xeb3AQP/w7nFg3zixoKNEbZC46/tbWRuVGRDnReZAseu7AVfz3MM NKaA==
X-Gm-Message-State: AOAM532tEVTOy7+bXpNvaBZMGuqSd/ya/n9PEd8+9gnM6S3U/NyCpwtI mhf7x9SGA8leWHybRYF+F5Gt1LAWX1siojSOFAc=
X-Google-Smtp-Source: ABdhPJwJd3JZmn93VQaieoqt2b/ZWjcyL7CHyoCWu90VUWltYo4jedU/ngOjKaEQ8m58LivpjmTQ0EH2a/9MKQ12O4Q=
X-Received: by 2002:a05:6102:3051:b0:349:ea92:3436 with SMTP id w17-20020a056102305100b00349ea923436mr7300366vsa.3.1654379576292; Sat, 04 Jun 2022 14:52:56 -0700 (PDT)
MIME-Version: 1.0
References: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com>
In-Reply-To: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Sat, 04 Jun 2022 17:51:56 -0400
Message-ID: <CAN40gSsL9DLVY4NC61uZRgjwVYKFt-Op1wMt2yRRc05AeaPGTg@mail.gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>, Ira McDonald <blueroofmusic@gmail.com>
Cc: rats <rats@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7f96305e0a64291"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/oF_HwWmhK_DpF4Du0UWX-0VOGQc>
Subject: Re: [Rats] Function of an endorsement relative to evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2022 21:53:02 -0000

Hi Laurence,

I strongly agree with all the points that you made here.

And I also specifically point out that the TCG Network Equipment WG
(routers, switches, etc.)
have recognized all along the varying security-levels in composite device
attestation (some
elements may have direct access to a TPM, others to a DICE, and others to a
MARS - all of
which are far preferable to strictly software-based device attestation).

Cheers,
- Ira


*Ira McDonald (Musician / Software Architect)*

*Chair - SAE Trust Anchors and Authentication TF*
*Co-Chair - TCG Trusted Mobility Solutions WG*

*Co-Chair - TCG Metadata Access Protocol SG*








*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer
Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF
Designated Expert - IPP & Printer MIBBlue Roof Music / High North
Inchttp://sites.google.com/site/blueroofmusic
<http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc
<http://sites.google.com/site/highnorthinc>mailto: blueroofmusic@gmail.com
<blueroofmusic@gmail.com>(permanent) PO Box 221  Grand Marais, MI 49839
906-494-2434*


On Sat, Jun 4, 2022 at 5:16 PM Laurence Lundblade <lgl@island-resort.com>
wrote:

> This is a step back for framing for the security-level discussion.
>
> The fundamental purpose of an Endorsement is to tell the Verifier that
> they can believe what they get in Evidence. There may be some varying
> degree here from claim to claim and device to device, but the basic
> principle always holds.
>
> Assuming for the sake or argument here that the Attester Manufacturer and
> Endorser are the same, it goes like this. The Endorser/AttesterManufacturer
> only puts private keys into devices that it knows are built correctly. They
> won’t lie. They’ll protect their keys. They produce correct claims. This
> really is the fundamental work of the Endorser/AttesterManufacturer above
> all else.
>
>  For example, maker of a device with a TPM selects a good TPM and also
> carefully writes the boot code that does the measurement. They make sure
> that the devices that the TPM is soldered into always has the good boot
> code. Then they publish the public keys supplied with the TPM to the
> Verifier so it knows it can trust the measurements.
>
> In the TPM world, you can’t really have the Attester send much more than
> PCRs in Evidence, but in the non-TPM world, lots of stuff can go into
> Evidence.
>
> Tell me if you disagree with this!
>
>
> By all that, Evidence can be a parallel channel for the
> Endorser/AttesterManufacturer to convey claims to the Verifier.
>
> The Endorsement can mean “believe all the Evidence from this Attester”.
> (It might always not be all the Evidence, but it will always be some of the
> Evidence).
>
> By this it is entirely reasonable for security-level to be transmitted
> either as an Endorsement or in Evidence.
>
>
> I think there is also room for security-level in Evidence in composite
> device attestation. One Attester may have a good way to evaluate the
> security-level of a subsystem, perhaps a subsystem that varies from device
> to device.
>
> LL
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email