Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 05 July 2019 18:47 UTC

From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Carl Wallace <carl@redhoundsoftware.com>, "rats@ietf.org" <rats@ietf.org>
In-Reply-To: <D93100A6.E0A23%carl@redhoundsoftware.com>
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com> <14288.1553710783@dooku.sandelman.ca> <4EB6FF13-2DAF-4BDC-AC90-C46720D61AF0@arm.com> <bf003513-209a-7d5f-a9a5-58ade6c23545@gmail.com> <21417.1560911502@dooku.sandelman.ca> <fbc05f84-232b-7ca6-47c1-9b23d73e47ca@gmail.com> <CAFyqnhUkVaYMtjpB9wa4h6hEwd=h3hXHkCr9w8bd8LSXEo0ckA@mail.gmail.com> <D93100A6.E0A23%carl@redhoundsoftware.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 05 Jul 2019 14:47:14 -0400
Message-ID: <2294.1562352434@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ogN4wsjpB4Rc_7KCjkslNQuY248>
Subject: Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
Precedence: list

Carl Wallace <carl@redhoundsoftware.com> wrote:
    >> There's a tension here between enabling more use cases and maintaining
    >> increasing the security of existing use cases. We recognize that GP
    >> and many  others disagree with us on how to balance the issues, and
    >> that perhaps we're wrong, but we have to respond to the Android
    >> ecosystem as we see it.

    > Re: more use cases, the ability to encrypt a key attestation in TEE/SE
    > for a specific provisioning end point would be nice to have (to conceal
    > a challenge password while in transit, for example).

You have asked for a specific ability/feature: the ability to encrypt
a claim using trusted code.  I don't know if that's a symmetric or
asymmetric encryption.  I don't know who you need to hide the claim from.  It
seems that it can't be done by an app.

Can you explain this in terms of the problem that you are trying to solve,
or the threat you are trying to mitiate rather than a solution?

When you say challenge password, I think you mean some kind of nonce
a relying party might send to the device in order to maintain freshness.
That also seems like a solution to a problem, the nature of which I'm unclear
about.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc

Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
Re: [Rats] More use cases for draft-richardson-ra… Laurence Lundblade
Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
Re: [Rats] 答复: More use cases for draft-richardso… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
[Rats] draft-richardson-rats-usecases-00 comments Anthony Nadalin
Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
[Rats] More use cases for draft-richardson-rats-u… Laurence Lundblade
Re: [Rats] draft-richardson-rats-usecases-00 comm… Anthony Nadalin
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
[Rats] 答复: More use cases for draft-richardson-ra… Xialiang (Frank, Network Standard & Patent Dept)
Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Carl Wallace
Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
Re: [Rats] draft-richardson-rats-usecases-00 comm… Thomas Fossati
[Rats] Android attestations: Re: draft-richardson… Anders Rundgren
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
[Rats] aligning the use case documents appropriat… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Smith, Ned
Re: [Rats] More use cases for draft-richardson-ra… Anders Rundgren
Re: [Rats] draft-richardson-rats-usecases-00 comm… Shawn Willden
Re: [Rats] Android attestations: Re: draft-richar… Shawn Willden
Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
Re: [Rats] Android attestations: Re: draft-richar… Anders Rundgren
Re: [Rats] draft-richardson-rats-usecases-00 comm… Laurence Lundblade
Re: [Rats] More use cases for draft-richardson-ra… Thomas Hardjono
Re: [Rats] More use cases for draft-richardson-ra… Benjamin Kaduk
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] draft-richardson-rats-usecases-00 comm… Michael Richardson
Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
Re: [Rats] Android attestations: Re: draft-richar… Michael Richardson
Re: [Rats] Android attestations: Re: draft-richar… Carl Wallace
Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson
Re: [Rats] More use cases for draft-richardson-ra… Dave Thaler
Re: [Rats] More use cases for draft-richardson-ra… Michael Richardson

Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments

Attachment: signature.asc