IETF Logo Mail Archive

Re: [Rats] EAT Review Comments

Laurence Lundblade <lgl@island-resort.com> Mon, 13 December 2021 20:31 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2291D3A0B25 for <rats@ietfa.amsl.com>; Mon, 13 Dec 2021 12:31:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9LEe3Rcn-dun for <rats@ietfa.amsl.com>; Mon, 13 Dec 2021 12:31:25 -0800 (PST)
Received: from p3plsmtpa12-05.prod.phx3.secureserver.net (p3plsmtpa12-05.prod.phx3.secureserver.net [68.178.252.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 903C53A0AD0 for <rats@ietf.org>; Mon, 13 Dec 2021 12:31:24 -0800 (PST)
Received: from [192.168.1.7] ([75.80.148.243]) by :SMTPAUTH: with ESMTPA id wrylm2HP7QJHpwrylmXxEy; Mon, 13 Dec 2021 13:31:23 -0700
X-CMAE-Analysis: v=2.4 cv=RK52o6u+ c=1 sm=1 tr=0 ts=61b7ad9b a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=7CQSdrXTAAAA:8 a=IxbqQC13DX5_MvusW1oA:9 a=QEXdDO2ut3YA:10 a=Mne-al-a8cjQy7OUhu8A:9 a=MbQDVGgg0Uvdfc2H:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <501A29B6-9B35-461C-8185-4F8F0CE3C851@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5747981D-5C78-4A28-A4C4-14A07F397109"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Mon, 13 Dec 2021 12:31:21 -0800
In-Reply-To: <DBBPR08MB59155AE26B84DB09C841FEE5FA749@DBBPR08MB5915.eurprd08.prod.outlook.com>
Cc: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "rats@ietf.org" <rats@ietf.org>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com> <7e8275a1-10ce-bff8-9252-8c0d32d3e395@sit.fraunhofer.de> <PH0PR02MB72568A41395E3A5093FC53DEF2749@PH0PR02MB7256.namprd02.prod.outlook.com> <DBBPR08MB591520DEAD5710C3618F6B24FA749@DBBPR08MB5915.eurprd08.prod.outlook.com> <PH0PR02MB7256AA3C8342117B6FD22B99F2749@PH0PR02MB7256.namprd02.prod.outlook.com> <DBBPR08MB59155AE26B84DB09C841FEE5FA749@DBBPR08MB5915.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfOINqJWv8xHoDSKAmoDNMM304NaJTJNyvEiG2eY2hacSHJFmYvNErU9Hjta5lGQwbaz/G0b66iElPqcBm3MYZitA6l3Van8p0mGLpmNdopSfruPEAzsG AqP2mE06Y13YN76WoXDiFPvhTnSplwZXEggB4JwCsQiFpoZ603UhU4YJKOW2gwjrPkmaMX80CyUSNRu1dBnjjTMJSCws+iTWGOt2eVp4o31rA3EGsDHsSQmj xNLkaDOA2gptGlsVl/QeFhx7E6q7h3U6JKgGY0JTD8ILs4RBGKuMUTSzAOv9M0bth7oD60FzjMwCwtiKL5tRBA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/oj-L7YnR20LDxyD6t0nBFAxYhYc>
Subject: Re: [Rats] EAT Review Comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2021 20:31:29 -0000

On Dec 13, 2021, at 4:55 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
> 
> Hi Jeremy, 
>  
> Thanks for this additional information. That’s very helpful.
>  
> To me it appears tricky to have the device provide this information. The problem I can see is that you cannot really rely on it. A compromised device would lie about its certificate level. Hence, whoever verifies this information has to keep to a copy around to check the received data against. This consequently makes the device-provided DLOA information of limited value.

The EAT claim is just for a pointer (a URL) to the certification info.

Also, DLOA is more intended for use in Attestation Results so it comes from the Verifier.


I actually think certification info is pretty important in characterizing security of something. Just as important as the number of bits in an algorithm or the amount of side-channel defenses and such. Certification is where that all gets cross-checked into a coherent set of defenses and where effort is put into finding wholes and gaps. We don’t just say “use big I-beams” when building a sky scraper or bridge. We have a building department and inspector that makes sure they are used right.

LL

v2.39.1 | Report a Bug | By Email | System Status