IETF Logo Mail Archive

Re: [Rats] UEID where an instance is a group member

Thomas Fossati <Thomas.Fossati@arm.com> Fri, 27 March 2020 11:03 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8325C3A03F1 for <rats@ietfa.amsl.com>; Fri, 27 Mar 2020 04:03:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=D5pMJ130; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=D5pMJ130
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JO3mCtEvSxUJ for <rats@ietfa.amsl.com>; Fri, 27 Mar 2020 04:03:55 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50050.outbound.protection.outlook.com [40.107.5.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A046D3A0143 for <rats@ietf.org>; Fri, 27 Mar 2020 04:03:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fivRt8Wg8YXMUrBhv7SIR/JKrCOfv2iaLXDpiut/d4U=; b=D5pMJ130MWsdMulwltbiMnXV2+xa57X2z7Wl3bu0wufICW5LDtxZ4+Ght/4qkQAJ8EaoSxShIjgn7kIcXgzozVduntIiL3PCkHuEaGYAdFAI/gt9JxgqTeZrHq+vNnqaptbSDCm7lYygBOQnCQMqgfp7vFUptp3fPIQzYigvQ4I=
Received: from DBBPR09CA0003.eurprd09.prod.outlook.com (2603:10a6:10:c0::15) by DB7PR08MB3210.eurprd08.prod.outlook.com (2603:10a6:5:20::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.20; Fri, 27 Mar 2020 11:03:51 +0000
Received: from DB5EUR03FT004.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:c0:cafe::f6) by DBBPR09CA0003.outlook.office365.com (2603:10a6:10:c0::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.19 via Frontend Transport; Fri, 27 Mar 2020 11:03:51 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT004.mail.protection.outlook.com (10.152.20.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17 via Frontend Transport; Fri, 27 Mar 2020 11:03:51 +0000
Received: ("Tessian outbound 8f06d475fc37:v48"); Fri, 27 Mar 2020 11:03:50 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 7d5d22e2e87d30c1
X-CR-MTA-TID: 64aa7808
Received: from 0f2b0f689a83.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 749C7CA2-A57A-433E-8430-DE3DA6FB39B1.1; Fri, 27 Mar 2020 11:03:45 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0f2b0f689a83.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 27 Mar 2020 11:03:45 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UR3iOCNNgD++lWicX81HnbfYAWyzrLAzsjU9QVXYSLepkv/SeSAJv+wLh7uNy2iXVlY+mxBiroYHFsUKn8tcluXj5t1xQeR15A2aRF72O7U3nS605nt2MuMJ1/XiX9IfFUdWBiE8IlZw3ibDhDA5JgURuAuky7iyQIWW79fOtk102+BZlmyr2NbXe2GCt3pAQChFY7hfWn93RiVZYB2X8O88iU7W2pqJnChf9LW53bMHY8JWBlt+WTpI1aMD4QlwERFJDDsMf504XR0jetKmp7WZ+wd6AltJAoVApkn/zu8VW3UbN48uKjsD4jXw5p5wFVvy3T40HKnEPN6eIvOzMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fivRt8Wg8YXMUrBhv7SIR/JKrCOfv2iaLXDpiut/d4U=; b=LRVzF6E8O3upZ74tgG5ICOno2NMUJ39x5LVtv44f2rffVXk3YC6GzB4lMXAxfDCcN4dZWe/kQXrnjgI2HNUP9ovtnJiXqnAhp/656dqAZHIWmS7WGoNOt4jtpWebeR4QiSQI553dU7it4ty2tyQ/PzWtGYx3ZBxukgWXW5LHr+3icC8GU7FmbmLSIpoJMlyt3s2JKiTEF9zEGD5AjK2o740gLaCHGe/FLw9WtUtt2/cdgvCIg1NuH6nfBsotyUkZgmxiyRmckC1haRlQOyO2rEt+gdkSPn9oQa1Dwlg6cmfjtHa7R/knqA0taT2tg8amNcAZAACCB9K4Y+47cbYg4Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fivRt8Wg8YXMUrBhv7SIR/JKrCOfv2iaLXDpiut/d4U=; b=D5pMJ130MWsdMulwltbiMnXV2+xa57X2z7Wl3bu0wufICW5LDtxZ4+Ght/4qkQAJ8EaoSxShIjgn7kIcXgzozVduntIiL3PCkHuEaGYAdFAI/gt9JxgqTeZrHq+vNnqaptbSDCm7lYygBOQnCQMqgfp7vFUptp3fPIQzYigvQ4I=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB5158.eurprd08.prod.outlook.com (10.255.122.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Fri, 27 Mar 2020 11:03:43 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f%7]) with mapi id 15.20.2856.019; Fri, 27 Mar 2020 11:03:43 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: "Smith, Ned" <ned.smith@intel.com>, Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Rats] UEID where an instance is a group member
Thread-Index: AQHWAsKRdD+aXklc+0GMpNNrohEb06hZhGsAgAACJwCAABvSAIABgd6AgABJmICAANtggA==
Date: Fri, 27 Mar 2020 11:03:42 +0000
Message-ID: <DB594CB9-493E-4DDC-A41A-909B527A4976@arm.com>
References: <C205FBA7-71A7-4987-AE82-DA855BF86B84@intel.com> <C3A707FF-4AF1-4E0A-BABB-8EE2F52A2D2B@island-resort.com> <33f462bb-979e-80cc-9c27-af1e3b77d5e6@sit.fraunhofer.de> <7C94FAC2-AADB-4397-A50D-4FBB11EFCABA@intel.com> <A4C4246B-400F-4C38-839C-6747620C35C2@island-resort.com> <4F616CB6-6F42-43CE-94A6-ADD155900535@intel.com>
In-Reply-To: <4F616CB6-6F42-43CE-94A6-ADD155900535@intel.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d25d148a-8ede-4452-97fb-08d7d23e8849
x-ms-traffictypediagnostic: AM6PR08MB5158:|AM6PR08MB5158:|DB7PR08MB3210:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB7PR08MB3210120E8EF650062B49A9859CCC0@DB7PR08MB3210.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0355F3A3AE
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4231.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(366004)(396003)(376002)(136003)(346002)(39860400002)(186003)(110136005)(6512007)(36756003)(76116006)(91956017)(316002)(5660300002)(66446008)(2906002)(66476007)(64756008)(86362001)(66946007)(66556008)(26005)(478600001)(6486002)(4326008)(8676002)(54906003)(81166006)(8936002)(81156014)(33656002)(53546011)(6506007)(2616005)(71200400001); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 6EmkwEaxllKQ9PJ8P3G058vNNcmnoIZIDArRd+J7nWLeFU/iKLyhnxOmF9fQ2PHWwZ2FH6V/oK4d6xkY9DDyjXbS2b9bS+MLSmFeyvKGZGVk6yLtxR4VkncTgmktolOJBEdaWxgo/SzOmZji49Ql8cVs/sIMI6kJggr74C9RRw8uKyRTdwmmQ0xHZtwvuU3P6FlWjeh10N7FbNSPb8Szi8W757GkumBzdv2SCV3wB9SggrNLTk1JxjbJ5GphUM5LCJHO1MJWxQb1ovCrniOY/ZAxi28TEqgDvEO8NVFFQ5xv/9roFtgNwu+qsG+K3R3RSGhdmi2Z9CJ34dC6WA5H7ogNdFyaJK8AphaPHniwob7aUfWXlkv291NhrRCel5QRNJH5GlDBNWflM3e2PUuGw3pDuLEWebY8ihEcpqfuOLJ9K5X/WAarHi5PVTB4cQDm
x-ms-exchange-antispam-messagedata: 9vdPaEkjXYT1BWl9NIZph5bhpgMuj/JOD+Rvl8GpP4QMWx7qCG25dsEZ5qp6vx2cU/r79VukFBXqTYG2lBo+sL3JaH0GpknPB4yvy0pgr3pVl5D22XkqdAJ9Cjy/hIxe0vMe0d4IIjy5OWwOPpcnMg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <494AC5D125FC2647BF6843A8FEDEAFAF@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5158
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT004.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(376002)(346002)(39860400002)(396003)(46966005)(6506007)(6486002)(5660300002)(186003)(26005)(47076004)(26826003)(356004)(2906002)(478600001)(53546011)(36756003)(81156014)(4326008)(70586007)(70206006)(110136005)(2616005)(33656002)(6512007)(82740400003)(86362001)(336012)(8936002)(8676002)(81166006)(316002)(54906003); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: d7a42645-a1e2-47a4-c9a5-08d7d23e8388
X-Forefront-PRVS: 0355F3A3AE
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: YC7VXjgU0oUyoyCuwnPolGwLJwdxunSgVk2xA4nBX99Rv0ySfEykRf9Ub6Biyx9+WYnkk5vgiGnNQpz/V1r6KnW5QUSIVTEF8M3uyluT5PngbJ/ef0sqO0EcPnCsGuIFiJ8rl0XXLEVIKckVcjJzB84OawLsm9+0sEwS7xlqBIgNimsDToniIiBYZ1Xwl4DOmUS4ZlflPac/wWDXMj5ANBSvHYBEfyarzz01dDvKJVvNYf3wrDNnDD3ubjswtAetNPeX6TRlW5xIWBCc9CSmysQwuDJFo0Ilqi1xintxXsXQlaW/7C6rgOrfpzwQk4kX3QjVNtxt4tJ9i8UrM3z2k7u3rH6PBpXspBEL6dSJDariMRmTi7MLWe6BBTuqDfZRRR8NkP2j/23cThPyLaKgVuXGwCjWN5kRBOmJKYY8HXkDqXq+0CRoBu4iF2iiW3C+WjAVmjOVwS3woPvTUKUXfszpZJHeV3PhxbhAQF7V1baruuKlnrdCbE4TsXwtwG0QlT9o34Y2eBT8MQZtGmSFPg==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2020 11:03:51.2484 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d25d148a-8ede-4452-97fb-08d7d23e8849
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3210
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/owDac40q3I-0TiYZVO3N3wwlWbo>
Subject: Re: [Rats] UEID where an instance is a group member
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2020 11:03:57 -0000

On 26/03/2020, 21:58, Ned Smith <ned.smith@intel.com> wrote:
> The point I was making is that EUID and keyID are not always
> synonymous. In a case where a device only ever has one key, then maybe
> they are synonymous. Otherwise, they should be treated differently.

I'd go a bit further than that: they are never synonyms, at least at a
conceptual level.

In particular, there might be attributes of an attesting endpoint which
are not necessarily related to the signing key.  For example, the
linking to certification data, and more generally anything that has a
chance to change during the lifetime of the device (or is not known at
manufacturing time) is more easily supplied via endorsements to the
verifier.  In my view, EUID/EGID is the handle to all this data, which
MAY include the key used to verify the signature.

((Also, there might be more than one key associated with an attesting
endpoint. But maybe this is too exotic an use case to be relevant in
this discussion.))

cheers, t
--

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email