Re: [Rats] EAT claims needed by TEEP

Dave Thaler <dthaler@microsoft.com> Wed, 10 November 2021 22:09 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D22943A1422; Wed, 10 Nov 2021 14:09:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b016xRC2rVa8; Wed, 10 Nov 2021 14:09:01 -0800 (PST)
Received: from na01-obe.outbound.protection.outlook.com (mail-cusazon11021019.outbound.protection.outlook.com [52.101.62.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8DE73A141F; Wed, 10 Nov 2021 14:09:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QklWu3/ymvZ3Frbg3fbzUvYniOMmzcqFhFaUYKfs566pXVlttwD1TBiIblbpcDOniSDb3y0yURC5Og6ZdCob8nX2/QV10kYzhmgWu72oMgtUbUFY4Tl2dOmLCFkC/wTxpM/8oz9w6N47NDwHHdBRIWhrQREs4ssFCJcXPnJdghutlX+98KiTngfFxiQGRjk0ynstOSLzaUjH40C/fdED7WetsZwET19rPoPy9/OkdSW09o7WVv/5W7COBvWeEdcszbK3qSiwwCfy5wToSWO5HdRIXxbL9AhRRJso2y2F6ZNXoXJkmt1P2wJaGEWBaRJAGqXFtji8ihX5vBo2j0kn0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OghmG3Vh/FBXktsW6vY33/Tx8kLr8u1XO/33iRiovTY=; b=CJVqm7PNOsMyjgkZ7yqApdCxsHV90s/U1fMUd40+/hA6byvrPIUD/wJXkkLbv1SCdV/+da/yWUwnPK/7+Da+ZtgPXwrFNA08+0YsFctksMpunj4VdSnMBpL/vmTUulmZx83UoDQLvqfUDM+6+/l8Y9M2nel2foj8f3kJPS3vrl4Aj5Vwtvs9w6v6nvCyZ+lIkpdKSTLH8IHbnVXLDA9P1ImmynNBbceubcqNcCTBoO81OX9hcgDObRonq+80v7rn3MNuM+4kaKDA/TCqSGuWDBcmZ8oOgsOBXDxzm+U4fllYnhifh2VpWy+ym5op5tqKvZZRK0PP+KUs32aAXprczw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OghmG3Vh/FBXktsW6vY33/Tx8kLr8u1XO/33iRiovTY=; b=Ez1k1OYgmaShNNxDGksaA8+/qyl0vuuEFaQCeI7PVWlAvrocKD7lJBBnNfb1s8qgJpw4P0SFpmhByxN+uvmUMHvKiPAB2ztaPOEqrHzr96gwRI3EZY5nZyyxaPGjcRpWmXh8O+pRWSP4O7NlQTjeUFqoz3lMLzyWf3Wifoc8els=
Received: from CH2PR21MB1464.namprd21.prod.outlook.com (2603:10b6:610:89::16) by CH2PR21MB1494.namprd21.prod.outlook.com (2603:10b6:610:88::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.0; Wed, 10 Nov 2021 22:08:56 +0000
Received: from CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::9007:83c9:e722:5236]) by CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::9007:83c9:e722:5236%7]) with mapi id 15.20.4713.008; Wed, 10 Nov 2021 22:08:56 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, teep <teep@ietf.org>
Thread-Topic: [Rats] EAT claims needed by TEEP
Thread-Index: Adar5IMluvH5Xfk/TjCNoR5RTUTf2AAroFeAAAKv15AAARKhAAAtBI8AADYVQwAAAL1cOAABgHyAAABiwm5JodwIcAAJgbEAAAI5taAAH/wngAAHEqQAADlNTQAAAVP+oAAA2xkAAAGADiA=
Date: Wed, 10 Nov 2021 22:08:55 +0000
Message-ID: <CH2PR21MB1464E91FD236666F94C3A380A3939@CH2PR21MB1464.namprd21.prod.outlook.com>
References: <BL0PR2101MB102770B8E03B95A44497004CA3190@BL0PR2101MB1027.namprd21.prod.outlook.com> <7607E6BF-459C-4A32-AAE2-08117A97E06B@island-resort.com> <BL0PR2101MB1027EA205417DAF375BA7085A3160@BL0PR2101MB1027.namprd21.prod.outlook.com> <B1FDD70B-2530-454C-90AF-F44EEDC4F1F3@island-resort.com> <AM6PR08MB342916CCDD01E8698BB3C883EF170@AM6PR08MB3429.eurprd08.prod.outlook.com> <2D53BD60-4FA8-4153-B28B-585E902845AE@island-resort.com> <AM6PR08MB423141370A5CE9DEF6C732C69C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <3370D92E-23C2-41C3-B86F-A65C168E9082@island-resort.com> <AM6PR08MB42311D76B24E866812171BDC9C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <CH2PR21MB14640330E3DA58D2144659F7A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <C9FCDB94-1734-4F6C-B6D9-DDB384827E06@island-resort.com> <CH2PR21MB146427B07435A5F36DAE5782A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <27150.1636465193@localhost> <A40BE985-E12E-4B5E-8995-F4408134AEE4@island-resort.com> <398725.1636575788@dooku> <CH2PR21MB14646282D207490FD0C6D69BA3939@CH2PR21MB1464.namprd21.prod.outlook.com> <43D84D56-26B1-4726-A3AC-E918071592BB@island-resort.com>
In-Reply-To: <43D84D56-26B1-4726-A3AC-E918071592BB@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=a4641fdf-8f25-499e-b02c-7cc953130dde; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-11-10T22:08:37Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6800f786-cf6c-4967-25c3-08d9a496b055
x-ms-traffictypediagnostic: CH2PR21MB1494:
x-microsoft-antispam-prvs: <CH2PR21MB14947D02CE9B03B09AE759D2A3939@CH2PR21MB1494.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yZHzRJmxUtDhIp3aC0R0VGbuxvKVdkMLcfTC6EWJ3pIIoPdP2euSd3hbHQ4ry3PrrJDJa1YIcYxc/7PWKSdjbBv4BbN203VAqvO/4l4J2jzLGs9Uzyis8mxLCYXUWei4/YQm3PW8ByNBRvwEAm7d1gm6HmBIqBEximwBexr8mNMcwvQ/NIhTFUpFMp6by4hk67uajvtVzGKkXNtQyQ+NXs3rY0yq3KnbMTBR1EuwEhVUC80rDDr+mMY69f16BNWScmBnpbCKg3oMLRcBKp7qz/nfLboW0SKK+gd91NdUmgWrvhIAPPc2IWtEuw+4Rs7ZdbRn/LBW/vbiP/W+vIoMNZqOmOzyd9jv2dD9dKoXZCdCMThR7bnRb3TY2cuJYJimox0Oq1xibUYXFQkQT2ETlEUQDfKXLkYy6dbdP46KhgqrhgGrxbKsMu5oczpTASY6boYJENTiSMmR3lE28v3ovWLhFnR8EJE/pqtZShdG7K11kR4dEGdnrOdio8RPxypJSREJlXiQ1hlt0fGPu33smhWFvuvyVRdeObq3qs/kB824CF5rgSUpL6aicyJpozAvKJVlXIdBjnkhpgMjocVyUOAm+QqxVkX+yQXVuKd4yh/ArRLI5VDNlub901uszA/d+jsOoL58UnpSp+AXf09HBVuzvMvdr/O8QVFxZi4+WBQIKP07JJNqEKo34UfCHoH8Kf1ZTv5yVRp/1HZM84EwvuEIzMI1bVh6U1UfZDyuQEKHhQsBkElI1pnEhyrT/+mpeEBhVw97TXyP41jqAbrri+g0Y5yI7BFnaUiAz2MjF50=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR21MB1464.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8990500004)(55016002)(508600001)(8936002)(54906003)(82950400001)(2906002)(8676002)(186003)(66476007)(4326008)(966005)(83380400001)(66556008)(10290500003)(76116006)(71200400001)(316002)(66446008)(52536014)(166002)(66946007)(64756008)(7696005)(9686003)(6916009)(82960400001)(86362001)(38070700005)(38100700002)(5660300002)(33656002)(6506007)(53546011)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?XRouzyG9Imz9+tUFFxkVFm7GLO4iuxnFsHPKzTheldwjNabnHM9IveJlOMpY?= =?us-ascii?Q?nm7WnUDI2vWvFuceyuB/2nvjG+oF/2APh4YNLrq8yNMR2LdkUK3GDOzFwP2S?= =?us-ascii?Q?nqIVuSy4xIAY9RuBrjG9jYMQTcjqWKs+cHuac5HyqQMVuG+q5V1BDRxxzkYo?= =?us-ascii?Q?EGsjvoT9fcQ/G+ArSTjVz7AJ28HGYD44Pki/Xwtr32cmJ6NyfJ+u8+pT6SEP?= =?us-ascii?Q?I1veRqJtsRA20rykU+giUqoH4W/VXB3N2OXo/I63MmYl0ElviDCpykCQQUMA?= =?us-ascii?Q?FrG/6Zwa0ClJK8aNndqwm2yxTF4y3o9/S5EVgHpAzakZ5n8RsIJDPGIdss13?= =?us-ascii?Q?CpdcYkM7g/gQAEeCJTAbgnv/YqzqV0XkVTwQ87irqsXZU5FY16H7AU6tSHbH?= =?us-ascii?Q?1VWK6Z3JpuIkwxI1cH3v1sZtvUU1ukkILXja5P91jCYyHtzgz6IeXyvZPVE9?= =?us-ascii?Q?EkPiS8zG71xIqZij/9X/QHhHfm4CpFz0f9RJ3fcDRD4kg25WJ2gfAkgs/Vou?= =?us-ascii?Q?YtGQTeDLRgoaAzIhx00PmSd9x4xcpI6tf1+bicASFOhAdtZSIR79Yfvj9Pkg?= =?us-ascii?Q?sYpf6Y8Ycn2Cb1ZB9IOGIuJuY3DMkUz51LxMR6dWKxvh7I6PBbc6+TXSO1So?= =?us-ascii?Q?wWuD0XPP2dlRhqMhgaFT5p5dnKretGyLD5quVfqmd0EwQCdJro/OgwDfm9xp?= =?us-ascii?Q?lo4nZkuaGGToYoYt9pPIIvJWjsoNaquwPRk2N86tmjUP3ZhAE4kiVAksmmmP?= =?us-ascii?Q?jSxYAURek5t2dJmcf9yRvf6vq1In+mUk8IpDEYzVZDqZMY/qhW30311clQ7w?= =?us-ascii?Q?arT5EXe6lfiY9bDhi20AfXFWywkMbDnT7wTK/U/LMhBbta+F/uMl+riq6PkW?= =?us-ascii?Q?iTEs/ne1prkbEt3e/Y6kfVL7ymrtHvTb/7Fq0G2jNWjikUIHpZKWs7dG6em5?= =?us-ascii?Q?pS03rhnSP3n6gIc5ec9MBw+3gn/Qh5FBkhfYllGtV5kLODKPp3NMiq75ZZl+?= =?us-ascii?Q?q5BLJ3OoFbqMx2o7vTV4lx1GBxx71STf5oQJGvEvcD+MkFHzWAm546TaUsDX?= =?us-ascii?Q?73xVeEnhrvTtOKAHsqZy/otUnrKlxTzFEPCZn1hJWOmf6jT1QKlQFOml6U5T?= =?us-ascii?Q?2Xr6h6WTM9VmJUkJfqF9dWFz27mgsH8zyz0aibTNqCLopKXuY7NVxfNY/8Hi?= =?us-ascii?Q?J3F6NdMNCx4MIsHcIxevfw5MO9RTExKWQcMdN2xRisHuZiAoeDsewqc0rPrJ?= =?us-ascii?Q?TTy9CN/Fx/HCgzjas0AIp1UukLg6LkKBuobQpHDnHb/Xv5YhCT1E5XEIZd3f?= =?us-ascii?Q?e9Tyrc9g1EMoEDVlTQuuN4SP0eEkQmrlRPeoB23NQ92HAobG4CE1Xv3xUkAV?= =?us-ascii?Q?XevbhEMuORkwRE+/fmEvqBOtXhj6OqtQPNGzhzlWsxgUBnwkxsjm9A3r/rAN?= =?us-ascii?Q?lW2O4wXF0VGIipWO2iofkDJJWY7nYluCmrEbi+4BoZrCIGpxKElQSsyfx38u?= =?us-ascii?Q?k8TWwnXzXBHZsz8r/wCc3CMLR4+wbrvm8GHhF69qUEpenrC2h3Vb5OtdmzLA?= =?us-ascii?Q?tsEfvBZWimJiEHWIhvvfFN/76yjvun654kDXEv8Lppxmig3CkjTE+Ng3HVVR?= =?us-ascii?Q?kBWsPW9KFcJ2drKtf+fR874UNB3EYunYW+xXakdFPW4TQq3nv3JIwYW8uw80?= =?us-ascii?Q?kYrMY6fg7+0DFzLDjGjM3I9P5bgsmhQmp3vdFgakzdN5H7lYP2oJgKRFuLoL?= =?us-ascii?Q?c2spwloeTQ=3D=3D?=
Content-Type: multipart/alternative; boundary="_000_CH2PR21MB1464E91FD236666F94C3A380A3939CH2PR21MB1464namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR21MB1464.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6800f786-cf6c-4967-25c3-08d9a496b055
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2021 22:08:55.8502 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vsHmH2kwcQbXALpuLVjDHc+gPoqvsClQkViVnKLA34FWJwVvZ1tnAjvPlvSeX/a6eNrzV5a1Sv6PJWdRN+gMIqb3IYzSU/h1kD9GcC7Ga/E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR21MB1494
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/p_u8YNYKIdu_g-ZGugmGO_pXOxo>
Subject: Re: [Rats] EAT claims needed by TEEP
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 22:09:07 -0000

Good point, I agree.

Dave

From: Laurence Lundblade <lgl@island-resort.com>
Sent: Wednesday, November 10, 2021 1:26 PM
To: Dave Thaler <dthaler@microsoft.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>ca>; rats@ietf.org; teep <teep@ietf.org>
Subject: Re: [Rats] EAT claims needed by TEEP

An advantage of a string over a UUID is that it can be very short if that's all the OEM needs, "S", "3, "X" and "Y" in the case of Tesla.

LL


On Nov 10, 2021, at 1:03 PM, Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>> wrote:

If it's a string, I think it should be up to the vendor specified by the oemid,
rather than by a vendor-agnostic profile.
If it's a UUID then that's not needed.

Personally I would argue for treating it as opaque in either case
and a verifier should only compare it for equality, rather than permitting
semantic structure in it.   That's because I think some hardware implementation
may fillvin values that can be used for multiple profiles.

Dave

-----Original Message-----
From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Michael Richardson
Sent: Wednesday, November 10, 2021 12:23 PM
To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>; rats@ietf.org<mailto:rats@ietf.org>; teep <teep@ietf.org<mailto:teep@ietf.org>>
Subject: Re: [Rats] EAT claims needed by TEEP


Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

Appreciate the comments.  Think it is important to keep this generic
since it is going in EAT. TEEP can have specific ways it uses HW class,
but don't think we should be referencing TEEP in EAT.

Then I suggest that:

    "There is no global scheme or format for this claim."
->
    "The format for this scheme will need to be specified within profiles that
     use it."

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca<mailto:mcr@sandelman.ca>  https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sandelman.ca%2F&amp;data=04%7C01%7Cdthaler%40microsoft.com%7C47461df1d4ae4c6cc7f208d9a487f27c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637721726675767230%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=%2BOIH8fZw6zju18DcoR9hQ4HkrtDsMkhTXwQTitkKsSQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sandelman.ca%2F&data=04%7C01%7Cdthaler%40microsoft.com%7C89acf0870451455dc6db08d9a490a673%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637721763618882927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=C8qHyE3%2BCgJ1Wq7Y5LWISkqmNucKNruTZnAR28Mzu48%3D&reserved=0>        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr+IETF@sandelman.ca>>, Sandelman Software Works  -= IPv6 IoT consulting =-