IETF Logo Mail Archive

Re: [Rats] my comments on the mic line

hannes.tschofenig@gmx.net Wed, 08 November 2023 16:54 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 038A8C1519B4 for <rats@ietfa.amsl.com>; Wed, 8 Nov 2023 08:54:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h8ybjH6EssFY for <rats@ietfa.amsl.com>; Wed, 8 Nov 2023 08:54:00 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80E01C15155F for <rats@ietf.org>; Wed, 8 Nov 2023 08:53:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1699462436; x=1700067236; i=hannes.tschofenig@gmx.net; bh=kapte8JAfT3HeDihR3dR31K/Cq+TNQtC/VmU9pClR5M=; h=X-UI-Sender-Class:From:To:References:In-Reply-To:Subject:Date; b=tA+pXLfMyEPr/Kwi3Mk1MTV4H4RyQk8lGUxyhHmt3/klZcdO3AHkMBXzpAsG8t8+ ND7DR4gzR1WevC2U1b9whS6zDfV4C7eaQBjcefm6rGjJZ6oV7OpLnFk6J53tnI8SL R/GBopdmjHSj0nVzQatbkBwRyxXFdWZqtYARuoHBP4kVsnN8f3C3Oq1QRJDD+cIT5 MAJAnC+2nY/XlG6xzEzN9OGmkzz5D6pDbCaXBCZNQUANinzxhm27FRmTSVFf3GGxW mJHF5RQ9xURaN4STSTw7rRuVJAOPmfHymhHH0isutVP8KW/JVba8bWdTod4IsUfsA x+23fU6CmAsVyNREKg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from Surface ([31.133.136.139]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MWRRZ-1qtM6h2Fkh-00XrNF; Wed, 08 Nov 2023 17:53:56 +0100
From: hannes.tschofenig@gmx.net
To: 'Thomas Fossati' <thomas.fossati@linaro.org>, 'Kathleen Moriarty' <Kathleen.Moriarty.ietf@gmail.com>, 'rats' <rats@ietf.org>
References: <CA+1=6ycTGM+dPLWGnFLnF2njAtdO6f3PEEwvgs1RLQh+N6eBjQ@mail.gmail.com>
In-Reply-To: <CA+1=6ycTGM+dPLWGnFLnF2njAtdO6f3PEEwvgs1RLQh+N6eBjQ@mail.gmail.com>
Date: Wed, 08 Nov 2023 17:53:55 +0100
Message-ID: <014101da1264$2967f7c0$7c37e740$@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJxMT2klhjpIN3q30UhbT7WeQmUJa9CYX2g
Content-Language: de-at
X-Provags-ID: V03:K1:/D3nxVpkvVhtPoBGK2Ga4VHazB5eUP5dTTUZdcjSFu6knbHnjwq rsYaP3nPuHvP3ExJclNjr7wOxNt26r7ZqcU1DSOO9BjK37EVi0ebDcrUttqCoLGB2oGIbFm 9p3iCmSiBHm8u988YO45ZFXOKOfaJhNn6awHRRn2AVShCuDxknAoXdtSKuW5IN91UP7hsJJ EuDbuPW6zSdMJlpNDloRg==
UI-OutboundReport: notjunk:1;M01:P0:5n4f0pgE+q4=;E9YDT7yVgO7o4YFl7G0nzwh6nlt FW8Cs590FYVkvk+HcGHgWvL360zLFV8KgYt5jHTs4UXfHgxt7D416w8W06ABF1ckm8G4efR6s HejoanafZUJTXXaCcFzjaLvk8ryiHn/ArT2BsPjEjkXBoy0eTxMY5DuQeh6lDHiEjAiUncb4n cooXrI3S6GJbgdGkfFFeInVLmTRf/K+y5eIDH1jOWUHqWpWhZSYk0YG79JjV00TlpDdzkyAxr JueUPllXmm2Jha2jS+DnI/kYeoIpEgWwflUw2a7vX1kuxzSnb742G4hbzsSYttlEp/OTv22yK +iIy9kgSnuBD2SSxBcS6xocB8fNZZWc2zAVB1TsNuEMMd9X/OAnsI+87dtkfDkrEDTAYXBLJ9 g4mEquouYY4W8wiIzPfUHjFAB58QQEZqLWfkOPH09e4avR3JELwn2CqrwloaEVUKv0ZOppVla SxSxz67BuCHFyOMkEg/TlV1ktM4pboI8HD4aO+yAsbcZl+UocCSgLolaHDbeQUr3FiikrTeZ9 Z2f/Q1zNCyjAGQ8Oc1OcelWkG1hvufgaK3IIyfC6oQ0qHH0Da1l0rejseXTcRHuLgKrstz3Jl YkWgemy3SmUqlXmlmpNeWfZt+Bkr937jBFpLMiEhzmEr1ssjFlmV34jFRrWdLNgGtP5XQHM9W IJ7NtXUvaWUBSasRRxnOXYJDdtxzJEDy2PvZ8Y2DmpV0JM+TYweMqBbHt3z7NJ/klJYGbxYpF zjsIE2tQOpI9SCjQeYjdzT5PcxdRzZLLN9M7QaMd2jjwdpd2lplXceu5fWxQemzvK6/Z3FcG0 35OCluE3PZVtvUhg8lMzBFPic/1Ba9AQ4GJvx91XaMGB9+JGXI2zgOuDvqmQHLLkl8wP4A+jq CogloABd54KGlr1jU39qwVRNWxQrLuzUrR+R7DaefHMC3Z3w5qjpfQ1HH9v0kmRZnx8ta7+/J 3s0DxZ6i4cR/1udJLJ2sPx4hSWc=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/piHWAEfZqD_Xjk9UNfepZt6l_Ks>
Subject: Re: [Rats] my comments on the mic line
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2023 16:54:04 -0000

Hi Kathleen, 

I have just re-read the draft myself and have similar questions. 
The architecture is not clear to me. A figure would help me.

I also believe there is a bit of a terminology mix-up. The RATS architecture already defines an extensive list of terms and you add even more (without defining them). I have challenges understanding many of the sentences.

There are also lots of references missing. Is it necessary to even talk about these specifications/technologies to get the idea across?

I believe a simplified example would help the reader understand. 

In general, there is also the question about what you are proposing. It seems that you propose the following:

-  an architecture extension (in the style of how draft-ietf-rats-daa extends the RATS architecture)	, and
- new claims for EAT.

Is this correct?

The document is somewhat incomplete. The claim definition is missing, the IANA consideration section for those claims is empty, the reference to RATS cannot be informative, the appendices should be removed, etc. 

Ciao
Hannes


-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Thomas Fossati
Sent: Mittwoch, 8. November 2023 13:12
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>; rats <rats@ietf.org>
Subject: [Rats] my comments on the mic line

Hi Kathleen,

sorry you didn't feel good, I hope you'll recover soon!

This is a copy of the comments I made on the mic line, feel free to address them whenever you feel better.

First of all, for me, it is important to get a grasp of the system architecture you have in mind to understand whether this work is in the scope of RATS.

IIUC, you have a composite device that produces complex, multi-layered evidence.  Then a (local) verifier appraises the evidence and produces an attestation result.  Then a relying party (i.e., some kind of governance/risk-compliance application) uses its application-specific appraisal policy to process the attestation result and create an “attestation” (= NIST definition #2, see [1]) using the claims you want to define/register.

If that is the case, it'd seem to me that the claims set is outside of the RATS picture - they'd be a message coming out of the RP box in the bottom right-hand corner of the architecture picture.

If that is not the case - apologies if I misconstrued your design :-)
- and the claims set is part of the attestation result coming out of the verifier, then it's good to go for me because this would be semantics encoded in one of the RATS conceptual messages.

In any case, RATS or not, this is very relevant work.

cheers, thanks!

[1] https://csrc.nist.gov/glossary/term/attestation

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email