IETF Logo Mail Archive

[Rats] Android comments on EAT draft

Shawn Willden <swillden@google.com> Thu, 16 May 2019 00:44 UTC

Return-Path: <swillden@google.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 548BF1200DE for <rats@ietfa.amsl.com>; Wed, 15 May 2019 17:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.51
X-Spam-Level:
X-Spam-Status: No, score=-17.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5224LTIhef6m for <rats@ietfa.amsl.com>; Wed, 15 May 2019 17:44:00 -0700 (PDT)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F79F120047 for <rats@ietfa.amsl.com>; Wed, 15 May 2019 17:44:00 -0700 (PDT)
Received: by mail-yb1-xb2d.google.com with SMTP id a13so564562ybl.8 for <rats@ietfa.amsl.com>; Wed, 15 May 2019 17:44:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=bmp441SVBiYxJShqO9wgDGhSjY6WFl9PjTSP3QJtwc0=; b=n9KA6tf4ezR1+IR+BzIPwxpZXpFWHc4uPtCI+TL2n1NVPWRA9Vk4Zdrer5WKPMGHWU z2cutzhAHEW7Vc6sJy0FABzptruAXPjSiepqQ/+KWSM9FZxETOLOUGv0GWlqbGNl5Smp SowcHxpzLn0/Y4xerhDX7AoOuVzWZmferzKLGGxh/qWCZ7f0j3D+Zm0IeMMEfcwHCufT jV+mTFsmFXksPQVlxn4amqKPVfRFWlORjFmWtxlJjw+AtKpC3glp31Igon/mX9InwQ7D X3oN9CQDEoHxMsSWUeC+2mKeIVQZQiJGobgc1yyNXi2D+lIsn9W+s88yvQBefc+akRor FRjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=bmp441SVBiYxJShqO9wgDGhSjY6WFl9PjTSP3QJtwc0=; b=ZLTi6u08dBa4aNneeJGv+HDfDP6HYXvSyAGAzt2LxdXzXes/NvizHqFpWDocfaT29b AuuxSJdV5o7Mr2i5y6NVSJEYpyLjRyeVw12SVUqPKrVGuBD0ClMHx2bVM4ueXczGR0Tb /6SUV33K0442jXrTn8LH1+9VGZX8tfjDdE2epTjFLnw51SiUxr8oaYuIAaOJeg4ppkfF ZHt1O5mt8PWeNWrTNx984gd3E75G+YVIHbQeIfZA7aVUVfP3yh31mB5Jb5hUb37zgwod NP/iwo5a27vLu5xNEkwr8Me9FnmALoz2AQuBAy/Ese6vw9jzd2ZgT2ZLSF6/7ukbZEPk gHpg==
X-Gm-Message-State: APjAAAVpMdAqEs6v34FRP3QIU476SsL8qn18yl7xH1x9g+SlZ7s3PAZU D1I2qMp5UjckTZiPtkVi3My1MOdUVh9/TMxHkg99+t+U96c=
X-Google-Smtp-Source: APXvYqwTZWt0YkzSJdAngwfspIINh0Ly0yDYCzRc5m2o9JoC7YJF/KWJQhRV3LEqsWkKEZBZht3tNGhHaMVAG4B7QxA=
X-Received: by 2002:a25:c54a:: with SMTP id v71mr21364006ybe.18.1557967439109; Wed, 15 May 2019 17:43:59 -0700 (PDT)
MIME-Version: 1.0
From: Shawn Willden <swillden@google.com>
Date: Wed, 15 May 2019 20:43:47 -0400
Message-ID: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com>
To: rats@ietfa.amsl.com
Content-Type: multipart/alternative; boundary="000000000000c7ed0d0588f68f71"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/qL2mssQY-hJwyz9zRg5F2J2wcus>
Subject: [Rats] Android comments on EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 00:44:03 -0000

Hi all.

After being invited by Laurence to join this WG some time ago, I have
completely dropped the ball. I apologize for that; in the interim period I
have expanded my team from one engineer (me) to six, and we all still have
more to do than we can accomplish, which gives a good indication of how
much I was dropping on the floor.  I think I have now delegated enough that
I can begin to put some time into this.

After reviewing the draft (which I like a lot, in many ways), I notice a
crucial divergence of focus between EAT and Android Keystore Attestation.
Perhaps this means that EAT is not applicable for Android; but I'd like to
explore the question a bit.

Specifically, EAT is about attesting to a *device* while Keystore
Attestation is about attesting to a *key* -- though we also attest to quite
a bit about the context of the key, i.e. the device. Indeed, the device
information we provide is growing with every release, because there's a
strong pent-up demand for device attestation.  So Keystore Attestation is
gradually expanding to include the device attestation role, but must also
retain its key attestation purpose.  For EAT to be directly applicable, it
would have to include claims about a key as well.

Perhaps another option is that we could use an EAT attestation as a
sub-element inside a CBOR structure that attests to a key.  Or maybe there
are other ideas about how an EAT attestation may fit into a larger
attestation that describes characteristics of entities other than the
containing device?

Another, more tractable, area of difference is that EAT provides Claims for
several data items which Android will likely never allow to be attested
because of their privacy implications and potential for ecosystem
fragmentation (apps choosing which devices they'll run on -- we generally
try to deny them the information they'd like to have to make those
choices).  These are:

   - UEID
   - Origination
   - Location

We do allow OEM Identification, though it's a different format and is
restricted.

Some other claims that we have, and think are important, are OS version and
patch-level (represented as a date, YYYYMMDD); secure boot verification key
digest; secure boot digest (hash of all verified code); application ID (a
digest of the requesting app signing key); and secure app version (hmm,
don't have a patchlevel, but we should!  I'll see about adding that for R).

I suppose all of this could be address by registering additional claims.
I'm not sure it would make sense to add a set of claims (or a complex
claim) that addresses key attestation, though.  That seems to significantly
change the semantics. Or does that sort of extension seem appropriate to
folks?

I also have a set of more detailed comments and questions, plus some
editorial suggestions.  I put the draft into a Google Doc and added
comments.  I've asked my team to take a pass through it as well, and I'll
share it with this mailing list as soon as they've had a chance to weigh in.

Again, my apologies for jumping in late.  Let me know if you think EAT just
isn't appropriate for Android.

-- 
Shawn Willden | Staff Software Engineer | swillden@google.com | 720-924-6645

v2.23.0 | Report a Bug | By Email