IETF Logo Mail Archive

Re: [Rats] Verifier Input instead of Endorsement?

Laurence Lundblade <lgl@island-resort.com> Tue, 07 July 2020 14:51 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 874A53A0DA8 for <rats@ietfa.amsl.com>; Tue, 7 Jul 2020 07:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A1zs00gFZHnZ for <rats@ietfa.amsl.com>; Tue, 7 Jul 2020 07:51:34 -0700 (PDT)
Received: from p3plsmtpa06-03.prod.phx3.secureserver.net (p3plsmtpa06-03.prod.phx3.secureserver.net [173.201.192.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F023D3A0DA6 for <rats@ietf.org>; Tue, 7 Jul 2020 07:51:33 -0700 (PDT)
Received: from [192.168.1.78] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id sowXjWH2WjqjisowXjds8F; Tue, 07 Jul 2020 07:51:33 -0700
X-CMAE-Analysis: v=2.3 cv=U7zs8tju c=1 sm=1 tr=0 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=l70xHGcnAAAA:8 a=K6EGIJCdAAAA:8 a=pdmuHtnPrbt0BSUWxw4A:9 a=KOshRiJuJeOiy6WL:21 a=XllKou7HUHH1Q73P:21 a=QEXdDO2ut3YA:10 a=Q2AO1M6W6vWcGQETbR4A:9 a=K_NV32IF7-HMMxWw:21 a=AyGNKzVVX6f0P2RF:21 a=eZDC1ROyCKlZGMHn:21 a=_W_S_7VecoQA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=L6pVIi0Kn1GYQfi8-iRI:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <59471994-1797-42CE-AC6F-34F07315ADFB@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_72D81D32-20C3-4CF3-A4A0-36599FA26000"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 07 Jul 2020 07:51:30 -0700
In-Reply-To: <24201.1593904708@localhost>
Cc: "rats@ietf.org" <rats@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <878E068C-DAFD-4441-94F7-BA79CAF7FED6@island-resort.com> <BL0PR2101MB10279501A4ECA5BB7B6AED63A36F0@BL0PR2101MB1027.namprd21.prod.outlook.com> <BF5071AC-0C8D-4B26-8330-8589736B6EF5@island-resort.com> <af8e64b9-41b3-f42a-183d-1c9544fc1d7d@sit.fraunhofer.de> <C4D6DCB6-F0D9-4858-823C-7B045005B48C@island-resort.com> <13132.1593723461@localhost> <6091010E-3F7D-4B45-9B8E-9D954CE03C43@island-resort.com> <24201.1593904708@localhost>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfEMZ+5WVZcV2M7OQXzScZZloswK9F9B1X11F0DjZQIj5xgXrhA+ah3n/YE4wbyLAz0+fXU+LjRp82rapUMuegOWmSEwoSJxxae6mL6m79jnTvYckAEgZ rXAghs/enorM7dUE6uBW2Cttya35MmJ/pE+I7rRaHKqFIVi9ReYOFiu4v7QGqbACC9QHz11di+X6FMoi7wp0pXijeuRdH3lu75E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/sQng4hgyqI92SjQctiIJ-HyUdQo>
Subject: Re: [Rats] Verifier Input instead of Endorsement?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 14:51:39 -0000


> On Jul 4, 2020, at 4:18 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Laurence Lundblade <lgl@island-resort.com> wrote:
>>> Laurence Lundblade <lgl@island-resort.com> wrote:
>>>> The problem with Endorser is that they produce Endorsements and I think there are problems with Endorsements:
>>> 
>>>> - In Berlin you told me they don’t have keys in them. So then how do
>>>> keys get into the Verifier?
>>> 
>>> Well, first, I thought we agreed that the arcs above Verifier were out of
>>> scope for the architecture.  The WG might recharter to include that, but I
>>> thought we agreed that the concerns were seperable.  HOWEVER...
> 
>> If that’s the approach, then Endorsements should be removed from the
>> document, both in the text and diagram.
> 
> That makes no sense to me.
> 
> It is perfectly reasonable to define something just well enough in order to make it
> clear what is out of scope for standardization.
> 
> We can come up with many different ways to standardize Endorsements (or
> Verifier Inputs), and it shouldn't matter at all to the protocol between
> Attester and Verifier.
> 
> That's what makes it seperable.
> Do you agree?

Sorry, didn’t say that right. 

If we’re going to minimize description of what is above the Verifier, then the term “Endorsement” should be replaced with a more general term like “Verifier Input” or “Attester Trust Criteria” or other.

I think there are three problems with the term “Endorsement":
- It implies a specific style of input (a signed document) that is too narrow for a general architecture
- It is ambiguous and/or not clear it is even correct. The room in Berlin of experts agreed that Endorsement can’t have keys in them, but there must be a key input to the Verifier.
- It is TCG-specific. The term is not used in FIDO, Android and TEE-based projects that I’ve worked on.


Some text like this?

Verifier Input

Inputs used by the Verifier to establish trust in Attester, evaluate Attestation Evidence and produce Attestation results. It may include cryptographic keys, known-good/reference values, static implicit claims and policy configuration.

LL

v2.23.0 | Report a Bug | By Email