Re: [Rats] name for outer box of Composite Attester

"Smith, Ned" <ned.smith@intel.com> Fri, 07 February 2020 21:24 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F32301200B6 for <rats@ietfa.amsl.com>; Fri, 7 Feb 2020 13:24:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 68mGNJqonhI4 for <rats@ietfa.amsl.com>; Fri, 7 Feb 2020 13:24:13 -0800 (PST)
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 675FD1200C7 for <rats@ietf.org>; Fri, 7 Feb 2020 13:24:12 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2020 13:24:12 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,414,1574150400"; d="scan'208";a="432687603"
Received: from orsmsx102.amr.corp.intel.com ([10.22.225.129]) by fmsmga006.fm.intel.com with ESMTP; 07 Feb 2020 13:24:11 -0800
Received: from orsmsx159.amr.corp.intel.com (10.22.240.24) by ORSMSX102.amr.corp.intel.com (10.22.225.129) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 7 Feb 2020 13:24:11 -0800
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.6]) by ORSMSX159.amr.corp.intel.com ([169.254.11.41]) with mapi id 14.03.0439.000; Fri, 7 Feb 2020 13:24:11 -0800
From: "Smith, Ned" <ned.smith@intel.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] name for outer box of Composite Attester
Thread-Index: AQHV3OFQMUtHxgN8LEmPutZgIAwohKgQQB2A
Date: Fri, 7 Feb 2020 21:24:10 +0000
Message-ID: <CC0656C6-4B0A-4E8A-BCA5-DC5F15308CB5@intel.com>
References: <8739.1580988809@dooku.sandelman.ca>
In-Reply-To: <8739.1580988809@dooku.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
x-originating-ip: [10.24.10.176]
Content-Type: text/plain; charset="utf-8"
Content-ID: <548C925BE9E51F408C95AADA9D2C762D@intel.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/tdygtNLNQtq7D95BzOwCkDKH_FI>
Subject: Re: [Rats] name for outer box of Composite Attester
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 21:24:17 -0000

I'm advocating for "Composite Device" because the focus of this section is dealing with 'composite' things. The roles however aren't different because a thing can be decomposed into a composite of things. However, there needs to be a context for how the roles relate to the composition of things. We can say that a device is an entity that hosts a RATS role (e.g. Attester). But the device consists of sub-component entities that also host RATS roles (e.g. Attesters). Since the role relationships remain consistent regardless of the entity topology, Each Attester (A, B, C, ...) can be described as three independent cases (e.g. Attester A -- Evidence A --> Verifier, Attester B -- Evidence B --> Verifier, etc.). However, Attester A is providing an additional function, that of assembling the Evidences A, B, C, ... into a new thing called "Composite Evidence". 

From a RATS Roles perspective, we've identified an embellishment of the RATS Roles architecture that either describes Verifier as accepting two inputs "Evidence" and "Composite Evidence" or that "Evidence" is a structure that supports multiple Evidence instances. This clarification needs to be added to the description of Verifier Role IMO.

In the case where it matters to the Verifier that Attester A is authorized / expected / allowed to assemble Evidences B, C, ... in addition to providing Evidence A. Attester A could include in Evidence A that it intended to assemble Evidences B, C, etc. To accomplish this there needs to be a claim that allows Attester A to say this. For the purpose of this email thread I'll call it the "Composite Evidence Claim".

I suppose, there is a philosophical question as to whether this claim is different/same as "Collecting Claims" from a Target environment. I don't think we need to have that discussion since, the goal of the section on "Composite Attestation/Attester" defines the context and semantics surrounding the claim of assembling Composite Evidence. The architecture could allow for anonymous assembly of Composite Evidence or for non-anonymous assembly by using the Composite Evidence Claim in its Evidence. 

In the Passport and Background Check examples, the Evidence flows are simply forwarded. I suppose it is possible for a RATS Role to be in deployment case where it is forwarding Evidence from multiple Attesters. I wouldn't expect this to be a case for the creation of Composite Evidence because the routing behavior is orthogonal to trustworthiness appraisals (I think).

I think it's possible to talk about an attester without introducing the specialized "Lead Attester" because any attester could assert the "Composite Evidence Claim" making it a "Lead Attester". But we don't have special names for Attesters based on the set of claims they might assert. Maybe it is useful to use the words 'lead attester' in prose to describe attestation behaviors of composite devices but I don't think it needs to be architectural.

-Ned


On 2/6/20, 3:33 AM, "RATS on behalf of Michael Richardson" <rats-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote:

    
    In building Figure 2: Conceptual Data Flow for a Composite Attester
    We had some long discussion about what the label on the outside box
    is. 
    
    We had ideas about:
       * Device
       * Composite Device
       * Attester
    
    We started with Composite Attester, then went to Device, then went back
    to Attester, and then Composite Device was suggested.
    There were some TCG terminology relations mentioned, which I didn't follow on
    Tuesday. 
    
    I also wonder, in trying to talk about things if:
        Verifier -> Verifier A
    
    We had called the Attester B/C as being "sub-Attesters" or some such before,
    but we removed that by instead referring to A as the "Lead", and the others
    having no designation.  I find it difficult to know how to refer to the
    collective B..C,etc.
         
    
    
                          .-----------------------------.
                          |           Verifier          |
                          '-----------------------------'
                                          ^
                                          |
                                          | Composite
                                          | Evidence
                                          |
       .----------------------------------|-------------------------------.
       | .--------------------------------|-----.      .------------.     |
       | |                      .------------.  |      |            |     |
       | |                      |  Attesting |<--------| Attester B |-.   |
       | |                      |Environment |  |      '------------. |   |
       | |  .----------------.  |            |<----------| Attester C |-. |
       | |  |     Target     |  |            |  |        '------------' | |
       | |  | Environment(s) |  |            |<------------| ...        | |
       | |  |                |  '------------'  | Evidence '------------' |
       | |  |                |            ^     |    of                   |
       | |  |                |------------/     | Attesters               |
       | |  '----------------'  Collecting      | (via Internal Links or  |
       | |                      Claims          | Network Connections)    |
       | |                                      |                         |
       | | Lead Attester A                      |                         |
       | '--------------------------------------'                         |
       |                                                                  |
       |                    Device/Composite Device/Attester/TBD #33      |
       '------------------------------------------------------------------'
    
    -- 
    Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
     -= IPv6 IoT consulting =-