Re: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
Roman Danyliw <rdd@cert.org> Thu, 07 September 2023 17:35 UTC
Return-Path: <rdd@cert.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32698C14CF0D; Thu, 7 Sep 2023 10:35:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4S_of0WIUuOC; Thu, 7 Sep 2023 10:35:18 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0138.outbound.protection.office365.us [23.103.208.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 771D1C151061; Thu, 7 Sep 2023 10:35:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=OD8sXTpdo6qkXGjh2O/HZW3SErnHX+nVZl5HQErbZ9omFcBOEovEZ6qYAs4ICtNze7aZVaIfM/OUjeX/KX2uuJEJqmhtWtXdh41d7i0ZHsjcwMvPXQ9RGk4GsnaWyzh1S3GHQI3rcx9TdFRT9UzF8HJXRQfFmpaeTXJXw9X7FJnSgGWndDpi5gt8OwLroNFgAI8u7q0oBdbon4HJ+xfnlU2TKToTEXWDkPlYrwamJ2BtcWkoW22G/nUhtmr2sUXn3oZ56X0NRuFwsfoMDDtjkPVR1emRpobcr+rB3HudjDdo7z96GY980H/WBnkNCBoCjyC7lijNnSDaTyCtXyjUlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jve85/3nP1u78KmIuisSfMgyTeDw2MLRgC82Vzv5jLg=; b=ydrgk9nRM+bPM3MKCsFbjoJeaF9ALYdIP6bM2VuoCJZAkYkYPlacx93n3zhGerYGdnqQrw31dIJDqW8lqeGyWCaf9+aKVpnXtCYC2fRaDr/gxRG054yb/Jo6Iw1BNHwB79JpIMN9AIGoL6/39tsw0JpvOmjZO942/UkYFNoTk9HV9mHDstliH6FwXXPfa+AGUqVoWC6vflmGM/Kr79yoYQXWMgLdBLLiVKO/4ZC5yp6aNHw66bkk1lIgOBYPm3kSLqTcHqTq4CwY+60SasjybWSoLz1ly1ec7yU3U+9QYOIbwKFQmDAmUtlX1iP3kxncgfgNcNtLBt22CxWVZusmxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jve85/3nP1u78KmIuisSfMgyTeDw2MLRgC82Vzv5jLg=; b=cjBSVFPelztfAbAZfSoE/NBMHW6a8AhfuX5dc5+uggjYcGwe5ji2BJz/KWSlPOJG1KMEgf1Se98uL2ssR05y+R+Tu4JHE5KLyEiUv083Eh7KSwH7RDFciJdVIHNKs/dWntA7JNFEsgMoKGLhhL6rOPpP+3X3PHTQUqYPfzUPMcY=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1557.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:17b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.33; Thu, 7 Sep 2023 17:35:10 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::a75:1fb:d689:ea09]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::a75:1fb:d689:ea09%6]) with mapi id 15.20.6745.035; Thu, 7 Sep 2023 17:35:10 +0000
From: Roman Danyliw <rdd@cert.org>
To: "lgl island-resort.com" <lgl@island-resort.com>, Robert Wilton <rwilton@cisco.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-rats-eat@ietf.org" <draft-ietf-rats-eat@ietf.org>, rats-chairs <rats-chairs@ietf.org>, rats <rats@ietf.org>, "ned.smith@intel.com" <ned.smith@intel.com>
Thread-Topic: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
Thread-Index: AQHZ4Yyb6JQ79qA5C0KnMJSNT2LEFbAPknqAgAAM20A=
Date: Thu, 07 Sep 2023 17:35:10 +0000
Message-ID: <BN2P110MB1107CF3DFAB0FF68453A2821DCEEA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <169409219358.34717.10637003445246332249@ietfa.amsl.com> <3CF411FF-CCE3-4CB2-8E30-010F7381E2F0@island-resort.com>
In-Reply-To: <3CF411FF-CCE3-4CB2-8E30-010F7381E2F0@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1557:EE_
x-ms-office365-filtering-correlation-id: d803190a-b0f4-42af-f08c-08dbafc8c90a
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oq06ZSZuxe0ygq+JQQQqZEBQEP53y4ggf+P2S+u0ahy5TlFyYTyDNJUWhdMuEIOivcEvYoGlqL2n0QaJwBTiy319lFbPUjP1sn6jmId3/LIM7FWKl2GCx+7VlcvBzLnX5YKSlFVM5ZpePV5B9HkTrr1TL3pnJO7HGvyGD0TQ7ye2gwNnzvA9AG8k47IBT3EsdmZP7/Tonovw4zgZkBwTNjKQsXIMtYQG4PKcUSIxnHqds2ow4T8SE1+pANgPKtPXMLx3HRO09v+d0tkwJnhrf8X8gfBCKR6w9Szzw1sub0rJetXtCxIfUFdzEU5gwkwzDoaMXLdu+8ohOCcZpkd4oJcqyU3HIQLFaDOKyvg38g8h6puatD+m/IZONejURUhLEw0yt0BHIjghgLhKOIEcqGk7GR1w+EIpsf7qTUiLL7PxBi8ofW8QivShSS9ADHSjCZoIvw6MUdbByX+OaLj9TnqAIGBZeOjIr5dujqR4cKw0a+CjMWktVAxIx07HVcjIc04flWTuqU1hn2Zq56z8rzHUbYAXHv2x8tHrOOnV7rMoHYUzlH8+RHkXY88g11MsfH6OGVwm+qrvkIXowcQQ1eiWSWEsUwBCIVgsGa83JSA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(136003)(39830400003)(366004)(396003)(451199024)(1800799009)(186009)(38070700005)(8676002)(5660300002)(64756008)(54906003)(110136005)(66556008)(66476007)(2906002)(66446008)(76116006)(66946007)(8936002)(4326008)(52536014)(41300700001)(55016003)(53546011)(6506007)(9686003)(26005)(7696005)(508600001)(122000001)(33656002)(71200400001)(83380400001)(38100700002)(41320700001)(86362001)(82960400001)(66574015)(166002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yjvw1oyrMUVRY+ArRkAv90lcWGvyTMyC0/7xJOwKekxiaDgeth5HUhQypz+JvnB14AjDDZtkSU3HQpouD2E3ApaxHqsGK/nOdeSj9yAy5WgUDbach3v4yET6RdZoKd6L6ONbtbsgmgE+SvblZBmbN6m8+PVMpSWLWwt1ac1HVf+Bq2dXwqdt5658ru13GRaDGENA+KcloGD3Zx93hX9Omh7J0CbAcBpYOdC3pr2ERAaAxkWzr6algBN0aAUxxYLheV5mxQD3DQ//GJNzFkaggM7CBM5XUimD5JaR36ljltag8ckK1pgbXkoAXiQakjFHcHIrDgnVtBX4L07HXGOkCEBgulqnH9GX/d+DntV3sI2iXXankhQdNZEYKWaYoaNd66ymjuCi+OBu5wLICk1YnlzyECW1k/FV8YWhBmCRYAU=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB1107CF3DFAB0FF68453A2821DCEEABN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d803190a-b0f4-42af-f08c-08dbafc8c90a
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2023 17:35:10.3728 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1557
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/u0vUe7mvJi4ZXSRBlxsocGJy0gE>
Subject: Re: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 17:35:22 -0000
Hi! From: iesg <iesg-bounces@ietf.org> On Behalf Of lgl island-resort.com Sent: Thursday, September 7, 2023 12:46 PM To: Robert Wilton <rwilton@cisco.com> Cc: The IESG <iesg@ietf.org>; draft-ietf-rats-eat@ietf.org; rats-chairs <rats-chairs@ietf.org>; rats <rats@ietf.org>; ned.smith@intel.com Subject: Re: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT) Hi Rob, Thanks of the review. Comments below LL On Sep 7, 2023, at 6:09 AM, Robert Wilton via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Hi, Thanks for this document. Sorry, I didn't have time to review this document that closely. I have flagged one issue for discussion to change the reference to the architecture document to being a normative reference. This would mean a downref, but should otherwise be an easy change to make. The rest of my comments are non-blocking. (1) p 71, sec 11.2. Informative References [RATS.Architecture] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", Work in Progress, Internet-Draft, draft- ietf-rats-architecture-22, 28 September 2022, <https://datatracker.ietf.org/doc/html/draft-ietf-rats- architecture-22<https://datatracker.ietf.org/doc/html/draft-ietf-rats-%0b architecture-22>>. "From section 1.3, EAT follows the operational model described in Figure 1 in [RATS.Architecture].". This, along with other references indicates that the RATS architecture should be a normative reference. I’m fine with it either way. Maybe others could chime in with opinions. I’ve read RFC 3967 and friends, but am still not sure if I have to do anything in the EAT doc other than change the type of reference if the consensus is for normative. [Roman] Rob and I talked about this a bit. While there are some references to the architecture which would be informative. The following use is unambiguously normative: 9.3. Freshness All EAT use MUST provide a freshness mechanism to prevent replay and related attacks. The extensive discussions on freshness in [RATS.Architecture] including security considerations apply here. Roman
- [Rats] Robert Wilton's Discuss on draft-ietf-rats… Robert Wilton via Datatracker
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… lgl island-resort.com
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Smith, Ned
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Roman Danyliw
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Roman Danyliw
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… lgl island-resort.com
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Rob Wilton (rwilton)