IETF Logo Mail Archive

[Rats] Review of draft-birkholz-rats-daa

Thomas Fossati <Thomas.Fossati@arm.com> Wed, 26 May 2021 12:04 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D11C73A2C13; Wed, 26 May 2021 05:04:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=TN3YQNcO; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=TN3YQNcO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VPVQx8Tj6PqM; Wed, 26 May 2021 05:04:08 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30067.outbound.protection.outlook.com [40.107.3.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73CA03A2C14; Wed, 26 May 2021 05:04:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TJ4UptmIKgmgWPgjt9Zbkj22UQgV09/QcgmEmBvxHco=; b=TN3YQNcO5XX6tjlt3DJUSHbTwubWbYBiXA21hhj1X7kiye+ujUHVJoQUG8U5wJvGSlNEkeE7+NtRd5t/kWpkHecel1q2P0PjIwMyTnVGElZcQ3hZS7q3izUAgd+rzZc9tiBDFCDWmtd7G2cysPwNCBLd+O0EkZLWPCQ6f3zM0Po=
Received: from AS8PR04CA0138.eurprd04.prod.outlook.com (2603:10a6:20b:127::23) by AM6PR08MB5220.eurprd08.prod.outlook.com (2603:10a6:20b:c3::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20; Wed, 26 May 2021 12:04:04 +0000
Received: from AM5EUR03FT012.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:127:cafe::47) by AS8PR04CA0138.outlook.office365.com (2603:10a6:20b:127::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Wed, 26 May 2021 12:04:04 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT012.mail.protection.outlook.com (10.152.16.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.25 via Frontend Transport; Wed, 26 May 2021 12:04:04 +0000
Received: ("Tessian outbound 0f1e4509c199:v92"); Wed, 26 May 2021 12:04:03 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 9c531469abb1924a
X-CR-MTA-TID: 64aa7808
Received: from 1b56d57acb25.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 425F8726-84C7-467A-A1DA-D8C38827938D.1; Wed, 26 May 2021 12:03:53 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 1b56d57acb25.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 26 May 2021 12:03:53 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SvB5X/tjh5mrBmh1wK5Xk+uqSYPuRXPV4KjhWHOBhxWzTZ91hrRpqu3yF274zrNCZ2+G5A+OVD6bkFXZVzDP+22psbrw8jtor901me/bKr642WWiS/ouEjGsnfMbmTSVMqpbon5sQnwFXqUDj8ZO26Y+EYdQo5b4vOcyYPy1b3TQQAVOA78uGx0mY1vEMpqnMixZRZoxi0hs1UMfnFLCovBKFeWJ8B0cQipiN2+uYjjd0/7o9xP/ZMspahNcklaG4vbK0r7JanHP1QZk+coX5TYcWn9tDEiSB0DSVdjaE87kFL8Yr+Na1nXz1jc/8+UtaVhMMhgsUbV5cg9xe9navA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TJ4UptmIKgmgWPgjt9Zbkj22UQgV09/QcgmEmBvxHco=; b=QJSE5r0eSNSYArx8c8bKpDDYrOOy8BDEu4tkCCkupArfohCNIFsv0Tv9AqIxzw9Cn12lGz+ZfSpla5F6HbpWz/Crzln8a7sL/4s1dyL+BSFMKpyOIBtqtk56TUsX70kPbrLUPHeShicCutbv7JKq37wWKJOvIrznm3E3CXUAizkWgr78AkrLR+2RYCt369fFJaU0Q+g1riaLpdyavSlkDF71mKfk4IyYo3EHD58mEjukwiOjGOy2eVyI1xnVnDOCpBMGkY/hWSyMle0u9obNxgJ7RwozhGQ37Y/pvtWCK4JjzkQJXJLSYZqsc401XDRnvyhvgsw2l4Mw3jQ6zeVHWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TJ4UptmIKgmgWPgjt9Zbkj22UQgV09/QcgmEmBvxHco=; b=TN3YQNcO5XX6tjlt3DJUSHbTwubWbYBiXA21hhj1X7kiye+ujUHVJoQUG8U5wJvGSlNEkeE7+NtRd5t/kWpkHecel1q2P0PjIwMyTnVGElZcQ3hZS7q3izUAgd+rzZc9tiBDFCDWmtd7G2cysPwNCBLd+O0EkZLWPCQ6f3zM0Po=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by DB7PR08MB3098.eurprd08.prod.outlook.com (2603:10a6:5:1e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20; Wed, 26 May 2021 12:03:49 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::e9e7:ea3a:3bca:5b3c]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::e9e7:ea3a:3bca:5b3c%7]) with mapi id 15.20.4150.027; Wed, 26 May 2021 12:03:49 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: "draft-birkholz-rats-daa@ietf.org" <draft-birkholz-rats-daa@ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: Review of draft-birkholz-rats-daa
Thread-Index: AQHXUicvJq5JZhB/2Euw8worVT3R7g==
Date: Wed, 26 May 2021 12:03:49 +0000
Message-ID: <2AC24A3A-C295-4BAC-8007-4D0B75C6C60B@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050901
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.12.10.179]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 20b3eca2-e97f-4d23-ef96-08d9203e5b5f
x-ms-traffictypediagnostic: DB7PR08MB3098:|AM6PR08MB5220:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM6PR08MB5220200F1A7EE004AEC7E6809C249@AM6PR08MB5220.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: PLNIY6weDE/EB0/0I3T5y98HZJkFHRJz/r8JbV4ixwbBWAYo4eSYW0egniC2ezK8j/Rc7w3neFlgRlRaiuXGZQ+HueEcj45Bo8QQBq27j+xPhiRhaebp4E7zGQWUCLfpYuz45CX/EyeYzcXKM/weUF4X+i54mLnh0nLJxusJmALYnMdFHbKp6/FgbHTCs/ywH/fuXmdpVotzDlgPS4nqvZXLyULDfT7wNjKy2+omMrj1CqtxBLtJ+QENMCcMzLFoJPb4EloMGNP3raISzaCLqUcU3Kc3Ld8B93/UvQMmH2BoAg6jnau7nEcojDEOnRlRA/ZoBUpRiiQczxF/KySRrB8oX66lg3BqHiyWP0T/+NX8JIifuz+1jy+fFJpPblyGQ/Qf/3xN+qcKS32QD1bq7OBTsEC4uTcUVm5ZuW/r2L8qe0jGxD/w2fmYjW7pbA3Z7iMQpXgaF56pHQyV/wPhb1IQ3soMmJBdhFb7B1aTiep0CVuRBaPqRpaoI6UdvBlTAtu7BYaR/K7ayiiaP/+C5fwwJw7t3Q9D2pm4G34N9+MxOKeyAT8hBnuYIS1QVzf0ThtR17HXVQtPZH6c/+lVETb6aARSZCAfRcQllGuxC0wdnuM6gTNXeeqwuXI6UvxLua1eGFHXo+9dmyq3ocmYSvvsP/CxcA5Woz7Hm3tifCw=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(366004)(376002)(39860400002)(396003)(83380400001)(478600001)(33656002)(38100700002)(6486002)(8936002)(8676002)(5660300002)(6512007)(86362001)(122000001)(6506007)(6916009)(71200400001)(76116006)(66946007)(66556008)(66446008)(64756008)(66476007)(316002)(54906003)(2906002)(36756003)(26005)(2616005)(91956017)(450100002)(186003)(4326008)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: g67NYZq/3n0NY6vOVLJ0jfpvzAw1mz0S/VINOa+oaxGallFZp82UdJHnQq7f/N4Ue/nVIzXNIHOtnw3l9ferSLwaEVqRhMydrvJPImvBfhdC4opkQRshr6uZPZtZBvW5Of9t05+88ljmXG39wIsYURfdBGX9yhaZ+sD7NpoFvdqzkEucNGpAM16lyuJqwFT9VgQC9OO3sNOl9in96aEvJ6KQ1Lci7CIKrYAI2gpeVWIt4euBPV1Z9yAAuFsrwUfiH7cLcOOIs97mttUT5Lk5HT4JHyd25dfvTyyeHxq1kQP3kPU5D9l58g1Cm9bz7Jey1erpi5qc6xGKMhctnam8v9v3F2oHuBWU7OVvKcn3jsQSgtWIxKAoMcWKAFq69mOPcIeEGLKqsacGOKtPyTPEl7mHMR+l63Ra8CUHwDhlNZzY2od1om9OybxNBT1p97UARaNlveA08QuwKeG76c9YvQ6DT9G/SiV2GVSJ7Tvb9Uo2cgYVH5uQgYnhvTxazl4paceCnV4LWpaTG6sXubmb8NRxtjY8+gWitLnNyZwpNEgoYE/nSs9mraqV3n/eY1bphAFZOIynzPmd/Aa7sXp+dQMZk36HK8T3Ds/V6KLwzcYGuDQkPfGC7CUr0fesaQjJK3ZLi96P9CdgqZkRHdRH4ILlrLpRheJySPysiOFkCQE8vGsVjvB1hXM6RLWgo434HTqexK88fkJIMTMwbfAeTvG3MAN8JuzOoQrZ9DPcBujUHvt1SryjVKDVwG9qIErwWRjklyD3VIIA4sMnAwdakf1fzrgm+OQLh1UqcDrFxYexFhghBC9pFIKy+mJ1f9AxjPBfu2v1Y5f3dTAiOtpfgqmHmCyIwLUX9JQmNLZAeg6Wf6p9Pe5QYRpRQYX5ZcgjoT5k5dmEOAlVVq1UoUMeAXG21A1ath5sjA+tQWD6VP4FUU7ieQDoI6/mwcZUpx6Tr/51hJoDBPy/QAzlTFcciG1XezgsmFsit5zSoZn1RPJcoIIdlExH7t60o0r3eRHbf93WHD4JDn5qoDVEnnzwrEbn5FaA9Q8yGt76TyenQeI+Y+s+XE07MUdtzd1REhIhpzUjh1ytsYYyGK9LqTMWSPtw4DV5qOEJAiFg3np/XmYa6rsesLr7X0YrY+g1jmlDd2VkwGxWa33yUQlMm5s8+7cRLq3z4J4evSx/8sIZyLF9uqzUWl8Xcqye6gqgDRT4/pEmq5U6kK+3OeDa+T/5GFa5txRGwR5b5By2DlCVnS7yZpdCe+tM6jJkKhaPYMYWsydbm0QQjYxiJxHnEKsmglQZ87izmqRfv0MS+lbuImNJPjvusRQQz9naw7gTt5w9
Content-Type: text/plain; charset="utf-8"
Content-ID: <C2C1B5AE7F455144BF159BEB89E1C6AC@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3098
Original-Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT012.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 9446c718-23e8-4c03-d4b0-08d9203e528a
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: lVK+1r9tsrKWn4L2pk2aCw5e1EYoWw+YbpA2F+sXfxC/+y9URfKo//nCEu3XMqy1PA7qtmBpqn6sSqBnEkHcnEmsbEXpaOYC0DRAln3cfU5oBwA/6H8zyC0bekyUZLPzfRmrF/QkmF+JDuXrKlSj8w8yjLmeZ/3EumPlByEjf8pOiQ8Jzo9vffAfBknXBZv0fXYPRY34GwsmPmxuCDfsnttlH/xQhSCxi6qsg2ApV+nws1Pwp3wcd6S7yuoGnSV1Sy01BbLZYOuvmVPGHmU0uEOOCPQ5fjfXiBggNl4l7zMHCU74Uj4ZnB3Ryhw9mbqXpZaJgizDlH+c3ddwFuiHOV+bAiAZKVi1g5eTPZfjP7xwgbnWucZNylSdzOx+T2+YsSMwWxOkqLbsTN9I5/gPi7nL4DdPE86YqJLw0q885e04W7NvmPWcTLXWdKKjKX78301AihU/p9nS4d7bDygYu91t6EQvSK9HEAjASY63CaG/+fBU7VBWguuP5/J1WNuQ3O2+ZKNKXEuBzW6jmp37rxKuJ6NrLrQrjH5NgcVe6ivM/VAf5SsX3bhmqkXsOGli/qklyEQvSkMZho/2w0CoWV88fpwAv0kY5i7U2lsASSKsv1o8nOGOsyuLYaKQnsw4NbDnJ3fNk5JKVgsoU8TW9SIWrgIubU0vO1myN/fZDx0=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(376002)(136003)(346002)(39860400002)(396003)(46966006)(36840700001)(70586007)(70206006)(33656002)(2616005)(36756003)(5660300002)(478600001)(4326008)(450100002)(2906002)(47076005)(336012)(8936002)(316002)(86362001)(6916009)(36860700001)(26005)(82740400003)(83380400001)(6512007)(82310400003)(356005)(8676002)(186003)(81166007)(6486002)(54906003)(6506007); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 12:04:04.1882 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 20b3eca2-e97f-4d23-ef96-08d9203e5b5f
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT012.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5220
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/uW81zHPSitCh29Dk4yi5wnhCs1o>
Subject: [Rats] Review of draft-birkholz-rats-daa
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 12:04:12 -0000

Hi RATS-DAA authors,

I have reviewed draft-birkholz-rats-daa-00 and I think this is a useful
document, plus it is short and sweet.

I may have a few editorial suggestions, but I'd like to ask one meta
question first - apologies if this was brought up in previous
conversations:

Is it really necessary to introduce the new "DAA Issuer" role?

It seems to me that if the JOIN and SIGN phases are considered as two
separate attestation protocols, the Issuer could be mapped to a couple
of well-known RATS roles depending on the phase it is involved in:
* Verifier for JOIN - plus an authorisation RP on top that grants
  the group credentials to the authenticated Attester;
* Endorser for SIGN.

Cheers, thank you.

t








IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email