Re: [Rats] looking for better terms -- request for bike shed discussion
Laurence Lundblade <lgl@island-resort.com> Wed, 08 January 2020 02:17 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF7651200F5 for <rats@ietfa.amsl.com>; Tue, 7 Jan 2020 18:17:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.916
X-Spam-Level:
X-Spam-Status: No, score=-1.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id INtdbx084V_H for <rats@ietfa.amsl.com>; Tue, 7 Jan 2020 18:17:28 -0800 (PST)
Received: from p3plsmtpa07-01.prod.phx3.secureserver.net (p3plsmtpa07-01.prod.phx3.secureserver.net [173.201.192.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB98A12007C for <rats@ietf.org>; Tue, 7 Jan 2020 18:17:28 -0800 (PST)
Received: from [192.168.1.76] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id p0uUiXMhdS6lxp0uUim3LL; Tue, 07 Jan 2020 19:17:26 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <0FB69139-54DE-4F1B-906F-12B83D1EDEED@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_16EDBD02-7C8D-4146-872A-D2BFE8475616"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 07 Jan 2020 18:17:25 -0800
In-Reply-To: <C7744481-277D-477A-8B0A-F7DC9F4CC273@intel.com>
Cc: "\"Schönwälder, Jürgen\"" <J.Schoenwaelder@jacobs-university.de>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
To: "Smith, Ned" <ned.smith@intel.com>
References: <26979.1578413051@localhost> <6291CF16-BBDC-4A12-A0C0-FDFBAB494A31@island-resort.com> <20200107165432.zmpm6yilgr6fogrh@anna.jacobs.jacobs-university.de> <C7744481-277D-477A-8B0A-F7DC9F4CC273@intel.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfE39/nk6c0eqdZViEHrDFhKqzYlc2FTkd7JOxTMt3eUqaWwSQ/auV8CaqKTWo6lH4G27Ld/kFJsOxpJro0rTFsvzFRdV0VaESMgggEHDhxmVmAZgIS73 1UVbA56vTBls62MPpZtOKxG6sq4m4Vm4llPLHjGmqGuVT0LpKU8Z0DS4ZM65E/OKLSrPdpfnOY0xkNM63kKGsM2BzvbbNeB26Se4UeIOGEJJEs5ngVeoAs7A vtqLm1qp9Wn4WAIOO93PuCxmX13Prpf3IACAaOBmlN7iVwvOYdw/gbsjZAmfyfGq
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/uc1FvCBdd4PG3spg9JcmoUAaj4A>
Subject: Re: [Rats] looking for better terms -- request for bike shed discussion
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2020 02:17:34 -0000
Here’s some rough text: Conceptually, the “attester” produces a set of “claims” about a “target”. The claims are known as “attestation evidence” and are sent to the “verifier”. The verifier additionally takes in “endorsements”, processes the attestation evidence and produces the “attestation result” for the final consumer, the “relying party”. This description left conceptual for easy understanding and discussion. Actual implementations are usually more complex in at least one or more of these ways: * The attester is also the target * One attester produces claims about several targets (submodules) * The verifier and the relying party are the same * Claims may be simple or complex, many or few * Some claims are measurements and some are not * Some claims in in the attestation evidence may be simply passed through the verifier, others may be heavily processed. * Daisy chaining -- the evidence from one attester goes through a verifier producing results which are taken as claims that are input to another attester that outputs a different set of evidence that goes on through a different verifier. * Daisy chaining may happen on the device producing the attestations or in the infrastructure evaluating the device or both. (Next I’d write a plethoras of simple examples for attester, target, claims… assuming only the simplest implementation that maps to the conceptual description ) I am starting to prefer the basic conceptual / abstract description over one that is inherently mappable to every possible. LL > On Jan 7, 2020, at 1:43 PM, Smith, Ned <ned.smith@intel.com> wrote: > > It may be helpful to note that the Attester may not be the same as the environment that measures. In some cases it is the same but not in all cases. The Attester contains both (1) and (2) so it seems we don't want to overload (1) or (2) with a term that is the superset of both. > > If there is consensus terminology for either (1) or (2) then we only need to change one of them. > > The analogy to CC seems somewhat apropos as attestation could be described as the partial automation of a (manual) certification process. Indeed, the result of CC evaluation could be a claim in a manifest or certificate issued by an Endorser. The Verifier likely would expect to find an overlap between the ToE and the "Attested Environment". > > -Ned > > > On 1/7/20, 8:54 AM, "RATS on behalf of Schönwälder, Jürgen" <rats-bounces@ietf.org on behalf of J.Schoenwaelder@jacobs-university.de> wrote: > > Attesterr and target have also been my first thought... > > /js > > On Tue, Jan 07, 2020 at 08:37:28AM -0800, Laurence Lundblade wrote: >> How about (1) “attester" and (2) “target" or “subject”? >> >> Currently the EAT draft roughly uses “entity” and “submodule” for (2), but only roughly because it doesn’t distinguish between (1) and (2). >> >> Attestation is not certification, but somewhat similarly Common Criteria certification uses “target of evaluation”. >> >> LL >> >>> On Jan 7, 2020, at 8:04 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: >>> >>> >>> None of us have been happy with the confusion due to the alliterative >>> terms "Attesting Environment"(1) and "Attested Environment"(2) >>> >>> We agree that (1) *measures* (2). >>> >>> We think that we could keep one of the terms (1) or (2) if we could come with >>> a different enough term for the other. There is an issue open: >>> https://github.com/ietf-rats-wg/architecture/issues/14 >>> >>> I asked Google, "What is a person who measures", and the answer it gave me >>> was "surveyor". There was criticism of this term because it sounds too >>> active. (To "survey" in the civil engineering sense is quite active) >>> >>> What do you think? >>> >>> https://www.thesaurus.com/browse/surveyor?s=t >>> >>> assessor >>> cartographer >>> measurer >>> land surveyor >>> mapmaker >>> topographer >>> >>> >>> https://www.thesaurus.com/browse/survey?s=t >>> >>> includes a bunch of interesting words, some of which we use already: >>> >>> assess >>> canvass >>> check >>> check out >>> estimate >>> evaluate >>> examine >>> inspect >>> look over >>> observe >>> overlook >>> oversee >>> review >>> scan >>> supervise >>> appraise >>> assay >>> case >>> contemplate >>> measure >>> plan >>> plot >>> prospect >>> rate >>> read >>> reconnoiter >>> research >>> scope >>> size >>> study >>> summarize >>> superintend >>> valuate >>> value >>> view >>> check over >>> check up >>> give the once over >>> look upon >>> set at >>> size up >>> stake out >>> test the waters >>> >>> >>> >>> >>> -- >>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works >>> -= IPv6 IoT consulting =- >>> >>> >>> >>> _______________________________________________ >>> RATS mailing list >>> RATS@ietf.org >>> https://www.ietf.org/mailman/listinfo/rats >> >> _______________________________________________ >> RATS mailing list >> RATS@ietf.org >> https://www.ietf.org/mailman/listinfo/rats > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <https://www.jacobs-university.de/> > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats > >
- Re: [Rats] looking for better terms -- request fo… Salz, Rich
- [Rats] looking for better terms -- request for bi… Michael Richardson
- Re: [Rats] looking for better terms -- request fo… Laurence Lundblade
- Re: [Rats] looking for better terms -- request fo… Schönwälder
- Re: [Rats] looking for better terms -- request fo… Smith, Ned
- Re: [Rats] looking for better terms -- request fo… Laurence Lundblade
- Re: [Rats] looking for better terms -- request fo… Michael Richardson
- Re: [Rats] looking for better terms -- request fo… Dave Thaler
- Re: [Rats] looking for better terms -- request fo… Henk Birkholz
- Re: [Rats] looking for better terms -- request fo… Dave Thaler
- Re: [Rats] looking for better terms -- request fo… Henk Birkholz
- Re: [Rats] looking for better terms -- request fo… Henk Birkholz
- Re: [Rats] looking for better terms -- request fo… Smith, Ned
- Re: [Rats] looking for better terms -- request fo… Smith, Ned
- Re: [Rats] looking for better terms -- request fo… Dave Thaler
- Re: [Rats] looking for better terms -- request fo… Panwei (William)
- Re: [Rats] looking for better terms -- request fo… Laurence Lundblade
- Re: [Rats] looking for better terms -- request fo… Thomas Hardjono