IETF Logo Mail Archive

Re: [Rats] security-level claim (was Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

"Eric Voit (evoit)" <evoit@cisco.com> Fri, 03 June 2022 21:37 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46193C14F74B for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 14:37:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.354
X-Spam-Level:
X-Spam-Status: No, score=-15.354 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Zfh0MfuY; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=zI3UAinl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dO1fxeP3jp1I for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 14:37:34 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB4B0C14F747 for <rats@ietf.org>; Fri, 3 Jun 2022 14:37:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6855; q=dns/txt; s=iport; t=1654292227; x=1655501827; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=FhEpmpXk/nYFJr1NUGHkAXchC1nz/ORNoFkFhiOB7Eg=; b=Zfh0MfuYBmG+Py4RMZo5p2L7tVxnoYwae9HxOVAhtMivogNujd+jYs9N iqHCnjarcr4pv/D5P4cUOICkCFS9onmyA4tSpVRew/cni0B5H4F/58hdm zlW3RS1SY3vvj/FwbHVHP3O9tEeE81PGBqoGx5PsHHr+n56fvYFGx5ey7 4=;
X-Files: smime.p7s : 3995
X-IPAS-Result: A0D3AACWfZpimIcNJK1aHgEBCxIMggQLgVJSfgIrLjlEhE6DTAOFMYULgwIDmTWCBYEsgSUDVAQHAQEBCgMBATcLBAEBhQIChUYCJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAQkUBwYMBQ4QJ4VoDYZCAQEBAQIBEhEdAQEwBwEECwIBCBUmBwICAjAlAgQODQYUglsBgg1XAw0REwEOoAkBgT4Cih96gTGBAYIIAQEGBASBOwIQQYJ/GIIxBwMGgT2BVIFAhCqDCYQbFxAcgUlEgRVDgmc+gmIBAQIBgV+DVDeCDCKXZANONBKBIXEBCAYGBwoFMgYCDBgUBAITElMdAhIMChwOVBkMDwMSAxEBBwILEggVLAgDAgMIAwIDIwsCAxcJBwoDHQgKHBIQFAIEEx4LCAMZHy0JAgQOA0MICwoDEQQDExgLFggQBAYDCS8NKAsDBQ8PAQYDBgIFBQEDCxUDFAMFJwcDIQcLJg0NBBwHHQMDBSYDAgIbBwICAwIGFwYCAj0CLwMKKA0IBAgEHB0dCBAFAgcxBQQvAh4EBQYRCQIWAgYEBQIEBBYCAhIIAggnGwcWNhkBBV0GCwkhHCkLBgUGFgMjcQVIDyk1ODwFBB8BlACFL2BRAiAoV4ENknyDOopBgTSfFQqDToE+hDSDJIIFlQ8VqFqHPY8rII0NmV0CBAIEBQIOAQEGgWGCFXAVgyNRGQ+OIBkeGIMjhRSFSnU7AgYLAQEDCZAUAQE
IronPort-PHdr: A9a23:RCJayRKCJYMVoorRGdmcuWEyDhhOgF28FgIW659yjbVIf+zj+pn5J 0XQ6L1ri0OBRoTU7f9Iyo+0+6DtUGAN+9CN5XYFdpEfWxoMk85DmQsmDYaMAlH6K/i/aSs8E YxCWVZp8mv9P1JSHZP1ZkbZpTu56jtBcig=
IronPort-Data: A9a23:3AXRaaCoU0w+OhVW/5jjw5YqxClBgxIJ4kV8jC+edVH5lGZ7hGRDl z1BRindabyNfyGsLIcnLMj0oHqyi+aWk48+HRwsqmoFoxli8sSYVd6SJxysNn7CJcabFxpt5 s8SNYmcdslqHy+FrEn8a+m7piZ1jq+CG7GiVrOeYn0hFQRpFC4t2EM4xrNk2eaE7TTX7yal4 bse9OWEaQ74s9INDl8p1k6jlP9OlK6jsmtD4VY0b60RsAXUnCFKV5wTeKjpdSqlT9IKF7Lib uuSl7vREkE1UPsO5nJJtp6hLyXml5aLZVDmZkJ+AvTk2l4YzsAL+v5T2MA0MS+7sB3U2YEoo DlxncboE11xYPWXwL91vyRwSkmSA4UXoNcrHlDn2SCj5xWun6zEmqgG4OkeZOX0y84vaY183 aVwxAMlMnhvs9mLLIeTEYGAsCiMwP7DZ+vzslk4pd3Q4G1PrZrrG80m7vcAtNs8a1wn8fv2P 6IkhTRTgBvoUyJyF0cUFqgEhOaymXjNKzECmguNnP9ii4TT5FQZPLnFOd7RfJmBQt9Y2xzer WPd9GO/CRYfXDCd4WPaqTT32KmWxmWiA996+L6QrpaGhHWe2GsSFDUdVECwpr+yjUvWt9d3e xxNpHdy8PBtnKCtZsitXF7iimbdghBCXNYAKtYmszzcxZOBtm51AUBdHmIeN7TKrvQeXzU2z XeIks/nQzt1v9W9T3+RsKyRrC+yESkTMWIGIyQDSGMt5tDlrJA6izrWUtclCbO8itbyHDS2y DePxBXSnJ0aicoNkq68512C2XSnp4PCSUg+4QC/sn+ZAh1RVLGYSpyr92Lh9fdaM4erFlXbj iEcop3LhAwRNq2lmCuISeQLObim4feZLTHR6WKD+bF8rFxBHFb+IehtDCFCyFRBaZ1dIGC3C KPHkUYAusEMbSLCgbpfOdrZNig88UT3+T0JvNj9at5DZPCdnyfYoXk3PiZ8M40R+XXAfIk2P ZOdNM2rF3tfU+JszSG9QKEW1rpDKsECKYH7GM+TI/ePiOf2iJuppVEtawHmggcRt/jsnekt2 4wDX/ZmMj0GOAEEXgHZ8JQIMXcBJmUhCJb9pqR/L7DeflA2QTl6V6KJmdvNnrCJeYwIy48kG VngBCdlJKbX3hUr1C3TMCk4MeOzNXqBhStgYn1E0amUN4gLONbzs/h3m2ofdrg8/+sr1u9vU /QAYK297gdnFFz6F8AmRcCl9uRKLU3z7SrXZnbNSGVvLvZIGl2Skve5L1SH3HdVVEKf65Bhy 4BMIyuGG/LvsSw4UpaPAB9upnvs1UUgdBVaBRCTcoUJIR+yoOCH6UXZ15cKHi3FEj2brhPy6 upcKU1wSTXly2PtzOT0uA==
IronPort-HdrOrdr: A9a23:TPFOVK4mLQvBDZ88CAPXwXyBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc0AxhJE3Jmbi7Sc29qADnhOFICOgqTPuftWzd2VdAQ7sSlbcKrweQeREWs9QtqJ uIEJIOR+EYb2IK9voSiTPQe71Lrbn3k5xAx92utUuFJjsaDJ2Imj0JczpzZXcGIjWua6BJca a0145inX6NaH4XZsO0Cj0uRO7YveDGk5rgfFovGwMnwBPmt0Ln1JfKVzyjmjsOWTJGxrkvtU LflRbi26mlu/anjjfBym7o6YhMkteJ8KoDOCXMsLlUFtzfsHfrWG1TYczGgNnzmpDq1L8eqq iOn/7nBbU115qeRBDynfKn4Xif7N9n0Q6S9bbfuwq7nSQ8LwhKUPaoQuliA0PkAgMbzaFB+b MO0GSDu5VNCxTc2Cz7+tjTThlv0lG5uHw4jIco/jdiuKYlGfZsRLYkjQto+VY7bVbHwZFiFP MrANDX5f5Qf1/fZ3fFvnN3yNjpWngoBB+JTkULp8TQilFt7T1E5lpdwNZakmYL9Zo7RZUB7+ PYMr5wnLULSsMNd6pyCOoIXMPyAG3QRhDHNn6UPD3cZes6EmOIr4Sy7KQ+5emsdpBNxJwumI 7ZWFcdrmI2c1KGM7z54HSKyGG7fIyQZ0We9igF3ekLhlTVfsufDRG+
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,275,1647302400"; d="p7s'?scan'208";a="881654507"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jun 2022 21:37:06 +0000
Received: from mail.cisco.com (xfe-aln-005.cisco.com [173.37.135.125]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 253Lb6Uc011288 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 3 Jun 2022 21:37:06 GMT
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-aln-005.cisco.com (173.37.135.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Fri, 3 Jun 2022 16:37:06 -0500
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Fri, 3 Jun 2022 16:37:06 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iEE1UK02jh9Y6wU5HGZ+pae/AZclqFwv4U5Kk6wRfx0NUzzEwIkaTBk3dcfPyAJQq8d+daZzrMkUJ0a6uwaEzc37r6lb3Kn5f924i4Yd3pblKR0OvhSVg8tqcrkTU5tYwfLstIAlVSL1C8iOA5TJk0WXAomV5NpftgovCtnXwt/vAOIVh6RLqgRAJlt+x1mEYqoPv9Xcu0b0+hXiMhnxow7d/vFY8h4hfiiM7nMZDdHzhidsYorLWrlAFpjVBBZZSCMqsspr2WIyENyVSMH54GiYplQZmeTq587TKCFbHLMPYa6GQyJa3ibmJcGUu1xt0uthsD6n2FZyCFT430Q94w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qg+qwHjvCZ8MOId9m21XY0Je4G7rCopOqe0lM6l7CKM=; b=R+10qfuZc4hqkedD/yqby6GXB5kc3/WBKTalU6OtHc6zEQh+9Mi5PmWGGoKEUoXdGMAB3Q5z+YCSjBg5ZOoNiazZrw4Drt3DpQV9+Y6GwWaaXAhYZSy6DxPuFUcgXm8qgEkQlMag+UYSJuAEfJLUgOfOFAYmzKc5x4QTNcm4YEFoQBnhTzMr28F13oAETQ5ct4g9OKRTk1Z+rIxVPw/PMWD5yMSYsLwiq+qZci639cpyqv0j5xnUnzeocTc83sniXuqraAu9UcPT0tqo4WjKJwrnsK/TrDtOpK1Yb9yv0IDgFdDv+cVyqTmNCO7vesbbtECoOZMX/zj7USC3p/lTbA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qg+qwHjvCZ8MOId9m21XY0Je4G7rCopOqe0lM6l7CKM=; b=zI3UAinlpO8HRO8yFoLRdw5KdAObmLm7b1oH5QXSKFIDlY/Yk5adzgyHpuYujjkGkJNo2eiVp5fWGf4fXUyfN2h9p/R4JFb+6Iz2kr2tSUmiwtqsO+fkSSmVLZFClmAWvJszhwTcykKcuX+UnLA1lUKN6IuuYSAOpMxnSd2M3Ek=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by MWHPR11MB1629.namprd11.prod.outlook.com (2603:10b6:301:d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12; Fri, 3 Jun 2022 21:37:04 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::d7d:2026:5412:958d]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::d7d:2026:5412:958d%7]) with mapi id 15.20.5314.013; Fri, 3 Jun 2022 21:37:04 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "Smith, Ned" <ned.smith@intel.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] security-level claim (was Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
Thread-Index: AQHYdf6zjmigxGAHT0SAROgbsh12rK08VgYAgAAG1cCAAAmJgIAAEc0AgAAJ4ACAABVfAIABbA4AgAACgICAAA6qAIAAGBgAgAAGIPCAAABUQA==
Date: Fri, 03 Jun 2022 21:37:04 +0000
Message-ID: <BL0PR11MB3122896F67A5C6736CBBEB1DA1A19@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <45618431-7329-4F31-941F-A39BBC9D575F@cisco.com> <BYAPR11MB3125EB2DEC4CE5136AC903F9A1DF9@BYAPR11MB3125.namprd11.prod.outlook.com> <7FD4FE54-7A16-4E92-BDDC-878D726095E6@island-resort.com> <900bf8d8-0b00-cc98-fd82-786dc9c18901@sit.fraunhofer.de> <SJ0PR02MB8353B7216358275E4BF3923081DF9@SJ0PR02MB8353.namprd02.prod.outlook.com> <AB42EABD-FE7A-4DF0-8909-A6D304E292C5@intel.com> <BL0PR11MB3122AA0245129AAB021F0E5DA1DE9@BL0PR11MB3122.namprd11.prod.outlook.com> <c98b992b-5efb-d46f-81d5-d3711941dbb9@sit.fraunhofer.de> <B2C05847-4A5C-4179-AE00-A5F9BACC5121@island-resort.com> <PH0PR02MB725621CB633C322367FD4935F2DE9@PH0PR02MB7256.namprd02.prod.outlook.com> <SJ0PR02MB83536AE654BEDBAE653F803381DE9@SJ0PR02MB8353.namprd02.prod.outlook.com> <C0C0C756-214C-43C8-8EE2-AD4CFF71C0A0@intel.com> <SJ0PR02MB8353CC2F1A9D2BC089F6BBBD81A19@SJ0PR02MB8353.namprd02.prod.outlook.com> <C448C94A-72A2-4C9E-A932-E44EE3E29738@intel.com> <SJ0PR02MB8353F45B4569872BA596A23981A19@SJ0PR02MB8353.namprd02.prod.outlook.com> <BL0PR11MB31227B352C51D7E67D8315EBA1A19@BL0PR11MB3122.namprd11.prod.outlook.com>
In-Reply-To: <BL0PR11MB31227B352C51D7E67D8315EBA1A19@BL0PR11MB3122.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3c3baec8-1e3c-4fcb-f5f2-08da45a933b6
x-ms-traffictypediagnostic: MWHPR11MB1629:EE_
x-microsoft-antispam-prvs: <MWHPR11MB1629E33F6CF3DE0AB375403DA1A19@MWHPR11MB1629.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2yNUlvQHMJXsgxCzIE4gS9n52oUvFKUcGkM9k9hWlpDNmoUaLK4ji2cAp23fB28KUHU5ax6oNP3lgKmCdGTSFbjX/ztzOBPrg9GFMc2iP5QUn7zDB+zu1GNoYtpgvkJXGWmOcxbDxgUMo5g2kHDQacch3I63MJz1VzHyBgvikL//e+ByMS6d905n4IDt4PvnQFCe03c6rbPwE59oUEPD1VX+WvcaBQSON0GTNtZM0/IIOIwhGaDwz3hBZ3GwStSUyx/SCm5y5vUGBbnBVBkcyNTdaPEpk9qFtEcrC+qE7HYJzXfZ05raXE3t401Nq9n1cZBix0b7yRg94bf5lUk583aAlgtrCTTDeeGnLpvDVnK6lWfgRnLQc/pasTeYFoJ3uDdUlF7+dVKYprN9ORkhKjKdW21DptPrRwbx0AQ6u8ZW4dshi+UXBlAjglVheQG+mnUSblX9c2+X7DMz2QKY3XPGQnKnsPpn7gmCY1TZY8reLoKfdXAuCg22xHdoosOpvR22GfDH5NauebgUFJ8MQU/BekvyQ8ncZP47uWmgaz566vt78wBaDgL6WDj+/aXRSbhZwtsH2gYMFXwU2ux9W1aCNcl54RmoGCvf3vhsk6oQBSZ70FkEo4HZ8lvTo8VKH8ttx2DcwpZEghkOVtprOIRmsXXMHMhpzAZWb9npaeO7qMnaxTMd2nv4WhCkCcZzYKq1bSjyQI+FdCFOzxvDXZ8srsXxKvqz3Q+ztrvEkA1D58Kgc/MqdDCiD/BmFsq+4JxPc1YDGFVXd6wXn66fl1NSjRIs/vFXmMGDXMcNCai6OUq+Rb5iAvQttjzq8mqleVVmGYjKIxkiYOnVobno5Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(508600001)(7696005)(38070700005)(9686003)(64756008)(52536014)(76116006)(66946007)(71200400001)(33656002)(8676002)(15650500001)(66446008)(316002)(8936002)(6506007)(2940100002)(38100700002)(66476007)(99936003)(122000001)(4326008)(110136005)(186003)(4744005)(55016003)(86362001)(26005)(2906002)(5660300002)(83380400001)(966005)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 27cof85AkCks/DbYRIPlIMR1tlEa1qEw/yPoQUiEI7A3pNrgJqEzUSjq/smZq9RseLK9e8jpH6RAv8PBOzMng1Uog8VLKUjxelvyhgvE8920XV+RJmXofeRLVLn7j9HNaU0HBzo3xStQTaOFRX5A9n3z+XGx+4WN645/u70GC2lM/wgMEObCy1Cc32ElTuNJuTgNr/qD8Tm50eyCmwcHpzBsK2cqOaUucoJSH3zGWfnIUozhbnXWqw3+jER/gJ+QRTPQs15DUxjFdW7XfbS6zgCjmjfP4PeOlX+aBqK436fMiyhPUSVdJ6V04Ly3sv26rtNsaZ5CuHicI8ULbblXPp2cVlyl1AFB/ll65Nxm85qgLCkas00o+z9ii+9XqbLrDituGw9NAaVUv33uosM1+PBYM4G64dLE88WjrTatcIiCIhPG9DD0Wk7AvitzLHdbhv9uFLnfwLkg8+MxjbLjQpNXYaESVpW/TI3Ewz+hsD9bFRY7ebEJajweZeZAT4f0U7HS2eIyfSsL7/ea7LjGq7t3sRBVrpLFnATGKLVQVtOFw0uwONeWFmj9jb9gI5ImaL7jXhgMevEC7+xY3YWEUjo6zqVqYkIg8ytBPoPzK/ocG71bS2tPoLWI99TRZcxeylVhl/s2vsd5wjRv41apyynA8lt85QenD66hBl5Ukbpo5/yk5Rywl/yBGaWUPxR/VP93VP4+IeXiuktQ4kLGRkCU9TwguiOQ2sL8MKOYJacq6OKnBDT0G3e9iawrnMJ5zOun1Yme59Ad1xezfZsdCCHpEJlnDiPk9Joid/iXIwomL+8LqQy71PJdHRefiOw6b/scG4J9knUfAtfV/OTqP9rg64klqlvgLMGcT5eHWn30LJlld3IQ/ZjfXY0Zfz+iTgTFQPwH4pKjBdlwDCXhRPgB8poHiI4MZBoVegb0FlUZJU7WHjOlvQE/4j3vxxK1MGBKF7TgsVrPHZpwn/hWJdjZXNEBOLaCAZqOunZ9TfwDDS47h9H2c6ggSsuvFdqzwfDCVTJie794O2FJ8C4cPsU1o/8R05C3NTYrEadzOJDzqeur6GeGWNXqwDuGhRQYYwVoxZQJCqRg72vfYfouQq8BvJysbVslj2Sx4cZdGtALdqdvTQatnKCHvuAKYnEZXCzDh7tDGsscnEEHatf+PnAedCgYMSeyVa9MBjNC4TvBV5hDpVfKVq5UIVv5C9hN4HZ4+IOb0DFfBJg8WkON0073tEjcMD0fnZHl6aPoHUtpvoUA8yLzSm64HJV6BAEBzvnF/BdhM1LV82CUI//ZYjL8FTZ5kMw3e67U5YHC0LQGwaqnQJBFPbZEqEogEVAoeAWgZt5xjZBR93FT6dcVtX+9gdepYZd64YVCcN8RHu0e1Ts9vgXBcnEfFG6oGnOOrHFrNjOxh+ZP9dOMjJ7xTk9bnpflenDrgnU/sG7CeAQCuwAnN5WGnmm6rXtMgW3q9g4LwFSJv/wFwDUjMW96pdZk48fNpJQl15Zy3lq743JYCHK6N6ECPaN/emJ4QKXasl2EL4bU6EjCpU15xXXNx7yGpu4kYfDwJKolkiqULOfzzBQ5sxJMIWghCqXg4nACuV22HN+JqILW3NA7Y59QkRE0DcSi4Ihx8AeWooriFuaWZbZuuNkz7LKztHck1gTb0jHz0s9/v7d/JgE4N+n8H90B/JrQHjLmlnPMO4CRK5zpR7MwCwVRTvJJfS7EuD2w
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_03A0_01D87770.87FB3760"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c3baec8-1e3c-4fcb-f5f2-08da45a933b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2022 21:37:04.5452 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0/fA/Kjg6L65Pn3JC+v9M22a6+u85jiMslrvYxi/5L/MjeyAk13En39IIMMmQYOa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1629
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.125, xfe-aln-005.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/uqVfMrjj1Yz0_-SmOQWthWwkn3M>
Subject: Re: [Rats] security-level claim (was Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2022 21:37:38 -0000

> From: Giridhar Mandyam, June 3, 2022 4:56 PM
~
> So does this mean that security level as an EAT would be OK if conveyed as a
> X.509 and signed by a manufacturer key that is distinct from the attestation 
> key?

As this is just an indirect way of getting the information from an endorser, 
this would be fine.   I would prefer the more accurate name of 
"endorsed-security-level" to make it completely clear to a Relying Party that 
such a claim cannot come from Attesters or Verifiers.

> Note that  the EAT attestation key itself can be signed by the manufacturer
> already (see https://datatracker.ietf.org/doc/html/draft-ietf-cose-x509-08).

There is also the issue of ensuring that an indirectly provided Endorser claim 
is legitimately bound to the exact type of Attester making parallel EAT 
claims.  So both sets of signed Evidence would need to include information 
that can be assessed to evaluate whether the relationship between the two 
signed blobs is legitimate.

Eric

v2.23.0 | Report a Bug | By Email