IETF Logo Mail Archive

Re: [Rats] Epochs

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 29 September 2022 13:05 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D037DC152584 for <rats@ietfa.amsl.com>; Thu, 29 Sep 2022 06:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O7020QhB; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O7020QhB
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-7_mXnR1es2 for <rats@ietfa.amsl.com>; Thu, 29 Sep 2022 06:05:40 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80085.outbound.protection.outlook.com [40.107.8.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0340DC1524BF for <rats@ietf.org>; Thu, 29 Sep 2022 06:05:39 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=bn0MdyVqn2VnPpmZhRsVfIG8wRfj640AYpDhI2YQyTUTB9iA9sYIJRdtUAJbG9+lwyPHda2VTBzHbmIXkORlsAInKLsM4FmI9xpNeuOtY2annauQNbHj9GSrhupmEDOeZrMRICain8T/0Kd6au47khNxCO9RhjK6sCrRiFVZKY5JVc4qNgqfBw4Cjdc2lNzz6ozi36213S3a+mWEGQq8D+4tK5mQ4QnbWtDDjkg5a0w/tGN2ft2PAwL2Y5KDqkeWKe2lvzIQJye7/4bHZFfL1mNTCJMUE0o3lJrCq7jjZDdPilOZaSF3JDc5b6GkN2F1zwFcKjU8ru8h0kXoAqUPeA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gRWu3u11z1mzenbxDNwp8x8tiHq3+rVRvKsXp9AUM5I=; b=Jz2TBYZYWm7wiZ7RGgQJqxLbsdbvasAa+SXZOzCkkEjiCXkL8LsUaVkPKsgIJTziMfvNe0wN2MvpWzJtGmEELl6wtmEM6DJzCd14UBXQG3NQIB/ypPo6IvGRwWDsCFaIIxcwUIVvycAkE9bZl/buKQbet2Xx2nGb34uwQQyt0twlCF3y0j2+pjlzBqwfMN1Fd7PAEps7OEzJRGZJD632EFFJHX7cSHN+OwZtYpZM3Iw9GirdZc6FdKTBuhWy7SCQpk4ULQl6rUWT5qD+/+4UXVLj7+hSrVLUIjseHlvSMV/asYV+j6Mr36Fjywih8p/SQtzM8MptmVog5N8aIaCZ0A==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gRWu3u11z1mzenbxDNwp8x8tiHq3+rVRvKsXp9AUM5I=; b=O7020QhBg1hzlciGUXT7wfNNwBYvtY1zx3IJEQtd7m781ph2JDKgSO60CXhe7ig3eeBXwz8WPFjw4/0s3TZ9gxFgX5ESOXcQcU3TH9mygGHabx7PymW/BpaG+zUOs+Pe3YOOyzE7pFxQAF9XK5N5q8vEailR9T8dm7yr3hFRH6Y=
Received: from AM6PR10CA0034.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:89::47) by GVXPR08MB7677.eurprd08.prod.outlook.com (2603:10a6:150:3f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.19; Thu, 29 Sep 2022 13:05:35 +0000
Received: from VE1EUR03FT014.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:89:cafe::91) by AM6PR10CA0034.outlook.office365.com (2603:10a6:209:89::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.20 via Frontend Transport; Thu, 29 Sep 2022 13:05:35 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT014.mail.protection.outlook.com (10.152.19.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.17 via Frontend Transport; Thu, 29 Sep 2022 13:05:34 +0000
Received: ("Tessian outbound 86cf7f935b1b:v128"); Thu, 29 Sep 2022 13:05:34 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 91c31ead9a619018
X-CR-MTA-TID: 64aa7808
Received: from 0ec4fa82008f.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 677E4C24-FAEB-4BB5-A0C3-1086D64ACB33.1; Thu, 29 Sep 2022 13:05:26 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0ec4fa82008f.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 29 Sep 2022 13:05:26 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nEpi9DA4czhfXvumM5KMXcj2Q2WnZPZIV9aHUAAIyJtAJQ6S/au4N+cu/c7Abn8xkQjqdjzq4jqJEyWCc7Oc+CbYqv5CmcvzgNZLCcFDO9fA69ag5WXIGY9l2DFyqvjI2eL4Gg1Dmh6oCAn8Yc7XAOJtq1n0BYF424YDDUYjbo6Dnj8bA3eT6ggyI5/Bk+EeA1WLMDq2+Xd7IUiM//pAk+tSI6ryG8TxAbeakdiW2Brn7vVQ+OByijD5df57OFUFEKs2F0oS9X0sGQYDAzz26bdZldd1VKv7seVICtX31RI73zs1krvC6rGzbSJ7eUffCGh0R+g5sV3K6drdgXuKow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gRWu3u11z1mzenbxDNwp8x8tiHq3+rVRvKsXp9AUM5I=; b=J4qxVi1awKmbinxO1ej3MsPqRcu/E46DALQ1J8mX05icvjjGebJDsH6fugFiYgenKZCxfBWRQ0WOT4Zi+DSwZXX6Q0Nfao59LTKKdpG4nMUNwH1tWzkhBiUCZLYWjSOgex3IFxbri+x666xUegYW7tWBrkUxJnw6VgSlOi1V6pIiMC0v1hEd6yiBhSrJ3QK+a7PI3q9VoeNr8chx8wNe80lhUYFNGH9VTApZ+Yc1JoXEya7fY2V8OgyBlJoWzYyptRZu5oO49KyNRKFjY4MB/ikr2yhqFm7kAQhEdCNAaF/ilJMzsq9EnSiTxGLEF/MRpgT+IGIDdupA23J966Cdhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gRWu3u11z1mzenbxDNwp8x8tiHq3+rVRvKsXp9AUM5I=; b=O7020QhBg1hzlciGUXT7wfNNwBYvtY1zx3IJEQtd7m781ph2JDKgSO60CXhe7ig3eeBXwz8WPFjw4/0s3TZ9gxFgX5ESOXcQcU3TH9mygGHabx7PymW/BpaG+zUOs+Pe3YOOyzE7pFxQAF9XK5N5q8vEailR9T8dm7yr3hFRH6Y=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by AS8PR08MB6615.eurprd08.prod.outlook.com (2603:10a6:20b:335::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.19; Thu, 29 Sep 2022 13:05:25 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::d48c:61b9:7a6a:88bc]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::d48c:61b9:7a6a:88bc%9]) with mapi id 15.20.5676.020; Thu, 29 Sep 2022 13:05:25 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Epochs
Thread-Index: AdjT8rHe6NnLOMZtThiMQDnL62doLQAC1xIAAAFv8XA=
Date: Thu, 29 Sep 2022 13:05:24 +0000
Message-ID: <DBBPR08MB5915709CADCC66F9E1D99ABBFA579@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <DBBPR08MB5915446C7545943D39EC9607FA579@DBBPR08MB5915.eurprd08.prod.outlook.com> <26847.1664454112@dooku>
In-Reply-To: <26847.1664454112@dooku>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 6758EAD07ECDA64D9DC29A14E20E22FB.0
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DBBPR08MB5915:EE_|AS8PR08MB6615:EE_|VE1EUR03FT014:EE_|GVXPR08MB7677:EE_
X-MS-Office365-Filtering-Correlation-Id: e117ed2f-ebff-479f-f515-08daa21b4bc5
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 04cS4VA1gmD3cVg+AgqWLfgIVxChx9a+53tU39JPY2eY4r/+2cG1BUWpo8SvlDguoyrHMK1vo9vOAEfjPB8rQ+Jml9DW9xliKQUiwaen73/Egit1shJDR/bLUszLqpNZN9ByGRtu/E9zx/IA8lfZkwH1ohRJxmp46B60EYAbWwaxUJJKrlXu4R4CwwEPkbXez0VquyiZ0uTgCOc7mdlPGfoo1xv8HOb2JdV41RFfXXs6drRk2nidjDltIbDygEzvOnU09H1+jsK6Ua+CbKK7TOtaSfDz/gWFDwhu5d3dv4gHXjUNVx/7SczuW4NLSkmwJYc8jlvVsd2iZEQwb4jhVVaMR9WAxRK4ZafKphp6qNpeIfoeobHHi/QHsIpE3+TgiUYe0n/W4cT3rZi0diWEZHNAWRFRZs4ljKdEJrCwgrMeb3iNNwKQbxdVuBMlZsxLMKq/gIhWZwM2QxMR1j4UEATipr0jXg5KiLdb0W3BjD9c7XP+4WgNGVkqBxyzb5AKKgvfhxDgKbuJzCgfL28ypiH/hTD0bI4yc3uw/0BRlJWm3P7xrfxfo7nKXyrPewZUVgeBb2yPsjsL0aMc48Tw0cLF+6cEXmJ54LID3U9H7Sf2eV3I12qQTxUh7IGCdprDFL6V5WjrJChwfyWZOB5WXflqqxN8onIse8qU+txO49Qfrh/zpFpvrWcGemmAlRm5OGYpB49kTXBFG5PYhReSgOl2m2eVjopt0f5q73CgdkfrahI/94KGK/QIcFtiqXFzdjyDVD0dbZl/soX4s916Ug==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(136003)(39860400002)(346002)(396003)(376002)(451199015)(33656002)(5660300002)(8676002)(64756008)(6506007)(7696005)(41300700001)(122000001)(55016003)(86362001)(38070700005)(38100700002)(9686003)(83380400001)(186003)(2906002)(71200400001)(53546011)(26005)(478600001)(66556008)(52536014)(66446008)(66476007)(8936002)(110136005)(76116006)(316002)(66946007); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6615
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: c5e5fd14-31ad-48b8-f4d2-08daa21b4611
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: EwkJ1R1ldA5UZgnF1zGYS4Z+7xZzhSKHgjTKsd80n20/3zWMujDceN/bI08CfFq5JdWbJ4IHD/D6ksfNL2XB2JtSG/5ew7TUKaKt/03gcNNIU1R5HAy7XDcgWb1nvA+KPqekELOVaOTqWpUCoRNa9fvxoC5ieDB3EDGPunj+VHXMzu/wAAhStYmbhorCb7GIlQvMHtrkDVzsDjt557kghuB26mJw6z0TTXkOFSQ6LoBaxhZkEX1XQwaaWt6mF1D5fUNgJz6zYAQLFUl0iccy/phFH2yFkgVS6wI65oAeDgNQhm3xCiHSwcDPf4zCEO/BriUmVM3wJSMX78Ry8pEjH6aWoYkBloNFOG2xG7zs673m3eiipEc0OhpIPnQ4Gp9ZOMtz1A2LtpMHbQo71U1Lst/Sn/xqtWI9u5Zjin5gwXC/YJCEV1XG89SJzU5GNt/QbwxPxS05Yh0Llyjuql/gsd7hXTvaImHFkwyioyqCNad+v8X/A/jOl+H6tNbVlV9z02aysE6aQ0FXVVlBbiQ4H14btIGvoEybsDXIYQnyR3I/pyUksFMbrSuKT3AxPABVC+CZH7UgrO3Awg8O8cCRlHkG3J8LKnx94TW6CN/35/YlcjP7pSVn7ArN7XCqRHB8i73OIwPj4LrLHVZ/HlkumMb3zX2L+04G53unJsiejV9k5hqMefyTFUFWrtMzLTomu72BwLG1mHZcqj8+yLAAdKz6g5ASbAo7vzM4VpMuSCI0E/YtAfOd0g3WKndaYdLqdBiTjAzcMC11Tg+rwx0fXw==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(376002)(346002)(396003)(39860400002)(136003)(451199015)(46966006)(40470700004)(36840700001)(82740400003)(40480700001)(86362001)(55016003)(33656002)(356005)(81166007)(40460700003)(7696005)(6506007)(41300700001)(5660300002)(8676002)(478600001)(53546011)(52536014)(8936002)(110136005)(26005)(70206006)(70586007)(316002)(9686003)(83380400001)(36860700001)(2906002)(82310400005)(186003)(336012)(47076005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2022 13:05:34.4490 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e117ed2f-ebff-479f-f515-08daa21b4bc5
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR08MB7677
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/uxhflbtBdLxCRaEG59UFKRP00Jc>
Subject: Re: [Rats] Epochs
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 13:05:45 -0000

Thanks for the quick response, Michael.

If I understood you correctly then the part of the example that is relevant for replay protection is really only the Epoch ID.

All the other information about time difference between X and Y is useful for other purposes (unrelated to replay protection).

-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca>
Sent: Thursday, September 29, 2022 2:22 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; rats@ietf.org
Subject: Re: [Rats] Epochs


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    >   1.  Would you expect that all solutions support all three freshness
    > mechanisms, namely epoch ids, timestamps and nonces?

No, certainly not.
A specific deployment (like an EAT profile) would support one.

Maybe a mechanism (like EAT...) could be adapted to all three, but that wouldn't be required.  I am unclear if TEEP needs to support multiple mechanisms. (i.e. I'm ignorant)

    >   1.  Appendix A.3 shows an example of an epoch id but there is no
    > description provided in that section and the description in Section
    > 10.3 is also very generic. So, in the figure below the attester sends
    > the epoch id and the difference between time(EG_a)-time(VG_a). How is
    > the verifier going to use this information? I would have instead
    > assumed that the attester sends time(EG_a)-time(IR_a).

VG is the time the Value was Generated.

The Epoch ID provided freshness to the signature of the Evidence, that is, it made sure that it did not get replayed.
But the Verifier still needs to know how old the value being asserted in the Evidence is.

e.g., Epoch IDs could come every few minutes, while Evidence a might be days old.
(which might be too old).

I know that Henk will correct me if I got this wrong.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email