Re: [Rats] Adoption call to https://datatracker.ietf.org/doc/draft-birkholz-rats-daa/
"Smith, Ned" <ned.smith@intel.com> Thu, 28 October 2021 00:02 UTC
Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC4A83A1003 for <rats@ietfa.amsl.com>; Wed, 27 Oct 2021 17:02:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BHi1y0-sETs for <rats@ietfa.amsl.com>; Wed, 27 Oct 2021 17:02:04 -0700 (PDT)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 484FF3A0FF6 for <rats@ietf.org>; Wed, 27 Oct 2021 17:02:03 -0700 (PDT)
X-IronPort-AV: E=McAfee;i="6200,9189,10150"; a="293752769"
X-IronPort-AV: E=Sophos;i="5.87,188,1631602800"; d="scan'208";a="293752769"
Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2021 17:02:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.87,188,1631602800"; d="scan'208";a="580017483"
Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by fmsmga002.fm.intel.com with ESMTP; 27 Oct 2021 17:01:58 -0700
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 27 Oct 2021 17:01:42 -0700
Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 27 Oct 2021 17:01:41 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Wed, 27 Oct 2021 17:01:41 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.177) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Wed, 27 Oct 2021 17:01:41 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j+HvPo8MOe1kwEp4EIwKI09OR+fKY2YNUWxPrp1ph/8FSnfR+GAH/AkJYZL0akEW1A0qwvMyxhUdSGkiko7y+Dgp4P4uh7i7I6ykelFux97m1/U+ltTQtUvFrZX/tDvENYLU/9Oo8/12xFG2XixQwC3OTepMnWdZyp8JgxGs/KAQ5A2BcjPTMaJmkiIsYZdS/h5CIBH5nuDeeW4E3cRNV0ei5az8lPKrCjwMx7hidW2NUGr66O0s1mQPLYxTooCVS61isOD6WHaBzxKz8UW9CQf7QtkjXxni6H9MoR8k3hfnzE0wm2ziKS+B4kcB1nJABMu1ms0QFdMobvN5qXjw0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=20YEaghNL1mjdMG5nvmnK/QRfzc80g4X95EfVNeiWBE=; b=LtrI9anELkF+uWuecClmqX+Iw5OZaoLtlhXOTYP0CHEYkg7iSU3YPZ295n7uspZ8jofJ3PDTHA3Q9ZTMABjnL5sWDSj/6WONU3zTDiDEobWg+7rGL8afB3Xdw2SAnZwnkQZuDZAst+yyGq2h7Q+b9aFiuHrYfm2KIjS9vJTh7PWrGlMoFNy2WDHS2vr5vsHhorjCjmckaIytRu4Lj5Vl3tcY8hN8FUeFmwjty3FDltVZTrHk3+qDBSa0Zt5eanKWpRL/ur6HUnMyzb9r5PS62zzddt62zlenb5U5TSiVPXij6KnRj/3Y4HEcauow3DgbNZW4hKY0kQcJQ668eG4XEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=20YEaghNL1mjdMG5nvmnK/QRfzc80g4X95EfVNeiWBE=; b=wSkbPIlqKH5O9WoxlxXWnbKYa0ao46ISOAN2CFx/9BZYlXXOKMJRXZlFlx+VN4psC7bftzZ6kvrz0YUjTYQKQA23pFuUv5asTplRviegUIKCoAT4lw2iQ+2GuucscGNJFAJU6RevzYKp4a42l07w/2LbQRkx5v3B8XO+xjqemYE=
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by MWHPR11MB1438.namprd11.prod.outlook.com (2603:10b6:301:8::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Thu, 28 Oct 2021 00:01:40 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::fd14:4e67:a33d:c0ad]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::fd14:4e67:a33d:c0ad%8]) with mapi id 15.20.4649.014; Thu, 28 Oct 2021 00:01:39 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Adoption call to https://datatracker.ietf.org/doc/draft-birkholz-rats-daa/
Thread-Index: AQHXy477wJxzwye0t0KmuJrpDdun+Q==
Date: Thu, 28 Oct 2021 00:01:39 +0000
Message-ID: <BF59489D-132F-4607-AFC8-E09BF13D140C@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.54.21101001
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 01218cd4-40f7-404d-9168-08d999a61e07
x-ms-traffictypediagnostic: MWHPR11MB1438:
x-microsoft-antispam-prvs: <MWHPR11MB143813ABFC22B18DBA3B83E3E5869@MWHPR11MB1438.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8rV8gDWo0DTdHTFp66c/7Aipu1yqbWQNczuiu/stU24lgRcQT+wIYMsrYFZ15YpvF2X66knTdacMdTH7PIBy1wIkm+cQQK1kWNnk9MHXPqvJgp6Mg9QnUU1y3AHqwcfPVF0nWoOOXppDk8yb0CJpcArrExxO3lJW2xPBlDbhqe81tbC4+ZKZEpmzY7WfZj0XkABpZu4DvWKf/2rumtOpdjwHgQcO25ee7jZAIZ+X5QR+5vGg6UIdLCBgzTArXYvgKEzvx8CUcVUSYVirqJ1TNwqgowyhL/aT/JZNFmUiAyNeHWEP6W66AIXYXUNLdUA9erlld2dfezARW4HcZqDZzxQKr7gtGg+Y4ZIsC6mXEG1A5U2w5yH1uT4M//PdQV1PX3SI7W26MpnWf7eiOAceEKvYMaowNduM1kq/BAudfpb0/fnXk0rAg7M3+/rVdWReDEX06wi9zkqTohluWTUDPv0/AzqER8XslDTfNFrqywvhAjWMYQzuo1jsC9M3ZBxZAz/xR49vL0IdIZBY/S3z7tRSLSqwXUCxi8oVCTCTLstsnz8ng8DL4YO0v+OYILiKmRppEsrVKD9+mKLtvcqJJieeESeTsTY7WoZ+PatD5KnVSBKEk9H8621jXWoz+odt4z8CvMmGr8Z4bEjVpeTHRyRXLxrKKd9Z6aYNhV4gfAls8e5Sr6We7D00XJQQQPVeWm11oF3XK4P9Kp0cnGy66WgJve3hKsY2jRfRcpYVbo8t2RhtqhTic3yJ0YDdzS/X9EfGQxruUkvZfmltnrS5VfJavcJD7+hJn17fWGalpUlDk2auhsh6Gd/1O/VOXwbWJcXmb2REVmt9XriWbNHpGkBXp8kLFDc6U3QUzfwIq6U=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(86362001)(36756003)(122000001)(38100700002)(2616005)(53546011)(76116006)(8936002)(26005)(83380400001)(508600001)(33656002)(6506007)(966005)(6512007)(66574015)(316002)(8676002)(66946007)(2906002)(6486002)(5660300002)(66446008)(66556008)(38070700005)(6916009)(186003)(82960400001)(66476007)(71200400001)(64756008)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: A6c/hbhKZmK0P+X3orFlggEGAwCpoK9csSvCX+LafnZB/Ykbzk2ZthsmwzWVohpzHD/Jv772/Xpzu7lFRjqsMmXpG12cIO+6/n5+UEgXG4d8CMjPAoT+hnKldmuMNl7MjrbIfSUeLmqgO/UW0AJsCZgq6TeLXhXDs1JAEipWogURUw+veMPJ349FD2e3iTEDcbdUn6rDtA2m9rQrrejIsq7TmD4a0iKm0CWG824h0HL0olku4wGE6po2UEKBGIjGmpCILNZdngv1okm8MkBcWcknLx36gdHj1rnIVpYqdsHDtvJaajEyw31Rbe22VnAE5q/LxLkSXynX/tAA1dQ4e1PLu4clDbbJN9nNhxT9LYsWLvmeKdnaL+afM8qQvgZmSyyFCbEnUYuSzFIZ5tDayR0gg6doc9ev/36hwEZ+jaA4kW9u949CpTp0yDCTO1iXyf57BYLRaKj3w2OFercVSATwfpYYpWyGB50uo5PGDdaOM6dEdxGs9i8yVylfTTwOGvx/3wxqrBHe9bL5RT2wP6xv6e5gM542f/7aGbVL9rfl6cT0kaABLGr0ddi41IjrJe5fJwaSH5eXGXb3DHSmi3+7k8D7JGFAk/U5+McXr9E8l9FL0O8xHLyMIK3VdsLwVCSZb2JxcRTDQa68o6XRWl46gNkoXwkSiLMERvtDAJGQSPjkqJrA4NaIA38Ip3lxYKOlGJtlimwrKcG9i+LUeErRL8q1UuBckV9l0NGrliB5oexXhKqm4m6pKfwEahWPi+ZBk2V29u4Ry5svxwEW52OHyxx028P5WHmbSd1fuaybslsiDtxmLPJemn00FM8v7ozfnq0iMmIoggP//jGGQwuc1KCYsbu5ZHNwVmySLhLtZgFRiVDbTzS83tJ76dsEXtw62WWezWYP/PeTwb9+LucPvxg945qpd6j6IBbBdV1+WqcvsY6wIFGV3H1xg/js1i3jnGd2kcTxF/pKdD8QIh4ACO4ibsvLVMpSFqPggIeXLYNBK6JSMhsyt31+fndMfvwNq7UoPOySOIvekYF/eLQ36wBke1R08naAPxr2VpxaQCvXb1MpPQVmzc6mIfTwZQxtCbMcsuVx8AozYOVaI88AilNLlTyV7C3cgzpV9ELBk4jZgtFnp91BgwkqHsUB2q/1TYIQpICGNWYpNumpMWn7FzZs/XGJC8bmxHsOTtOzP8tkADcfr2nEVtPZWadJy6nGvfdJA65kcAJZbTKex8nsWX6qMYYwMl5ZchmYNWSuvhlruwk4XJbUUHqMJ724wn/nzAa9TNJHYlv1hKMHMw3RKuPc/tI7PnSJ0OQu7HK2P6bbihRHfJ1nJ+hF38f3j88Wxtpv2PtJXmhWh/0dSXE73NvQ8fJdyLCp36MkqRsRdzMu/6yUAYqfgl0/AeLFsLiPJS3FdQW2qOOnNSqsKdcDptVFtQut1430olQHEqvg26HoQYP9H168UwtK0nTlc/e9xGZW5T3tpEBZJOrYOSBMvbbP7ajI1IVSsLNb8ABrkNs5VOrCYe214PIStMqVMsIlvbrBDRAS0Lz/knjc9DLdUhtA+pVv01wHEZjXd72mJfMDclGd6rLIyT3EiO5lU2s45t8kwd1n5JYxO7dn1ha0MU5/V0HXMIXWtobHN48=
Content-Type: text/plain; charset="utf-8"
Content-ID: <7474F2A4BBD7A44E83D6DC0F35CACEA0@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01218cd4-40f7-404d-9168-08d999a61e07
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2021 00:01:39.6063 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0prcJ9zvkfP5wrVn0ezP3S0AMBf/AmlsDg6Yf4U6o2SJY0MuXT21qto8gyZyN2XVq6MQq/vM5+NyYEJcND7/fQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1438
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/vOrIVraxTKVsf_y2Bprmkja6G9k>
Subject: Re: [Rats] Adoption call to https://datatracker.ietf.org/doc/draft-birkholz-rats-daa/
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Oct 2021 00:02:09 -0000
I agree the DAA draft is ready for an adoption call. However, the draft doesn't do a good job of explaining how the endorsement claims that are supplied to the DAA Issuer are conveyed to the Verifier for subsequent appraisal. Although it may be that the DAA Issuer appraises them as a condition of creating the credential and conveying the group public key. The Verifier may nevertheless expect the Attester to have a particular set of endorsement claims. These could be conveyed to the Verifier in a variety of ways but those ways are not explained (or not in sufficient detail for the reader to reasonably infer). Keeping in mind that the value having privacy revealing properties is the Attester credential request. The Endorsement claims do not privacy revealing. - If Endorsement claims are copied into the credential, the conveyance route through the Attester is exemplary only. It could have been conveyed from DAA Isser directly to Verifier. Since the authority of the credential is from the DAA Issuer and conveyance isn't a goal of the RATS Roles architecture. The conveyance path through the Attester is not the most direct path. Maybe there is a particular conveyance model the authors have in mind but that seems to be overloaded in the roles architecture. - If the Endorsement claims are associated with the conveyance of the group public key this is not evident either. Given the group public key is something like an X.509 certificate the Endorsement claims might be included with the public key and authorized by a DAA Issuer key. It isn't clear that the Credential couldn't also be an X.509 certificate containing the group public key. The draft mentions Intel EPID as an example of DAA that also supports revocation. In an EPID flow, the Credential is more correctly represented as a blinded group private key. The Group Public Key is most like an X.509 certificate that is signed by the DAA Issuer and contains the group identity value. It may contain additional attributes. These points need to be clarified so that someone familiar with EPID would be able to effectively apply the attestation properties described in the draft to an EPID system. -Ned On 10/26/21, 7:44 PM, "RATS on behalf of Nancy Cam-Winget (ncamwing)" <rats-bounces@ietf.org on behalf of ncamwing=40cisco.com@dmarc.ietf.org> wrote: Hello Rats participants, Thank you to the few that have reviewed and provided comments on the list for this draft. I also noticed that the longer discussion on the roles seems to have been addressed in the new additions of the Privacy and Security consideration sections and a new draft with Dave Thaler as an added author has been submitted. With those updates, this is now the call for adoption to draft https://www.ietf.org/archive/id/draft-birkholz-rats-daa-02 Please provide feedback if you have concerns on adopting this document as a working group draft. We'll close the adoption call on Nov 12. Thanks, Nancy (on behalf of the RATS chairs) On 5/23/21, 2:49 PM, "RATS on behalf of Nancy Cam-Winget (ncamwing)" <rats-bounces@ietf.org on behalf of ncamwing=40cisco.com@dmarc.ietf.org> wrote: Hello RATS participants, The substantive text in https://datatracker.ietf.org/doc/draft-birkholz-rats-daa/ was part of the Interaction Models draft which was already adopted; and this draft is a short read, I'd like to have a few participants do a quick review as we will need to do a call for adoption for this draft, can I get some volunteers to read and provide feedback? Thanks, Nancy On 4/25/21, 11:25 PM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org on behalf of henk.birkholz@sit.fraunhofer.de> wrote: Hi all, this submission of the Reference Interaction Models addresses most of the 20+ issues raised during the last rounds of reviews. While addressing the issues we split the I-D in two parts: 1.) I-D.birkholz-rats-daa-00 now contains the additions to the RATS architecture & the RATS Models that enable the use of direct anonymous attestation: > https://datatracker.ietf.org/doc/draft-birkholz-rats-daa/ 2.) I-D.ietf-rats-reference-interaction-models-02 now includes only what the title says, which are the RATS Models, corresponding information elements, and requirements: > https://datatracker.ietf.org/doc/draft-ietf-rats-reference-interaction-models/ This way, implementers can unambiguously find the content they are looking for. As the scope and intent of the content about DAA that is now in the new I-D has not changed, we'd like to ask for a call for WGA before the next meeting in the same swoop. Viele Grüße, Henk On 26.04.21 07:49, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Remote ATtestation ProcedureS WG of the IETF. > > Title : Reference Interaction Models for Remote Attestation Procedures > Authors : Henk Birkholz > Michael Eckel > Wei Pan > Eric Voit > Filename : draft-ietf-rats-reference-interaction-models-02.txt > Pages : 21 > Date : 2021-04-25 > > Abstract: > This document describes interaction models for remote attestation > procedures (RATS). Three conveying mechanisms -- Challenge/Response, > Uni-Directional, and Streaming Remote Attestation -- are illustrated > and defined. Analogously, a general overview about the information > elements typically used by corresponding conveyance protocols are > highlighted. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-rats-reference-interaction-models/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-rats-reference-interaction-models-02.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-rats-reference-interaction-models-02 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats > _______________________________________________ RATS mailing list RATS@ietf.org https://www.ietf.org/mailman/listinfo/rats _______________________________________________ RATS mailing list RATS@ietf.org https://www.ietf.org/mailman/listinfo/rats _______________________________________________ RATS mailing list RATS@ietf.org https://www.ietf.org/mailman/listinfo/rats
- [Rats] Adoption call to https://datatracker.ietf.… Nancy Cam-Winget (ncamwing)
- Re: [Rats] Adoption call to https://datatracker.i… Smith, Ned
- Re: [Rats] Adoption call to https://datatracker.i… Henk Birkholz