IETF Logo Mail Archive

Re: [Rats] Attestation Terminology

Giridhar Mandyam <mandyam@qti.qualcomm.com> Wed, 20 September 2023 15:59 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B94E6C151070 for <rats@ietfa.amsl.com>; Wed, 20 Sep 2023 08:59:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.006
X-Spam-Level:
X-Spam-Status: No, score=-2.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=qualcomm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcAHEXpvgFGY for <rats@ietfa.amsl.com>; Wed, 20 Sep 2023 08:59:54 -0700 (PDT)
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCF4FC14CE51 for <rats@ietf.org>; Wed, 20 Sep 2023 08:59:54 -0700 (PDT)
Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38K4Eu6A027192; Wed, 20 Sep 2023 15:59:51 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=qcppdkim1; bh=/UDBRhYE2cK9QDTjllrozPsT82ZeAi8Lv7cpH2fSw/0=; b=Hg08LW/AgFDWVh/zDrwZfGPWq8opA6Bkg/x7EKGgYDDQ9kcfd6LvHdhBgo1SBMzzsRIo gsSWHvPHoY9GcbtnfaOu6V4xaXR1wNU0ed8IM1t12FMXEBrMvsLCk0wfLcJsheKcyTK6 gutyDVH/Re1CV1aANzu9q7XkOf9Qrx6nO8ummWiKMw4Er75pUqkuACwK+gMS9M3paKQs T+TVlDobmM1aBBbepb8oDttI2yKf54a5z2aDwjdAeNYLFWBfjznamvDq/7PmaAd/rWWc 8Xme2oB7rtYV43wf79t5IveHIf8887xvUkbAYP2sH4BO7Xm1iC2X8ghC5dKRmM1y+Ys1 CA==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2104.outbound.protection.outlook.com [104.47.55.104]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3t7sh3sfpb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Sep 2023 15:59:51 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nIGDjS6TilbdvCR0bIB8uDJJ3lr0vueqFWijQZfsZ9fgXQXgJNHmfEkNC4flAuZnHGF2Wd2Yr0riic7nrjxo5q9zdleQGId4w3agj90Dola00VVlupdUNVVMmz6HI4Isw7CQqc6nCD/PlaqCKy555b50P+K/ptSfYWowJ/ZX9k99cl4XHOE03myLOGUzLpWIVYUPMoWgnK5xG1Bf4rrdBtNDnIk8oT+fOZ4b7cfzCmUdPp05LJbFNCE3PP9U6ABGZenu/YsKSCz0BhWKqkjeGzSE8+e8z+g334T0Ntj4bOKHeWeHLhADBWp3PH+5vk//Kx9wLYKKplMRQ7gKQUZDuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/UDBRhYE2cK9QDTjllrozPsT82ZeAi8Lv7cpH2fSw/0=; b=VIn4r7gWjH7sYNNpeqysm67E5EWL1TrhED6N1kpdIX7dHoG9ZdjXKatu0vq4e8w0AzywWkxRqOcyoGqznIPFrK0DBNDxp+qKy4I2OprIPeUh25n/gfTy48Y7rmUqbX9kZ3B6fGed8j3ysP2b6hSbaSBXLasz6It7gsseg0+Tan2BnZqkZcNG+M0pvz8srLRH3qBArcSJatIRDnCHf6Dsl9x2djReYTaIHe3M33i3zmnsGM2K5AIkKlrtiVHq67Wu0Pz0Qt1W7oN+em3eK4uzZjz03+P3VRdTfOaIAcF5EyhZm4uZv2FCHszj6XHalHHqSwU+TXRq8pa5jV2igrHaMg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com (2603:10b6:a03:3e4::7) by PH0PR02MB7159.namprd02.prod.outlook.com (2603:10b6:510:16::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.20; Wed, 20 Sep 2023 15:59:28 +0000
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::18d9:8751:9f66:e6aa]) by SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::18d9:8751:9f66:e6aa%4]) with mapi id 15.20.6792.026; Wed, 20 Sep 2023 15:59:28 +0000
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Attestation Terminology
Thread-Index: AdnqydtfjPaMHIqxQYm7XOY/OvM+XQAJsxKAACkKstAABoY8gAAKupAw
Date: Wed, 20 Sep 2023 15:59:28 +0000
Message-ID: <SJ0PR02MB83530EAB6D6C3D8342E9BA2F81F9A@SJ0PR02MB8353.namprd02.prod.outlook.com>
References: <002e01d9eaca$65aa4010$30fec030$@gmx.net> <cfaf21a1-7294-fcb1-b16b-17280ff56704@sit.fraunhofer.de> <AS8PR10MB74272E2A0BA72B343E55450FEEF9A@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <7ba3ca5c-94ef-079a-cf35-9fc63d3a8f96@sit.fraunhofer.de>
In-Reply-To: <7ba3ca5c-94ef-079a-cf35-9fc63d3a8f96@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB8353:EE_|PH0PR02MB7159:EE_
x-ms-office365-filtering-correlation-id: 3836bdd8-5f3b-44d7-b849-08dbb9f291c2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QJqAokz8VqlHumhKRlCZA04FtujjczI2CfgVIF7eTNRaVITbuoK/yQ8GZ+8kJvxjXjwrSq8DUWGyxTQdYzn033B5yxYU2Df72ZmM3qWrFnftpm06R5UzryHXdNq8NKZPZJkilxGcbKylM/tyBNaqQnuWOnwl2ig0eDUo7haw23Df4wDSH9qvVZxAVG7WSIKKTPyqsvKhS2upo8fGUzAEch/5l1MLUqdVVngnjibe9xEWLrRD5KHr/QyeCXqi5cD53ZXLj3izboUvV5HKkQn/SV96SE/3sD5/yR1W+aaqLL2WMSR1PyIFm5cRZLTHk/szzLbVERkSrWMgxgjvea8vIS9HreFLX1OnRqsCdtJ7nq/ZkJoklGnK+cus5pcaTvrvxaDKDIxGj3pzmd7+hpPo4LaXCWvinFa4khX+mGXnLJ3+sLF61AtKiGDHExfZL7vn9uDu8+5a38ktkHiYB/8qrXPZdXVzcBKtblxkaI47j47xeltqwObQbvtICnV9iM/k011ZX89Bp4cQmbsGfEM3RM604k9SNjMm7WaAJ2SNxxubfvDs6ouYdlcfXrEaYclXcC6yYJg+S3jlf3rNNgE0zxAHv1ANQpTxh2Qo4ppabU4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB8353.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(136003)(39860400002)(366004)(376002)(346002)(451199024)(1800799009)(186009)(53546011)(83380400001)(8676002)(8936002)(52536014)(478600001)(110136005)(64756008)(66446008)(66476007)(66556008)(66946007)(76116006)(71200400001)(7696005)(6506007)(9686003)(316002)(966005)(66574015)(55016003)(5660300002)(33656002)(38070700005)(86362001)(38100700002)(2906002)(26005)(41300700001)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6PFV/Fyzjle4Kyv37L1DjzOyZntBNlF6+IwrxdEp94S6pxWMZsW1s3h1CQmZpqJ9+9tU2cl4lH6LOLgymzyjy/eHvQ9daJH8GVnPxMHJvozE2lnyeiM0PyrMPyVvhvnQ03UHubu7rzBXPUSQJWSGVdZOZgatiF+LzLOLg3025+3+twOW2JBga/u68SK8htCpFRKsewduoEgYMKiVsPJtN+hIb5WGFqT7HJSsa/t5WXXIxx3HF1CDOr2QeuWXi7l9k3Ewn/g+BhW8JjLQYRdKN2tE6OQckDhafele1HnDORle/fLhpcAsAhkgSEDmoGWx/YHeNxmHBQthLUh/hwwHByOsczVS0dqumpQlNILR6h8/dLbhbsoWieoMhzVHxLSKd8rnwJWW82dd/JWjDfx0j9LrtepWO4T99qC1vFiwbotPMPgCNFAxlGMGrilsuly6yQiz4WhG0gUg95i7EHiZ9RKTtyluhx0n6anszy0NbHcTAu2wtThw33zpDfTu6Cai5scZGzaOooFK6rb5WF34umtOpxHcohwZW/WDKWQjYf5KiBsncEfF/8CzWwvJyhe9SBTOdnuKwmBVZQ4aQUb2e/XhxZEnoREVt6EGEjMWlJiYNO4Vedov5K+ai6+L77X0CRAdtXvM0aefSIXVsbzb7Ls0ysqMCmZjocIAa1qKXIFGnQPhpPFtw64yVYeSbfT/vnMjwDdbyac6pN/xyvyg1MjCt5DHSte4YVErmvUiBCsphp5IxE7TH8zwtpg3LRgg3LS0pyDsMCidXSR6WTFG+0MLQYSUYlfHpWeYtzPA8Jb6HFxbMSplpkDUOGBmd23fo4bi+9R+ChkZyJX9qbQ1GrlKuxy0dapYwUQR3KW7Z0jaGtqpSVCvGdekDP+yPFkDfIJdGAU3WrSyq/aqx1jHJir1GKMvgAVhJ3K7Cq5fONCJvmnE5O0iRqt5rprdHJosntBsbagjeAf1vTkZYgvURomzUaMw9UA/Hw/VCgbBOCGLfqZdwcl2mzk/02wpwhJOm4boxpzdtxgpJEBcmjIYBFDot4Vnc4+zFHFSQFom9G4vVKIyWo4JANvnTiDCdJglCVSe8Cf6aWKDcAb7ADrcNlJDvY22valZ8Cs3xhQjT6wJpEDJWCPvDiCbukaSqgwChq9/J4gayI5VWVo2Huhfk22DSExzrwoir5ZFmmu8ZcE9kqp5KCzwvRULN04LK2b44oRCicsgG4dZVcER5G3QiyxXV1yRFbu/Z3HY702YRkzI5X/wkgeCryzH2IgTTulc0dB2D98PQIHbVQ12sYuuTahTS8AEksQU8+MVLNgZkRVNHjYXgx1PU25CASNPGhGBBGf3Ul8WQVqfFwzW1UZk4XmvksWx7ba/OGNJAKC5cvDbfPdVHItyoASYClTcmMJgUP8SDUyKvmzZrtXX1phc1s91jGuzt1gO4PHkhT1Yeh4cXmzS/n6Tz+QiwIw5t4n51xUD+OCS7Zin0gs0VfV3vGMDhL8q5WWgY5N4i6Jb52s2xIBWEcXH7viLM8J8SZNRkq2wWGFXjiG0rCpakiyf2QJ3qsD6eIRCIpnWSQFEftuqlUMiSY2V/8CZsHhj6a6D
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: 1PfVSXSJA6T/N1iAkixJWQcHDNRG+flVV2iyf3biWXraFTgW93xcixN254/L+uRi/v0na7EjNOkegGBZsJzVgRMhg0dIJWs/+g9mry3CXVrdIzexlrkNyFHbFUQJEClrJafhwovTvk8qHZMZeITwph/ZsgK1R8nlMDDnN8/W8zzHRflNWt3zBe2NruD0bvDfZkWNs7BJ1pF24MoxZhhBQKRMcfHyaaltRpQ4vuSjjsh3qSb76tqXnWUKVM9xvC2OwPPYfXmRyIyzKGMxEk9Ph0Crq0cZCD1dRmddLvekc9wGs3YuL9DYjJf8DMF/vS/pTsqL6FNN8Cy73gzHmpygA2sa8+reulWtPMSa6uGtUSorzKiQz/3V9li2QD+xqU8vcoCnytyNZgK6/Z6jP1W5Eh8OVwT4DIIomt8+TkeZPAMv/ZpeCm4fTKi14cmCIdQXsjAJ2pBD/zBG8IXE45sBOLLOKhQdSDTbKU8aCGBJEA76UIA+lCqoV5whJxd6YxhIw2atvqtqv3VdfcdwrX7RJ6Wr4wYe2RAVLe9W/rGtNTtlThaQxyoQl5T+zxQSnddNhMIfaE16CUHhBuopQs5N++/c2ZUFmLqX+3N9XTf+K7Sfo8f4V2LFTGsmW7ZL6vCSlcowghmVQnBUkg63TJJFjoz1eJJoB0HA02IcfkdpRLPUy+STQadXc+p1UrMynjE9t+LI389YWXqS62XtyRaKMI9HuBBhFeM/EFm+UV+KhcTMxTsCXSUxoERJ360kfpZTl5m198nBJQoVzulu9LqfGNxkz2YL/lBa16RPZ7cmDbokN5nd/bvKIu0vsOqqgMnU4CI5T+1BEcpv/JcY1QCMHHGAh08/c0EZ88x7MgVGC88=
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB8353.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3836bdd8-5f3b-44d7-b849-08dbb9f291c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2023 15:59:28.1631 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: T6Eh0aoqUrzbYd8VoF8zgL6+Dvid2r+GNVSq0H1FbqNnNC+uud1iYtVzX/01IUzIxs1/KzlVB4p9Elq5N7ZspdrbukiHRq2MTkWrlv6Q98k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR02MB7159
X-Proofpoint-ORIG-GUID: wFwR_mmIpeqH0f8ebhzsj1pTAsPyv3-h
X-Proofpoint-GUID: wFwR_mmIpeqH0f8ebhzsj1pTAsPyv3-h
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-09-20_05,2023-09-20_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 mlxlogscore=999 spamscore=0 adultscore=0 mlxscore=0 phishscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000 definitions=main-2309200131
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/vcrXvibE7H54pLLMJ5TWFn4EcdQ>
Subject: Re: [Rats] Attestation Terminology
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2023 15:59:58 -0000

Session attestation for keys related to transport (TLS) was actually defined in https://datatracker.ietf.org/doc/html/draft-richardson-rats-usecases-08#section-2.2.  So in my opinion there has already been an attempt to define a specific type of key attestation in RATS accepted group documents.

That being said - I have used a somewhat  similar definition to the one that Henk provided below in published work and feel it sufficient to cover common usage of the term.  For reference, the definition I used was "Remote attestation describes the process by which software executing on a device provides an assertion to a relying party about the integrity of its platform" (https://ieeexplore.ieee.org/document/7945438), which was derived from [1].

-Giri Mandyam

[1] Coker, George et al. “Principles of Remote Attestation.” International Journal on Information Security. Vol. 10. No .2. 2011. pp. 63-81.

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Henk Birkholz
Sent: Wednesday, September 20, 2023 3:41 AM
To: Tschofenig, Hannes <hannes.tschofenig@siemens.com>; hannes.tschofenig@gmx.net; rats@ietf.org
Subject: Re: [Rats] Attestation Terminology

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Hi Hannes,

no, I do not think there was ever a list discussion on the term. Maybe I missed that. It might be useful to restate the whole definition from https://www.ietf.org/archive/id/draft-ietf-rats-tpm-based-network-device-attest-14.html
here:

> Attestation: the process of generating, conveying and appraising claims, backed by evidence, about device trustworthiness characteristics, including supply chain trust, identity, device provenance, software configuration, device composition, compliance to test suites, functional and assurance evaluations, etc.

The definition follows the context of NIST's 1st definition of `Attestation` as it describes an activity and the definition does unify IETF and TCG ("TPM/DICE/MARS") terminology.

In general, there was a lot of avoidance to become specific wrt to terms such as `Root of Trust` or `Attestation` in the scope of the architecture RFC. I am okay with becoming more specific in the RATS context, but that seems to be a strategy change to me and should become (maybe a lightweight) discussion here on the list. I doubt this is the first time this comes up, but taking into account the hesitance of key stakeholder in remote attestation to define such terms to rigidly, I would not be surprised if there is no referencable definition still.


Viele Grüße,

Henk

On 20.09.23 11:00, Tschofenig, Hannes wrote:
> Hi Henk,
>
> as you can imagine, I am confused. You are saying that the RATS group couldn't agree on a term for "attestation" in the architecture document. But now the term is defined in another RATS document, namely <ietf-rats-tpm-based-network-device-attest>.
> Is that because you finally found an agreement or just because nobody in the group wasn't paying attention?
>
> Regarding key attestation: IMHO it is what we are providing with draft-ietf-lamps-csr-attestation where Evidence includes information about the private key being stored in a hardware security module. I don't have a good definition of the term myself and hence I was wondering whether there is some established terminology in TCG or elsewhere already. It cannot be the first time that this issue arises.
>
> Ciao
> Hannes
>
> -----Ursprüngliche Nachricht-----
> Von: RATS <rats-bounces@ietf.org> Im Auftrag von Henk Birkholz
> Gesendet: Dienstag, 19. September 2023 13:59
> An: hannes.tschofenig@gmx.net; rats@ietf.org
> Betreff: Re: [Rats] Attestation Terminology
>
> Hi Hannes,
>
> w.r.t.: `attestation`
>
> there is no satisfying answer to your question, I afraid. The RATS architecture was explicitly and carefully worded to avoid the word `attestation` as a stand alone term. As it causes confusion in the context of "activity vs. message" and is horribly overloaded, in general:
>
>> https://csrc/
>> .nist.gov%2Fglossary%2Fterm%2Fattestation&data=05%7C01%7Channes.tscho
>> f 
>> enig%40siemens.com%7C04d90290edb94ff2833508dbb907da4c%7C38ae3bcd95794
>> f
>> d4addab42e1495d55a%7C1%7C0%7C638307215597987825%7CUnknown%7CTWFpbGZsb
>> 3
>> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%
>> 7
>> C3000%7C%7C%7C&sdata=wUKkQ85T%2BEDnoE2e7CENvC%2FGBvZLlCz8WtSdv%2F%2F%
>> 2
>> FQ2Q%3D&reserved=0
>
> (here NIST captures the confusion in a nutshell)
>
> That is why RATS is about _remote attestation_, and corresponding activities, such as Evidence Generation, Conveyance, Appraisal, etc.
>
> w.r.t.: `key attestation`
>
> The RATS WG has not defined the more narrow term "key attestation"
> today. As Denis pointed out, "OpenID for Verifiable Credential Issuance"
> does, for example. Looking at that definition there are two essential
> components:
>
> 1.) "a certificate including a certificate chain asserting that a particular key is managed, for example, by a hardware security module"
>
> 2.) "provide this data along with the proof of possession in the Credential Request"
>
> In RATS (IETF/TCG) words, I think, openid is defining `key attestation` as as an Endorsement (according to 1.) of key material that is then combined with a PoP (according to 2.). That is not the same thing as remote attestation, as there is no Evidence about the trustworthiness of the Attester generated.
>
> I am not entirely sure how useful it would be for the RATS WG to specify
>    yet another meaning of the term `key attestation`. What I would see as useful in any case, however, would be writing up a definition (independent of any name). Maybe something along the lines of "Evidence about an endorsed key storage that is augmented with a PoP of a stored key" or something to that effect.
>
> But that probably just reflects my half-baked understanding of "RATS key attestation"... what would you think `key attestation` means in the context of RATS, Hannes?
>
>
> Viele Grüße,
>
> Henk
>
> On 19.09.23 09:24, hannes.tschofenig@gmx.net wrote:
>> Hi all,
>>
>> I am wondering why the group has not defined the term "attestation" 
>> in the RATS architecture RFC. Instead, it is defined in a solution 
>> document <ietf-rats-tpm-based-network-device-attest> where nobody finds it.
>>
>> Ciao
>> Hannes
>>
>> PS: Where is the term "key attestation" defined?
>>
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www/.
>> ietf.org%2Fmailman%2Flistinfo%2Frats&data=05%7C01%7Channes.tschofenig
>> % 
>> 40siemens.com%7C04d90290edb94ff2833508dbb907da4c%7C38ae3bcd95794fd4ad
>> d 
>> ab42e1495d55a%7C1%7C0%7C638307215597987825%7CUnknown%7CTWFpbGZsb3d8ey
>> J
>> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300
>> 0 
>> %7C%7C%7C&sdata=eCDY%2F9fUK5Jo1UHtMPf6qz3pJWAwyk8xu0qTEkm6288%3D&rese
>> r
>> ved=0
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email