IETF Logo Mail Archive

Re: [Rats] looking for better terms -- request for bike shed discussion

"Smith, Ned" <ned.smith@intel.com> Thu, 09 January 2020 01:36 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41C7E120108 for <rats@ietfa.amsl.com>; Wed, 8 Jan 2020 17:36:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5S7WIKwFfsd for <rats@ietfa.amsl.com>; Wed, 8 Jan 2020 17:36:13 -0800 (PST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0387F120020 for <rats@ietf.org>; Wed, 8 Jan 2020 17:36:12 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jan 2020 17:36:12 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,412,1571727600"; d="scan'208";a="271985599"
Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130]) by FMSMGA003.fm.intel.com with ESMTP; 08 Jan 2020 17:36:12 -0800
Received: from orsmsx125.amr.corp.intel.com (10.22.240.125) by ORSMSX103.amr.corp.intel.com (10.22.225.130) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 8 Jan 2020 17:36:12 -0800
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.176]) by ORSMSX125.amr.corp.intel.com ([169.254.3.12]) with mapi id 14.03.0439.000; Wed, 8 Jan 2020 17:36:12 -0800
From: "Smith, Ned" <ned.smith@intel.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, Michael Richardson <mcr@sandelman.ca>, Laurence Lundblade <lgl@island-resort.com>
CC: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] looking for better terms -- request for bike shed discussion
Thread-Index: AQHVxXQlCbKWYp19fkKQpfqMAhzvLqff7LMAgAAExoD//8qrAIAA0piAgAEh3wCAAErRgIAAAhwAgAACSwCAAAi6AP//huKA
Date: Thu, 09 Jan 2020 01:36:11 +0000
Message-ID: <2B1FA2D2-7B24-4000-B56F-2FCB59F5A447@intel.com>
References: <26979.1578413051@localhost> <6291CF16-BBDC-4A12-A0C0-FDFBAB494A31@island-resort.com> <20200107165432.zmpm6yilgr6fogrh@anna.jacobs.jacobs-university.de> <C7744481-277D-477A-8B0A-F7DC9F4CC273@intel.com> <0FB69139-54DE-4F1B-906F-12B83D1EDEED@island-resort.com> <31998.1578512094@localhost> <BL0PR2101MB10278A4C6B18B806320B82EEA3390@BL0PR2101MB1027.namprd21.prod.outlook.com> <907cad7b-b09f-ded2-ff74-b68d165d3127@sit.fraunhofer.de> <BL0PR2101MB10277B1CD5A349A04E3EE0C2A3390@BL0PR2101MB1027.namprd21.prod.outlook.com> <b9ebf02c-a270-bfec-f662-239975000102@sit.fraunhofer.de>
In-Reply-To: <b9ebf02c-a270-bfec-f662-239975000102@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.20.0.191208
x-originating-ip: [10.24.10.114]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C3A160E5078AA0439384C2BBF2330F71@intel.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/vnMCZ_BO8ckM9EvGXHXYJppGNe4>
Subject: Re: [Rats] looking for better terms -- request for bike shed discussion
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2020 01:36:15 -0000

Please see my other post that crossed in mail. I don't think the convention holds for DICE layering that DICE layers are "Attesters". 

On 1/8/20, 4:50 PM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org on behalf of henk.birkholz@sit.fraunhofer.de> wrote:

    Oh! I just realized...
    
    you are referring to the initial topic of layered attestation where 
    there is a sequence of attested environments becoming the attesting 
    environment and so forth. If so, I misunderstood your initial statement, 
    I think.
    
    The "separate attesters" you were referring to are the staged 
    environments that become attesting environments during boot in a single 
    entity, yes?
    
    If so, we are in wild agreement and it just took me while to get it...
    
    Viele Grüße,
    
    Henk
    
    On 09.01.20 01:18, Dave Thaler wrote:
    > If you're asking about my example, there's only one device, this is standard DICE cert chain functionality on a single ARM processor.
    > 
    > Dave
    > 
    > -----Original Message-----
    > From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
    > Sent: Wednesday, January 8, 2020 4:10 PM
    > To: Dave Thaler <dthaler@microsoft.com>; Michael Richardson <mcr@sandelman.ca>; Laurence Lundblade <lgl@island-resort.com>
    > Cc: Smith, Ned <ned.smith@intel.com>; Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de>; rats@ietf.org
    > Subject: Re: [Rats] looking for better terms -- request for bike shed discussion
    > 
    > Hm...
    > 
    > on one hand, this seems to imply that the "attester role" in this chain does not reside on the same "entity" (in other words, multiple entities are composing the chain with their individual attester roles). If that is what you were trying to state, I am uncertain what problem this would address.
    > 
    > On the other hand, maybe there is a use case for this? Alas, I am under the impression that this route could imply a tremendous increase of architectural complexity.
    > 
    > On 09.01.20 01:02, Dave Thaler wrote:
    >> I don't think I have any problems with Laurence's terminology but just to test it...
    >>
    >> We have devices running Trusted Apps on OP-TEE over trusted firmware on an ARM TrustZone processor.
    >> The full evidence is a DICE cert chain that has a set of claims for each cert in the chain, where each layer is an attesting environment for the subsequent layer (attested environment):
    >> 	Hardware -> Trusted Firmware -> OP-TEE -> TA Thus there are four
    >> claim sets in a chain.
    >>
    >> Using Laurence's terminology, I believe the suggestion is that attesting environment is an "attester" and an attested environment is a "target".   Thus the example above has 3 attesters (Hardware, TFW, and OP-TEE), and 4 targets (HW where target == attester, TFW, OP-TEE, and TA).
    >>
    >> Are you ok with saying that every claimset in a chain is from a separate "attester"?   I believe this is different from our current definition of Attester (which is the thing that sends the whole chain to a verifier), so want to confirm.
    >>
    >> Dave
    >>
    >> -----Original Message-----
    >> From: RATS <rats-bounces@ietf.org> On Behalf Of Michael Richardson
    >> Sent: Wednesday, January 8, 2020 11:35 AM
    >> To: Laurence Lundblade <lgl@island-resort.com>
    >> Cc: =?utf-8?B?IlNjaMO2bnfDpGxkZXIsIErDvHJnZW4i?=
    >> <J.Schoenwaelder@jacobs-university.de>; Smith, Ned
    >> <ned.smith@intel.com>; rats@ietf.org
    >> Subject: Re: [Rats] looking for better terms -- request for bike shed
    >> discussion
    >>
    >>
    >> Thank you for this very nice text. I rather like it.
    >>
    >> Laurence Lundblade <lgl@island-resort.com> wrote:
    >>       > Here’s some rough text:
    >>
    >>       > Conceptually, the “attester” produces a set of “claims” about a “target”.
    >>       > The claims are known as “attestation evidence” and are sent to the
    >>       > “verifier”. The verifier additionally takes in “endorsements”, processes
    >>       > the attestation evidence and produces the “attestation result” for the
    >>       > final consumer, the “relying party”.
    >>
    >>
    >>       > This description left conceptual for easy understanding and discussion.
    >>       > Actual implementations are usually more complex in at least one or more
    >>       > of these ways:
    >>
    >>
    >>
    >>       > * The attester is also the target
    >>
    >>
    >>       > * One attester produces claims about several targets
    >> (submodules)
    >>
    >>
    >>       > * The verifier and the relying party are the same
    >>       > * Claims may be simple or complex, many or few
    >>       > * Some claims are measurements and some are not
    >>       > * Some claims in in the attestation evidence may be simply passed
    >>       > through the verifier, others may be heavily processed.
    >>       > * Daisy chaining -- the evidence from one attester goes through a
    >>       > verifier producing results which are taken as claims that are input
    >>       > to another attester that outputs a different set of evidence that
    >>       > goes on through a different verifier.
    >>       > * Daisy chaining may happen on the device producing the attestations
    >>       > or in the infrastructure evaluating the device or both.
    >>
    >>
    >>       > (Next I’d write a plethoras of simple examples for attester, target,
    >>       > claims… assuming only the simplest implementation that maps to the
    >>       > conceptual description )
    >>
    >>
    >>
    >>
    >>
    >>
    >>       > I am starting to prefer the basic conceptual / abstract description over one
    >>       > that is inherently mappable to every possible.
    >>
    >>       > LL
    >>
    >> _______________________________________________
    >> RATS mailing list
    >> RATS@ietf.org
    >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
    >> ietf.org%2Fmailman%2Flistinfo%2Frats&amp;data=02%7C01%7Cdthaler%40micr
    >> osoft.com%7C1afca74f029a4dadf1c408d794985931%7C72f988bf86f141af91ab2d7
    >> cd011db47%7C1%7C0%7C637141254420421263&amp;sdata=WexYiuPGPh%2FSoz2tagX
    >> wf3Pe3CScQeOgM%2Bd5zPQdeyY%3D&amp;reserved=0
    >> _______________________________________________
    >> RATS mailing list
    >> RATS@ietf.org
    >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
    >> ietf.org%2Fmailman%2Flistinfo%2Frats&amp;data=02%7C01%7Cdthaler%40micr
    >> osoft.com%7C1afca74f029a4dadf1c408d794985931%7C72f988bf86f141af91ab2d7
    >> cd011db47%7C1%7C0%7C637141254420421263&amp;sdata=WexYiuPGPh%2FSoz2tagX
    >> wf3Pe3CScQeOgM%2Bd5zPQdeyY%3D&amp;reserved=0
    >>
    > _______________________________________________
    > RATS mailing list
    > RATS@ietf.org
    > https://www.ietf.org/mailman/listinfo/rats
    > 
    
    _______________________________________________
    RATS mailing list
    RATS@ietf.org
    https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email