IETF Logo Mail Archive

Re: [Rats] More use cases for draft-richardson-rats-usecases-00

"Smith, Ned" <ned.smith@intel.com> Thu, 28 March 2019 07:43 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 664C6120170 for <rats@ietfa.amsl.com>; Thu, 28 Mar 2019 00:43:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fabypiXixWgL for <rats@ietfa.amsl.com>; Thu, 28 Mar 2019 00:43:30 -0700 (PDT)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AED0712031F for <rats@ietf.org>; Thu, 28 Mar 2019 00:43:29 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Mar 2019 00:43:28 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.60,278,1549958400"; d="scan'208";a="331437316"
Received: from orsmsx110.amr.corp.intel.com ([10.22.240.8]) by fmsmga006.fm.intel.com with ESMTP; 28 Mar 2019 00:43:28 -0700
Received: from orsmsx151.amr.corp.intel.com (10.22.226.38) by ORSMSX110.amr.corp.intel.com (10.22.240.8) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 28 Mar 2019 00:43:28 -0700
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.11]) by ORSMSX151.amr.corp.intel.com ([169.254.7.9]) with mapi id 14.03.0415.000; Thu, 28 Mar 2019 00:43:27 -0700
From: "Smith, Ned" <ned.smith@intel.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: Laurence Lundblade <lgl@island-resort.com>, "Heldt-Sheller, Nathan" <nathan.heldt-sheller@intel.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] More use cases for draft-richardson-rats-usecases-00
Thread-Index: AQHU30/xj2BiBGEziUKa7njbv8kyH6YXXCyAgAD8bgCACDVrAIAArVGA
Date: Thu, 28 Mar 2019 07:43:27 +0000
Message-ID: <24C0968B-32B0-4EF1-99C8-61D3F0955BA1@intel.com>
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <58E37DB5-098C-4387-9A52-4AECD0F69F25@island-resort.com> <6495.1553219901@dooku.sandelman.ca> <BA6E28A7-0F6A-46A8-AB1B-A64B9229F149@intel.com> <507.1553725386@dooku.sandelman.ca>
In-Reply-To: <507.1553725386@dooku.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.17.1.190326
x-originating-ip: [10.249.32.212]
Content-Type: text/plain; charset="utf-8"
Content-ID: <2DCEC1DB5B2D7A4E94E858B54065CC78@intel.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/x6Tisvdyp8U6Fb_hxsrabo2GLRg>
Subject: Re: [Rats] More use cases for draft-richardson-rats-usecases-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 07:43:33 -0000

Yes, plus this https://openconnectivity.org/draftspecs/ocf2.0/CR_SecWG_B_1667_2331_SP_Common_Infra.pdf which describes profiles for different types of attestation checking that may include:
1) mfg installed attestation key / deviceID (x.509 cert based)
2) TCG platform certificate containing hardening / quality criteria supplied by 3rd party validation entities
3) Security and spec compliance status checking by OCF validation entity
4) Enrollment of a local deviceID credential for use post onboarding.
5) TLS / CoAPs as a conveyance protocol

On 3/27/19, 11:23 PM, "Michael Richardson" <mcr+ietf@sandelman.ca> wrote:

    
    Smith, Ned <ned.smith@intel.com> wrote:
        > I'm aware that the Open Connectivity Foundation (OCF) has implemented
        > an IoT onboarding use case. Possibly it makes sense to reference one of
        > their documents?  -Ned
    
    https://openconnectivity.org/specs/OCF_Security_Specification_v1.0.0.pdf
    
    Is this this document you are thinking of?
    
    There is mention in a blog of a 2.0, but I haven't found it yet.
    
    --
    Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
     -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email