Re: [Rats] Function of an endorsement relative to evidence

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 09 June 2022 13:31 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 511C2C15AAFB for <rats@ietfa.amsl.com>; Thu, 9 Jun 2022 06:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.709
X-Spam-Level:
X-Spam-Status: No, score=-1.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSu-WeesoZ5J for <rats@ietfa.amsl.com>; Thu, 9 Jun 2022 06:31:32 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76767C15AAD9 for <rats@ietf.org>; Thu, 9 Jun 2022 06:31:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 3E5EC38B15; Thu, 9 Jun 2022 09:46:53 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 48S24Z01Akpp; Thu, 9 Jun 2022 09:46:52 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 61D9638B01; Thu, 9 Jun 2022 09:46:52 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1654782412; bh=4EQLCQnTBex0OpsnMQHwlrRQM/I1hqPEcct88viPXec=; h=From:To:Subject:In-Reply-To:References:Date:From; b=224+AHE2UTA7IHS88/+DkSVBvwBWtPyVsfmt2PATwM43E4IjoNhe8EW3i7HvsDEBe lE01EDpcgEbbHvSvJIHSo3WId/M97P44fNyt8ifJSxYw+Mbb1TMVlieUqDRRDQR0qu wH5PYmOg7gUsuNefYNXsFoXFU94b6ReHusPdrRaLT6LqimhF4ObxR2k3I2HJNWK4yQ F1EUUk0SWRRDEayXlyPHBALjxHPMJqLgKfpIwwpWjtVDbNZhglZum4d+j5OH1NqGhI eomPtwlHdtqt53Li81lKfvwff3i6uerKbUWGnRU48IEG7sETi5KXpQckytC86N+5vY L9L1KhaGXADxQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B5E84442; Thu, 9 Jun 2022 09:31:29 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, rats <rats@ietf.org>
In-Reply-To: <BL0PR11MB3122F2DB02AAD9FCD0966E11A1A49@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com> <ee639c74-b365-e127-b4ec-d6f9df0014e6@sit.fraunhofer.de> <3907E124-5080-442C-801C-C14F227687E6@island-resort.com> <BL0PR11MB3122F2DB02AAD9FCD0966E11A1A49@BL0PR11MB3122.namprd11.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 09 Jun 2022 09:31:29 -0400
Message-ID: <4799.1654781489@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/xUkXWB3NrVW2eauB6BnZ1NUrAj8>
Subject: Re: [Rats] Function of an endorsement relative to evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2022 13:31:36 -0000

>>>>> Laurence  <Lundblade, June 6, 2022 3:45 PM> writes:
    > Think about these static Attestation claims set by the Attester Manufacturer:

    > OEMID: Set once at manufacturer time and never changes; it is the same
    > for large numbers of devices

    > UEID: Set once at manufacturing and never changes; it is different for
    > each device

    > HW Version and Mode: Set once at manufacturing time and never changes;
    > large groups have the same ID

    > We’re fine with these being set and sent as claims. They don’t have to
    > be in an Endorsement, right? Some of them could be in an Endorsement,
    > but there is nothing wrong with them in Evidence.

They can even go into an IDevID certificate.
Then it's the manufacturer making a claim (an Endorsement) about the holder
of the private key.

In my world, the IDevID gets replaced by an LDevID for many things, so the
contents are no longer quite as trustworthy, depending upon the relationship
of the Verifier and the (Enterprise) owner.
The SUEID could go into the LDevID though, with the Enterprise Registrar
acting as RP for the initial onboarding.

    > Of course if they are sent in Evidence, then there has to be an
    > Endorsement that tells the Verifier they can believe these claims in
    > Evidence and the signature on Evidence has to be verified.

One reason why one might want these as Evidence is if the Verifier wants
proof of possession of private key.  If a TLS connection with a client
authentication is used to convey Evidence, then that might already be
accomplished.  If the the conveyance is something else, then there might be
value.  Of course, in that situation, a freshness nonce might also be
included, so problem solved.

    > To me security-level (the static statement of designed security level;
    > see here <https://mailarchive.ietf.org/arch/browse/rats/?qdr=d> ) is
    > pretty much the same as the above claims in the way it is conveyed
    > securely.

I agree.

    > <eric> The three claims listed above are focused on establishing
    > instance identity. A policy of the Relying Party needs to establish an
    > instance identity to understand the context of other claims.  An
    > endorsed security level should be a known function of the instance
    > identity once that identity has been established.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide