[Rats] Re: Hint Discussion in CSR Attestation Draft

Thomas Fossati <tho.ietf@gmail.com> Fri, 21 June 2024 20:37 UTC

Return-Path: <tho.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF455C14F69D; Fri, 21 Jun 2024 13:37:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwO6Ah2Zatce; Fri, 21 Jun 2024 13:37:54 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BFB9C151083; Fri, 21 Jun 2024 13:37:54 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a6fbe639a76so394440466b.1; Fri, 21 Jun 2024 13:37:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719002272; x=1719607072; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=wkuTjOe7XbkDwwJuzQ0jnWoNZFq4S/l3v3AL94lkWSI=; b=UnJE4C3X28fKDcoQGk97HF7dE4u1t8LNDv4nWyY5KARu8pgRCfQewcAsdIgAemC4IJ QGdgFsvzx0lPAZ7zF5k7N6IpB4m59HMgR5F3gO0Xd5c30KIT11IKPfUlvDm3KeNOAXpA keBSUTwjxJ6LRMIGABHQrSeqyyPRg9tO6EMjEOJIG4oVdyOh5uBlGRY1isS22X+hLC8g QoBO7HSN50VcDXZPyc5IhoeEmRYHG3v/s+dOstyXaDT4e7PzhnW2+RNw3zjVX4Dn5Nkz 3GHGjNqSatVZRfk1D74ZlRkr4dH1IkRDSZrL7NF/l3AYY/uJxZ/Kc6Vhlj3w0XEQcVq9 zxRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719002272; x=1719607072; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wkuTjOe7XbkDwwJuzQ0jnWoNZFq4S/l3v3AL94lkWSI=; b=l+i+WGB6hXiYzG52Ph8WZAZVPJfeUlPml/A/H8FgJnwnY95zJd9Nkyb8IwWq/49ZT3 Igh97UyuUN4kkBHKTGQdp0YahCSOfdcuhrf9dyWPju6xqy0uvKWxn9T704GnAWTxU8Xg A/Yq6cZPF3sQrNEkNxKvT5w8Af3CXxfh1oCNAuvb1UWXo0w+83KkPdAo8+LJqX5u8LkU GxGEfsjs9gwVEAtSHOCe98wbchW3ovjhRZ67a95kkyAlhtdpSAioci8ACrKqH/kNJ0Xa eIAldR3/xXLsoOAeuyP8Y8AGtfCgGSrzGEaGHgjVO3xferGd2s5UF6qBWL5+xaRJpoET Iazg==
X-Forwarded-Encrypted: i=1; AJvYcCX/fEFMkaovs/01KH0gZFJjbu89sTOJy7ftJF193LuJr5hFXSgMNdoDifwC/DRNvZX65GwWufirCgs45hNzm/JNwtDzpyUTYOMdhs4RNg==
X-Gm-Message-State: AOJu0YzG1fdGJwAtnCXnEi1qeXgLegx9dyhnoYTvXu3cAtOmG/kAoUTl VchsG5Ly5HYKzTMDdZMByrpF+5JZ7GDMM9zzllVqFTBCMbYz7FnEny2mXFjzEdXfujDEXfg8jr6 mfJTK1IepioffgL2T0gAZvre5vY8=
X-Google-Smtp-Source: AGHT+IGb8h3c9zYgFhxKUzhVY5JA1bcGvq5R/OwptD+t7dbE81aCZcusx2m9duSL2jdaG3N/8QjS/oUAzJgek5QCOl0=
X-Received: by 2002:a17:907:c006:b0:a6f:b193:758e with SMTP id a640c23a62f3a-a6fdb69b20bmr55404266b.29.1719002271975; Fri, 21 Jun 2024 13:37:51 -0700 (PDT)
MIME-Version: 1.0
References: <AS8PR10MB742727BFEC71CB78468FB0E7EECD2@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM> <0145e095-e684-d2ee-58d5-41aee54a4b3b@ietf.contact> <2627.1718830718@obiwan.sandelman.ca> <FB01F359-84F4-4AAD-82F7-1CF2356DCD4B@redhoundsoftware.com> <CAObGJnO6bn5xEpqPxc46HRh3v2BnmxbE0YXwfNv9BtQnNV9Mag@mail.gmail.com> <E7968891-2903-4A53-8A8C-060BFBE349AA@redhoundsoftware.com>
In-Reply-To: <E7968891-2903-4A53-8A8C-060BFBE349AA@redhoundsoftware.com>
From: Thomas Fossati <tho.ietf@gmail.com>
Date: Fri, 21 Jun 2024 22:37:40 +0200
Message-ID: <CAObGJnP6BdeAmrOW_oYy_RASeG9uOtmLkRi8tF5NmZd218w4UA@mail.gmail.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: WCXRCHM6Q4OZSFXWGZ5VB4ZA4R4TJE74
X-Message-ID-Hash: WCXRCHM6Q4OZSFXWGZ5VB4ZA4R4TJE74
X-MailFrom: tho.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Michael Richardson <mcr+ietf@sandelman.ca>, Henk Birkholz <henk.birkholz@ietf.contact>, "Tschofenig, Hannes" <hannes.tschofenig=40siemens.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, rats <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: Hint Discussion in CSR Attestation Draft
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/yHsDKaDMr82AF7woeej_xRA11fU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

On Fri, Jun 21, 2024 at 9:12 PM Carl Wallace <carl@redhoundsoftware.com> wrote:
> [CW] OK, so relying party, not verifier. How would the relying party use a "free form" label to route anything?

The RP comes preconfigured with one or more trusted verifiers, i.e.,
verifiers for whom it knows (at least) the API endpoint and public key
used to verify their attestation results.

if the hint matches one of these configured verifiers, the RP may
decide to prefer such verifier over another.

-- 
Thomas