IETF Logo Mail Archive

Re: [Rats] Call for Adoption: EAT draft

Giridhar Mandyam <mandyam@qti.qualcomm.com> Tue, 28 May 2019 14:23 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B053212021C for <rats@ietfa.amsl.com>; Tue, 28 May 2019 07:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.298
X-Spam-Level:
X-Spam-Status: No, score=-4.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g7-d06MyQYqe for <rats@ietfa.amsl.com>; Tue, 28 May 2019 07:23:52 -0700 (PDT)
Received: from alexa-out-sd-01.qualcomm.com (alexa-out-sd-01.qualcomm.com [199.106.114.38]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5125612025E for <rats@ietf.org>; Tue, 28 May 2019 07:23:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1559053432; x=1590589432; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=Zl60jqgB27LhinprL/r8Lo+bJEa/9MBbLcktbSqFzsA=; b=pdbSHtDHhkiK5AiPTKLqI03KDNAII2wLib/EQcV49eA4HepZ78huBJME +RXV80ui2UMLJgKzNIUUqvZwMeyLj3HDKjKThTu+1h0snjVAWiG916lnh kAXRgOubjmYG/p55jBFNG3u6fiz5REptXd89JRyeOSirzv2KtpF8vrhqg A=;
Received: from unknown (HELO ironmsg02-sd.qualcomm.com) ([10.53.140.142]) by alexa-out-sd-01.qualcomm.com with ESMTP; 28 May 2019 07:23:51 -0700
X-IronPort-AV: E=McAfee;i="5900,7806,9270"; a="319190238"
Received: from nasanexm01b.na.qualcomm.com ([10.85.0.82]) by ironmsg02-sd.qualcomm.com with ESMTP/TLS/AES256-SHA; 28 May 2019 07:23:51 -0700
Received: from NASANEXM01C.na.qualcomm.com (10.85.0.83) by NASANEXM01B.na.qualcomm.com (10.85.0.82) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 28 May 2019 07:23:50 -0700
Received: from NASANEXM01C.na.qualcomm.com ([10.85.0.83]) by NASANEXM01C.na.qualcomm.com ([10.85.0.83]) with mapi id 15.00.1395.000; Tue, 28 May 2019 07:23:50 -0700
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for Adoption: EAT draft
Thread-Index: AQHVB0IhN858RlA5d0a+EiarhvfPtaZ39T6AgAkvdwD//4yCcA==
Date: Tue, 28 May 2019 14:23:50 +0000
Message-ID: <bdcaa9f2ca2344aa98287acd0b80d8f3@NASANEXM01C.na.qualcomm.com>
References: <CAHbuEH6Mdwp+neWbcecA-pMYZoXKiNda2A0EnMh-8WX=W9_edA@mail.gmail.com> <DM6PR11MB408991CBF9B50672E12A8F61A1000@DM6PR11MB4089.namprd11.prod.outlook.com> <DM6PR11MB4089818BBEF529569DC1250DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com>
In-Reply-To: <DM6PR11MB4089818BBEF529569DC1250DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.80.80.8]
Content-Type: multipart/alternative; boundary="_000_bdcaa9f2ca2344aa98287acd0b80d8f3NASANEXM01Cnaqualcommco_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/yLXlujlKhkB3HUStAyEUuTepWVs>
Subject: Re: [Rats] Call for Adoption: EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2019 14:23:57 -0000

Sorry for the failure to respond.

Yes, your assessment is correct.  A custom claim can be created to carry the entire TPM attestation as a payload, similar to what is done in FIDO/Webauthn where the TPM relevant fields are included in a CBOR structure – see https://w3c.github.io/webauthn/#sctn-tpm-attestation.

Note that we would like to include claims into EAT that would cover measured boot.  There is no reason that entries in a PCR map couldn’t be represented as individual COSE structures (assuming the COSE algm. registry is consistent with the TPM specifications).  If so, then each measurement can nested within an EAT.

-Giri Mandyam

From: Eric Voit (evoit) <evoit@cisco.com>
Sent: Tuesday, May 28, 2019 7:09 AM
To: draft-mandyam-rats-eat@ietf.org
Cc: rats@ietf.org
Subject: RE: [Rats] Call for Adoption: EAT draft


CAUTION: This email originated from outside of the organization.
Resending a question to the authors...   (It looks like it got skipped during the blizzard of emails on JWT/CWT)

Eric

From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Eric Voit (evoit)
Sent: Wednesday, May 22, 2019 1:53 PM
I like the draft, but there is one thing I would like to hear from the authors before answering the poll.

This YANG model is exposed by software on a networking device like a router.  The router can examine information from local cryptoprocessors such as a TPM.

In looking at the proposed YANG model (draft-birkholz-rats-basic-yang-module), the tpms-attest-result structure from this YANG model can contain the raw result from a TPM.  This to me seems to be a binary blob which could also carry CBOR encoded EAT claims.  Do you agree with this assessment?

Eric

From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Kathleen Moriarty
Sent: Friday, May 10, 2019 11:07 AM
To: rats@ietf.org<mailto:rats@ietf.org>
Subject: [Rats] Call for Adoption: EAT draft

Greetings!

At IETF 104, a poll was taken to determine interest in the RATS WG adopting:

The Entity Attestation Token (EAT)
https://datatracker.ietf.org/doc/draft-mandyam-rats-eat/

This begins a 2 week period to determine interest in adopting this draft as a working group item.  The poll will close on May 24th EOD PDT.

Minutes from IETF 104:
https://datatracker.ietf.org/doc/minutes-104-rats/
--

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email