[Rats] Re: Security considerations of remote attestation (RFC9334)
"Panwei (William)" <william.panwei@huawei.com> Thu, 02 January 2025 09:16 UTC
Return-Path: <william.panwei@huawei.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 558BEC14F6FA for <rats@ietfa.amsl.com>; Thu, 2 Jan 2025 01:16:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNMf9OQoA_tu for <rats@ietfa.amsl.com>; Thu, 2 Jan 2025 01:16:03 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 725EAC14F6A3 for <rats@ietf.org>; Thu, 2 Jan 2025 01:16:03 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.31]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4YP1DF6VNrz6K5vR; Thu, 2 Jan 2025 17:11:41 +0800 (CST)
Received: from lhrpeml100001.china.huawei.com (unknown [7.191.160.183]) by mail.maildlp.com (Postfix) with ESMTPS id 31FA21401F3; Thu, 2 Jan 2025 17:16:00 +0800 (CST)
Received: from kwepemh500015.china.huawei.com (7.202.181.149) by lhrpeml100001.china.huawei.com (7.191.160.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Thu, 2 Jan 2025 09:15:59 +0000
Received: from kwepemh100014.china.huawei.com (7.202.181.99) by kwepemh500015.china.huawei.com (7.202.181.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 2 Jan 2025 17:15:57 +0800
Received: from kwepemh100014.china.huawei.com ([7.202.181.99]) by kwepemh100014.china.huawei.com ([7.202.181.99]) with mapi id 15.02.1544.011; Thu, 2 Jan 2025 17:15:57 +0800
From: "Panwei (William)" <william.panwei@huawei.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Thread-Topic: [Rats] Re: Security considerations of remote attestation (RFC9334)
Thread-Index: AQHbNH/BdhnGY+uspECsY6gxn4dB7LLGa5YAgAAeFQCAAP5NgIAAKOqAgAElFoCAABMygIAABEUAgAHLkYCAABvQAIAAU4CAgACuqgCAAB+FgIAACOqAgAAFOYCAABAJAIAABnYAgAAWDACAAJbbAIAXILGAgABycgCAB9V4gIABWvUAgAAKDICAARWGgIAQOyEAgADOZgCAA8XA8A==
Date: Thu, 02 Jan 2025 09:15:57 +0000
Message-ID: <9a30a850c3d34f2fa0b614035ae4a134@huawei.com>
References: <4ffdd034-05ec-4565-9cad-b40ff82f83fc@tu-dresden.de> <5073b0a0-e938-4299-936b-0dd644ea3f88@tu-dresden.de> <CA+1=6ydHjEf8cBEu0oaa8pHBn_As2dowwoEtrtRHR1U+=Vhscg@mail.gmail.com> <92b82fe0-34e6-4a35-b265-a29466cda69a@tu-dresden.de> <CA+1=6yffVFhnMxcXo2pwD1xFdWdHKCj60zT2RKgAg=5DyBKDXQ@mail.gmail.com> <01ede5ee-6e98-4855-b351-5c3c0961f8d2@tu-dresden.de> <CA+1=6yfP+RV0MuyKhSw8CkjJh6gX4pG0hreQdYgqb9AZyZ1kvg@mail.gmail.com> <b273e32a-8855-48b8-b16a-839a238537ee@tu-dresden.d e> <22509.1732828924@obiwan.sandelman.ca> <9656e051-450a-43db-a0f9-6cdd323f255f@tu-dresden.de> <CO1PR11MB5169A23D48E5401162D7E20EE5382@CO1PR11MB5169.namprd11.prod.outlook.com> <1b1ae008-94e6-47fd-9c3a-ae4fa8c2c85a@tu-dresden.de> <CO1PR11MB516988E02678059E77D0D464E5062@CO1PR11MB5169.namprd11.prod.outlook.com> <061efb99-89ef-4f4a-a9d7-0e41b4c97623@tu-dresden.de> <4099D519-7A37-4083-A8FF-C84065155CCE@tzi.org> <PH0PR11MB5176B7EDB6FCF245A8203EF5E5092@PH0PR11MB5176.namprd11.prod.outlook.com> <1060115c-7984-4c54-bc4d-903e5283a963@tu-dresden.de>
In-Reply-To: <1060115c-7984-4c54-bc4d-903e5283a963@tu-dresden.de>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.39.53]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Message-ID-Hash: JWLESQHD2636QR52WLANYCCVSYZ5N7M4
X-Message-ID-Hash: JWLESQHD2636QR52WLANYCCVSYZ5N7M4
X-MailFrom: william.panwei@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "rats@ietf.org" <rats@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: Security considerations of remote attestation (RFC9334)
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/yoiTOFa0mSZ3Z3ndIpOychpOFfs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi Usama,
In the draft you provided,
> [1]
> https://muhammad-usama-sardar.github.io/rats-unprotected-evidence/
> draft-usama-rats-unprotected-evidence.html
It is said that,
Section 7.4 of [RFC9334] has:
A conveyance protocol that provides authentication and integrity
protection can be used to convey Evidence that is otherwise unprotected
(e.g., not signed).
Using a conveyance protocol that provides authentication and integrity
protection, such as TLS 1.3 [RFC8446], to convey Evidence that is otherwise
unprotected (e.g., not signed) undermines all security of remote attestation.
Essentially, this breaks up the chain up to the root of trust.
First, I feel you may give more explanations here for the readers to better understand your idea, maybe an example would also be good.
Second, after more thinking of this, plus with the relay issue you mentioned in IETF 121 meeting, I think I can understand your point here, i.e., the mismatch of the actual source of Evidence generation with the source of Evidence conveyance.
In our products' real case, the Evidence is signed by the TPM in the device, while another module in the same device establishes the conveyance channel. The Evidence needs to be protected (signed). The Verifier will check the identity information in the TPM LAK certificate that signs the Evidence and in the certificate used to establish the secure channel that conveys the Evidence, to ensure the source of Evidence generation and the source of Evidence conveyance are the same device.
If the secure conveyance channel is established direct from the root of trust to the Verifier, i.e., the certificate of signing the Evidence is also the one used for establishing the secure channel, then the Evidence signing may be omitted and redeemed by the authentication and integrity protection of the conveyance protocol.
This is just my understanding, and I may misunderstood your point.
Regards & Thanks!
Wei PAN (潘伟)
- [Rats] Security considerations of remote attestat… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Alexander Stein
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Jens Finkhäuser
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Carsten Bormann
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Carsten Bormann
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Laffey, Tom (HPE Aruba Networks)
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Jens Finkhäuser
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Dave Thaler
- [Rats] Re: Security considerations of remote atte… Dave Thaler
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar