Re: [Rats] Call for adoption (after draft rename) for Yang module draft

Dave Thaler <dthaler@microsoft.com> Mon, 18 November 2019 09:09 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A85612087D for <rats@ietfa.amsl.com>; Mon, 18 Nov 2019 01:09:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FfG5vmEmC2v6 for <rats@ietfa.amsl.com>; Mon, 18 Nov 2019 01:09:19 -0800 (PST)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720124.outbound.protection.outlook.com [40.107.72.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1367C1200CC for <rats@ietf.org>; Mon, 18 Nov 2019 01:09:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H51V2MpVKQ6FWe7sVRcGNdLeh7ugx6nK2KhSFXbO3PF7vL5OeaMeGuOtpuSHXMRWOZidbp+MASSR7fsCiA90khoGg/d47kfB+EvO+iFgZItSSIoLqCODJLSrHF3FBL/hrEgrVJkWt3gTrrmXsodgY8gE1VJLcGAP4yV4998ZCNMrIbCpTQdvfDEtZnKbA2QBUZD4+mqO08Ig0rgDD/WppRsiGloa9JCJXnUx6pfd85h54kf1zXPw6taRJzSeYn92vBGlgBpEt4pQfiPkCgGAKSmnN4GfRBXwS2BXMdvF1N/SRhSxQe8EZgyrPD7NLTvEkt3lCdez1uId+jwEtwspjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=65zcRjVGyvCsjpB0n/mex+F7KdK+JEU3a9q4qCorQsA=; b=Hx/pO2DuibYowFBvgtkkNBgudWZjVasVurIrSZfTq3v+t02eBSN3iZoJqidWTuVa82zkUZJwYF43nb/QlnrWx4XZXt0imF0FcaI2CE8iwo/XtoVRQKxJQRvGRpNhBMraUSNB77c3yo7HHo6QTRrndiZm6dH5f45ZLXpcAz8G4LqESNMo6CamRRNWVUDvB4Plvyl9WGCYHMZaAS46eKBe0jPgfb2WLz3D5/KIctgOjDoOUjv82H7OVn0djl9CVhU/U9mfjNhbwt+x6COXFqeY3qUCs6RJ2w4n5wR0S4dFGKvF3M9R5tvIxgCX9T1q9ptAF22+OvaK4/276sVH7g2m4w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=65zcRjVGyvCsjpB0n/mex+F7KdK+JEU3a9q4qCorQsA=; b=RzSB225JbwHMSl5+FcYmaf2YOYMFlJe/2CxTxOrnnaBs1oQg39lqqYZgrOfxxqr58nUm35dgqt2A6A+i9GKx+5bmfe5z8RHs3ybCks0S8Jbxz8gvtHk7BfDWDmEhaB1/5Le4urRUEabh2+22eru8gbxky6L/vDVn1xwa5jAHZ90=
Received: from MWHPR21MB0784.namprd21.prod.outlook.com (10.173.51.150) by MWHPR21MB0639.namprd21.prod.outlook.com (10.175.141.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.6; Mon, 18 Nov 2019 09:09:17 +0000
Received: from MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::8d41:8f86:8654:8439]) by MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::8d41:8f86:8654:8439%12]) with mapi id 15.20.2495.004; Mon, 18 Nov 2019 09:09:17 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: "Smith, Ned" <ned.smith@intel.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "rats@ietf.org" <rats@ietf.org>, =?utf-8?B?IlNjaMO2bnfDpGxkZXIsIErDvHJnZW4i?= <J.Schoenwaelder@jacobs-university.de>, "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>
Thread-Topic: [Rats] Call for adoption (after draft rename) for Yang module draft
Thread-Index: AQHVlCwI8/lytau3hU+AhCwtIdg/0ad+jL2AgAAHhQCAAAO1AIAF46wAgACM2YCAAJAzgIAAtdsAgAB9XUCAAqYNAIABt5oQgARYS4CAAS4Y4IAABJ6AgAAA1fCAAAGl0A==
Date: Mon, 18 Nov 2019 09:09:17 +0000
Message-ID: <MWHPR21MB07848E815323D3414344263FA34D0@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <147F9159-6055-4E55-ABDC-43DFE3498BF1@island-resort.com> <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <HE1PR0702MB375366C5F7FE5C497C35D73B8F740@HE1PR0702MB3753.eurprd07.prod.outlook.com> <7106C9D3-8ED1-419E-81F8-4CDA799BEDAE@intel.com> <MWHPR21MB07844F61BEFAE03F9E7DD290A3770@MWHPR21MB0784.namprd21.prod.outlook.com> <6E7D64B4-2049-4D0A-ADC5-CA3F0647779B@island-resort.com> <MWHPR21MB07840B6CF7BEE0A11ABE54BFA3700@MWHPR21MB0784.namprd21.prod.outlook.com> <20191117144129.llvg7fsrqgaqtgkn@anna.jacobs.jacobs-university.de> <MWHPR21MB0784B0111EADA4A9A6C766D0A34D0@MWHPR21MB0784.namprd21.prod.outlook.com> <FADBA46B-5B70-4B21-A159-B22593310B53@island-resort.com> <MWHPR21MB078427872BAEEBA45B34E589A34D0@MWHPR21MB0784.namprd21.prod.outlook.com>
In-Reply-To: <MWHPR21MB078427872BAEEBA45B34E589A34D0@MWHPR21MB0784.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-11-18T09:04:00.0925803Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=5c584a7f-72ef-4b89-ae69-fae01f29d259; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [31.133.156.163]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 771bd4df-d957-4a8e-8482-08d76c06fd91
x-ms-traffictypediagnostic: MWHPR21MB0639:
x-microsoft-antispam-prvs: <MWHPR21MB0639116EA3DC73701D63A48AA34D0@MWHPR21MB0639.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0225B0D5BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(346002)(376002)(136003)(39860400002)(189003)(199004)(52314003)(2940100002)(66574012)(6436002)(81156014)(229853002)(6116002)(8676002)(790700001)(3846002)(14454004)(186003)(81166006)(486006)(2906002)(6916009)(66556008)(25786009)(71190400001)(71200400001)(66476007)(7736002)(4326008)(76176011)(7696005)(66446008)(64756008)(256004)(102836004)(53546011)(6506007)(86362001)(236005)(26005)(76116006)(52536014)(74316002)(8936002)(99286004)(9686003)(6306002)(66066001)(66946007)(54896002)(55016002)(5660300002)(22452003)(6246003)(11346002)(446003)(8990500004)(33656002)(478600001)(10090500001)(476003)(10290500003)(316002)(54906003); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0639; H:MWHPR21MB0784.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lhmySQ3HMq/lT28QEvD7Zoedv164Hzaqf+PFzA1exlt8b+pNTXd62eDjIXBnaud1TChMl2oCTWIE8uRc7kyimzh6NBSh4Eau2nlzsoNfDiZ0rfDEeHyEcR+/hLQ60Fb6aWDKYww11w/fpMqTxFasHWuP1Ev3cBTEHCnf7hdFpCibb++YdQd8PgvzYq2jhyy40vWTIB9TojcAmFYBzWy1xjNLlN4aoYgxU+4HmQIfnrvlAYeTXWSlhcr9cbPpgnKQpAgtLJ1WI0fxZXH6sL7sbAnd9h6MxcMvSZSucFZP8np6KRaW27p80xTlxtAls1ApqqqsOsaQhGPMFpl2vCVkL9EzVo16V/fQZbLwOHz0KD2QDhEcgy4O0IewbT8JrT8W/GSbakmBPXAviuoXY5M/YR1n1DtK0YqLihbCqtyI83RAARx3BM4Cg5IyWqnYtYCW
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB07848E815323D3414344263FA34D0MWHPR21MB0784namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 771bd4df-d957-4a8e-8482-08d76c06fd91
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2019 09:09:17.5480 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xiYCEDsVg/2y/efhintCtrYTW8SPCEOx0HGg9dO+hLj+z4GVD+VxsigmhZGqCZ+4lrNDrWC5O6JP8TukNTV3QfFfxuvaklT5YIJ3go6uVz8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0639
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/zLyGLdB4hDWhiPWvCTInk5i39Mw>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 09:09:22 -0000

I do think it would be useful to keep your statement true, so I will think about how to define Relying Party since I suspect there’s a way around it that we would both like.

From: RATS <rats-bounces@ietf.org>; On Behalf Of Dave Thaler
Sent: Monday, November 18, 2019 5:04 PM
To: Laurence Lundblade <lgl@island-resort.com>;
Cc: Smith, Ned <ned.smith@intel.com>;; Henk Birkholz <henk.birkholz@sit.fraunhofer.de>;; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>;; rats@ietf.org; "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>;; Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com>;
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft

If all you do is log, then there is no enforcement, and since the device doesn’t talk to the log, you can’t call the log a “Relying Party”.
I didn’t say there was never a Relying Party (if you do enforcement and kick the device off the network or something then yes there’s a Relying Party), I said “might be no”.
So I disagree with “Attestation always has a relying party” based on my discussion with Nancy.
Before the hackathon I would have agreed with that statement ☺

From: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Sent: Monday, November 18, 2019 4:59 PM
To: Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>>
Cc: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de<mailto:J.Schoenwaelder@jacobs-university.de>>; Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com<mailto:ian.oliver@nokia-bell-labs.com>>; rats@ietf.org<mailto:rats@ietf.org>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft


On Nov 18, 2019, at 4:52 PM, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org<mailto:dthaler=40microsoft.com@dmarc.ietf.org>> wrote:

Case 1) The network notices anomalous traffic coming from a device already on the network, which triggers a verifier to ask the device to attest to its health (which may have changed since it was last attested).  Here there might even be no Relying Party involved per se.
Case 2) The network has not noticed anything odd, but wants to proactively query a device anyway, e.g., because the network's appraisal policy of what is considered trustworthy has just changed.  Again there might even be no Relying Party involved.

I would call the network the relying party. Attestation always has a relying party because there would be no point if no one cared (if a tree falls in a forest…)

LL