IETF Logo Mail Archive

Re: [Rats] Entity vs. role

"Smith, Ned" <ned.smith@intel.com> Tue, 22 March 2022 19:11 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 026303A0657 for <rats@ietfa.amsl.com>; Tue, 22 Mar 2022 12:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NhNRN8yLZsdW for <rats@ietfa.amsl.com>; Tue, 22 Mar 2022 12:11:49 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1904B3A060D for <rats@ietf.org>; Tue, 22 Mar 2022 12:11:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647976309; x=1679512309; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=T1HSxk3DaVkGQPBQ2zscSSe3nS3XXm0awTEOACDirFo=; b=lBZ77KawmYBoL3RUEO8eZMRsE3rrHvMXJ5CkrBSnnCZMYsyJGV4WIAOS 6p9kFDoiw4aB8luLCupXlHNwoXjVx5JIUvBbxYinGlI0pvcxqWQ9uCj/t GEOtWtWQuQOpWR+qF/dRBt1SM5n5Dq5ozkd1mILpHtD+rXRAC8ft6HFbz RR86hVnyM5WFoA6M/OmGpDYYJAKmUFzIWwZgwcl1WrrKM6GOtxxXPrsco I3FaTBha/n7DPd/pWsw9syBAhFUylngMNw6p/ewz0xCM/QVeto+B8RsfM lNsnSMPb7u2Gnp8VyzSnLMvdlOg3UjWWO1KZMzUfH3CwgKTV6ubFPGqiT w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10294"; a="240083685"
X-IronPort-AV: E=Sophos;i="5.90,202,1643702400"; d="scan'208";a="240083685"
Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Mar 2022 12:11:47 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,202,1643702400"; d="scan'208";a="649131828"
Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga004.jf.intel.com with ESMTP; 22 Mar 2022 12:11:47 -0700
Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 22 Mar 2022 12:11:47 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Tue, 22 Mar 2022 12:11:47 -0700
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.101) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Tue, 22 Mar 2022 12:11:46 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=glEQ7Vgb2uIFd8uPU3EpJTGmMxM8e5KpdUFeBOaXSBhBzjPQS5dQE5TgXCO7B/nagLVFi/h2tdBsGI4xxATkxDrIkacTDk0HHDH4LElfK0XDAE21P+TF197PuUKRd8M08H6Z0rp4Fp4LNKnPWn2CkodL2FZWqZKEa5lXTVB23oxAevlgSaAoTOhv1M/dL7IhwMt5iegGCLWF+P/oXnlf9gRIB64RtbI7zcZJwmZwEWoklYOF4zB6Pvxzl2CwWO8+oMXCEFgkSHTuCDb73RiDkCwfj+CV1WrD11m6WmQn4ecEJ/K5p1y5rc2fv3lFwFChHHTIHjTsnuAf+TPVY3zTqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T1HSxk3DaVkGQPBQ2zscSSe3nS3XXm0awTEOACDirFo=; b=IFxWI16RSg1ooovroPXl6/432FJT/G2WB/0rjO6JLrxiHmL+NRzAJyRXKqvLr8436aYVZwnVD/4aL4o27UQsWZvxv74mPV8M9oK0/XDPy12JzC357K0piQgQWAB3+2GtYOeROTcK1iN6Pv0LaijTMkaOGowuWUXW2ZaJ3JOCz6SLvx+fIenvPy6/6Ew3mqWiLC/6LLm8ZfXzBARaqHQsktvNKTg4xILjr6SXlF2K2rU++/VX8CQtE97G1oWm+FwGopXGzQiwX4DHW1N7N12w58KH7ozEq0yNoeJNp0A+qQM5dunDR9pREJiZcitUdCeViHTsS3GXKULbngG/dLQtWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM5PR11MB1242.namprd11.prod.outlook.com (2603:10b6:3:14::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Tue, 22 Mar 2022 19:11:37 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4%3]) with mapi id 15.20.5102.016; Tue, 22 Mar 2022 19:11:37 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, Thomas Fossati <tho.ietf@gmail.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Entity vs. role
Thread-Index: AQHYPe6PgQWbu8zDYE+F8zzrq4lIsazLg0QAgAA6DYCAABjjgA==
Date: Tue, 22 Mar 2022 19:11:37 +0000
Message-ID: <D2881547-32EE-4080-B763-901D0C019112@intel.com>
References: <3407CFB9-B713-4E13-BDA3-08EC7B5A905E@intel.com> <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com> <E20F61DD-8775-4E68-8E56-E6EC92682A18@island-resort.com>
In-Reply-To: <E20F61DD-8775-4E68-8E56-E6EC92682A18@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5a5c6e17-1f42-4256-fad7-08da0c37c9da
x-ms-traffictypediagnostic: DM5PR11MB1242:EE_
x-microsoft-antispam-prvs: <DM5PR11MB124253216591AD433136E645E5179@DM5PR11MB1242.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9b1fafpjPveXM9p0O+0jTdwu+VpByXNoDd/h1X3t54bUcQXTTRjqOJz4Cz43NZZUhfjCknSk39QELW1cH0i8gTR3pFh9J/rHqtSrfEENMBH5bDJsLBVaycaa+DQWpE1/MsDug51yMXFwGGLYeL4LxkEbOdX/1BP9T+bgUaQk/lnf5Cg8UaH1utXKBXILnjGdKt2CVKTSHpDIfLB7LNJmpogR/0GuKukNqyRUC7Nut8RDz8qWfvtWs1JHnqk6AWskW47TXsfODZnCgkmJm5BUkQK3SjePFsO0jjU/qvy62spfWJJzDvLpWO781ydUNoJdaZpxuDHz2CoTs1p1EVpcsZKlxiJHIW/EnFuUv/vuquMjjqaYa6BnNULNKJ76Tm7RP6K7Px9b7Qqh5wkSg7FgYvacA5eAl9ZunfclbEMdxbLo0vtgYOzImlJnNgJ64PzqA2TaWEdeSs2lzA6Vb4xUInZIipKQrmG+0VTul1HtzegREQSZ8wJhSVh0UqNXu/a1HkU7/E3OJwG04zkLyV+6hLosMgkzesbtS/OOR4kNWawy5zhRYPtC/yZN6qyju23PfavWn9jUsKNO1gDD7azMB8P4Ar5Dnc4nwUD3Y2QBtfnbz+fglMs/tcV5gI10yn7Ygn3gaP7ar6SCpNcvnChCtw++0gU8GxGAcAL4LktZuiUL1ObtabMXSwiU5TVUfM1caxQJkS4T5nIaTZIpTpWoeRg8HOPRYuuPNFN/ancrjM4hn101j0D4Zd2ypiW8lZxufL4Htj/SUvAy2t/MrlDDBF/JTA9OK14Zg/qPNRU0Of0CJZr5Nsw2qTi7XOxHOdCj
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(122000001)(508600001)(36756003)(8936002)(6486002)(966005)(83380400001)(71200400001)(5660300002)(8676002)(316002)(186003)(91956017)(66476007)(4326008)(2906002)(66446008)(2616005)(6506007)(38100700002)(66946007)(76116006)(6512007)(82960400001)(64756008)(26005)(86362001)(53546011)(33656002)(38070700005)(110136005)(66556008)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Zpex5U8yN3gpv8Q4LAVzX+S+cs+0wXy38subpDVV0nLdZpvY8LKcn+YE3oKAMjBG1NOL+F9qdk5G9zOd166vixoEkcAqzAmYgdJosUGXNtRnYlXH2bkI6cZXqXfzCDwhIX3s4ewdas3SuzW65uB3LvEsLTon9wlvxv9Atj3HYUmv9qHVkBZJhCxfrELcJC9elYf9mJppa+535uxEvsvLzygLD6siuqZ1/b6mTKyO0pL0X2cHxIQ56UHphLFOWsVdwG34Lzi5BSuEq+YFhN9CCBkpp/QbYqQtM4L//sGKTL9jCnfclBz2hkREkgSGZPRx9WtQS0cklziMoL/fdemY3dX1po8YZRDyJ7s3xLZtEh3llV+qPW6qUYKuTWIt2JvT3bSmTfUbwE4y41AqLxsHfUSvXLFDzDo2ur9yrpP8BU9cnmcF72P/SKbS3rJiWenRQZ47zsF5hOePvX7/5MWA2uZ6+PgphxIGfmTDeIexazW+pnoZF4uFHP6OPO4nG+yR0zEVT164RrdXWGF7ulNXw6T1Ns1wvIlveSoZwkP3q40PgqNGXu6f4S5pFydBo1Iu6FA5Z6ezcPXTaBmmhtPzukLpgxsT9GPjmfhR66aPdCnLQNEP9Yz8U32lytOoJiqWbUcQxQzJJbsEhQxz1NLR3AX/HeMgu5xqAyCpiMr3dq/xPVPVZFEnuv+SNbG9QP0+hLuOcMDUlHN1b08qJCOhLOiBDhjyqYGvLhqgzBLYLdjIdDwVf50IXn2zYVdnDK14gIxF5+pKTT+gX7cLw78p82pMrUFP5smdd9QwtlB8RPnFLGkk/IIVsIpnR+vWX+6dgFUGHGeIRJo5Qr8tlr8Eeqd1rUNPws6mSoL1vA1pcHrleKZAo6IVyUVFrNd60FXuU5cKzWCib2iOZLbbNNn6brFrsRzBasONOuYItdMs18wJjl8Jq7I710ZW2mHREgCxybOGetXcAYLJkb7Ry3bW9nbFODS67xjUheeHI0c7ITjIfUN3UX0Dz3hWOekvSNUBgVp0kf1UJoQEmcDqydFrh2wFLgdBJbftD6tYkLAOi9gjm/ulRBAHebxVSeOQCdAheadrINa2FyfOpy1NNUNGQomSnBEnsyWGHt+EJ9+8rcW/WAC7X/IQmPrHj0J3CJG/96VI+1YmH4RDKkhEM5S6gFCzZ9bssuvCZzD9ioU+HTIV8JsyJJahclsIUmvvMa3bH3CPynR8e0isgNfoMsaOS9vAu5Fd2XHg5s31Trj1xahuQ/Z2NqEf5OVSD2WDUGhFh5y352BMpsKmY56iSF9qZG89sdjixjAkHX2njf7+3KKVXG2ZBSGYxAeEgSlq9Cj0jnjdXN0BhU1Cx7lg5c3UrKS1F8rL/Lrg5geyOtSsN18g47bRtp7gse1QAMypDin36wM24wQpkjtM9BQAncqOKRUnf7GJcbMgkwT7+M00xslPFAEduQqljhsvXHRNq/UIEF+Ix72aAM+/hhQyScbkOw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <53367AA0C57DB744AD06B5AFF115DC66@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a5c6e17-1f42-4256-fad7-08da0c37c9da
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2022 19:11:37.4871 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jbhOck2oFKFbWx9qF0vVcu2aX6cc1idJ4TEbmiFRlwEt9U380xYjXthALAGJxMLNVsFCF5j2luRS/gLc3FUnbQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1242
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/zQE1nz3Jo3Su_9hCAi2sjd8hTW8>
Subject: Re: [Rats] Entity vs. role
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 19:11:55 -0000

The RATS architecture purposefully separates application specific aspects of the RP from the attestation specific parts and doesn't try to define the application specific aspect of RP. You might consider the appraisal policy for AR is different from other RP policies that are application specific such as "is this device OK for this dollar amount". 
Appraisal policy for AR would instead focus on whether "who made this device" or "is it in the right state" are meaningful and relevant given the RP's application domain. One might expect the RP and Verifier would negotiate which claims are meaningful and relevant (maybe as part of setup?). 

-Ned

On 3/22/22, 7:42 PM, "Laurence Lundblade" <lgl@island-resort.com> wrote:

    Agree entirely with what’s below, but it doesn’t quite address what I am on about.

    RATS architecture clearly separates two polices:
       1) Appraisal Policy for Evidence
       2) Appraisal Policy for Results

    The first one is used only by the Verifier role and never by the Relying Party role. It can only be use to process Attestation Evidence, never to process Attestation Results. In a chain of Verifiers all the intermediate results are Attestation Evidence, never Attestation Results.

    When all the Verifiers are done, then you have Attestation Results.

    Similarly, the Appraisal Policy for Results is used only by the Relying Part role, never by the Verifier role. It can never be applied to Attestation Evidence. 

    Since we are talking roles not entities, here, the Relying Party can *never* by definition receive Attestation Evidence. Again, since we’re talking *roles* not entities, a Relying Party can *never* host a Verifier.

    Said another way, the definition of the Verifier and Relying Party roles gives a hard one-way transition from Evidence to Results.


    I think the Verifier and the Appraisal Policy for Evidence is all about the device/implementation/attester.
     - Who made the device?
     - Is it configured correctly?
     - Is it in the right state?
     - Does it have the right SW?
     - What certifications does it have?

    This is represented in the Attestation Results, perhaps in summary or in detail.

    Then the RP and the Appraisal Policy for Results is about the application-specific stuff:
      - Is this device OK for this dollar amount (the RP knows the $ amount, not the Verifier)
      - Can this content be played on this device — the RP knows which device and what characteristics it requires for the content
      - Is the sensor data accurate — the RP knows which sensors it can trust

    I don’t see this separation as hard as long as we’re open and flexible about what is in Attestation Results. Seems we need to be a bit flexible about what is in Attestation Results because the roles of Verifier and RP are sharp and one-way.

    LL





    > On Mar 22, 2022, at 4:14 PM, Thomas Fossati <tho.ietf@gmail.com> wrote:
    > 
    > hi Ned
    > 
    > On Tue, Mar 22, 2022 at 1:13 PM Smith, Ned <ned.smith@intel.com> wrote:
    >> 
    >> (not as chair)
    >> 
    >> One of the topics discussed during RATS113 session I seemed to focus on architectural considerations for entities vs. roles. The architecture draft summarizes concisely:
    >> 
    >> “In essence, an entity that combines more than one role creates and consumes the corresponding conceptual messages as defined in this document.”
    >> 
    >> 
    >> 
    >> This is different from a distributed Verifier that operates on a portion of a conceptual message and (possibly) forwards a portion for some other Verifier to consume. The architecture didn’t attempt to name partially processed conceptual messages distributed across multiple entities.
    > 
    > I fully agree with this.
    > 
    >> It may be helpful for drafts to give names to partially processed conceptual messages
    > 
    > As you say, a Verifier implementation can fraction and distribute the
    > appraisal box the way it wants.  It seems to me though that trying to
    > name these intermediates equates to making the internal
    > (implementation-specific) interfaces explicit, which is something we
    > should really avoid at least until we decide it's time to revise the
    > architecture to break down the Verifier box.
    > 
    >> but until processing is complete (and therefore becomes a different conceptual message) it should still be correct to refer to the partially processed conceptual message by it’s architectural name (e.g., Evidence that has been authenticated but not appraised would still be regarded as Evidence architecturally. Appraisal results that haven’t been authenticated to a Verifier might still be called Evidence up until all the requirements for being called Attestation Results are satisfied.)
    > 
    > I also fully agree with this.
    > 
    > -- 
    > Thomas
    > 
    > _______________________________________________
    > RATS mailing list
    > RATS@ietf.org
    > https://www.ietf.org/mailman/listinfo/rats

v2.37.1 | Report a Bug | By Email | System Status