[saag] FW: RATs report - updated

"Smith, Ned" <ned.smith@intel.com> Wed, 29 July 2020 23:34 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9AD63A0A07 for <saag@ietfa.amsl.com>; Wed, 29 Jul 2020 16:34:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1WqR3udytyPn for <saag@ietfa.amsl.com>; Wed, 29 Jul 2020 16:34:05 -0700 (PDT)
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1829C3A0A06 for <saag@ietf.org>; Wed, 29 Jul 2020 16:34:04 -0700 (PDT)
IronPort-SDR: 24kGsY8lFYsXdnPQ611VMd0oOtMOnK7/72HdSee0PRm+MAak5tiwHRjBFAaPBfLg5YdHFsbKWs Wku9FiCsP/Lw==
X-IronPort-AV: E=McAfee;i="6000,8403,9697"; a="151494677"
X-IronPort-AV: E=Sophos;i="5.75,412,1589266800"; d="txt'?scan'208,217";a="151494677"
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jul 2020 16:34:03 -0700
IronPort-SDR: JmGYHZXtApCzkOS6HLhNe5sUhIx21hw7BJ+6L8CnWMi+Cu1ug+hweaKYMT7xWiv+ib7CgY6sjH nBUYgBMveyiw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,412,1589266800"; d="txt'?scan'208,217";a="272756194"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga007.fm.intel.com with ESMTP; 29 Jul 2020 16:34:02 -0700
Received: from fmsmsx123.amr.corp.intel.com (10.18.125.38) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 29 Jul 2020 16:34:02 -0700
Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by fmsmsx123.amr.corp.intel.com (10.18.125.38) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 29 Jul 2020 16:34:02 -0700
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.109) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 29 Jul 2020 16:34:02 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cxOJ8G/dRPaMkc+bYcnIw+bFu/5RbXYpKr+oMY/Xq+ygY32vWm6qoDA6ffTrf32tRAgKTap4Q2m2s4LeDs8zr80R8hBWEXOxXeTz4YoKFQpyALiiAfnJmDNM0olkAS3ZYcVn+T65Q9z1/T+3zcUeHtGUbo+EiWzCTQ/o8j3pPljOgaxgUZqNXRGVlScy4/WeD0tJksYRNIcOsaEGhOByO0YaHbQZlmdJegKUXqZVS8dpaMEHhjDKlYz4K+or/K9DQBuusAewL4KL23yYJQrU42f0ivTTKfaFTE8Shu1ZUzUFb7cGl54fqyhvGoXd2L2tYdkgUg1mP25sr23DyHQ0vA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pcTWB1aAPav1Pj+8p4oZxGmNSKX89xglY04AgZ/SnZ8=; b=iuHWfA7cDokzpSCX7X2B+vLCK1EHbPXrKqz5h45Qkla6TkOud0JE3Va0kWQuyHVT4xeu5TQSr0MgoG16ktYk17M2sXlxE4Epe6NHlwuru6F6nKvvpqgC1IGlrGoOkcgMFtwFJUK3jZgDAhGO4zJzJ9zxXJf2GIgGLCqe9Ljyk/lWmahlsKE2MVY+tGrwa+KGvke/aO71xSpmRDpuqofspVkXw7c+bAbAipNkfdLSaWLwt4do9+Dn2ZrZqN8hrcwRm33tRf3EXywGLhrw3pLM3ftEGo9k2wVU/IxxZAeYb5DRJc1YIXw0I+v8krFqKNUXA0CHidfF02e5FEhG25ToHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pcTWB1aAPav1Pj+8p4oZxGmNSKX89xglY04AgZ/SnZ8=; b=mEqpgRw9N7qBXPDvs1DExitllypbFbSzjUwJ0rfNYewpPv6slY3kHZl/OYDjySa4F2PFn6MEHRlRAJmEQPTHdGs60fvq85I1LHzedgF/4A1Y2tQZD2SWIMoDpH5XzK6oIa+fg7F2yMXdAUj01qg4XJvKJv8h6KjiMUoZtCM1Xh0=
Received: from MWHPR11MB1439.namprd11.prod.outlook.com (2603:10b6:301:9::20) by MW3PR11MB4556.namprd11.prod.outlook.com (2603:10b6:303:5b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17; Wed, 29 Jul 2020 23:34:01 +0000
Received: from MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::acd1:6189:65ad:9750]) by MWHPR11MB1439.namprd11.prod.outlook.com ([fe80::acd1:6189:65ad:9750%5]) with mapi id 15.20.3239.017; Wed, 29 Jul 2020 23:34:00 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] RATs report - updated
Thread-Index: AQHWZgC8C02pSBkTJEGOBMPfaxXxQg==
Date: Wed, 29 Jul 2020 23:34:00 +0000
Message-ID: <567D4A8D-75AA-4794-A4F0-A930C5418ECA@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=intel.com;
x-originating-ip: [50.53.43.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4bc1f7da-aeab-4be9-e45e-08d83417df49
x-ms-traffictypediagnostic: MW3PR11MB4556:
x-microsoft-antispam-prvs: <MW3PR11MB4556BCDAAE98EF8792AA5FCAE5700@MW3PR11MB4556.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ynAZ63Jar8iIFZmeqZRl0UMTKzuvBjbZi+L8okIA1onP7VE71hS/5EuBg3u9AyfRiBGFlTpnlWX5Bd78VHWk3BqXOba7cHu+zxujctSshFdGucN77sjR23mn/Yiv8pitlNnONhOjNsna0VeNqTgKAtR3A2ACA9KrCB3x4z1DIv4nr23UGAXJ5cOC81FKH5f6iqtLSKat1qIu3Ji804eDN0Yu/vSLJ9GLapaXMaFgocg74JuzSU7ImEktmHhxOsoTMnu6jJhuRQP38rh+LJkTYQiDZv5yUsGKoj8mCnQbDJAkWRxIbGqAj1/fP5dZuwDwEI6Rt9MGIsvTOR2R9Ye5qgUH0l4G7m1QUimrLEsqNFx86w8uR2zsUy963PPICHrYGcjlR6WCenmjMdr2aoiNKA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1439.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(346002)(136003)(376002)(39860400002)(396003)(66616009)(66556008)(66476007)(66946007)(966005)(6506007)(64756008)(186003)(478600001)(91956017)(2906002)(8676002)(66446008)(2616005)(8936002)(5660300002)(26005)(76116006)(71200400001)(36756003)(6512007)(33656002)(83380400001)(166002)(316002)(6916009)(6486002)(86362001)(99936003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: fswOGn86M5c2Q1rBHo2JXaMfWM6iAEsfCI9snIUXYgLhnjn1HNDpxVuvT4GVVmXvukI7akW59Z+ESxXCgkzPr/wb4epeHXWKhn3JC9fDvjB+fhvY77+sgjupaHaXL7C2/9WXjjQzHEozpGTFai6yj4yGdtjJ4Umu3ILN+CiNVIH9O4QD2fShyv4v62TUv+Lt7FThFNE9zT0eO9ol9BbTBJGKSmwki+rmLlOBGAi6JWaWx4Erpxb/QB4OlaOulSpYgIAKaESvzfV+vUuUkmxO2q/FCIVZSDRmC6jtk2Xhj+dM3IJZUKKAerbK9JEqA0/NoG5TFhtQOKglIeo/rFo+dxkSE46FltZx6USrbYVRqcAfEZqhlHiXNMrDDToyUyrasLnRb4hsGptTStmjp/jG6a6VlCQIZeVxuCRNw9GnYAdfU5otL3bcZQ/dndNE1TGg6Eou7z6NsXvO3XoQLbhCbxtoftLiRKj9K6ihi4CBufMxFn92DiSE2hkHrEt2gyoZJo8b3KXDhIWnYQIMBLfV5DVCWZyxq+q4U6mrIvVU985Ff7+UXgpv8KrYEk+eIvAGlJw8MkdML8VMa77Gm6hvYz7kiUKvPJYLZ4Rp9clhpVNHtWwWAqo+XTr1zFgiQ/VIvNtmkgJBTJ6WpL9pXwurFw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/mixed; boundary="_004_567D4A8D75AA4794A4F0A930C5418ECAintelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1439.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4bc1f7da-aeab-4be9-e45e-08d83417df49
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2020 23:34:00.6019 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: V+E1nR5G9b/XNWwV+98HAV7hChDaKc5v9l5r68Tw/dtfJFe4HWvzZn/AoIJjNn4aaTk94sARZBQIgdDw/hxGnw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4556
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/JA6yZKIOm9HJ6SXlP1MqWkpaHDQ>
Subject: [saag] FW: RATs report - updated
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 23:34:08 -0000

RATs met this week on Tuesday July 28 13:00-13:50 UTC and Wednesday July 29 11:00-12:40 UTC
We discussed the following drafts:

     *   https://datatracker.ietf.org/doc/draft-ietf-rats-tpm-based-network-device-attest/

  *   This I-D is nearing completion, but needs additional eyeballs to review / comment. Three (besides the authors and chairs) have read it and 6-7 more volunteered to review it.
  *   This I-D belongs to a collection of I-Ds having to do with TPM centric attestation.
  *   The chairs believe WGLC will happen soon.

     *   https://datatracker.ietf.org/doc/draft-ietf-rats-yang-tpm-charra/

  *   This I-D changed names slightly to focus on challenge-response-based remote attestation (CHARRA)
  *   The authors highlighted two issues (1) Should algorithm support be restricted to those supported by TPM1.2 and TPM2.0 or should IETF supported algorithms? Authors looking for responses on email list. (2) Is there a need for a new log type as TPMs use PCR profiles that influences how log entries are created.
  *   This I-D belongs to a collection of I-Ds having to do with TPM centric attestation.

     *   https://datatracker.ietf.org/doc/draft-birkholz-rats-network-device-subscription/

  *   I-D authors are looking for feedback on readiness for adoption. Please contribute to list discussion to weigh in.

     *   https://datatracker.ietf.org/doc/draft-birkholz-rats-reference-interaction-model/

  *   This I-D contains several interaction models and it isn’t clear how the WG members want to move it forward. Options are (a) stand-alone; separate I-Ds for each model, (b) stand-alone; all models in one draft, (c) move into RATS architecture draft, (d) each model finds a solution I-D.
  *   The list feedback and feedback in the room opposes option (c) and some interest in (b).
  *   Mostly not ready for call for adoption.

     *   https://datatracker.ietf.org/doc/draft-ietf-rats-architecture/

  *   Much progress has been made dispositioning issues, though a few still remain. These have mostly to do with clarifying Endorser/Endorsement role and flow. Some think it would be OK for the architecture to minimally explain these and wait for the RATS charter to more directly target this area now. The other area has to do with freshness and timing of when relevant event occur internally.
  *   An IPR concern was raised regarding composite device section in the architecture. Chairs asked to have the IPR considerations clarified in the IPR record.
  *   The feeling is this I-D is close to WGLC.

     *   https://datatracker.ietf.org/doc/draft-ietf-rats-eat/

  *   Discussion related to Endorser/Endorsement flow continued as it pertains to EAT. Some concern that depending on how the architecture draft addresses this topic will affect the EAT I-D contents.
  *   A side meeting will be held to address related topics.
  *   The authors are not recommending this I-D is ready for WGLC.

     *   https://datatracker.ietf.org/doc/draft-voit-rats-trustworthy-path-routing/

  *   This I-D belongs to a collection of I-Ds having to do with TPM centric attestation.
  *   I-D incorporates ‘trust levels’ as a way to bucket attestation results for all participating routers. There wasn’t consensus that trust levels would be meaningful outside the context of trusted path routing.
  *   The authors are interested if the WG members are interested in TPR and if the WG would proceed with adoption.

     *   https://datatracker.ietf.org/doc/draft-birkholz-rats-suit-claims/

  *   I-D introduces idea of ‘trustworthiness vectors’ a concept similar to ‘trust levels’ in TPR I-D. Use with SUIT manifests and TEEP is the expected context. The I-D has Relying Party applicability (mostly).
  *   The authors are wondering if there is WG interest.

     *   https://datatracker.ietf.org/doc/draft-birkholz-rats-uccs/

  *   I-D hasn’t changed much since the last WG meeting. Authors are soliciting review / feedback.
  *   Chairs asked how many have read it (5 people) and how many would read it (2 people) and if the WG thought it was ready for adoption. Apparent consensus was Yes.

     *   https://datatracker.ietf.org/doc/draft-shaw-rats-rear/

  *   I-D focuses on building a toolbox for RESTful interactions that incorporates attestation.
  *   Authors soliciting interest and should this work move forward.
  *   Chairs requested the discussion move to the WG email list.

We also discussed updating the milestones and checking WGLC readiness of the architecture draft.

  *   “Charra” – Targeting September for WGLC / March for publication
  *   “Interaction Models” – Call for adoption needed, pending adequate reviewer feedback
  *   “Token bind” – to be removed
  *   “EAT” – WGLC can be planned once the issue with Endorsement/Endorser descriptions in the architecture I-D can be clarified. Targeting IESG submission in 6 months.
  *   “TUDA” – No recent discussion on this. Authors assert that other I-Ds should go ahead since there are dependencies on other I-Ds. Authors felt they didn’t have bandwidth to move ahead right now.
  *   “RIV” – WGLC can be considered at the end of August.