Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-rats-architecture-21

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 27 August 2022 12:55 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D537C14F748; Sat, 27 Aug 2022 05:55:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.706
X-Spam-Level:
X-Spam-Status: No, score=-1.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (bad RSA signature)" header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2YHHm3gOKQPz; Sat, 27 Aug 2022 05:55:44 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 487CAC14CF0E; Sat, 27 Aug 2022 05:55:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 31F7F39516; Sat, 27 Aug 2022 09:15:53 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Dix9gsByChdX; Sat, 27 Aug 2022 09:15:48 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A8D9839515; Sat, 27 Aug 2022 09:15:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1661606148; bh=r/VeZzINatjfGcSSYj+OlLo2z2ydJRXeuPs17G47x9w=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=ZV/VO8rArak3aEyoi0ZKCmkC2S6xztYd1UpBwjc91+vMbeMcDtGT3RjdEE9Maclou xGwoiO8h2vELsZTJ0J2z28WT31fl7V34Uvoyw1t/0pC69VLLTVyNl9uSUOIM+92nhi 4p4CYPB0jRznAitOyyqw51BKAxIG7qRfyPxjuj1MU3Cs+/EvDda4G9ZvxBdUToA92C WTk+Q/FeLh5vW7hgVQCzQhH0o4Zs8wvpRw59kRFLiispVE5RigV608X1P978mWjc/i JAJNZzjDSAjkPYjt0E73IjMekPg2BA9BfDyg/ImQdvNK/aXJszCX/lQFejbaJm77Xn /333zArYTSyzw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 112F516B; Sat, 27 Aug 2022 08:55:36 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Shawn Emery <shawn.emery@gmail.com>
cc: secdir@ietf.org, draft-ietf-rats-architecture.all@ietf.org, last-call@ietf.org, rats@ietf.org
In-Reply-To: <166158006787.48736.8208932393462765621@ietfa.amsl.com>
References: <166158006787.48736.8208932393462765621@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 27 Aug 2022 08:55:36 -0400
Message-ID: <29090.1661604936@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/dC31ndPvCICrK_ydw7GJIXc-gJo>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-rats-architecture-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2022 12:55:48 -0000

Thank you Shawn, we've opened a ticket:
  https://github.com/ietf-rats-wg/architecture/issues/430

Not even attack can be mitigated, and sometimes it is something that each
specific remote attestation protocol implementation will have to cope with.
But, we will think on this topic.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide