IETF Logo Mail Archive

[lamps] Two comments on draft-ietf-lamps-key-attestation-ext

Thomas Fossati <Thomas.Fossati@arm.com> Wed, 21 December 2022 18:57 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E5BC14CF0D; Wed, 21 Dec 2022 10:57:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=jqhM73Wx; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=jqhM73Wx
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Lkbji2QBhf6; Wed, 21 Dec 2022 10:57:41 -0800 (PST)
Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03on2077.outbound.protection.outlook.com [40.107.103.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5AEFC14F6E5; Wed, 21 Dec 2022 10:57:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mP3oDcFjepZbp8+Foo8rOgPPmDafbP/ViI0sxeJUjsA=; b=jqhM73WxsDF5Mw0W9kw58DZQhf5+hLdxLBt6dm2zIQSuhVVUlo2U16CFyf64WaxGMLpr3MJx0Sw+FjTwd3XyzBNcgafKe6gT9xYqJRCcvMyrSVTHk+EonNuXFqXQHj0SCdFZ35M7P86BwNBltmbOXNHHDL3tZNY2Ypj1fa01Hcs=
Received: from DB6PR0802CA0036.eurprd08.prod.outlook.com (2603:10a6:4:a3::22) by AS2PR08MB9427.eurprd08.prod.outlook.com (2603:10a6:20b:5e9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.6; Wed, 21 Dec 2022 18:57:33 +0000
Received: from DBAEUR03FT020.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:a3:cafe::5a) by DB6PR0802CA0036.outlook.office365.com (2603:10a6:4:a3::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.21 via Frontend Transport; Wed, 21 Dec 2022 18:57:33 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT020.mail.protection.outlook.com (100.127.143.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.10 via Frontend Transport; Wed, 21 Dec 2022 18:57:32 +0000
Received: ("Tessian outbound 6e565e48ed4a:v132"); Wed, 21 Dec 2022 18:57:32 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: caa3c78ba20a0d02
X-CR-MTA-TID: 64aa7808
Received: from 6d16a59bb455.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 38AC71C1-CA20-4E87-BF4A-67E564FC1E07.1; Wed, 21 Dec 2022 18:57:25 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 6d16a59bb455.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 21 Dec 2022 18:57:25 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ca9FwWIHw96JeUn5rat8WKaxUhXqayMjvOCXOSt39err/5q1Zx0FAtmcL5mszdluSXDreTvWoILZXiEhWzw10Q8zWIqtxVpJj0QYmkEGMgaRrH0s0IemeNMzgafoGwQLgjt7ZjKUS5wjmFH+Srj44C5yMulco4Bh5UA20SbBqF/lP4M4PqBqSXt2yp6uDhVg0R4czsrGFkRUPtfqXxLfGXwjx2yPEJ0BSIi4LF3hdBHF7H2oxQI9fjaAhgpwZmD6FY0ohigBfBZ4ZG2hHiuPbvxVKWTIPK33zTWXFMR1qeB99LTFpLTatX0Ca4ENO84RSEcoNQULaOmQT7uOX3H0wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mP3oDcFjepZbp8+Foo8rOgPPmDafbP/ViI0sxeJUjsA=; b=UE7Z5z5RWYvFr0UCQeE7Wcg6BDoGclnlM+Qw+VsWzADoAlnYaFuWrsKcbHof0FzabgV8OpVNR9Bt/8zWk7e9zAPsOXl5qYD2e5E8BDDYhDlSpqXk0/ozvfF3r4slbgOsPQJ0mbWRlDNukoNdDsKshoEFYkCaJDNMIWULz6/2btpJn3xx4ewGj6xe0Oxx1wRCs6I3szU1XYkmTExQGs3ivuEG4EmElkNDqZe7yqU0nPA2W76I1Mvqb41jYBIuFTYxqPA0fWgoPE4BWX2X5orbveaYhlL54RQyMY0S02O3WNZOQ5P8B/IJ4lnpi0Ojikk/Q4eCxjEx603hsJvSdx4zCw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mP3oDcFjepZbp8+Foo8rOgPPmDafbP/ViI0sxeJUjsA=; b=jqhM73WxsDF5Mw0W9kw58DZQhf5+hLdxLBt6dm2zIQSuhVVUlo2U16CFyf64WaxGMLpr3MJx0Sw+FjTwd3XyzBNcgafKe6gT9xYqJRCcvMyrSVTHk+EonNuXFqXQHj0SCdFZ35M7P86BwNBltmbOXNHHDL3tZNY2Ypj1fa01Hcs=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by PAWPR08MB9638.eurprd08.prod.outlook.com (2603:10a6:102:2ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.6; Wed, 21 Dec 2022 18:57:18 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::e715:bfac:5ba3:22ee]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::e715:bfac:5ba3:22ee%3]) with mapi id 15.20.5944.006; Wed, 21 Dec 2022 18:57:18 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: "spasm@ietf.org" <spasm@ietf.org>, "draft-ietf-lamps-key-attestation-ext@ietf.org" <draft-ietf-lamps-key-attestation-ext@ietf.org>
Thread-Topic: Two comments on draft-ietf-lamps-key-attestation-ext
Thread-Index: AQHZFW2mv8XeWoZFtUKWFVmq7k+jNw==
Date: Wed, 21 Dec 2022 18:56:47 +0000
Message-ID: <DB9PR08MB652423A4D0BA4C58C9A08ECD9CEB9@DB9PR08MB6524.eurprd08.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DB9PR08MB6524:EE_|PAWPR08MB9638:EE_|DBAEUR03FT020:EE_|AS2PR08MB9427:EE_
X-MS-Office365-Filtering-Correlation-Id: bc04ddf3-9deb-4ff2-537f-08dae385374b
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: hp+yOUSOpnhCndKg4XujXILSDjSB7YdT8DPyFAd6lP14pBICpE4R01RvDveLqQvvgR6IBRUTEmuurRYZKtE0YqBqH9VnaOyShRqYuYYjJKABZZlJC1Dvx6qiRaNzLtePvTa9bQS/03qi2MmFALt4LuqTkJJTOOv98iOweaXN6dpSkfBbgwzgbTHegdMHkulNO8QPnf7zgKV6zFHM2U3YmzjjJkfKW11rvpsH6vy5PN3NUhKlctbwHtf+fbj/QawavnETDaR+Vt+H529xEZ84S3Vi1+JSm6dkeiu6DNG0OO3ltpDFtO5geB+IcsX/Eo4Y4HWNiR71whhJVha97EQOdp3X97EnCGYWlTwdD4HEaO2Lwcy/BplwnzK4OX7Ttd4vZu1zH60hMwb8yaALOWPN5nDdHo5on1jxo2xGVNbog41E5tP4j2OWaVsIzJ6Yc6WBR9/K6ulPQlfKF5lid0aBv+3xjnqEIYzSs3aFvq/v6SoT2Imi41HX6KkG2u5X47hACsOpIhfsSo/3JvSP/oVMfDo/V1AkDDvUE2lrqn3eNsDDDHogvLxDfYCl9V722m6s7rtTtQNonCTGculX7mhxuevO7dqDsYOpKXuOz81LLIL03t4R2r+/J15+xVqmY0yTdRDoNo+owHTrr2HSM/X5GZdIyOrUyRnXHuTp4bRerQ8lIXv+Il6UFEMNUhx2It9JY6qNtt4lpNI4F9e0ag22r7zA7XeaDwAPu7E5AoqXUaQ=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(39860400002)(376002)(346002)(366004)(136003)(451199015)(316002)(52536014)(41300700001)(110136005)(450100002)(76116006)(66556008)(66476007)(8676002)(64756008)(66446008)(91956017)(66946007)(86362001)(38070700005)(166002)(38100700002)(122000001)(5660300002)(83380400001)(33656002)(4744005)(55016003)(8936002)(2906002)(71200400001)(966005)(7696005)(478600001)(6506007)(6666004)(9686003)(186003)(26005); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DB9PR08MB652423A4D0BA4C58C9A08ECD9CEB9DB9PR08MB6524eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR08MB9638
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT020.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 05a59912-8876-4ad4-f81b-08dae3852ec5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: aUkg6+Vs4jCSyBSlB9jpvGqCQkWa7KHAJ8Oanyb0hejE4Lb0M58kEeSmZBeEKpuJfgLSh3ozxjBMgYHVYsQKBfFIqYAam4V+5kckoRqvrVedgvk81CR0M9CFb6ils0Kaq91Shqb8McEHUrmFAhbZ8WSkBTl5BQuWr8yznXDpCDr+C8N5pH4hWjBEGmCvdNg5++FgoQRKGk0xhRMXGUM+bJ+VlpRyVGrp1FeYxGbc6eFEVdFitHN7CuDvJIU20hYrWoQUJPzDXbvrtcGfJpnGfmIzhW8fUZadnHWSrHhZT0bhDt6gtZJV9vnX7Hq97QvUT3DEefrurmAgZx5s0VHuXUOrpXExQUMVYR+kuhWrK0UmNyzS8hfmaXKZCIJc+Hbg2676s8V7D2+CTU6MBgsQAVv29VrGWqCfgufqH4J2WeOlPQMsK+Nj8KajCrikJTTF11TD5AYKoJAL7LuWTsuGMyisDQGOfyOfVdbPxxQ2fKVYE7NPg0tteX+VhTkoKhn6pT3kBpBm6GAU7jXQAMrAwdAV3XTNL6pq8qg18N+X59xGMGy7ClC9oKPnkR0LORM342yd+jJHp4Gf6Su+Xv3MUegp9/rvzZrAfb9h3CKrzYexHYVmYmZeAU+FCbTweCh/tceInVRlXIYv/PRmrKfzkSZUfh3wtSrrqcOBjcF48Q78zx4h3JBtosFBz+FDq66OkwLVrfGlDsAT8WJDaUCLbdFgouK2ki/Ng1KSrujQ5bA=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(136003)(396003)(346002)(39860400002)(376002)(451199015)(40470700004)(36840700001)(46966006)(40460700003)(478600001)(966005)(33656002)(2906002)(110136005)(316002)(356005)(81166007)(83380400001)(82310400005)(55016003)(82740400003)(36860700001)(86362001)(6666004)(186003)(336012)(47076005)(6506007)(26005)(40480700001)(166002)(7696005)(450100002)(70206006)(8676002)(5660300002)(70586007)(52536014)(9686003)(41300700001)(8936002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 18:57:32.4029 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: bc04ddf3-9deb-4ff2-537f-08dae385374b
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT020.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR08MB9427
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/axE6svUQcipJigO-aB4_iLfHjkk>
Subject: [lamps] Two comments on draft-ietf-lamps-key-attestation-ext
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2022 18:57:43 -0000

Thanks authors for a clear and useful document.

Would it be possible to get an OID for CMWs [1] alongside WebAuthn?
That would help the case for passing attestation results when the RA/CA
cooperates with a separate verifier.

Another question I have is related to defining a symmetric cert
extension for carrying attestation evidence & results.
There is an extension that would do the job defined by the TCG.  Maybe
this document could reference it?

cheers, thank you

[1] https://datatracker.ietf.org/doc/draft-ftbs-rats-msg-wrap/

--


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.43.4 | Report a Bug | By Email | System Status