[lamps] Attestation Design Team Notes
Michael StJohns <msj@nthpermutation.com> Wed, 26 April 2023 18:31 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BDACC15154C for <spasm@ietfa.amsl.com>; Wed, 26 Apr 2023 11:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6SwXxgSJaNC for <spasm@ietfa.amsl.com>; Wed, 26 Apr 2023 11:31:21 -0700 (PDT)
Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com [IPv6:2607:f8b0:4864:20::f2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC69C14CE38 for <spasm@ietf.org>; Wed, 26 Apr 2023 11:31:21 -0700 (PDT)
Received: by mail-qv1-xf2a.google.com with SMTP id 6a1803df08f44-5f6058c0761so31883446d6.1 for <spasm@ietf.org>; Wed, 26 Apr 2023 11:31:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20221208.gappssmtp.com; s=20221208; t=1682533880; x=1685125880; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=xi46wH4rMv13OOrq+zK9jwB/ujPUfps1HEqqHWRFN5Q=; b=Yf9WaiW+3YYEP8/LrLCWUOYYMkisjCBLl6EhkH/pTZ1zXYHKpXPFmkqm1rkpRtJt4b eGJdWAxs1MyAhvO5s/cJroHXcjVM4xxN5z3i+5mFPbnIKBmSot5iFotWo7A6xpYZIP1Z a/NKsSDrqTbvJ9R3IDp+uBvlRazKrlB0Wc6L7YNfbhJK0/RhLii5ie9fXFYbR9+vl2tQ qfIL1EZxwrdjrACsguV/BvT1dSM1SjVvjEKgQ0IQtEZsqFdG3LhdLEmYxzccTX29xZgu ugCXboQ1gNkIcBzto1eUb5YoBfPHk3MEYVx7tlIzeay3Zv9EB5AFF8R5laziC3mp1N6f dMCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682533880; x=1685125880; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=xi46wH4rMv13OOrq+zK9jwB/ujPUfps1HEqqHWRFN5Q=; b=PiE3l2HAsL+OiR8M6Mc8kH1gKGl1Vp60Kr50PpGGLQj9OIgBwHJ0MIiXoIkgLJJ51g NnA+As+mHH6GzwG4WdXGDyWILBHnCWfIBaZguCYrzBd1uVgbkiEevFD5QwSU/afqmUxi 6MNgzbF5b1a62IsPCTS9uu14n7VEI+kKCHwatBpqZOnPMXsnDEYv/jOYkzu0PhVXr8Qd S1x12HMtM3XKAplFdT3oO02qD+v0mLL5gXPtWGyIC043IhbYXkHiEqmUfQNmLeXVMIbj 0EDcHKXLc6nD6IyPli4jbCSWiijdTo8kPhA9RqUnouO5NOg4Ksj9sprSAzDsNX9oLXjS 03Bg==
X-Gm-Message-State: AAQBX9eZsMVXfUmkEzi1ca24zT/Mqb1g/oJnn3HLprNCF8pGduyfEtK+ QXOvMCtzCUmyD4qgcYHqTnP58rdBK+BF5uLxze8=
X-Google-Smtp-Source: AKy350a+/wbYHsZ8D3XgNI6E/uax0qkLxfD8Yt3r1MYwPTbhDnlxxXw21KcVISPMWRzI8yw9LcPcvw==
X-Received: by 2002:ad4:5dc2:0:b0:5ef:4fe1:d1ab with SMTP id m2-20020ad45dc2000000b005ef4fe1d1abmr32514356qvh.38.1682533879974; Wed, 26 Apr 2023 11:31:19 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-31-156-76.washdc.fios.verizon.net. [108.31.156.76]) by smtp.gmail.com with ESMTPSA id o8-20020a0cf4c8000000b005ef5fc3a136sm5015017qvm.110.2023.04.26.11.31.19 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Apr 2023 11:31:19 -0700 (PDT)
Message-ID: <877e2174-5f2b-b313-9131-d9216951fdf7@nthpermutation.com>
Date: Wed, 26 Apr 2023 14:31:17 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1
Content-Language: en-US
To: "spasm@ietf.org" <spasm@ietf.org>
From: Michael StJohns <msj@nthpermutation.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/d0xsQZIBgizetVRaZVULmTkEdlk>
Subject: [lamps] Attestation Design Team Notes
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2023 18:31:22 -0000
The team met via Teams on Monday with about a dozen attendees. Primary discussion was the content of an attestation (specifically not a format). Working from my initial list - we walked first through the overall list of attestation components - specifically the fields if you will that would be signed by the attestation private key. We then walked through a list of proposed key attributes. In the list below items marked with (???) were mentioned, but mostly didn't get a lot of love. In the attestation components section we were pretty much agreed on the first three items being required. There was a healthy discussion about clock time vs relative time and the relative merits and limitations of each. Basically relative time provides ordering of attestations from a single source and is pretty easy to implement within an HSM, while clock time gives more information, but is mostly not verifiable by the relying party without things like third party time stamps. Items were added, deleted and moved during the session. Please take a look, and see if this list meets your needs. If not, propose a change, or your own list. The field marked with a (?) was discussed, but needs more discussion to resolve (e.g. whether - like the TPM - we include the attributes of the attesting key under the signed attestation). ++ Attestation Components > Mandatory Components >> Attested Key and Attributes >> Signature >> External Data > Possible Mandatory (?) >> Attesting Key and Attributes > Optional >> Relative Time – Boot count and boot time > Others? >> Clock Time (???) >> Platform Health (??? - maybe different type of attest) The list of key attributeshas four sub groups: How was the key created? How is it protected (e.g. extractable or not or with caveats)? Its usages (as enforced by the HSM, and Its maximum lifecycle (does it have a fixed lifetime, can it be deleted, does it last past a user session, etc). ++ Key Attributes > Source/Creation (enum) >> Loaded >> Device Derived (e.g. Derived from a device permanent master secret such as a TPM hierarchy seed) >> Generated on Device >> Key Agreement (???) (Derived from a key agreement) >> Co-Generated (???) (Securely cogenerated on more than one machine) >> KDF (???) (Derived from a master secret which was in turn derived from a two - or greater - party protocol). > Protection (enum - ordered from least to most protected) >> Unknown >> None/Software >> Extractable/Migratable (by the user) >> Extractable for Backup (encrypted under a key migratable to another HSM) >> Extractable for Storage (encrypted under a PUF, not migratable) >> Non Extractable > Usage (bit set) - HSM enforced, NOT end user usage. >> Attestation >> General Signing >> Key Agreement >> Key Encapsulation >> Encryption/Decryption >> Certificate/CSR Signing (???) > Persistence/Lifetime (enum) >> Unknown >> Ephemeral – single use >> Session (see PKCS11) >> Boot Cycle - (HSM boot cycle - RAM resident basically) >> Timed (???) - HSM enforced key lifetimes >>> Minute (> minute < hour) >>> Hour (>= hour < day ) >>> Day (etc) >>> Week >>> Month >>> Year >> Persistent (flash/NVRam - user deletable) >> Permanent (flash/NVRam - admin/SO deletable, not deletable by user) >> Fixed – Device Clear >> Fixed – Physical (e.g Terminate) > Signing Policies (???) - basically proprietary extensions >> OIDs (???) Michael R - do you have any other notes to share? Mike
- [lamps] Attestation Design Team Notes Michael StJohns
- Re: [lamps] Attestation Design Team Notes Michael Richardson