IETF Logo Mail Archive

Re: [Teep] [Rats] EAT claims needed by TEEP

Laurence Lundblade <lgl@island-resort.com> Tue, 09 November 2021 17:02 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 154BB3A0D04 for <teep@ietfa.amsl.com>; Tue, 9 Nov 2021 09:02:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMGlcs10o253 for <teep@ietfa.amsl.com>; Tue, 9 Nov 2021 09:02:25 -0800 (PST)
Received: from p3plsmtpa07-10.prod.phx3.secureserver.net (p3plsmtpa07-10.prod.phx3.secureserver.net [173.201.192.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1BDC3A0CFF for <teep@ietf.org>; Tue, 9 Nov 2021 09:02:25 -0800 (PST)
Received: from [192.168.1.7] ([75.80.148.243]) by :SMTPAUTH: with ESMTPA id kUVsmHjfH1cCHkUVtmHkcZ; Tue, 09 Nov 2021 10:02:25 -0700
X-CMAE-Analysis: v=2.4 cv=K7TnowaI c=1 sm=1 tr=0 ts=618aa9a1 a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=NEAV23lmAAAA:8 a=l70xHGcnAAAA:8 a=48vgC7mUAAAA:8 a=VAGP6-qEoBLrHiFJZPkA:9 a=QEXdDO2ut3YA:10 a=PkJ-d3uOfT-SOFWVpasA:9 a=i9skapHNZn3JvROL:21 a=_W_S_7VecoQA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <A40BE985-E12E-4B5E-8995-F4408134AEE4@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F0016946-8946-4B87-B42D-5318B159104E"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Tue, 09 Nov 2021 09:02:24 -0800
In-Reply-To: <27150.1636465193@localhost>
Cc: "rats@ietf.org" <rats@ietf.org>, teep <teep@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <BL0PR2101MB102770B8E03B95A44497004CA3190@BL0PR2101MB1027.namprd21.prod.outlook.com> <7607E6BF-459C-4A32-AAE2-08117A97E06B@island-resort.com> <BL0PR2101MB1027EA205417DAF375BA7085A3160@BL0PR2101MB1027.namprd21.prod.outlook.com> <B1FDD70B-2530-454C-90AF-F44EEDC4F1F3@island-resort.com> <AM6PR08MB342916CCDD01E8698BB3C883EF170@AM6PR08MB3429.eurprd08.prod.outlook.com> <2D53BD60-4FA8-4153-B28B-585E902845AE@island-resort.com> <AM6PR08MB423141370A5CE9DEF6C732C69C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <3370D92E-23C2-41C3-B86F-A65C168E9082@island-resort.com> <AM6PR08MB42311D76B24E866812171BDC9C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <CH2PR21MB14640330E3DA58D2144659F7A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <C9FCDB94-1734-4F6C-B6D9-DDB384827E06@island-resort.com> <CH2PR21MB146427B07435A5F36DAE5782A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <27150.1636465193@localhost>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfMyUc6XMw1h9EGwoF48FoWJJiqY2N6b8iZX81GMpO5XaiBLYf7/TdcukZ8IDOH/Gwp0J98G38Rnf8CMQGTlWg6L70hiMNJovGpbFXJaaOztiSKzoNWOd WuIdxf9+Cqxa9CuHVz2VhiRFNtNNssTPs8/mLTEqre9bAkKXg0eHv38iJOwzTqfMdmftCJU98v6hSrCTJfyziErGQXmKiqiyFLISyU7f0/DSrHRwDZW4fT0u L8vBowJIk0lNuZbyd+xLcA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/3WIGFfjmBsl22thkjiPpzb-Eb18>
Subject: Re: [Teep] [Rats] EAT claims needed by TEEP
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 17:02:31 -0000

Appreciate the comments.  Think it is important to keep this generic since it is going in EAT. TEEP can have specific ways it uses HW class, but don’t think we should be referencing TEEP in EAT.

There’s also some comments filed as issues in GitHub <https://github.com/ietf-rats-wg/eat/pull/139>.

Seems like it’s the concatenation of HW OEM ID, HW Class and HW Version that pin point exactly what HW you have. HW Class is kind like a model number.

LL



> On Nov 9, 2021, at 5:39 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> I'm reviewing the pull request at:
>   https://github.com/ietf-rats-wg/eat/pull/139/files
> 
> About the hardware-class-claim.
> 
>  "There is no global scheme or format for this claim."
> 
> So I wonder how TEEP's flow will deal with this.
> Forgive me if that's buried in TEEP somewhere.
> If so, I think that the EAT document should perhaps refer to that informatively.
> 
> I can see how the verifier can be okay with lack of scheme: the signing key on the
> evidence can index into a database of devices, and then it's a string
> comparison to see if the device claimed correctly.
> 
> But, equally well, the verifier already knows, via that database, what the
> value is.  The only utility I can see if that the RP is going to see this in
> the Attestation Results and use it to decide what binary to ask the TAM to
> load.
> 
> I'm concerned that any hardware vendor can put any value in this.
> The Verifier, provided by the hardware OEM, agrees.
> The only thing the RP can do is the rely on it's contract with the Verifier.
> That's actually the thing the RP ever does, I think: so don't mistake me.
> What I'm asking is, given that, is this claim even needed as evidence?
> Maybe it's only useful as Attestation Results.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>           Sandelman Software Works Inc, Ottawa and Worldwide
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email