[Teep] "SLA" on Attestion Results, or validity lifetime
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 03 March 2020 16:13 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3E9B3A22E4; Tue, 3 Mar 2020 08:13:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8FX36PwZQY0; Tue, 3 Mar 2020 08:13:08 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 727643A22EE; Tue, 3 Mar 2020 08:13:08 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 9568C3897F; Tue, 3 Mar 2020 11:12:00 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A0C1116D; Tue, 3 Mar 2020 11:13:06 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: rats@ietf.org, teep@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 03 Mar 2020 11:13:06 -0500
Message-ID: <4704.1583251986@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/5Ai3Egabxgy7eM3BPvj6CvWveh4>
Subject: [Teep] "SLA" on Attestion Results, or validity lifetime
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 16:13:12 -0000
https://github.com/ietf-rats-wg/architecture/issues/42 asks: TEEP and others needs to know what kind of SLA RATS can provide. DaveThaler: The related TEEP issue is ietf-teep/architecture#148 and an initial TEEP architecture PR is at ietf-teep/architecture#153 which punts part of the problem to the RATS architecture, since it refers to the RATS arch for more discussion. A key architectural question is whether an attestation result may/should/must have a validity lifetime encoded in it (like DNS responses etc. have TTLs) or not. That is, can the Verifier say that an attestation result it generates has an expiration associated? (Physical passports and drivers licenses for example do have an expiration associated, as do X.509 certificates.) Or is the lifetime only implementable by the Relying Party based on other information like a Timestamp in the attestation result and its own appraisal policy for attestation results? And is there any requirement that a Relying Party and an Attestation Server need roughly synchronized clocks? (I suspect yes.) Offhand, I think that it would be good to allow attestation results to include an expiration timestamp. (Aside: assuming we want EATs to be usable as attestation results, I think this also motivates adding an Expiry claim to the EAT document.) mingpeiwk commented 16 hours ago I concur that a validity period should be associated with an attestation result. This is a common best practice for various assertions, certificates etc. as Dave listed. mcr commented 15 hours ago I don't think that the we need to have a lifetime in the Attestation Results. The Relying Party gets to decide if the results are fresh enough. We have two ways to prove freshness: some kind of pronouncement of time from "above" (maybe it's GPS, I don't know) such as imagined by TUDA, or some kind of nonce-based system. If the RP issues the nonce, it knows when it issued the nonce, so it knows how fresh the Attestation Results must be. It also knows when it first got those results. (Same thing applies RP->Verifier, and AttestationResults->Evidence) MCR: I believe that in the TEEP case that everything is sufficiently "online" that freshness via nonces is probably better than freshness by synchronized clocks. Other users may have different requirements, and thus https://datatracker.ietf.org/doc/draft-birkholz-rats-tuda/ -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Teep] "SLA" on Attestion Results, or validity li… Michael Richardson
- Re: [Teep] [Rats] "SLA" on Attestion Results, or … Thomas Fossati