IETF Logo Mail Archive

Re: [Teep] local attestation

Brendan Moran <Brendan.Moran@arm.com> Thu, 24 March 2022 11:07 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BD2E3A07D7 for <teep@ietfa.amsl.com>; Thu, 24 Mar 2022 04:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=q5JGaJzP; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=q5JGaJzP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ztQZgK2kdE7b for <teep@ietfa.amsl.com>; Thu, 24 Mar 2022 04:07:41 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20628.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FD3F3A07D4 for <teep@ietf.org>; Thu, 24 Mar 2022 04:07:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fl56/xlzP+8KszKNu4cpTr//hKwO5Q9XVSFRFZyjaps=; b=q5JGaJzPojyLyX2Ja4802Ne21318MJ434inAq2MN/iZo09mi/VqHNk4TyOT+vWRubaqbDOO4BBZOeNH/1MQG2qrpSn7IW5+BWqrQpmwiz9YtM+ka70WoEmPtwTdkdjV0Gf34J4wjj1l3ikpBsZRJWSjp8PVuWrONtgxdxbNSbv8=
Received: from DB6P195CA0008.EURP195.PROD.OUTLOOK.COM (2603:10a6:4:cb::18) by PAXPR08MB6543.eurprd08.prod.outlook.com (2603:10a6:102:12f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.18; Thu, 24 Mar 2022 11:07:32 +0000
Received: from DB5EUR03FT010.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:cb:cafe::b9) by DB6P195CA0008.outlook.office365.com (2603:10a6:4:cb::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.17 via Frontend Transport; Thu, 24 Mar 2022 11:07:32 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT010.mail.protection.outlook.com (10.152.20.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.18 via Frontend Transport; Thu, 24 Mar 2022 11:07:32 +0000
Received: ("Tessian outbound 63bb5eb69ee8:v113"); Thu, 24 Mar 2022 11:07:32 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: d1abde34c4fb2d33
X-CR-MTA-TID: 64aa7808
Received: from 4630fbc81ca6.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 629C1F15-D3D8-4370-88CE-F75A5DA02162.1; Thu, 24 Mar 2022 11:07:25 +0000
Received: from EUR03-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 4630fbc81ca6.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 24 Mar 2022 11:07:25 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xve68xrvTeYYQZGkZHpNT8On8Smag1pZ6gb7tGXC0HMXCPjkBj6fmVwpADcIKeiYccbMtd6a/TsDgo18cn9CkvcFNw+xsU+yd6Yry5FYBa1aDzJc0Rh7/dntMVwPYWKCeFiUmfbgrXgSNIOcdbZC4o5xa/rLPgnk4meMzfz1GkxZujkCo1HVHwS3Hzo+k1OJoa4IH113aeYa0zC93dibPPDl1CFNBWYYy2ELqG+xP7aLQtDZ7kfWsI20TjbZkIbQW9zkAyFFKfVtQCdUCmHsYtX9e6vBvSu4fTgH6NUC2BzjeFzQ3L/aWIAPAwA3hShQoWq8jHejWMMbrj0h8JA9Hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fl56/xlzP+8KszKNu4cpTr//hKwO5Q9XVSFRFZyjaps=; b=glD7C7h0LHfWipqongj0ARfU9N1sp5/hnBvit3sRLGORRabpAZ8G0NTxhZcX0TAvUdKkrPd+XrtrMu1gM9S7b0M8gZl2mrj+v8oIKEeIDLFJATjOUVXaT4Ym0usLk0OGPYf6aTG/36kbouPJXn4ntcgwNYJ6Ik20URr9lUZSe/FcsP/X3IMj0V04yyRapexNSG+Vv15ZFgY/DoM7k926383b6cu47uNK3FGmuEMh6sFKcyNDqHqOOcoJmHEGB37TNGo5bot7XBwVOpRm+XMCb58YRdUXK+OgqJPzantl2nxSPFEOr8WswcnpgpRYbau0b+B3faiJKoZXrBQ2D/sAzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fl56/xlzP+8KszKNu4cpTr//hKwO5Q9XVSFRFZyjaps=; b=q5JGaJzPojyLyX2Ja4802Ne21318MJ434inAq2MN/iZo09mi/VqHNk4TyOT+vWRubaqbDOO4BBZOeNH/1MQG2qrpSn7IW5+BWqrQpmwiz9YtM+ka70WoEmPtwTdkdjV0Gf34J4wjj1l3ikpBsZRJWSjp8PVuWrONtgxdxbNSbv8=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by AM0PR08MB3202.eurprd08.prod.outlook.com (2603:10a6:208:56::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.18; Thu, 24 Mar 2022 11:07:23 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::cd42:90e:6b8:dc77]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::cd42:90e:6b8:dc77%3]) with mapi id 15.20.5102.017; Thu, 24 Mar 2022 11:07:23 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "Smith, Ned" <ned.smith@intel.com>
CC: "TEEP@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] local attestation
Thread-Index: AQHYP2PQLT9coDIxuk2OCE5SUnwrFqzOX+MA
Date: Thu, 24 Mar 2022 11:07:22 +0000
Message-ID: <B0790F77-FB5A-42C2-A5A9-502A57DD1002@arm.com>
References: <288513CC-0827-4B42-B902-141287FA7935@intel.com>
In-Reply-To: <288513CC-0827-4B42-B902-141287FA7935@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: f47bc719-92fc-40ef-e690-08da0d867e80
x-ms-traffictypediagnostic: AM0PR08MB3202:EE_|DB5EUR03FT010:EE_|PAXPR08MB6543:EE_
X-Microsoft-Antispam-PRVS: <PAXPR08MB65439F1359B4E53F3B76834DEA199@PAXPR08MB6543.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: dtq8dv7WZC+WyPETrX5GnNaN7HUFUJsqE5Ju5SZ/rOi2yh/tLG5nhRqz0TieDw9a1SFj1USjoVPCgZ9yrl5xZjKPNgyMr4z1GZ/3OFASSfIsDXriCyA7Ku297M82dH9TIWA2ensB4OdVpuDq5n38LD4RgPzBeoQG5MQuYlC45L6s9fNKMaqpi0x4MRVXtpjcrPSmEQ0M3Yhpqb8QUDoqfIKArKrEyoDlLK9+BJjdpj3mzw8VuQVaGOA9XEM0v+RJwApYbrKcrRx0rLHdXuy+r4H7VImf1n8M0qIS6EBTdKkno73+Hc+ywSiocUcmI0LLO9dm4zOeYUMoTjzhMoDSUrSKNQLQVd7MdWPqaSHuzXaFbOxOG7tcWjls8cGIoggsgagiKk6Z/36Ds86R0wmGSXwWQHcb3Xj9a0e8JrsJ4UzWRdoFMxrftLROcbCmD1lMpN+EHiw8HOCHS/eSbZ8GZ3EcUqV+SkWbBZxsoh9OGpDtSS6XuI+ZxiFrjQTfeejzbownJRuVcQntV7LVR8U6tofH7PL2K8+06JL0HK4Y47rDzXLpI/dbgUmIW1eDkUZa2nKIzCU6Z6rMFzLd7y9rJ+B2QKudGHo0iN2j/L+jN6vvsmJhPf3RH1ZhCavlq+W+ubuxmM1VELvnamdiYOFhjSnbaBqE1PhzwQVwB8/PJvcuV7l2SoEtjzpiAVKd9mEvUfbV10NoU4OSgyXr3J1kwZ73aBGohumx2lKalZUb5/GowtPOPVi9hGZqvcdb7jYh
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(316002)(55236004)(53546011)(91956017)(4326008)(66946007)(66556008)(66476007)(64756008)(38100700002)(76116006)(33656002)(66446008)(8676002)(6506007)(2616005)(6486002)(86362001)(71200400001)(38070700005)(186003)(26005)(6916009)(6512007)(508600001)(83380400001)(5660300002)(8936002)(2906002)(36756003)(122000001)(45980500001); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_B0790F77FB5A42C2A5A9502A57DD1002armcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3202
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT010.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: b899cdf5-b4a0-4a64-3165-08da0d8678f0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: J+yvn2ede+UlJ3PzZXMeSoc44Bo27eqXvER1dQpOLQM7QFMxarhvKBoeOzTNKkY2Svh/odsqG4FYjGyW4HHdYdhwXONDXwssCRiC3sKkGTie9nadu9sT5B5U+IusrZMX57yBmpJJUcV4AdL+qQxZj8pPwMlXA4UF77wxHdcC0iiNc2j34VTwQznfsILaT4GlNl77mhzXRe8wHO7tKbzk8peuTN7gUoSSH1qjYuO4oqxxzYwF0ZVvyhxnPXm/x8AvJMx1vb7o8OvGoNbui+a0iZ+btV10HVhOlVFWYCK1Bk6Eb9dMMwM7HiaiKVLTIVLMT3w9KUR7Ow7cV0QERwYDnUd0zWDWLPqoM5IqFqGkJ/CGk1Ts2KeEJ6Yy3evMhYOAZLE0Nr4AotG+Er352houSLFfFMWH6gMxRLD2g683QqdzHuFvEHp9gwnWDvk3w+RDV+/4aWUdWrhKbKhFSxDv8qeFHbHDQXt/xqLTZbbJqhESYjZYiFX2ncE1xqBsfdl1Qoo2ntfJUeH7s2FKrDyopyY8fJ1c1O0l5MtvV8iNvakprjpUxSqrQ/4MvIZHPm1SMJdMVbF+pI/m8B298fPd7kH1ZCtuSN+ASYMWLYbejThQCVdUkUSMCJXLDyu+btJLktLk2wgobRSyxN+mHzRZVldS9TxW/sypIqmYHTm8sxR9PAfNtaeeF2J22+8nTrlL
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(508600001)(8936002)(8676002)(6486002)(86362001)(33656002)(316002)(36860700001)(2616005)(70586007)(6862004)(4326008)(70206006)(5660300002)(45080400002)(47076005)(36756003)(356005)(2906002)(6512007)(336012)(81166007)(83380400001)(33964004)(40460700003)(53546011)(6506007)(82310400004)(26005)(186003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2022 11:07:32.5417 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f47bc719-92fc-40ef-e690-08da0d867e80
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT010.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6543
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/DAqUzgRggWJllucZm32OdL0aQvY>
Subject: Re: [Teep] local attestation
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 11:07:46 -0000

Hi Ned,

That’s a fair point, but what I was really going for here is to distinguish it from “remote attestation.” There’s an additional point that there needs to be some OOB data transfer to obtain the “correct” values for the TA. For example, you could imagine a TA Transparency Log; something that is used to TATL on misbehaving TAMs.

Best Regards,
Brendan

On 24 Mar 2022, at 09:44, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:

I think this should be called ‘human-verifieable attestation’. Local is ambiguous as it requires context that distinguishes between what constitutes remove / local and neither designation requires the entities to be human.

From: TEEP <teep-bounces@ietf.org<mailto:teep-bounces@ietf.org>> on behalf of Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>>
Date: Monday, March 21, 2022 at 12:19 PM
To: "TEEP@ietf.org<mailto:TEEP@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: [Teep] local attestation

I was asked to propose some text on local attestation.

While it may be the case that an asset must sometimes be secret from the user, it is not the case that the user should know nothing about the asset; the end user should be able to verify the authenticity and integrity of the asset. To enable this, local attestation can be used to prove integrity to the user. The user can then use that integrity check to verify authenticity, for example by checking against a signature or by verifying the expected integrity check using conventional web pki.

Thanks,
Brendan
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email