IETF Logo Mail Archive

Re: [Teep] local attestation

"Smith, Ned" <ned.smith@intel.com> Thu, 24 March 2022 09:45 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10F113A15FE for <teep@ietfa.amsl.com>; Thu, 24 Mar 2022 02:45:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w-E-rY7W1ghi for <teep@ietfa.amsl.com>; Thu, 24 Mar 2022 02:44:57 -0700 (PDT)
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA52E3A1605 for <teep@ietf.org>; Thu, 24 Mar 2022 02:44:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648115097; x=1679651097; h=from:to:subject:date:message-id:mime-version; bh=PLVq1fe/0ONFQcsDeTG+aIgN51vqWowYvgO5JjkhMGc=; b=Pcy+4effjQrxOaS4DP9Nrr+Ww55fI6AhSt1CC5NwmbpCZSY/5PdbtuTw W/Zn+Zxk3VwY+NSm1OAgL7eVnquBnIWHuDizJjrNRMvZFlFjZr+JmO8Mi sMmE4M4EiTCIm4XyZ+4O2balf2B/+3GxHgyG79mmukupcD01ifPA+S1nO b4FWaVN0H1OLBUfrASAcVC4pKlfXLHEmekkLFSJ6PJGV6GvNCWN0ADY/Y 74+on65OXi/5my06DzrshAI0i5lQ1EqYY5Yj+ciE5l5CnfjanHT47L/Em qa2RpzSoXkeB/DENSBxRyrmHPZjJRh9ii//pdNzviQEHbvcOkO0737twm g==;
X-IronPort-AV: E=McAfee;i="6200,9189,10295"; a="344764187"
X-IronPort-AV: E=Sophos;i="5.90,207,1643702400"; d="scan'208,217";a="344764187"
Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Mar 2022 02:44:56 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,207,1643702400"; d="scan'208,217";a="786105712"
Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga006.fm.intel.com with ESMTP; 24 Mar 2022 02:44:56 -0700
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 24 Mar 2022 02:44:56 -0700
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Thu, 24 Mar 2022 02:44:56 -0700
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.174) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Thu, 24 Mar 2022 02:44:56 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oOHd1TDGK28vUbgEt9wPD1iMyCPZJCzVElzL9HmrTSx6BxPYBjI9d+/wOK4wxMpMuw7NjOigOj6gu90pT+slrv55dn90H6kpJESY6HN8QQf9yiadmE+/ho/vyPmkcriguAE1nQi2ogFFucDn3Plcd+fq7uk5ivtXPppYXPOub6V2Yi2yaBu0ABLJl9K9j28ysVmunKjb7dV84lsgS6auTSYPOET+jm6bxs9w8FiE6+HrZSfhST5I3ckcEZXbfosAQ+BKcN8J7yFx8vBopuN/TmHhTYxkxO9WlceCc6acYs/EFu/b7yzv6qEumqedtmm+kRG7MnDH6ajx8VIV0XnN3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PLVq1fe/0ONFQcsDeTG+aIgN51vqWowYvgO5JjkhMGc=; b=d46oEsB8RsDD4dNS/UQF0w1VxwVuuZ3pTPZNHTwOjPve45fdPvMSAgNsNx0lcROSswYGwiZET7LhyJOUCISos+c15Arng1AsThGXOtEgTQIgxvlQ8mjxcBI5+6KL11SXDmacbS2oZVEXEmjlN11miIXBeNnggFJonuZmKux2mAen8BuSjHzam8YR61H5cNvkyKFkNqkdZba2HQcig9w8EsC4zL3s29T2t9k8BnRSWCGNPQFpKxv90t0s7j8UeU4vCdhjhgBLKUTj866u2L9i9rMCvAfHNnOOVv9srlqcvOzJWpUJPz2H/ugLxDnNi14f92NOY4umAtxjC4TQftwppw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM6PR11MB3227.namprd11.prod.outlook.com (2603:10b6:5:5d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.19; Thu, 24 Mar 2022 09:44:54 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4%3]) with mapi id 15.20.5102.019; Thu, 24 Mar 2022 09:44:54 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Brendan Moran <Brendan.Moran@arm.com>, "TEEP@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] local attestation
Thread-Index: AQHYP2PQLT9coDIxuk2OCE5SUnwrFg==
Date: Thu, 24 Mar 2022 09:44:54 +0000
Message-ID: <288513CC-0827-4B42-B902-141287FA7935@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d64d811e-d26f-48a0-0649-08da0d7af32a
x-ms-traffictypediagnostic: DM6PR11MB3227:EE_
x-microsoft-antispam-prvs: <DM6PR11MB32270A60E28523DF1B637556E5199@DM6PR11MB3227.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tgDH8TghgklN1KkCmpPehDwXjYEWx3T+Ib4UKWw7HPzJYW0R7Yn4IOMnMj6PsuY5SBuo0Do4gTXZwerkhu/80KYWDC+GapCNlrwJG9V3YHcjBa505WeZWPxsT0cGW0YpXQACmUKKLmK99INBOEywhZh29lfPWoC89zAAM6fYKuOs4Vy+F7G7MS2CYmQpr4tM2TURkIeLzmiQiPotlbTASfyEPjtesOE0Yxu1c/Ye36NvbxayQwKrj/QyzZewwRUVeHfQtC94ZmyKaz2Wlr8e3tduKOFklKgpCnYPo+Rd9HYP+VQVV1pmIlaF5tp1eMdSbBlw2y67jYDIPkBm+VEvRdl2t5Plduz7wRh5juPjLhIAY3jUEMzvquPRV5ifvK9oMM3xuho5j0uUS3/XFhBjt5YOgSt5OUJk/V2z/l/t3LNN9x2GLmbmgPffr/Q6nICWpxKPV3Yp/gTvx6WvCGSfkHe8Rzsb2KEahD/a2kHJfiHv4vvroBeJN56VoCE0PhweaqJhignPq/LjWjnW5JUCnHbSgxHSrYgKKjSxZaT8/1FAxb45zIsnesccAQzbOZScYUauk0BHujeqRDxGubolndw53pNuy32EuQbrdkNm6lFEpFJiCh6cEZg1YL0bBlb4gfC5MqEs/eyl+5e97EV7OcrSBLoFcZZtIIMYvj6E4P+iqzadUIl5l7XXOT17IXFFZwo9nHT9zWdrm2gVYbPMnX9Z/wAtKpZFCVu6G8vQoOkffuzeJTupJ62CKfek9rGZ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(122000001)(66476007)(6506007)(76116006)(66446008)(53546011)(66556008)(66946007)(8676002)(6486002)(64756008)(2616005)(86362001)(2906002)(91956017)(38100700002)(33656002)(6512007)(83380400001)(82960400001)(71200400001)(508600001)(316002)(8936002)(36756003)(38070700005)(110136005)(5660300002)(186003)(26005)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: M0zrke/3nanJPciPzlHJ2J+sM/XmrKMWwIW+A2M4NwIRw+qqqrH9eWpkZQGufMMt/JY68r0Nv+fnp+gRPIazC5NRo8TWd1BcOKyr2z4TbrfyjUeVbjtcOSE0CxMYyECR1gi0ocP8o/4DQ9FbU66VAVoxcndSfsQYZVi9rLJka0mm4x9TIHNhL3orKRCYTJD6EStlsv4B2P12wU8GjSMXLvSGYSJMUpK/pHgjUwFal+Lk9+C/KIcYMoHxAEWQuQB7UjAksr/SAOzkQ9zzRO71XmhDvE3sZeFGPOrI5D3eRwGjplMeVGqS5Ymh5fLmxkUgFII7y/DOP5ebWfH/IT1yt0rwoIMpGGSN4qlxsaD9VjB4UAX26AFPR4T8d0FDw4iLWKmD3qV2ZIC89bkXiHBgzRuYHBW+mcTv2D7XXJABpn9qEGFnRA+lxAORxKABi00mP3fB8mWyTkNXSZSZXxCmMbDVAW6qsKi0Acyxq5pdR6lwUeDieDg5Od9+D3cgzK2cx4w+ydD/+STz+JzD6TZo9Nt7w2AkU22xANa4M8ZWzuDpXJn3ElwNTrPN8i55bnL+Cif8sWyTX/IjGuDLXaQmaJGhAnFeXXR+Vo/jZXy7/KhqK3k9jpnkE4SMksEDQIHWSCg9O72KCBb0O0HJ7xuJjp6FUcaSimwgqowKI0fGoJTUg6iNvtYOM5EObiezUtjo/9mm+X7SvnaZdVWOVRaiTj/PsyNnGulOv2kdiOz1gPLIeWBYdxyqGZ1bhdiMb09LGOuhPqrMLN8PHZLn+1uEzJiMaO21v83bcbCZW1RefyGef7MEMU9MdR9dZL6xXsLLnd8qNLHnJlkZ+XXjw2n0edCa5phkBiZNOyf2pqMzgcdpt2b9anUMR4HfdefYe4um/1EqK4Cfj/Fc+q33xlG24Nq7Db1l/iTURq8N/56TZAH2+lNxUwhaJLBWYZEPyfedRJs+DhZoE1NIBIrZBGmTGuEd9H7Jm+dYG/mhqNtYR7hwe2IrlCpdVUgcn7PD5Ene9g4BYwS27UPnW89/NLXn07vlDeB2au0gHn3LiThUZqCzr7mVs/Jh8y+6HTCz/C1yBhLzjbRXRxlqMqLPcUTQAHGaBBwNq3ylpVxHpPZkAlwgsJ23F2VfRQ1JlN6urvAK9rp29NJvkdkNiGKcPXE5qb7/zlq3MChgQLm6uyTEto8Q8mQWG02qv3yi/lWJFxSBhuXpcW8mwzoE8lWuhswSZGzQaA8ZVRzhqqK80WnCwNhylTAHbhbNiKmP5eiSAyuaEP66yTkr3fkvXrtulq1fPw7sjH4hb9nN+BR7LXXQJsTybeSNzrqqBe3HbDMcrrC4fkfIC7wjlxrLfp0fDugdqeZueMHI9YU/+dO3UY/8QmYVrw0q3RzlgI6ZnNlS1Ve1D6NxDDZ46vO2P6rOPbQkopYbuiOk/kafjMoCJaSj5GrLA3khFpDRI4NxhPW0YPx07XnlNLlsEuuemyNI91f5TA==
Content-Type: multipart/alternative; boundary="_000_288513CC08274B42B902141287FA7935intelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d64d811e-d26f-48a0-0649-08da0d7af32a
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2022 09:44:54.2510 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: v79wQMF1QCryGWWbLZ/aTRoaCA9ZEfmdpngMJbNpboa9f08j6ZMMIN4joAPzzWFTu0aWPep+SYjHDLQqvFXRuQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3227
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/IK5KY6S6v7KlO51DCEmrxElN6Rc>
Subject: Re: [Teep] local attestation
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 09:45:05 -0000

I think this should be called ‘human-verifieable attestation’. Local is ambiguous as it requires context that distinguishes between what constitutes remove / local and neither designation requires the entities to be human.

From: TEEP <teep-bounces@ietf.org> on behalf of Brendan Moran <Brendan.Moran@arm.com>
Date: Monday, March 21, 2022 at 12:19 PM
To: "TEEP@ietf.org" <teep@ietf.org>
Subject: [Teep] local attestation

I was asked to propose some text on local attestation.

While it may be the case that an asset must sometimes be secret from the user, it is not the case that the user should know nothing about the asset; the end user should be able to verify the authenticity and integrity of the asset. To enable this, local attestation can be used to prove integrity to the user. The user can then use that integrity check to verify authenticity, for example by checking against a signature or by verifying the expected integrity check using conventional web pki.

Thanks,
Brendan
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email