IETF Logo Mail Archive

Re: [Teep] local attestation

"Smith, Ned" <ned.smith@intel.com> Mon, 04 April 2022 23:54 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18E0C3A1C50 for <teep@ietfa.amsl.com>; Mon, 4 Apr 2022 16:54:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B12gzUa59p9R for <teep@ietfa.amsl.com>; Mon, 4 Apr 2022 16:54:21 -0700 (PDT)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 581593A1C4D for <teep@ietf.org>; Mon, 4 Apr 2022 16:54:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1649116461; x=1680652461; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Gr367gV89YfTUZX1P/sjqbtJLtLGGU2J8w3Anye8eYc=; b=ce/fM47OdLnQb6pldYF98H1lYOpZhHkEQyYht76tRh0zeJO3YYBXr2as c76vbMzkg9ATUj7cjllPgvcZ1XGR45R1g2hIazou7PwmngVFkAUsAy/VH l4O0GYsldfFvwhzM+ppHae7Z3A/ZQY9BGdeJq2p45bXdQ4Ts9b09hHkAS 8ftpMev9XL2rw1JnhdjEOyfnYFhawMTmOJr3OwrixYze2t9VwiWgD36QJ glkL14vl7lJ+Sq0b7ja8SgPM3fUmlmOGVizsJoLH+24EiDFECFc4DWpIO KSzmJu8B+qNxM5jLhVipRRmvTlI0JrI+RyJmKD9382OXjxwWc7oBRyiPc A==;
X-IronPort-AV: E=McAfee;i="6200,9189,10307"; a="259463351"
X-IronPort-AV: E=Sophos;i="5.90,235,1643702400"; d="scan'208,217,223";a="259463351"
Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2022 16:54:19 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,235,1643702400"; d="scan'208,217,223";a="505084174"
Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga003.jf.intel.com with ESMTP; 04 Apr 2022 16:54:18 -0700
Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 4 Apr 2022 16:54:17 -0700
Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 4 Apr 2022 16:54:17 -0700
Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 4 Apr 2022 16:54:17 -0700
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (104.47.51.43) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Mon, 4 Apr 2022 16:53:44 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F+viwNX49qIPaFk7mpO6qw+uHUOkdfAb1e0OB6FuuynG5pszhZeWVCHGAcPlhZuxF6zsUCaW931+4AdxnyUuZ/zwD7eOeBb2iFDtcL9cXuM+gvW6kYgLvuhV+Rk8Z9/5qZbyZcVqpHRAde4WRpomrP2HkWosnMIX/qhUyxOXMD18IcCGFTiKn8HZq0r5a2gOXfIhRC2Banb/ukAamJfG74M3ADLnzKNmXGsklpOy21nyg5xethtykmG7ocKem4xA1M71bwdSaZbp2zMvaLzOtVbEtiUgqtHwi1YPPc+5khE6VKhwntrdJi+1qgX3T8fh7cOvbRv7z39tG7R6yFKkOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Gr367gV89YfTUZX1P/sjqbtJLtLGGU2J8w3Anye8eYc=; b=Y2W2QKxVBQrQNbrS26sMmXUFcym1pHimehBpjBVqLxWAXXPzSubeuv7hC5/uQYdOint1xJs5fE03SqtcdikdaXCk9gEzGTDhPuW6wQpJIOknf0dgLKw9tE4YwurZ8h15z/5GBaUCF2X6UyWKTRTUXmunm5WqbvmuetIhOlfHBaS1ZoEo2niZfMJ/uY+FiOp6H8fjhI5veTpV8QQkY01dmeNZQIYvmtrI874KlU8PLYq0fMEFF+8MVsxricuRMsWQ2PaKqFfQ8wq9ZIsB8D7l/xZQ5GAJr/EHnIwqSkxaF2uOlGmDFJUly3fKYZCMFBNf61SfeYMqhrdBxpfn4GmWhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM6PR11MB4252.namprd11.prod.outlook.com (2603:10b6:5:201::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Mon, 4 Apr 2022 23:53:42 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::dd51:af51:4b2a:a207]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::dd51:af51:4b2a:a207%4]) with mapi id 15.20.5123.031; Mon, 4 Apr 2022 23:53:42 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Brendan Moran <Brendan.Moran@arm.com>
CC: "TEEP@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] local attestation
Thread-Index: AQHYP2PQLT9coDIxuk2OCE5SUnwrFqzOX+MAgBGqaIA=
Date: Mon, 04 Apr 2022 23:53:42 +0000
Message-ID: <2225F91B-AB79-4610-AD0C-A7F43F63CF7C@intel.com>
References: <288513CC-0827-4B42-B902-141287FA7935@intel.com> <B0790F77-FB5A-42C2-A5A9-502A57DD1002@arm.com>
In-Reply-To: <B0790F77-FB5A-42C2-A5A9-502A57DD1002@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3c4de97e-7ce2-4845-27d7-08da1696593d
x-ms-traffictypediagnostic: DM6PR11MB4252:EE_
x-microsoft-antispam-prvs: <DM6PR11MB4252EB89437C7B41EF296342E5E59@DM6PR11MB4252.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0rmI5kf/GNP0nOZUfkjthWzCdBLXaLr/0tDClduXSXxNABNcMiNjPV4D/WeiggN39JKrWwbXLWAFJ7gETjBtABrctCFtvpLrnS6fRMk3wGWCYDRkC+l32hl5twABSq3GVWi2S5Wm+AoXeg+vm55oTMT22yTbu8J+AIjsGfJ8bzwF0oy80jMK5sfOvTJlkY9ujsKeliSLmht9ddeE3bGQJ0Ds8BuEb0VyHOZ54ytGRPqCkU2fdKhhJRvdKCC1ZIOSWSm8FUOa/XyapkzEEwFRSLnyls5Py4guxiCDtMqvizncPG/JO/6tsOVxe6GfUouN6yy30wiv+J68h5fK5MftkgVmDCQP8/Jpy3nYfl7kJjsg5FSuwbXhzkrDZybXTEOqfioahnxpBiYK9WET0e0H5Zb1nuAe2w9lCezQNufGfrQxnnU3lcjXxpHgQlE6Vtoy6wtBfi3O61O4EUaNLySJflmbIq+BkFJ7U89fHbtvx+r5GfbEG992nkps9Rb6pLDsigQI9fAfo2+6Z77mYT3NF9se4nZ7YkijmfrvlyhucIcSG5ZML3gzN4ORFKwTBLXst1M+h18htHbwkCVeRqcXBCm5h1dZ5P4jFuJWq6SyZIwOaWbwgX6QrSXx4W/xcjw0JD28QH6x2RLHK+yYNcUKi0wDmeTg7HZZDDPZRMDJVorVpZorI75v/GLFCeqmQQNqRi2BQ4KQl7G66Y5R91OxYCl70N09ueSMZy43ycsE4JGMCrjD911gKIewqvJwUzFL
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(26005)(6512007)(2616005)(83380400001)(53546011)(36756003)(186003)(6506007)(2906002)(508600001)(38070700005)(38100700002)(86362001)(66946007)(66556008)(71200400001)(82960400001)(6916009)(5660300002)(8936002)(122000001)(6486002)(4326008)(66476007)(66446008)(76116006)(8676002)(64756008)(316002)(33656002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +J9NJ56BI9Vf/rmH+PeF6mB3gCweh7aoBfeSPJycvi66P8sBFLZp6zuTlKbanDrjveOJjp+nFayRdoMmBauBVHj11iuBkXyCD9FMZV+v76pK5u3ro7wGsjk7yqYmaMGbIWU12/oeopSc8SmGhhzWbVvkWk+gDCD7BWEc2FN+DLms6wl/YFDN8U+bEUvBy7vSrtp4h3fZbFoRJMji98ULHtPbSmkEX6dfUWrkmVphbp1ivLJGSTyiDHbaCzhMNUzd6/xiZG/gw0D8he8UrL2+bzc+JvI8MvBTuuWAoF8pfIjEsTtY9ynK6/nbHoDJY1fm7ej2Y+D7UCBWrj9o2PXM2wV7s7pVxlDa9JArSkoO99lViirfmqHY3h7tb/IGzEQluDi8vz9/1RXZLcWeqzE57pj4dX3qcYd7dfxpNeYYuTuguK5jH8zvjq/a7VJqhH5X/I7Z+2biHgR/Er4DL09LLe8s+Hl9BwGcyQrOJ7qLxmp5UFgkT8TRg117j6psZKpDp+gRkZMtQBtMLVz2LzaIDzsIX2pK8TeYGa4H5S/gzGMDlr5ZeBUYScvRHY5Yi6Y9JWi+dIEayxMPd7jVVdU6nKWYLROMqJSy0xNQyOqA8QLmykzFuL8p/xJQil2U/OFTgHfKlIF6T7FaDSHfsfVCG2kFkj7WTY9Y5vnNq1DfIfjZXf5apoYuuRnHRxgjnQbRzScvThzduX8q4cUzC3/s76NsrOEfx9erqtgFud5Y0hmeGVGP7Poh49dnHr7vtAefXl3mUFTEVCCCBeI2E5eD57vc7gUE5Vkw2YGalWeDyq400CsVGLPF0A1zqdOKxK+iqyO8OgCz5W0pPcsaM1dDFSD8i8VS3v98IriKbmPPqLqD3/QKYo+SShErJpiJfaJIsv6REhlNncHjPwq9EDjnxyb5BaGoTPkdujQHB0UWMFDCw3ArWWdHAHcU6bdywmHualHHAHin9qEvzB8xw3rpekexvw9EZ87JWo4tkZhpaj1ySLjm+YCDjU/DayEOv3zkGwSTYZPfKSZgTHoePsM5iHpXV6XUaRbIf1QaPi14YrnayPb1lZfGo33blOgzxG0+eu7A0wqlsr8DdpG30m+4mbB+AsZTvdVZaeyls++kTVrnqCuOZIXV5RgLok63bJv4IbJoIqfGrCGU0hu+bKxB6p1dS13SZKnu7HjlXs5aVsPkUQqVPlYG3ChlwheQEt7Uc5u61CFL+Gm39EPck2VfWqDVoIQ7JZsN9xkIcdXkcPoHmvynwNcBB/zDC69Mz0MNRe0mMZRH62v1NQs8pjPQsdCLvVp1SMZC5wAszTfohNaFia9Z5Mk1dM7fW2xCsKW+heKTXpGJgMXbea4hKVdW9p6CEZ9g409VZFI0H80fxikwHLr+Ct68PHyM1ORWMFjc237u6brBcku3fU1alicNEc/su0cMQBMgiN2QyD3aZK5tBclK8d8vK7eDMM447rJoD5mNRveS2cPHZ8y/VvNVd3TY3/0XYROBRYNx4bARTV0M0vvLgj7cqcqSEgmHxKR0uze6CTLHYZZOgP5d9PeKRfixQKNhrzI5bMoUuCRHhac3KkruHv9DxsvWQzpjJd3NcZC7ueAc8+KuMwvebNQJregxS/U7xOhZQAIniw3YDu+YT9kDTfZ1AHmtSeE6ml75g0opk4WMMRHvMe8VfOM4Y9QBnaYz8EVuWfZ+M4rcco2cdTk/t1JNiiSSmwGq+T1kXT5FVJsHLwLCxkbBjQolBFmInrRz4Z7HsSYOrT6Fk2Q=
Content-Type: multipart/alternative; boundary="_000_2225F91BAB794610AD0CA7F43F63CF7Cintelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c4de97e-7ce2-4845-27d7-08da1696593d
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2022 23:53:42.4275 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: s/5C3I0ig3KybqIsfvB4Z3ybOJGlk6prMnkSQT7Izwl/LQwU+V3giqCQRUyNem+GBkCRkZjc34AyFHVwXNo66Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4252
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/URXdIG7-tfEAzPsB0GCDEekH_vg>
Subject: Re: [Teep] local attestation
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 23:54:26 -0000

From a TEE perspective attestation from TEE to TEE both on the same host is ‘local’ attestation but it is automated.

Use of ‘local’ and ‘remote’ attestation is subjective based on context assumptions. It usually results in lots of Q/A fumbling in the dark before people get on the same page (like this thread) which is why its use should be discouraged IMHO.
-Ned

From: Brendan Moran <Brendan.Moran@arm.com>
Date: Thursday, March 24, 2022 at 4:08 AM
To: "Smith, Ned" <ned.smith@intel.com>
Cc: "TEEP@ietf.org" <teep@ietf.org>
Subject: Re: [Teep] local attestation

Hi Ned,

That’s a fair point, but what I was really going for here is to distinguish it from “remote attestation.” There’s an additional point that there needs to be some OOB data transfer to obtain the “correct” values for the TA. For example, you could imagine a TA Transparency Log; something that is used to TATL on misbehaving TAMs.

Best Regards,
Brendan


On 24 Mar 2022, at 09:44, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:

I think this should be called ‘human-verifieable attestation’. Local is ambiguous as it requires context that distinguishes between what constitutes remove / local and neither designation requires the entities to be human.

From: TEEP <teep-bounces@ietf.org<mailto:teep-bounces@ietf.org>> on behalf of Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>>
Date: Monday, March 21, 2022 at 12:19 PM
To: "TEEP@ietf.org<mailto:TEEP@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: [Teep] local attestation

I was asked to propose some text on local attestation.

While it may be the case that an asset must sometimes be secret from the user, it is not the case that the user should know nothing about the asset; the end user should be able to verify the authenticity and integrity of the asset. To enable this, local attestation can be used to prove integrity to the user. The user can then use that integrity check to verify authenticity, for example by checking against a signature or by verifying the expected integrity check using conventional web pki.

Thanks,
Brendan
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email