Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addressing Hannes comment on Nonces #53

Merged
merged 7 commits into from
Jul 22, 2024
41 changes: 21 additions & 20 deletions draft-ietf-rats-reference-interaction-models.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ normative:
BCP205: RFC7942
RFC8610: CDDL
RFC9334: RATS
I-D.birkholz-rats-epoch-markers: epoch-markers

informative:
I-D.ietf-rats-tpm-based-network-device-attest: RIV
Expand Down Expand Up @@ -239,22 +240,22 @@ This section defines the information elements that are vital to all kinds intera
Varying from solution to solution, generic information elements can be either included in the scope of protocol messages (instantiating Conceptual Messages) or can be included in additional protocol parameters or payload.
Ultimately, the following information elements are required by any kind of scalable remote attestation procedure using one or more of the interaction models provided.

Authentication Secret IDs ('authSecIDs'):
Attestation Key IDs ('authSecIDs'):

: *mandatory*
: *optional*

: A statement representing an identifier list that MUST be associated with corresponding Authentication Secrets used to protect Claims included in Evidence.
: A statement representing an identifier list that MUST be associated with corresponding Attestation Keys (authentication secrets) used to protect Claims in Evidence produced by Attesting Environments of an Attester.

: Each distinguishable Attesting Environment has access to a protected capability that provides an Authentication Secret associated with that Attesting Environment.
Consequently, an Authentication Secret ID can also identify an Attesting Environment.
: While a verifier does not necessarily has knowledge about an Attesting Environment's Attestation Key (ID), each distinguishable Attesting Environment has access to a protected capability that includes an Attestation Key (Authentication Secret).
henkbirkholz marked this conversation as resolved.
Show resolved Hide resolved
Consequently, an Attestation Key ID can also identify an Attesting Environment.

Handle ('handle'):

: *mandatory*

: A statement that is intended to uniquely distinguish received Evidence and/or determine the freshness of Evidence.
: A statement provided to the Attester from the outside to be included in Evidence (or other RATS Conceptual Messages) to determine recentness, freshness, or to protect against replay attacks.

: A Verifier can also use a Handle as an indicator for authenticity or attestation provenance, as only Attesters and Verifiers that are intended to exchange Evidence should have knowledge of the corresponding Handles. Examples include Nonces or signed timestamps.
: Handle is an umbrella term for existing data types that accomplish one or more of (a) determining recentness, (b) determining freshness, or (c) provide replay protection. Examples include: Nonces that are used to protect from replay attacks or Epoch Markers that identify distinct period (Epoch) of freshness {{-epoch-markers}}. Handles can also be used as an indicator for authenticity or attestation Evidence provenance, as only a select number of RATS Roles (e.g., an Attester and a Verifier in a challenge-response interaction) are intended to have knowledge of a current Handle.
henkbirkholz marked this conversation as resolved.
Show resolved Hide resolved

Claims ('claims'):

Expand Down Expand Up @@ -282,7 +283,7 @@ Claim Selection ('claimSelection'):

: A (sub-)set of Claims which can be created by an Attester.

: Claim Selections act as filters to specify the exact set of Claims to be included in Evidence. In a remote attestation process, a Verifier sends a Claim Selection, among other elements, to an Attester. An Attester MAY decide whether or not to provide all requested Claims from a Claim Selection to the Verifier.
: Claim Selections act as optional filters to specify the exact set of Claims to be included in Evidence. For example, a Verifier could send a Claim Selection, among other elements, to an Attester. An Attester MAY decide whether or not to provide all requested Claims from a Claim Selection to the Verifier. If there is no way to convey a Claim Selection in a remote attestation protocol, a default Claim Selection (e.g., "all") MUST be defined be the Attester and SHOULD be known to the Verifier.

Collected Claims ('collectedClaims'):

Expand Down Expand Up @@ -330,12 +331,12 @@ The way these handles are processed is the most prominent difference between the
generateClaims(attestingEnvironment) |
| => claims, eventLogs |
| |
|<--- requestAttestation(handle, authSecIDs, claimSelection) |
|<--- requestAttestation(handle, attKeyIDs, claimSelection) |
| |
collectClaims(claims, claimSelection) |
| => collectedClaims |
| |
generateEvidence(handle, authSecIDs, collectedClaims) |
generateEvidence(handle, attKeyIDs, collectedClaims) |
| => evidence |
| |
| evidence, eventLogs -------------------------------------->|
Expand Down Expand Up @@ -397,13 +398,13 @@ then gives back an Attestation Result to the Attester, which simply caches it. I
| => claims, eventLogs | |
| | |
|<--------------------- requestAttestation(handle, |
| authSecIDs, claimSelection) |
| attKeyIDs, claimSelection) |
| | |
collectClaims(claims, claimSelection) | |
| => collectedClaims | |
| | |
generateEvidence(handle, | |
authSecIDs, collectedClaims) | |
attKeyIDs, collectedClaims) | |
| => evidence | |
| | |
| {evidence, eventLogs} -------------->| |
Expand Down Expand Up @@ -443,7 +444,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
=================[Evidence Generation and Conveyance]===================
| | |
|<--------------------- requestAttestation(handle, |
| authSecIDs, claimSelection) |
| attKeyIDs, claimSelection) |
| | |
generateClaims(attestingEnvironment) | |
| => {claims, eventLogs} | |
Expand All @@ -453,7 +454,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
| => collectedClaims | |
| | |
generateEvidence(handle, | |
authSecIDs, collectedClaims) | |
attKeyIDs, collectedClaims) | |
| => evidence | |
| | |
| {evidence, eventLogs} ----------->| |
Expand Down Expand Up @@ -500,7 +501,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
collectClaims(claims, claimSelection) |
| => collectedClaims |
| |
generateEvidence(handle, authSecIDs, collectedClaims) |
generateEvidence(handle, attKeyIDs, collectedClaims) |
| => evidence |
| |
| {evidence, eventLogs} ------------------------------------>|
Expand All @@ -523,7 +524,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
| collectClaims(claimsDelta, claimSelection) | |
| | => collectedClaimsDelta | |
| | | |
| generateEvidence(handle, authSecIDs, collectedClaimsDelta) | |
| generateEvidence(handle, attKeyIDs, collectedClaimsDelta) | |
| | => evidence | |
| | | |
| | {evidence, eventLogsDelta} ------------------------------->| |
Expand Down Expand Up @@ -579,7 +580,7 @@ In the following Subsections, streaming remote attestation without a broker (obs
| generateHandle()
| handle<= |
| |
|<------------ subscribe(handle, authSecIDs, claimSelection) |
|<------------ subscribe(handle, attKeyIDs, claimSelection) |
| {handle} ------------------------------------------------->|
| |
=================[Evidence Generation and Conveyance]===================
Expand All @@ -590,7 +591,7 @@ In the following Subsections, streaming remote attestation without a broker (obs
collectClaims(claims, claimSelection) |
| => collectedClaims |
| |
generateEvidence(handle, authSecIDs, collectedClaims) |
generateEvidence(handle, attKeyIDs, collectedClaims) |
| => evidence |
| |
==========================[Evidence Appraisal]==========================
Expand All @@ -613,7 +614,7 @@ In the following Subsections, streaming remote attestation without a broker (obs
| collectClaims(claimsDelta, claimSelection) | |
| | => collectedClaimsDelta | |
| | | |
| generateEvidence(handle, authSecIDs, collectedClaimsDelta) | |
| generateEvidence(handle, attKeyIDs, collectedClaimsDelta) | |
| | => evidence | |
| | | |
| =====================[Delta Evidence Appraisal]===================== |
Expand Down Expand Up @@ -741,7 +742,7 @@ When the Handle Distributor generates and publishes a Handle to the "Handle" top
| collectClaims(claims, claimSelection) | | |
| | => collectedClaims | | |
| | | | |
| generateEvidence(handle, authSecIDs, | | |
| generateEvidence(handle, attKeyIDs, | | |
| | collectedClaims) | | |
| | => evidence | | |
| | | | |
Expand Down
Loading