Skip to content

Commit

Permalink
Merge pull request #53 from ietf-rats-wg/review-hannes
Browse files Browse the repository at this point in the history 
Addressing Hannes comment on Nonces
  • Loading branch information
@henkbirkholz
henkbirkholz authored Jul 22, 2024
2 parents 97a4da1 + 0f7b79b commit f35d027
Showing 1 changed file with 21 additions and 20 deletions.
41 changes: 21 additions & 20 deletions draft-ietf-rats-reference-interaction-models.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ normative:
BCP205: RFC7942
RFC8610: CDDL
RFC9334: RATS
I-D.birkholz-rats-epoch-markers: epoch-markers

informative:
I-D.ietf-rats-tpm-based-network-device-attest: RIV
Expand Down Expand Up @@ -239,22 +240,22 @@ This section defines the information elements that are vital to all kinds intera
Varying from solution to solution, generic information elements can be either included in the scope of protocol messages (instantiating Conceptual Messages) or can be included in additional protocol parameters or payload.
Ultimately, the following information elements are required by any kind of scalable remote attestation procedure using one or more of the interaction models provided.

Authentication Secret IDs ('authSecIDs'):
Attestation Key IDs ('authSecIDs'):

: *mandatory*
: *optional*

: A statement representing an identifier list that MUST be associated with corresponding Authentication Secrets used to protect Claims included in Evidence.
: A statement representing an identifier list that MUST be associated with corresponding Attestation Keys (authentication secrets) used to protect Claims in Evidence produced by Attesting Environments of an Attester.

: Each distinguishable Attesting Environment has access to a protected capability that provides an Authentication Secret associated with that Attesting Environment.
Consequently, an Authentication Secret ID can also identify an Attesting Environment.
: While a verifier does not necessarily have knowledge about an Attesting Environment's Attestation Key (ID), each distinguishable Attesting Environment has access to a protected capability that includes an Attestation Key (Authentication Secret).
Consequently, an Attestation Key ID can also identify an Attesting Environment.

Handle ('handle'):

: *mandatory*

: A statement that is intended to uniquely distinguish received Evidence and/or determine the freshness of Evidence.
: A statement provided to the Attester from the outside to be included in Evidence (or other RATS Conceptual Messages) to determine recentness, freshness, or to protect against replay attacks.

: A Verifier can also use a Handle as an indicator for authenticity or attestation provenance, as only Attesters and Verifiers that are intended to exchange Evidence should have knowledge of the corresponding Handles. Examples include Nonces or signed timestamps.
: Handle is an umbrella term for existing data types that accomplish one or more of (a) determining recentness, (b) determining freshness, or (c) provide replay protection. Examples include: Nonces that are used to protect from replay attacks or Epoch Markers that identify distinct periods (Epoch) of freshness {{-epoch-markers}}. Handles can also be used as an indicator for authenticity or attestation Evidence provenance, as only a select number of RATS Roles (e.g., an Attester and a Verifier in a challenge-response interaction) are intended to have knowledge of a current Handle.

Claims ('claims'):

Expand Down Expand Up @@ -282,7 +283,7 @@ Claim Selection ('claimSelection'):

: A (sub-)set of Claims which can be created by an Attester.

: Claim Selections act as filters to specify the exact set of Claims to be included in Evidence. In a remote attestation process, a Verifier sends a Claim Selection, among other elements, to an Attester. An Attester MAY decide whether or not to provide all requested Claims from a Claim Selection to the Verifier.
: Claim Selections act as optional filters to specify the exact set of Claims to be included in Evidence. For example, a Verifier could send a Claim Selection, among other elements, to an Attester. An Attester MAY decide whether or not to provide all requested Claims from a Claim Selection to the Verifier. If there is no way to convey a Claim Selection in a remote attestation protocol, a default Claim Selection (e.g., "all") MUST be defined be the Attester and SHOULD be known to the Verifier.

Collected Claims ('collectedClaims'):

Expand Down Expand Up @@ -330,12 +331,12 @@ The way these handles are processed is the most prominent difference between the
generateClaims(attestingEnvironment) |
| => claims, eventLogs |
| |
|<--- requestAttestation(handle, authSecIDs, claimSelection) |
|<--- requestAttestation(handle, attKeyIDs, claimSelection) |
| |
collectClaims(claims, claimSelection) |
| => collectedClaims |
| |
generateEvidence(handle, authSecIDs, collectedClaims) |
generateEvidence(handle, attKeyIDs, collectedClaims) |
| => evidence |
| |
| evidence, eventLogs -------------------------------------->|
Expand Down Expand Up @@ -397,13 +398,13 @@ then gives back an Attestation Result to the Attester, which simply caches it. I
| => claims, eventLogs | |
| | |
|<--------------------- requestAttestation(handle, |
| authSecIDs, claimSelection) |
| attKeyIDs, claimSelection) |
| | |
collectClaims(claims, claimSelection) | |
| => collectedClaims | |
| | |
generateEvidence(handle, | |
authSecIDs, collectedClaims) | |
attKeyIDs, collectedClaims) | |
| => evidence | |
| | |
| {evidence, eventLogs} -------------->| |
Expand Down Expand Up @@ -443,7 +444,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
=================[Evidence Generation and Conveyance]===================
| | |
|<--------------------- requestAttestation(handle, |
| authSecIDs, claimSelection) |
| attKeyIDs, claimSelection) |
| | |
generateClaims(attestingEnvironment) | |
| => {claims, eventLogs} | |
Expand All @@ -453,7 +454,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
| => collectedClaims | |
| | |
generateEvidence(handle, | |
authSecIDs, collectedClaims) | |
attKeyIDs, collectedClaims) | |
| => evidence | |
| | |
| {evidence, eventLogs} ----------->| |
Expand Down Expand Up @@ -500,7 +501,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
collectClaims(claims, claimSelection) |
| => collectedClaims |
| |
generateEvidence(handle, authSecIDs, collectedClaims) |
generateEvidence(handle, attKeyIDs, collectedClaims) |
| => evidence |
| |
| {evidence, eventLogs} ------------------------------------>|
Expand All @@ -523,7 +524,7 @@ The Relying Party then checks the Attestation Result against its own appraisal p
| collectClaims(claimsDelta, claimSelection) | |
| | => collectedClaimsDelta | |
| | | |
| generateEvidence(handle, authSecIDs, collectedClaimsDelta) | |
| generateEvidence(handle, attKeyIDs, collectedClaimsDelta) | |
| | => evidence | |
| | | |
| | {evidence, eventLogsDelta} ------------------------------->| |
Expand Down Expand Up @@ -579,7 +580,7 @@ In the following Subsections, streaming remote attestation without a broker (obs
| generateHandle()
| handle<= |
| |
|<------------ subscribe(handle, authSecIDs, claimSelection) |
|<------------ subscribe(handle, attKeyIDs, claimSelection) |
| {handle} ------------------------------------------------->|
| |
=================[Evidence Generation and Conveyance]===================
Expand All @@ -590,7 +591,7 @@ In the following Subsections, streaming remote attestation without a broker (obs
collectClaims(claims, claimSelection) |
| => collectedClaims |
| |
generateEvidence(handle, authSecIDs, collectedClaims) |
generateEvidence(handle, attKeyIDs, collectedClaims) |
| => evidence |
| |
==========================[Evidence Appraisal]==========================
Expand All @@ -613,7 +614,7 @@ In the following Subsections, streaming remote attestation without a broker (obs
| collectClaims(claimsDelta, claimSelection) | |
| | => collectedClaimsDelta | |
| | | |
| generateEvidence(handle, authSecIDs, collectedClaimsDelta) | |
| generateEvidence(handle, attKeyIDs, collectedClaimsDelta) | |
| | => evidence | |
| | | |
| =====================[Delta Evidence Appraisal]===================== |
Expand Down Expand Up @@ -741,7 +742,7 @@ When the Handle Distributor generates and publishes a Handle to the "Handle" top
| collectClaims(claims, claimSelection) | | |
| | => collectedClaims | | |
| | | | |
| generateEvidence(handle, authSecIDs, | | |
| generateEvidence(handle, attKeyIDs, | | |
| | collectedClaims) | | |
| | => evidence | | |
| | | | |
Expand Down

0 comments on commit f35d027

Please sign in to comment.