Re: [Last-Call] Genart last call review of draft-ietf-rats-architecture-21

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi Laurence

The mobile example looks good let’s update the draft with the mobile example.

I don’t have any further comments for the review.

Thank you 

Gyan
On Sat, Aug 20, 2022 at 11:23 PM Laurence Lundblade <lgl@xxxxxxxxxxxxxxxxx> wrote:
Below

On Aug 20, 2022, at 1:38 PM, Michael Richardson <mcr+ietf@xxxxxxxxxxxx> wrote:

Gyan Mishra via Datatracker <noreply@xxxxxxxx> wrote:

Section 3 describes the environment of an attester.  Section
3.2 clearly describes a layered environment, however section 3.3
describes a composite environment using a carrier grade router as an
example.  I think here the composite should be described just as is
done in the layer environment section but not referencing an
environment use case that may not be applicable to RAT.

I guess I don't really follow what you are suggesting here.

So within a
carrier grade router chassis the backplane communication is all done
vendor proprietary no external elements so I don’t see how trust comes
into play as well as the backplane communication is hardware bus
elements for backplane throughput for the LC and then as well router OS
software component for the backplane communication. I think maybe
choosing a better example that applies to RAT composite environment
would be better.

Yes, the way in which the Evidence is relayed is vendor proprietary, but the
the Evidence and/or Attestation Results are then relayed to an external verifier.

I don’t know anything about router architecture, but do about mobile phone architecture which I consider a candidate for composite attestation.

A mobile phone based on a chip like a Qualcomm Snapdragon has many subsystems. Something like this:
- A TEE and/or HW root of trust, perhaps controlled by the chip vendor, not the phone vendor
- A Secure Element for payments or eSIM
- A SIM card 
- The general purpose CPU running Android and is controlled by the phone vendor
- A video playback subsystem that does content protection and is isolated from the main CPU
- A cellular modem
- A Bluetooth subsystem isolated from the modem
- …

There are several tiers of security and multiple vendors.

LL

--


Gyan Mishra

Network Solutions Architect 

Email gyan.s.mishra@xxxxxxxxxxx

M 301 502-1347


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux