Rat -- Remote Attestation Procedures (RAP)

 

About Rat
English (USA)

The RAP email list is a place to present, exchange, and discuss common practice, emerging mechanisms and converging terminology in the domain of remote attestation procedures. This includes requests for public review or pointers to state-of-the art documents.

Remote attestation procedures create evidence about the characteristics of a system entity that can be conveyed to a remote verifier that than can appraise the corresponding evidence in respect to declarative guidance. The appraisal is usually based on a shielded secret kept by that system entity (Attestee). There are multiple ways to design these procedures and a whole spectrum of evidence semantics already used today.

# A more detailed explanation of the purpose of the list to be included on the mailman page and sent in the announcement of the list that is sent to the community

Remote attestation procedures create evidence about the characteristics of a system entity that can be conveyed to a remote verifier that then can appraise the corresponding evidence in respect to declarative guidance. There are multiple ways to design these procedures and a whole spectrum of evidence semantics already used today.

The attestation email list is a place to present, exchange, and discuss common practice, emerging mechanisms and converging terminology in the domain of remote attestation procedures. This includes requests for public review or pointers to state-of-the art documents.

Although not strictly required, most remote attestation procedures are based on shielded secrets that are the core of a hardware root of trust. The characteristics and capabilities of a hardware root of trust (and corresponding chains of trust) are in scope of this list in respect to creating evidence for remote attestation procures.

The primary focus of this mail list is to provide a place to exchange thoughts, challenges, lessons learned and in general to identify relevant resources and ask questions.

In order to capture and consolidate the exchanges on the list, a first focus point of discussion is to provide a place intended to aggregate, illustrate and associate current attestation procedures and their corresponding intent, used terms, and semantics.

Beyond that, there are topics encouraged to discuss common and emerging practices how to:

* prove freshness (i.e. recentness) of evidence & conveyance
* audit past evidence (e.g. audit logs)
* distribute and off-load the burden of appraisal
* deal with nested system entities (e.g. deep attestation and more lightweight alternatives)
* shield relevant secrets and to operate on them securely (e.g. hardware root of trust)
* retain and improve interoperability between attestees and verifiers
* create/adapt procedures that are applicable in the thing-2-thing space
* address usage scenarios based on the Bell-LaPadula or Biba model
* kick-start unsolicited appraisal requests (e.g. bootstrapping YANG data stores)
* apply existing and emerging identity models (in respect to RFC4949)
* secure enroll of shielded secrets
* enable consistent and resilient privacy models in respect to immutable secrets

To see the collection of prior postings to the list, visit the Rat Archives or Rat MHonArc Archives.

Using Rat
To post a message to all the list members, send email to rat@ietf.org.

You can subscribe to the list, or change your existing subscription, in the sections below.

Subscribing to Rat

Subscribe to Rat by filling out the following form. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you. This is a private list, which means that the list of members is not available to non-members.

    Your email address:  
    Your name (optional):  
    You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.

    If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options.
    Pick a password:  
    Reenter password to confirm:  
    Which language do you prefer to display your messages? English (USA)  
    Would you like to receive list mail batched in a daily digest? No Yes
Rat Subscribers
(The subscribers list is only available to the list members.)

Enter your address and password to visit the subscribers list:

Address: Password:   

To unsubscribe from Rat, get a password reminder, or change your subscription options enter your subscription email address:

If you leave the field blank, you will be prompted for your email address


Rat list run by henk.birkholz at sit.fraunhofer.de, diego.r.lopez at telefonica.com
Rat administrative interface (requires authorization)
Overview of all ietf.org mailing lists

Delivered by Mailman
version 2.1.22
Python Powered GNU's Not Unix