| draft-ietf-rats-tpm-based-network-device-attest-01.txt | draft-ietf-rats-tpm-based-network-device-attest-02.txt | |||
|---|---|---|---|---|
| RATS Working Group G. Fedorkow, Ed. | RATS Working Group G. Fedorkow, Ed. | |||
| Internet-Draft Juniper Networks, Inc. | Internet-Draft Juniper Networks, Inc. | |||
| Intended status: Informational E. Voit | Intended status: Informational E. Voit | |||
| Expires: January 13, 2021 Cisco Systems, Inc. | Expires: January 14, 2021 Cisco Systems, Inc. | |||
| J. Fitzgerald-McKay | J. Fitzgerald-McKay | |||
| National Security Agency | National Security Agency | |||
| July 12, 2020 | July 13, 2020 | |||
| TPM-based Network Device Remote Integrity Verification | TPM-based Network Device Remote Integrity Verification | |||
| draft-ietf-rats-tpm-based-network-device-attest-01 | draft-ietf-rats-tpm-based-network-device-attest-02 | |||
| Abstract | Abstract | |||
| This document describes a workflow for remote attestation of the | This document describes a workflow for remote attestation of the | |||
| integrity of network devices. | integrity of network devices. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 13, 2021. | This Internet-Draft will expire on January 14, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 19, line 34 ¶ | skipping to change at page 19, line 34 ¶ | |||
| o encoded CoSWID tags signed by the device manufacturer, are as | o encoded CoSWID tags signed by the device manufacturer, are as | |||
| defined in the TCG RIM document [RIM], compatible with NIST IR | defined in the TCG RIM document [RIM], compatible with NIST IR | |||
| 8060 [NIST-IR-8060] and the IETF CoSWID draft | 8060 [NIST-IR-8060] and the IETF CoSWID draft | |||
| [I-D.ietf-sacm-coswid]. | [I-D.ietf-sacm-coswid]. | |||
| 3.2. Reference Model for Challenge-Response | 3.2. Reference Model for Challenge-Response | |||
| Once the prerequisites for RIV are met, a Verifier may acquire | Once the prerequisites for RIV are met, a Verifier may acquire | |||
| Evidence from an Attester. The following diagram illustrates a RIV | Evidence from an Attester. The following diagram illustrates a RIV | |||
| information flow between a Verifier and an Attester. Event times | information flow between a Verifier and an Attester, derived from | |||
| shown correspond to the time types described within Appendix A of | Section 8.1 of [I-D.birkholz-rats-reference-interaction-model]. | |||
| [I-D.ietf-rats-architecture]: | Event times shown correspond to the time types described within | |||
| Appendix A of [I-D.ietf-rats-architecture]: | ||||
| .----------. .--------------------------. | .----------. .--------------------------. | |||
| | Attester | | Relying Party / Verifier | | | Attester | | Relying Party / Verifier | | |||
| '----------' '--------------------------' | '----------' '--------------------------' | |||
| time(VG) | | time(VG) | | |||
| valueGeneration(targetEnvironment) | | valueGeneration(targetEnvironment) | | |||
| | => claims | | | => claims | | |||
| | | | | | | |||
| | <--------------requestEvidence(nonce, PcrSelection)-----time(NS) | | <--------------requestEvidence(nonce, PcrSelection)-----time(NS) | |||
| | | | | | | |||
| End of changes. 5 change blocks. | ||||
| 7 lines changed or deleted | 8 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||