Skip to content

Commit

Permalink
Meeting notes from 2023-12-04
Browse files Browse the repository at this point in the history
  • Loading branch information
@ounsworth
ounsworth committed Dec 4, 2023
2 parents 51084cd + 4839fbc commit adab524
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions meetingNotes/2023-12-04.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# Agenda

1. MikeO presented last week on this work to the CA/B Forum. The talk was well-received.
The core message of the presentation was that PKI has a problem of not being able to tell where subscriber private keys are stored in an automated and robust way. I pitched Remote Attestation technology in general and our drafts in particular as the solution, and I think it was well-received.Key points:
The core message of the presentation was that PKI has a problem of not being able to tell where subscriber private keys are stored in an automated and robust way. I pitched Remote Attestation technology in general and our drafts in particular as the solution, and I think it was well-received.
Key points:
1. I said that the CSR Attest format to carry existing proprietary attestations should be usable within the year.
2. The RATS X.509 Evidence work is probably a couple years away from being usable and will probably have a "new devices only" feel; though in some cases it might be possible to retrofit in-field devices.
3. How the trust stores will be managed is an open question. Likely each CA will manage their own, so each HSM vendor will have to work with each CA. It was suggested that PKI Consortium could maintain a wiki linking to each vendor's web page with their attestation root keys and tooling and docs for parsing their attestations.

a. I said that the CSR Attest format to carry existing proprietary attestations should be usable within the year.
b. The RATS X.509 Evidence work is probably a couple years away from being usable and will probably have a "new devices only" feel; though in some cases it might be possible to retrofit in-field devices.
c. How the trust stores will be managed is an open question. Likely each CA will manage their own, so each HSM vendor will have to work with each CA. It was suggested that PKI Consortium could maintain a wiki linking to each vendor's web page with their attestation root keys and tooling and docs for parsing their attestations.

2. I want to make progress on the Key Evidence claims.
3. I want to make progress on the Key Evidence claims.
_imported_: semantically we want this flag to mean "This private key has never in the past existed in plaintext outside an HSM".
_non-exportable_: semantically we want this flag to mean "This private key can never in the future exist in plaintext outside an HSM".

Expand Down Expand Up @@ -62,9 +62,9 @@ Ned and Monty said that within TGC specs, you assume that a composite device wil

MikeO believes that model does not cover the usecases of "Big" HSMs. The motivating example is an HSM which is backing a key vault in a public cloud like AWS or Azure. The typical way this is handled is that the cloud provider will create inside the HSM a separate "partition" for each of their customers / tenants / accounts. The term "partition" is undefined, but MikeO chose it because each HSM vendor seems to handle multi-tenancy differently. The open question is whether HSM vendors will implement this in a way that is covered by the TCG usecases -- ie we can model it as a Lead Attestor producing a single Attestation; or whether we need to accomodate the usecase where there are essentially multiple Lead Attesters / multiple Target Environments within a single CSR. Note: 3rd party Endorsements are different; we are trying to get a grasp on whether one attesting cert chain will ever produce multiple independent Evidence Statements.

The discussion centered around the slide [CSR_Attestation_example.png](CSR_Attestation_example.png) from MikeO's CAB/F slide deck, and whether that actually represents a valid usecase. Eric Amoder indicated that it does, but more input from other HSM vendors would be helpful.
The discussion centered around the slide [CSR_Attestation_example.png](./CSR_Attestation_example.png) from MikeO's CAB/F slide deck, and whether that actually represents a valid usecase. Eric Amoder indicated that it does, but more input from other HSM vendors would be helpful.

MikeO pointed out that since forming this group in April 2023, we have lost participation from many of the HSM vendors (which was our motivating usecase) and their voices have been diluted by more TCG participants.

ACTION:
MikeO to start a dedicated reach-out to HSM vendors to capture the "Platform" vs "Partition" separation usecase that exists for HSMs but not for TPMs.
MikeO to start a dedicated reach-out to HSM vendors to capture the "Platform" vs "Partition" separation usecase that exists for HSMs but not for TPMs.

0 comments on commit adab524

Please sign in to comment.