Re: [EAT] Scope, Goals & Background for RATS

Melinda Shore <> Wed, 19 September 2018 00:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 57D59130F39 for <>; Tue, 18 Sep 2018 17:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fDwmCbqxpHXa for <>; Tue, 18 Sep 2018 17:21:41 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2BC99130F1F for <>; Tue, 18 Sep 2018 17:21:41 -0700 (PDT)
Received: by with SMTP id 205-v6so880347pgd.2 for <>; Tue, 18 Sep 2018 17:21:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=oXoNyuYnaS2WmX621xaPNm2OpyIA4DQ1shE32DrI3/0=; b=iVcTIjEpm6HxKn5iY6ZhvHSUAEQIv7KwV3zw6pd03JLhKPgRGGz5E95XNpfM8wvhu7 da453kBf+8QeQYQRsLfurbNLM60vvs+6DooQ8AMBcZKbYK1N9JEdhc6SXFQ6VczexCM5 ievYXkh3wSau4O0dRquh0tNBGcD8zDexdvE4vp6jw/ss1tPX3L3JtRGmLHTuj4BEqJSS MYpn8oxhUQnVyERi/BHAu0IPkQ1lDrpS85uPUmUDSOZDpu3OfVgdQBpDhfzP8nz2bFnd sJMihW236L3FD7+PJ7MNlgp/9IwoSEGY4fEYUGzh5mAZbDNLXBDE9dM8/2FUhuu0keKy 4/zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=oXoNyuYnaS2WmX621xaPNm2OpyIA4DQ1shE32DrI3/0=; b=DP3jIHN8mZEekhkotm5YbKZ1NEyKRsYAu5a0IrgG8j15ucAy6O9eg088ES/BwLEYCO m5gRqFMDCkE1OgIMPY84Bt14OMJN98LNphKIk6W0NnrD72OR9L4ToJj1jQYtkumfpCyS P6RdFMiL/eqsaoE7Dk25vNYYOEVQJcM4jV4hx7amoV44oXhNvzX0g6gJLE3u1O/sw3TI hxLkMHEOKkECHiUy9G8EYxMXb9QO9icFt8lmgGS8zCYoOkXGj98MvgZq/6kSJ09cOtaZ vOYLLftgVrTV5te/DYEoGGJU4ib/KmmYJqNMKAiRUPBrtARIRpcu433FjhviGyfTXmp8 HSAQ==
X-Gm-Message-State: APzg51CHXNhdb19lNGz1uIvub+mTXj+8kLab77OeVuzkfwZidIYGIJ2A RLhEM7N8AbJIMbctI774E5PJAjqt6w==
X-Google-Smtp-Source: ANB0VdadjkRin3PgvRk5gvYHPXT1xn+5vR9egfbnWGKVhxOi1F09ozoBZmj0GOVsf21HwkzJd6HH3A==
X-Received: by 2002:a62:ce82:: with SMTP id y124-v6mr857121pfg.140.1537316500312; Tue, 18 Sep 2018 17:21:40 -0700 (PDT)
Received: from aspen.local ([]) by with ESMTPSA id a15-v6sm31011765pfe.32.2018. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Sep 2018 17:21:39 -0700 (PDT)
References: <> <17674.1537294106@localhost>
From: Melinda Shore <>
Message-ID: <>
Date: Tue, 18 Sep 2018 16:21:38 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <17674.1537294106@localhost>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [EAT] Scope, Goals & Background for RATS
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Sep 2018 00:21:50 -0000

On 9/18/18 10:08 AM, Michael Richardson wrote:
>     > We included a background section to better highlight the meaning of the
>     > term "attestation" in general. Hence, there is a trade-off between
>     > clarity and conciseness, which is one of the things we would like to
>     > get feedback about.
> 1) RATS is not expanded anywhere near the top of the document!
> 2) I think that this document is okay as a working document going towards a
>    BOF,  but in general it is too big.
>    Bulky things like the Terminology and most of the problem statement
>    probably need to go into IDs.

First, I like the BOF proposal and wish that more proponents would
provide that level of detail.  Second, I agree quite strongly with
Michael about the current state of the charter proposal (and would argue
that in this case there is not a tradeoff between clarity and
conciseness - that a clearer charter would be shorter, as well).
A charter will tend to describe what you're working on and what you'll
deliver, and the background info that's helpful as justification for
a BOF doesn't belong in a charter.

I'm not sure that I'm in love with the program of work section, as
it should tend to be redundant with the enumeration of deliverables
(although specifying what's out of scope is useful and should be

Also, at some point you're going to need to develop some text
about the threat environment(s) and should include something about
that in the charter proposal to head off "but what about ... "
comments.  I'm not sure what's meant by "This group will also
establish and maintain close relationships to [ ... ]" although
again I think it's useful to mention that you know these groups
exist and are relevant, and that the proposed documents aren't
being developed in a vacuum.

But overall I think it's better to start with too much and then
edit it back rather than with too little.  This is a good starting
point and the proposed output seems reasonable (and useful) to me.


Melinda Shore

Software longa, hardware brevis