[Last-Call] Opsdir last call review of draft-ietf-rats-architecture-21

Joe Clarke via Datatracker <noreply@ietf.org> Mon, 12 September 2022 20:03 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: last-call@ietf.org
Delivered-To: last-call@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B771BC1522B6; Mon, 12 Sep 2022 13:03:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joe Clarke via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
Cc: draft-ietf-rats-architecture.all@ietf.org, last-call@ietf.org, rats@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.16.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <166301303074.41803.10049447063102065589@ietfa.amsl.com>
Reply-To: Joe Clarke <jclarke@cisco.com>
Date: Mon, 12 Sep 2022 13:03:50 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/cmyvgu0z3joopT_urfKMeWqB-hY>
Subject: [Last-Call] Opsdir last call review of draft-ietf-rats-architecture-21
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2022 20:03:50 -0000

Reviewer: Joe Clarke
Review result: Has Nits

Sorry for being late to this.  I was asked to review this document on behalf of
the OPS DIR.  Overall, I found the document well-written, though dense.  It
does describe a high-level architecture for remote attestation, and I tried to
divine what impact this architecture might have on operators.  I had some
initial confusion (for example, what endorsements are provided in the ROM
example), and I think moving Section 4 up closer to the beginning will help the
reader set some of that initial context.

Operator-wise I was a bit concerned about what some of the process might mean
for troubleshooting and overall system performance.  For example, the TLS
handshake verification, if implemented would add more parties and more time as
it's verified (if I understand that correctly).  That said, I debated about
whether it's useful to raise it as an issue here or later on when such
implementation is defined.  If here, I think expanding on the desire operators
might have for remote attestation and the considerations it presents on overall
system understanding might be useful.

On the security front, I'm not an expert, but I was expecting to see something
about any risks with combining roles such as Attester and Verifier on the same
system.  Maybe there aren't any, but that hybrid example got me thinking what
would be the risk if the system doing my background check also evaluated the
data.

On the nits front:

Section 3:

You have a "Section Section 4" double word.

===

Section 5.1:

Double "the"

===

Section 8.4

You have a "section Section 11" double word.