Re: [Rats] how does the Verifier work

Simon Frost <Simon.Frost@arm.com> Wed, 10 February 2021 11:43 UTC

Return-Path: <Simon.Frost@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7277B3A0D6B for <rats@ietfa.amsl.com>; Wed, 10 Feb 2021 03:43:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=5Q2bIMac; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=5Q2bIMac
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L8P7_sjnBN0V for <rats@ietfa.amsl.com>; Wed, 10 Feb 2021 03:43:34 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70043.outbound.protection.outlook.com [40.107.7.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C97633A003F for <rats@ietf.org>; Wed, 10 Feb 2021 03:43:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/T+b10RoEwlqN9aA22Bobb4trRUV7D/iF4WnBNHNozk=; b=5Q2bIMacwgR0mQh8MUTwICoEstAsSZ84qP7EointIH8+NLaaLUHse0GcTAf0n2FB0Qwod73NHhPM37tE5tZUiEH35T8fJlGinaTaDRp6bjtIokqzizwVDZWfMOv3JSyyO5Ydj0G2Ux9Eblt449V5nM2omSE2pIZ7FacffzsMi+4=
Received: from AM7PR03CA0020.eurprd03.prod.outlook.com (2603:10a6:20b:130::30) by DB7PR08MB3465.eurprd08.prod.outlook.com (2603:10a6:10:50::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.24; Wed, 10 Feb 2021 11:43:28 +0000
Received: from AM5EUR03FT028.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:130:cafe::44) by AM7PR03CA0020.outlook.office365.com (2603:10a6:20b:130::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25 via Frontend Transport; Wed, 10 Feb 2021 11:43:27 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT028.mail.protection.outlook.com (10.152.16.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25 via Frontend Transport; Wed, 10 Feb 2021 11:43:27 +0000
Received: ("Tessian outbound 2b57fdd78668:v71"); Wed, 10 Feb 2021 11:43:26 +0000
X-CR-MTA-TID: 64aa7808
Received: from d6910c52278a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 186BE36A-BAA9-495B-9D3E-5612DC0D07A0.1; Wed, 10 Feb 2021 11:43:21 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d6910c52278a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 10 Feb 2021 11:43:21 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h1KAibcxj4NNZfE47uccnZ7K8QFrUNZffdEBagV2mX2m1RTOYcbA28XvPnGir3n8Ow+2tzLdUoASQAimg1UDU1EP08LTkK5a+1/azpxRaUbEYZr5Fh88WuAXphpF6IgOomznSvQ4DPzP8KnAFNnmp0Z/k47fqrpNULXqZAyGL1rzPKWKXo4jlkt4hAODk/8D0D77G6Wv6D7JI3VOC7YGuWn/oT2ro5zG1i/qRejGXgM/Ky9FBL5DaURhGUxsSwhjLYxF+MDyuLqE+gOlJ6bMwiHbtHU5ux3Nybz1r6UFPpvua2CIEoN6MTC8Q6LnCwYiOI04gdH/md/4y/Ee7SNqWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/T+b10RoEwlqN9aA22Bobb4trRUV7D/iF4WnBNHNozk=; b=QY1wMODdQwOh+0ZH01R2DUK/cEZqccievs3LK/DUpYK3rsM9zCncqS33JFWPZdFjlVI4oFfk2/cRATcodw5h3e7NXibhP+gJzlby21Hd1ZxUmDXFzW3aCcQ2VbLFC6TbpES0vYfn1nAWwTycAjXCga1ODQr45+6H98keGL4hk+GaHYaqM/64DnlWgZYvmkTfMkl4OSbeLddcXDGrjoxvswrsDlPjJK0Vz22HIDoGDB6wCPD3KGbThlkS623glA9uFWM8asG8RB/BwGKAsYuwvWUQGva3KCFhcEa7D05cWxQXo31uogCrdsvQPz0crE6j/HkRTDa9J9ZQfHvEavs6iA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/T+b10RoEwlqN9aA22Bobb4trRUV7D/iF4WnBNHNozk=; b=5Q2bIMacwgR0mQh8MUTwICoEstAsSZ84qP7EointIH8+NLaaLUHse0GcTAf0n2FB0Qwod73NHhPM37tE5tZUiEH35T8fJlGinaTaDRp6bjtIokqzizwVDZWfMOv3JSyyO5Ydj0G2Ux9Eblt449V5nM2omSE2pIZ7FacffzsMi+4=
Received: from AM6PR08MB3429.eurprd08.prod.outlook.com (2603:10a6:20b:49::19) by AM6PR08MB5112.eurprd08.prod.outlook.com (2603:10a6:20b:ee::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Wed, 10 Feb 2021 11:43:18 +0000
Received: from AM6PR08MB3429.eurprd08.prod.outlook.com ([fe80::7c29:67ae:c69b:e903]) by AM6PR08MB3429.eurprd08.prod.outlook.com ([fe80::7c29:67ae:c69b:e903%5]) with mapi id 15.20.3825.030; Wed, 10 Feb 2021 11:43:18 +0000
From: Simon Frost <Simon.Frost@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Michael Richardson <mcr@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] how does the Verifier work
Thread-Index: AQHW/Yvlu13Axu6YdEKweSKhOlvoL6pRQ76Q
Date: Wed, 10 Feb 2021 11:43:17 +0000
Message-ID: <AM6PR08MB3429A6CF6EC02988FC0E9D4EEF8D9@AM6PR08MB3429.eurprd08.prod.outlook.com>
References: <31999.1612560697@localhost> <014d0f63-4350-4a64-8ecd-044a85f5a6fd@sit.fraunhofer.de>
In-Reply-To: <014d0f63-4350-4a64-8ecd-044a85f5a6fd@sit.fraunhofer.de>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: EBE671D43A70FE46B68C4C9D097D9853.0
x-checkrecipientchecked: true
Authentication-Results-Original: sit.fraunhofer.de; dkim=none (message not signed) header.d=none;sit.fraunhofer.de; dmarc=none action=none header.from=arm.com;
x-originating-ip: [212.69.61.73]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: fc6a2b6f-2f17-4621-6861-08d8cdb914bb
x-ms-traffictypediagnostic: AM6PR08MB5112:|DB7PR08MB3465:
X-Microsoft-Antispam-PRVS: <DB7PR08MB3465C1F0F186158A90B30B55EF8D9@DB7PR08MB3465.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: RTAhlpKwfpjsMQAvNvyRsCRE8C0AN7XHe4evjI2UevW11nfhCMSgIjw2q1LybgT17YaNBqE4tDHCQUWE9DaSU386JOnFjJ2AAvQAISLDKoqV4Lq6SEQii927NWnAMxCEyAbZItxKfRTBOp+Uprkz36Aq20ypryfm2wQUX/eLf4sei+ARHEfSWlu2XAbELM3VT0xXwuHnq60Dp9CJ/EsDAWFROBROz+WsXqKFqmADLh+z8B5/jdfGTEgOtWmoyVxmA9sFKK2R8/6k8WHs0F1attrFJr+OGEWs7IhUUjbK1CJrTgD3rXUFzhyq0HoXOO55O0gfhkUeCQvyz9RLS0n3fsGCGyWsbLRK0E8rPP7+sACgstAubU/KZrw4CVSFVIXcsRdzK8JPjcDR4/n2KMUcrbr5TII8GXcFYWFI/QcIQwi7bKks0b4y0hACsn/BRLouB1w6iRteYgPXCc9qgQt+JIf8BiusOacodVfvAnLK3rtB18SET3a8pBb7r8Qpoys1R5w526r7pCrqxCazGaQJUEzzjLChaOT/4WV1I+cO4FE3Sq+jG708j6maZO9yX6lUwY04N5M4/TSXqocbhFuo4R9vDHJv/QiqIF7CPypOUKU=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3429.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(376002)(396003)(136003)(346002)(366004)(186003)(5660300002)(86362001)(83380400001)(2906002)(26005)(966005)(52536014)(316002)(55016002)(9686003)(66946007)(8676002)(66446008)(478600001)(110136005)(76116006)(64756008)(66476007)(53546011)(66556008)(33656002)(7696005)(8936002)(6506007)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?STl2VVpXUjdWa2NGTllZamZKN2RGY1Q3SGQ1YTJhVXVpNGx5Y0xhb3ZTRy9E?= =?utf-8?B?QzlOOFppcy9rcU8wNjdKeUwzK2IwWms2UEdYQmV2ejhBem1vaFpmazBnc0t6?= =?utf-8?B?b0w2NHBBeXFuWkRUazllZzA2RHMyUTJ5V3JndGFSeEwwV3drazJjWE9aQ0lz?= =?utf-8?B?Z1VaUTE0VWdMdEJ1N2tDdDJubUJDK2xNVjFCRUhCa3RMQ0JGMUo5cmFMWTdo?= =?utf-8?B?NGFENXp3WGtOODl6eUNnbHFzVW9kTFBRbUNlTFU3SHl2aEo1T2ovRThOVFYy?= =?utf-8?B?cWlSaTVjZVNyajVycHN0OFVkaVl1R3h1NytQU0R3cGptZUhuQkhXcWZJZGwy?= =?utf-8?B?MXptbHowd0V1bjFQZ0tSekhRazA0U0ZYc2gyUDUveWlpbUYwMDE2WHhRcW8v?= =?utf-8?B?OXpZU2RkSk1JbHdjMzVnbDVvQm9CZnRWQUpyOE43QVREaytKL1JOVXNlcUNz?= =?utf-8?B?T0gzckNsWGxNUkE2c1FFOURrSVZmcDNMdG9BZmxGakN3Wk9VREV5ZlFoeS9Y?= =?utf-8?B?ZVNNUnpteCsybkpxamhZL2s5OVdkWFdHOG9mSHVvV2lrT2RndnVtQXhRUHJO?= =?utf-8?B?elE1MFptaVZLQmxqd2t3NTFmcFRCNlN4Nkc2UW45TEoxMjNYclplazcvbmdz?= =?utf-8?B?Y1dGSkNGL1FNbGpnV2tScXhMcndrOERUQ0dDbWs4a1JBaXBpVXdSZkhIdk1K?= =?utf-8?B?b3dqVm45ZkZ6WXhjUUx5VlpielIvUURzV3Y3ZDZwTnc1R09BMWRBR2gzM1k5?= =?utf-8?B?cDNVYUp6NUVock12dmlQU3hCYzR3MTZvTUwrWnhtUXY4Y0VXVitiTmh3RUQz?= =?utf-8?B?NERvR3dySEZxK1ZNbXNCUnFHTXFObVlUZitGdGgzSlpOUFQ0d3ZIMEl3bVpI?= =?utf-8?B?S1lURjJhTTU3c3JJZGFCQmxzUHFieGdPNld4bkRENUE3cVcwOVJoY2ZlWFNO?= =?utf-8?B?Wnc1QUR1UTRjUDE5TW5RTlZwYkJ3bzVOVmh5WkZwcGZOQVdnL0MyZE9aMnZP?= =?utf-8?B?S2NWemNtcHNOc1h5T2djMnREOVprZUE4UjBod0pNWThtbTEzZ0VtOTgyS3dW?= =?utf-8?B?TFFURXQ5Q2FnMW1pN01BekpMYTVteWxYNjRCVlc0MHdPYStSdzRNc3FxTjlo?= =?utf-8?B?aTNVNU9VU3BlbjlPWjhlUEtTNEpNK3FvR1Nha0VySkVUaWJYVUJBRHhEcU5C?= =?utf-8?B?aFJrYnBWdGRLWG1GYlNycmd6ODExbUxMcUxnbWg5OHBmM0Vhekt6OTV2ZzdB?= =?utf-8?B?a0dSVWRjT0xHTnhKZjQwVnp0aWFhRUNKend4bDg0SWEvYmMvb3dOOFEvNy9h?= =?utf-8?B?RlcyWjl5bTk0Vkg2cUo1MXVDU3RnSnBHSHl2ZmdOYVJxaDNFWmR6RXNQYStD?= =?utf-8?B?Zi9nbnNOQW82Qm9JNnRDNWRjQkgwcW9OcEFKdU5xWVJjWHdwazV6enoySWJX?= =?utf-8?B?ZlRZcUpDZnJQd1dxM2ZXdFVqZEl0S2dWL0tER3E3RllBa0JxRmRLdEd2Yks2?= =?utf-8?B?aC8xVWZraWovSkxCQ3JpT0NFZFdQUVpRRFlraXI0VnphSWhXQTJ4QUJJTlIr?= =?utf-8?B?RHAwamQ3RlRnTU9uYjMvTzFSWUx6ck1idWhiZHNCS2RQTDQ2dWlFejdkVmRW?= =?utf-8?B?RGFMcUc5K1NwUnlOeGZuM2pXMDdFWDIyM3VtMll0M2JkU2RNSmtpeTh6L0xL?= =?utf-8?B?UHVtU1N4ZGo5K3JtRG1kNzNNTzd5SkNXVWpnR1VaMklKeE9YTFZ6NWs1RUIw?= =?utf-8?Q?iyWMI/xaV9vXC2K5pyJi50VK4GkZQbagV4r+Lnl?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5112
Original-Authentication-Results: sit.fraunhofer.de; dkim=none (message not signed) header.d=none;sit.fraunhofer.de; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT028.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 3fc71f0b-f9b0-4c21-549a-08d8cdb90f38
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Ua+32NN0dgRkiHIoUwZJtPR8GlBISdODTBY/mHqq9n3XrmZqxlzvPLer/gH/ymgD3RQ6+EofKUenQ9mvUv0dJ9XiIVoMloy2MKujMhE1BbrZ+mjTHohX7MjklYFoVZ+oxb6IHRnVSuJgKHUasv1M/ohv98VPQMZ5qjNcfo9CZ3btRaSMdTF6N55WyC8OR5Q19MEQsGGAarXI5LVIFyHLp5I8wRIfMw809nt1P4xMv1fsfJ/zB+1sBRTG7SQ0bHH2FfNinewvz3SHCHCoQWPDylxdAp2I+MyZeF/e43Hc6/FRCMei08TvWZkgtiR7My8MII2PkGCKnkJ8Lv1o313oqZKi0HwDygRvrZmnfSHu7lhDXsInJAVbvy/jTp7gGNBbIxeQrOpgkVHFyGBpLzBJ3P0qEDBynFi1bxqHj7EL5C2Vg19ho9UAJbihnrAChY/LAqQ6gSnfhqouDOMsxs1lgMgGxaFBpFgYk8/AqxryCf8y6gJbAdGvtcmtQDodP0/xI9KcMkwsD3eD/Xy/Hh9y8lAyLSINm6DOl7eaCVf7WMsXpSYxOJBEbuBH0mv7C2P4a7QwWDvytLAp23nluEu6mdxN7U2njYPZes7b4ps03yWB5fuAqMWzRxmoS8L98sAKoBJVdNaMab/cUJsraeZY207ZZoSL9agLICARsmAQqQtakAILlzSSY3u5mXxGg2McfRgFy28jUxOQEAEWpxGjiCJGX32OFeXF+60WVENZ5+M=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(376002)(346002)(396003)(39850400004)(136003)(36840700001)(46966006)(47076005)(8676002)(2906002)(70206006)(110136005)(6506007)(52536014)(53546011)(33656002)(356005)(83380400001)(81166007)(82740400003)(336012)(36860700001)(478600001)(7696005)(5660300002)(26005)(86362001)(8936002)(9686003)(316002)(70586007)(55016002)(966005)(186003)(82310400003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Feb 2021 11:43:27.2725 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fc6a2b6f-2f17-4621-6861-08d8cdb914bb
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT028.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3465
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/PNoOyqmeUo7Xn3gdx5ZZwl8o5I0>
Subject: Re: [Rats] how does the Verifier work
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 11:43:37 -0000

> * Shedding some light into how appraisal procedures conducted by Verifiers actually look like will be very useful to implementers. Some experts are already implementing: I'd like to point out this quite open and inclusive effort https://github.com/veraison/veraison as an example that we can build on.

Thanks for the mention Henk, the Veraison project is fairly new but I've been meaning to send a FYI briefing to the RATS group. There is an overlap in the Veraison core team with RATS discussions (myself & Thomas Fossati), hence there should be consistency with WG output and terminology. The background to the project was some prototyping work done at Arm on how a Verification Service would be constructed. Discussions on what the scope of such a service might be revealed that the reality of diverse supply chains and ecosystems make creating a unified service solution unlikely. Instead the Veraison project concentrates on implementing components that can be used to build verification services.  We regard this as an industry problem rather than just for the Arm ecosystem, hence there is an emphasis on flexibility and extensibility within the project. Initial targets for support are EAT (PSA profile) and DICE. If this is an area of interest then the project welcomes feedback & collaboration https://github.com/veraison/veraison/blob/main/docs/project-overview.md.

Thanks
Simon

-----Original Message-----
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Sent: 07 February 2021 14:51
To: Michael Richardson <mcr@sandelman.ca>ca>; rats@ietf.org
Subject: Re: [Rats] how does the Verifier work

Hi Michael,

thank you for putting some attention on this reoccurring pattern that we encountered in discussions a few times. I agree with the notion that the scope of the architecture document now reached its intended limit and it will we be completed with its current content and remaining open issues (aka "closing the mic again"). Anything else will have to go in separate documents. "The architecture of the Verifier" is one prominent thing we should look into next. There are some corresponding and reoccurring requirements we will have to take into account, I think. Maybe it helps if I elaborate a bit on two major topics that came up repeatedly:

* Implementing RATS requires some kind of defined management logistics that effectively make Conceptual Messages move around. For Evidence, we have https://datatracker.ietf.org/doc/draft-ietf-rats-yang-tpm-charra/
to take on that task, but there are "other arcs in the diagrams" that point to the Verifier, too.

* Shedding some light into how appraisal procedures conducted by Verifiers actually look like will be very useful to implementers. Some experts are already implementing: I'd like to point out this quite open and inclusive effort https://github.com/veraison/veraison as an example that we can build on.

My expectation is that some of the presentations at the next (virtual) meeting will touch these topics already and if time permits, maybe we can plan for explicit discussion on these topics.

Viele Grüße,

Henk







On 05.02.21 22:31, Michael Richardson wrote:
>
> In issue https://github.com/ietf-rats-wg/architecture/issues/210
> and in quite a number of discussions in the design team, we ratholed
> on whether or not we were specifiying a normative description of how
> verifiers worked.
>
> In the architecture document we want to specify what goes in to the
> Verifier (from the Attester direction!), and what goes out of the
> Verifier (to the Replying Party only).
> https://www.ietf.org/archive/id/draft-ietf-rats-architecture-09.html#d
> ataflow
>
> We did not want to specify the other arcs (Endorsements, Appraisal
> Policy for Verifiers), but we did need to place some requirements on what was possible.
>
> For instance, that Evidence would be signed, and that Verifiers could
> verify the signature on it.
>
> The large X diagram at:
>
> https://www.ietf.org/archive/id/draft-ietf-rats-architecture-09.html#n
> ame-claims-encoding-formats
>
> which in many ways started the entire architecture document, remains
> an intentional black box from this document.
>
> It seems that there is a desire among some participants to more
> clearly articulate how many (but perhaps not all) Verifiers work.  It
> seems that with an appropriate initial narrow scope that such a document could be written by
> the IETF.   For pretty much all the cases of "perhaps not all", then it is
> probably the case that the specifics will be very specific to a
> vertical, and should be written in that technical consortium outside of the IETF.
>
> This email is basically the concluding recommendation of the design
> team: we aren't going to put this into the architecture document, but
> we don't object if someone else wants to write _Architecture of common
> Verifiers_, or some equivalently titled document.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.