IETF Logo Mail Archive

Re: [Rats] Reminder on RATS scope

"Smith, Ned" <ned.smith@intel.com> Tue, 11 January 2022 23:54 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 455A53A16B1 for <rats@ietfa.amsl.com>; Tue, 11 Jan 2022 15:54:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.673
X-Spam-Level:
X-Spam-Status: No, score=-2.673 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rmq-JJo_EDiu for <rats@ietfa.amsl.com>; Tue, 11 Jan 2022 15:54:21 -0800 (PST)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF1BD3A16AA for <rats@ietf.org>; Tue, 11 Jan 2022 15:54:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1641945260; x=1673481260; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=OBen32s0jENQHJhxinfj37w+dupOL9+hhNGXrRzulZ4=; b=SuzuLw2qLRYIsKyxbBmIE+Tqap7EoHrM+kGnGzNP+kYZVMD3HivmGpwL jjfVqiL5mXXZIy96kcGTFC57qce3ZZMWRaZafx3+Uo2zxKSv74EC6bSeF J7bQpH4fxccLQUDwI+UdCqPsyiPq4PsNcaDuCRK9hmPhjY+hDM53W2Vs2 yBHSeow1h9EKGVmxqNq8iNbJpTYvlsmHqhYVKgNsgOOtgW9mm170wMg63 ld0tvBGqToKr/EwrBF5FvcQZKJWykLt8ZX4us54L60AEjb9zxQ2mRWvjX N1Mju7YxH6jWMjOds4dlQdcchQYDAHN+XwkR28Hy911C7DghJ4NhplU0f w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10224"; a="306973144"
X-IronPort-AV: E=Sophos;i="5.88,281,1635231600"; d="scan'208";a="306973144"
Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2022 15:54:19 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.88,281,1635231600"; d="scan'208";a="558528637"
Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga001.jf.intel.com with ESMTP; 11 Jan 2022 15:54:18 -0800
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Tue, 11 Jan 2022 15:54:18 -0800
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Tue, 11 Jan 2022 15:54:18 -0800
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.173) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Tue, 11 Jan 2022 15:54:18 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R9o3N5zZ3XG2Fa/fHDanjZNZ+IAA2gcrgG4lcAGmLOWjU4QRcBGyvd4pUEs+TJdaQSAGYpXLvDTwdQ6tSiZGZQ8ZKav1nad2euhhH1Zd5pjbOececp/uCjbkRJLdPU3wlRqKjco5id1Ca3FH4zIum8VEsC6CHkvakbzkHQSiyDtezeQRzTsWWJNR7bArNUqfejHBg0awdL5MyyhCfoC2mbbSdXCkXHr7wLS9kbUnVYI0rBBiSN7KUxKKJ+19yNu+YFS4BJIcwTyyoegN4L64EAqhpuXYGC9c37WA/U1BC1XqqrJyXSdJsubAwF/5iT50WytmI7td8UamJJJjo5vqxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OBen32s0jENQHJhxinfj37w+dupOL9+hhNGXrRzulZ4=; b=Pkn6p1i73B7APOJFzLooD6DmpN7W5kHoqbyJMxs2oXNyoyvmWIKzZ+/pqOG02gSKZvAxOoLwicuYqOGYIY/t/D7l+Y1CZ0OX4NGqFsv92UVAyzsCfETWvUGVLlrGadZH8j24/aTiN+r4r7CXNzB6gRSi8cQbKfpfnLTCq40H4fXI/I5jRTOi/EbMDPFe50wNS8bG0VzqPVp1+fgwAAAQRhijnwMRWyMU6/8nNyJ69IUC+j7SppDkHDiV8qxTYmdG7f9W1lfK/XuUNKFx3Fus8mQEeg8slv2r1qjY9/ttPJ2pWSMgIWd1DTFc1sn5o+SSyQLI04Puyt1ophKhf+h2gA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by BN7PR11MB2865.namprd11.prod.outlook.com (2603:10b6:406:ac::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9; Tue, 11 Jan 2022 23:54:16 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::9c3e:c3a:cb71:837a]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::9c3e:c3a:cb71:837a%4]) with mapi id 15.20.4888.009; Tue, 11 Jan 2022 23:54:16 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Roman Danyliw <rdd@cert.org>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Reminder on RATS scope
Thread-Index: AdfxEbHExsq1chsfTimebwv/Zqtb4gEmyeMABGPXbOD//46JgA==
Date: Tue, 11 Jan 2022 23:54:16 +0000
Message-ID: <06ED70D6-CFDD-4F9C-B59E-675382B13F78@intel.com>
References: <BN1P110MB0939C792A41D7012EA7C94C5DC759@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <e47777cb-30ea-5976-2506-1503f9a4b85b@sit.fraunhofer.de> <BN2P110MB11076EEC8A3DA9B96CF34F8BDC519@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB11076EEC8A3DA9B96CF34F8BDC519@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-Mentions: rdd@cert.org,henk.birkholz@sit.fraunhofer.de
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.56.21121100
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d244dfb5-bf60-4f8e-a0f9-08d9d55dad49
x-ms-traffictypediagnostic: BN7PR11MB2865:EE_
x-microsoft-antispam-prvs: <BN7PR11MB28650F6469F3B07990EBD629E5519@BN7PR11MB2865.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vbe+MA+vv5q8oFNqsDib7GMdIHnzAfZoKfcQctUTruHAKWyBsZT1KxgfR+3KRpPF/FwdZENkv7ujY+QHXniLA/fSN5/tRjdqMIqNE51MreC7QhZkTtarcUMh0V89e03NfdIj4BEeBoCvs7fIwPbusW2WHXFPzAe5nRBfS3UhVyKZ2q0nlrpSA3tiWfp7eRNa2L5tJjiRaOmltR9NUdLxfaf1ws92AuvWM0oAdySmMoDUcbSsPWgZoF4ERvo2Gb2r7BelB0EAZqhYfewZWtJxFCe5p484rIta/7r7/E8JUDvhK9BJaWbkfqgk/EFuxCq3BrFksri2KPC92DfKFgb0ztdxUsTbHl7ZxQCcH/pFUyD5E4ca7GC03TMgBc70tY17AqB/auQN1JIZ1jSxPAJZyus52JyB1wz9OjME+Dk+MPHUTaPyzt8aRFleLc4Ur0p2dpyNFqAH1cVAWLD7T81JtKf6jOn5RngwT3kdFiV1gBWDUyZlRBQKZoVBHU1Vz5lXVIpy8QZTIXIZ/rWIp+7F31Vigt3EZiOsLWzmHlULDSjCUF+7k0xBS9XKfsbBnDj8r4ISRJnFCKo3Pg5aFsU7/sYMPMYVGKHUwM9JodK+0Q6T5wXcFmdDya7rj+55yv+dXWAPUxLIqBUyzs0jsUTqP75ltdWy4CINfqYLfgtxOEDeqYLXi+8bnaqKLu74fKVuEktXo240yeu/T5BALslF8StktwD23szoZyBSQc3L3QgwWdljqg2QKWFbwImoYjBIvcYRSJqIkRNQo0qnEO9IIlkH7uGdm0LdIDMehrn3JxRRolvmG5cAHmnf5jSd73TYT3ZkrgK+PFRXlU2m78HLn5lt9pc3F27MhTE3dMJmJAk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(66446008)(316002)(64756008)(66476007)(6512007)(8676002)(6506007)(53546011)(26005)(110136005)(66946007)(66556008)(6486002)(186003)(76116006)(71200400001)(82960400001)(8936002)(83380400001)(38100700002)(122000001)(5660300002)(33656002)(36756003)(508600001)(38070700005)(966005)(2906002)(86362001)(2616005)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eQA1i/IdE76QTQCTcZgf6BS7QbU1W6GIcu8mzUxbwKlaoYvMNsVHHLQ+BxXvr5vDVs8koTZH3sEUNQEstdByrZs2ig3+kUhbvt8QeDndu4IOKppSOzpbFtd1hUSxJujsk6QjepvX9B+48ixF4mpGCUm/1IzyJ0MPUuD17VTP3mvcD6l8Mhb7EFsqVCFURoGPhJMOj64mjqVh6zglebuXKHd3ZqMZajdglTViIYjeaZyVHTd2qKPpiu/0r3UXHAEz45xszeJdgOWYwVLfsq65pN3WlES47AuHLh6+ZhP1h65/7QqTUixvXgOd3cx0iyY93sbMViwkJuGrizAOdGJizKJfwLmsFIW9n4j7GuRbNfODcGpAzkENnfTR3g1PWcF4dGMRzPZHBfi+C34BmhAmaN5VWj9tplkoX+WLuFoHJ8u8tn/MGRJZrWV3eiq+9wZsyK/XzvfRyztpHGvFpedr8Y93L+8E2IC1S01WCpDVNQ6LpOBy3jt2ntxwc/njaKT7vldl/5+JJoGRgRLEkEVoBrLx8zeizpTFuhP7khH11l61WXgNBe6P97tAsNZYhNjlULURh9kZsWpVtMC2/REFI+T/MTbuh4WWsbiYeqbhsl4D2PdYuXQQqDLFxCtnRURiZc8UTgGqr4v3G8sGbhSKdwsQOW+rrCSmuHrZcASgokE4IUaTat2VG4LpbvTiPCOIYWiWTIn7sdOQT2aZ89xJJPlP/lPnFPyh9fYe35zCdIBNEei/YJtU5/6OaOMDUVSq+KR2+TRA0nYUrmtXrlwhdYoGl0vNtmWCuo1wb7nnioIInvIEQ00BFZQmaa50gv8BqrK/U8HZNM/NB8cuyt22jodUwm2AP6B32EZFJmHtB9Y9pBRNMey3xvUDobwEbvOqWkwObHKnmi61IU07LgkId3lphfLsjsLddt7gjPXtDbvMnzW1DY7brUJRuu8pIG00qCD4dVeNKbQQrGtlriBJomdfXZ9lPsCRgMx8GS3GplFutaGo4bTeAP0yi8sF4mob9o0NZLX5r2e0bP+/4uYo2E/RvF0ThhHJeNkgjN/lQy5VbEsLlzmGfvWdFHW5v/V2HkSbsQxaUoz7oyGYPPIQVUE6lyVzCzmcpGwOPunQJvlzQIsDvWxqgJQOMp9FpgBYB+y/Rrbkc9ewqS1d3LuEVjXIxf/d7nB2cxjILRdrFSjjC5HzlsaGUIahtInjkT1+eh3xwRa07PULI1YkFJEqOZ/yPpinwdZw20HVpm7zF2SKyISomEXaZS0vFg141qkciW5z7t6/I3bQuX5gY9QXw5RcVOA6fOr724Q0CwtWIFion/vhWxVnq4kldTltPN+YmUulGcFtE1rV01QtHfvzvC2glpczuq2q0WkLXnc1id0NrM6uSnlR7VvFlRKd1VO4lHLJkWY6kzvH0jhByHejQKlOs3PxbAYBal1HDnk+5x2HCvo3rjA3KbQtx0x612L5I2VhdJ+pcRy8jSLztBI1QovMZZ7EhCShCKYTr0Og5/xk5XTgX5ZWcBduirYQK/5cmojcNT10t0qEDVUYws5Tvnwuu6F3WXYkwTH993iqi+z7tpPy5qReP+jPicX2q/7wsExe5/fnYFcI+xQN9Qt9YoviCSNL1tWBMd1Je9ld4SU=
Content-Type: text/plain; charset="utf-8"
Content-ID: <C7CA6F0179F9A447889B225A88E9B25E@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d244dfb5-bf60-4f8e-a0f9-08d9d55dad49
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2022 23:54:16.4188 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UEZyhvgx9xwBzJ2GlcdChxZV24IVar1PZxA7LPBdPpcP1DF5RTZv5F9zBHrB9w6Ua0ghm8FCizdh0YAqpftLWQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2865
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/1ysZWY2obaXnvg0bm0s42fPn8S0>
Subject: Re: [Rats] Reminder on RATS scope
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2022 23:54:25 -0000

@Roman Danyliw, Thanks for contributing to the discussion!

@Henk Berkholz, Thanks for capturing proposed charter text at https://github.com/ietf-rats/charter/compare/798fd27...2nd-RC1 

I assume someone will incorporate Roman's suggestions into the git repo so that all list members will be able to review the proposed text in toto? 

Maybe it makes sense for those wishing to voice objections or who want to suggest changes, to do so by the end of next week to bring the thread to a conclusion? However, this might be contingent on the proposed charter text on github being updated in a timely manner.

Thanks,
-Ned


On 1/11/22, 2:57 PM, "RATS on behalf of Roman Danyliw" <rats-bounces@ietf.org on behalf of rdd@cert.org> wrote:

    Hi Henk and WG!

    I don't want to micromanage the creation of proposed charter text, but I would suggest we leverage the clarity we got from the all of the hard work on the architecture document an enshrine it into the charter text.

    A way to repeat the same charter scope we have now using the language of the architecture document and add the new proposed scope (cribbing from Henk's words) would be as follows:

    ===[ OLD

    Goals
    =====

    This WG will standardize formats for describing assertions/claims about system
    components and associated evidence; and procedures and protocols to convey
    these assertions/claims to relying parties. Given the security and privacy
    sensitive nature of these assertions/claims, the WG will specify approaches to
    protect this exchanged data. While a relying party may use reference, known, or
    expected values or thresholds to assess the assertions/claims, the procedures
    for this activity are out of scope for this WG (without rechartering).

    Program of Work
    ===============
    3. Standardize an information model for assertions/claims which provide
    information about system components characteristics scoped by the specified
    use-cases.

    5. Standardize interoperable protocols to securely convey assertions/claims.

    ===[ Proposed

    Goals
    =====

    The WG has defined an architecture (draft-ietf-rats-architecture) for remote attestation.  It will standardize formats for describing evidence and attestation results; and the associated procedures and protocols to convey this evidence for appraisal to a verifier and these attestation results to a relying party.  Additionally, the WG will standardize formats for endorsements and reference values, but protocols and associated procedures for conveying them to the verifier are out of scope.  Formats and protocols for appraisal policy for evidence and appraisal policy for attestation results are also out of scope.

    Program of Work
    ===============
    3. Standardize an information model for evidence and attestations results scoped by the specified use-cases

    5. Standardize interoperable protocols to securely convey evidence and attestation results

    6. Standardize information and data models to securely declare and convey endorsements
       and reference values.

    ==[ end

    In addition to the charter text itself, the charter would need milestones for this new program of work in #6 (of the form "<date> Submit <deliverable name> draft to IESG for publication").  During this discussion I would also recommend revisiting all of the existing milestones which are 6 months - almost 2 years old in some cases.

    Regards,
    Roman


    > -----Original Message-----
    > From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
    > Sent: Monday, December 20, 2021 9:21 AM
    > To: Roman Danyliw <rdd@cert.org>; rats@ietf.org
    > Subject: Re: [Rats] Reminder on RATS scope
    > 
    > Hi Roman,
    > 
    > we tried to create proposal for a minimalist change to the charter with the
    > intent to allow for endorsement and reference values to be in scope.
    > 
    > > https://github.com/ietf-rats/charter/compare/798fd27...2nd-RC1
    > 
    > Viele Grüße,
    > 
    > Henk
    > 
    > 
    > On 14.12.21 18:40, Roman Danyliw wrote:
    > > Hi!
    > >
    > > Congratulations to the WG on the recent push of documents heading to the
    > IESG or in WGLC.  I am enthusiastic to see this progress.
    > >
    > > As the WG considers the future work that needs to be done, I wanted to
    > reiterate the charter scope [1] in terms of the common language we have
    > established through the architecture document [2].  I appreciate that there
    > might be ambiguity as the charter language wasn't written with the benefit of
    > this common terminology or the insights the WG has gotten since starting in
    > 2019.
    > >
    > > In scope activities are:
    > > ** Architecture (to include extensions, but not alternatives) and use
    > > cases (plural) documentation (informational documents) for RATS
    > > regardless of which components are involved
    > > ** Protocols, formats and procedures for the communication between (a)
    > > the attester and verifier, and (b) the verifier and the relying party
    > >
    > > Out of scope activities are:
    > > ** Protocols involving the endorser, reference value provider,
    > > verification owner, relying party owner as their primary focus
    > > ** Formats for endorsements, reference values, appraisal policy for
    > > evidence, or appraisal policy for attestation results
    > >
    > > It has not escaped my attention that a number of the individual (unadopted)
    > drafts [3], some under WG discussion, are out of scope per the charter.  I leave
    > it to the WG to consider if they have both the energy and interest to consider
    > broader scope.  I would strongly recommend that the next time the WG
    > updates the charter with new scope, the terminology be harmonized.
    > >
    > > Regards,
    > > Roman
    > >
    > > [1] https://datatracker.ietf.org/wg/rats/about/
    > > [2] Figure 1.
    > > https://datatracker.ietf.org/doc/draft-ietf-rats-architecture/
    > > [3] https://datatracker.ietf.org/wg/rats/documents/
    > >
    > > _______________________________________________
    > > RATS mailing list
    > > RATS@ietf.org
    > > https://www.ietf.org/mailman/listinfo/rats
    > >
    _______________________________________________
    RATS mailing list
    RATS@ietf.org
    https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email