IETF Logo Mail Archive

[Rats] Re: Call for adoption: draft-deshpande-rats-multi-verifier-04 (Ends 2026-04-24)

Henk Birkholz <henk.birkholz@ietf.contact> Thu, 23 April 2026 09:28 UTC

Return-Path: <henk.birkholz@ietf.contact>
X-Original-To: rats@mail2.ietf.org
Delivered-To: rats@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 58874E18CE19; Thu, 23 Apr 2026 02:28:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776936480; bh=ifLs/tzj4Nu++aq15BeFw6yK2MSSc2VaR41fqnO7CHg=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=yJUuq41c1QrX3orhIgvWWwHS1weGQwFFY6aCAsfMau4gtwbqp/GctMstal7Ko8zS7 7V0IxQhe/a01mmnRysM8xTXs41URlMTDlQsIauSXGsDrd8a/si2Tgrhfk3+Wgci4/S Qj4aFVhBGunX55dvRBGj9hchYv8aDe4e2cTy67Xw=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.423
X-Spam-Level:
X-Spam-Status: No, score=-4.423 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.624, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ietf.contact
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49_jL4a6XyQ1; Thu, 23 Apr 2026 02:28:00 -0700 (PDT)
Received: from smtp04-ext3.udag.de (smtp04-ext3.udag.de [62.146.106.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EC130E18CE04; Thu, 23 Apr 2026 02:27:59 -0700 (PDT)
Received: from [134.102.118.211] (eduroam-pool7-1747.wlan.uni-bremen.de [134.102.118.211]) by smtp04-ext3.udag.de (Postfix) with ESMTPA id E43FCE0490; Thu, 23 Apr 2026 11:27:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ietf.contact; s=uddkim-202310; t=1776936473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=N7Tg81D0X4M3VTHpHCM5CQDPkj3s0bGPdf074CwJxCs=; b=ZxEyT8P6GSSgST4x+cACRef09z/vESdoXy8/hGZNrc+vJs6C6y3BDs3qbklc1etntPuQGV ov8+CWKzSOhpEaPaFsZ3C6G60o9RaNl5iL6G+rNijQFn7XTwFP01sxGn4SE7ZqW8SWdGXQ WXGdtA/Rwnw9QhbO/JZg1wcRmjik/abUZlsewLw2XfMIfbHCzaXpvWqxyauNSCwpbd0gsJ IwVmlxkK627XM4biDDzreHQPclLgqqkBF5PABE5CNF/LDgjITgTV/a9/hBoKZUU/92uWaM w6+yJnRXDtj94ce4zgN5/F2R7ks1gvAuNN/3ya8Se5k6xvGecc1yicCYR0ldfw==
Authentication-Results: smtp04-ext3.udag.de; auth=pass smtp.auth=henk.birkholz@ietf.contact smtp.mailfrom=henk.birkholz@ietf.contact
Message-ID: <cc2c2cde-303a-bc8c-bb60-65150fb469be@ietf.contact>
Date: Thu, 23 Apr 2026 11:27:52 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Thomas Fossati <thomas.fossati@linaro.org>, Manu Fontaine <Manu@hushmesh.com>
References: <177643631672.70056.16474393035056250188@dt-datatracker-b45949c58-5szpr> <DB9PR08MB8699985F787BAF9E21A0C32FEF2D2@DB9PR08MB8699.eurprd08.prod.outlook.com> <CAHu=PL0k6=JNp=CT9j_PJ68eTD+e=uf+0SnDh53a=asNKAyWzg@mail.gmail.com> <CA+1=6yctQw6HB1nhjXS5CmqZfbUvsGA=DhCucB3UudUN9HNgUw@mail.gmail.com>
From: Henk Birkholz <henk.birkholz@ietf.contact>
In-Reply-To: <CA+1=6yctQw6HB1nhjXS5CmqZfbUvsGA=DhCucB3UudUN9HNgUw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: RQD634WLBJVNLH7CJ6EXY6FEBBJTRWSP
X-Message-ID-Hash: RQD634WLBJVNLH7CJ6EXY6FEBBJTRWSP
X-MailFrom: henk.birkholz@ietf.contact
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Simon Frost <Simon.Frost@arm.com>, "rats@ietf.org" <rats@ietf.org>, "rats-chairs@ietf.org" <rats-chairs@ietf.org>, "draft-deshpande-rats-multi-verifier@ietf.org" <draft-deshpande-rats-multi-verifier@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: Call for adoption: draft-deshpande-rats-multi-verifier-04 (Ends 2026-04-24)
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/3yq0MvOuydciLFVqeBpSM9LwXdI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

Hi Thomas,

what I assume you are trying to express is: the RP has to trust the 
Verifier - not the Attester! - in order to assess the trustworthiness of 
the Attester.

If you mean that, that would not only be correct, but also illustrate 
the difference between trust and trustworthiness well.

I can only sound like a broken record here and repeat that the use of 
"TCB" outside of an Attester is confusing, misleading and will lead to 
severe misconceptions.


Viele Grüße,

Henk

On 23.04.26 10:13, Thomas Fossati wrote:
> I don't know if you have a specific system in mind, but, in general,
> the Verifier is part of the RP's TCB, not the Attester's.
> The quoted sentence is accurate in all scenarios I can think of.

v2.46.0 | Report a Bug | By Email | System Status