IETF Logo Mail Archive

Re: [Rats] CoTS and CoRIM

"Smith, Ned" <ned.smith@intel.com> Thu, 14 December 2023 20:11 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8963DC14F748 for <rats@ietfa.amsl.com>; Thu, 14 Dec 2023 12:11:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1kFrgF2qS5E for <rats@ietfa.amsl.com>; Thu, 14 Dec 2023 12:11:03 -0800 (PST)
Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EABC4C14F61B for <rats@ietf.org>; Thu, 14 Dec 2023 12:11:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702584662; x=1734120662; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=hmPrLy3jOeWE99sCkYJBKv+VYZsx6xFCpG+8sn8FPjM=; b=H1cfbJ98jFIWb24MlYojFIQydL8yp+0bFM7NNjMlVMFbo3E3IBwy8tRI AS3+jmqtv58qZiHv34Y5UP0uR8386oTRZJ4O+HrsXaia5qQm87RLrbpIj Q2SKfGaBH6erEb71B5vnrC5jYv+86GNyaRYf0kl1RBzKrNyYnZhNWx4OZ QKMcYvBf3DaO0EJp1neITeGfMu8vhsbqoEbs0LFpvFOgqF58UcSs7H5u2 F2Oxy6ftsZBchhK8U/lb7pu+ZnueoO4TqTKI4Tq1ZrQD9sHVmpQ7HbErk x5j8fO2ohoR1urfrJS1+U/IX+UKIT4XZTZDfRzRpEN7p9NwpeziWvaDkc A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10924"; a="394924193"
X-IronPort-AV: E=Sophos;i="6.04,276,1695711600"; d="scan'208";a="394924193"
Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2023 12:11:02 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10924"; a="865132498"
X-IronPort-AV: E=Sophos;i="6.04,276,1695711600"; d="scan'208";a="865132498"
Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by FMSMGA003.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 14 Dec 2023 12:11:02 -0800
Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 14 Dec 2023 12:11:01 -0800
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 14 Dec 2023 12:11:01 -0800
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 14 Dec 2023 12:11:01 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XYZ555YZ8jz6Qab7WWgHUzI4bgBpSmbS+O+PfDqCmqg604listMNQBJSh43jVqCxPseRKEnEFiK34pgYCQH6thuH/BsNIxQdt371sRg+UuvGjwFU91quFHQ6FlijPUc99v6EGF5xoocv2pGZY4/vlu1CfgimH+6OvwoX+8mvbOK5c7hcO7JiAmfQ+WABEtyGfGCjj4c3LN37TSB1+lIZ2+t8RKYS7EiREaEt3hrO6P5J5p0voeTWFIk41KXgdgHcCaezP+OSBEyN/zzGNYLJZylfcUPfYWRUbo66owwrNuBLvVvN0ERK4d+cMc2W/8yiAgncsuYDBaEFQp/L60/mXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hmPrLy3jOeWE99sCkYJBKv+VYZsx6xFCpG+8sn8FPjM=; b=dPLCXqQLziNpE7CJbxg9NpJtpO4BsdobOLIxo4qbcYYr3vYfgc1914dA/1YJSLAiTvcKg6xTFXkgR2UeH6LI4Edet87QavpS21z6JR+x5Gz/a+GHPEBEWBPr+klLUPUW6UB44FB/uLEGV0U+nLBbqxw2pDG2xs78fuc4czE01s+eiUOoImU8S9xwQpcp+lzwCurii4kxl7A9Qa7ZlAaNX1tNu8W8JYoDhQzztPaCwYQjYsZX2LPJqVYHVnnON/fQLetMLmwgkAVpm5tDD+oodtmB61AWlYMUkyv6/GfxM506lNX3HXupvccIXp3R8bUkKOVZ/g7NaUUxXRAN51PdVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from PH0PR11MB5176.namprd11.prod.outlook.com (2603:10b6:510:3f::5) by CH0PR11MB5282.namprd11.prod.outlook.com (2603:10b6:610:bd::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Thu, 14 Dec 2023 20:10:59 +0000
Received: from PH0PR11MB5176.namprd11.prod.outlook.com ([fe80::229e:bf31:4ef5:49e2]) by PH0PR11MB5176.namprd11.prod.outlook.com ([fe80::229e:bf31:4ef5:49e2%7]) with mapi id 15.20.7091.028; Thu, 14 Dec 2023 20:10:59 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Carl Wallace <carl@redhoundsoftware.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "hannes.tschofenig=40gmx.net@dmarc.ietf.org" <hannes.tschofenig=40gmx.net@dmarc.ietf.org>, 'Yogesh Deshpande' <Yogesh.Deshpande@arm.com>, "'muhammad_usama.sardar'" <muhammad_usama.sardar@tu-dresden.de>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] CoTS and CoRIM
Thread-Index: AdouAROwOiptuSqcS027iEQuheLmzQAZVk+AAAZF7kAAA43WAAAC1DIAAAAvFgAAAKPEgP//1IAA
Date: Thu, 14 Dec 2023 20:10:59 +0000
Message-ID: <F8489D02-B2F2-4982-91DE-F58007B3CF41@intel.com>
References: <005701da2e02$6acec900$406c5b00$@gmx.net> <84e6047b-b87b-4053-8e5a-fb2c8347defc@tu-dresden.de> <AM6PR08MB43257B9CB8ECD1BF6768D2138E8CA@AM6PR08MB4325.eurprd08.prod.outlook.com> <013001da2e8d$bf3c08a0$3db419e0$@gmx.net> <66f72845-9aa8-3c05-0d89-4eea5652ae78@sit.fraunhofer.de> <4b9837d8-1975-e13f-3b67-db0e3da1ca46@sit.fraunhofer.de> <89A69594-7D1E-4FE1-937A-E277C28521D6@redhoundsoftware.com>
In-Reply-To: <89A69594-7D1E-4FE1-937A-E277C28521D6@redhoundsoftware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.80.23121017
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB5176:EE_|CH0PR11MB5282:EE_
x-ms-office365-filtering-correlation-id: 48623d44-0480-4106-0f3e-08dbfce0c9d5
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2TYLMfETR63D/Ow78nzKmESol7sKMmZ2diC48nPcjOqTGxA+miHL0GRLZ0e/lOtAE+64B8UXZ6uSqxqoT3bwXd4wF+le5cx4h+ccN5JMcK/UntJ0kvAk7uQn6LMOOL0jpaB2+CVS8ExP4xtMRSw2wzbYGt/EB8A7fraPmvNsd64wwZ5z27qcaCcMxJXqPxTFqHJTy+/HRXqhYxAiyDXAnkoob4GjejmYMcOtfYktYnyQ3gFUKOdRY0546YCAP3oYS8V1gV1u+Ih21u7sbJyn62446Os3vUVr6FIp1lI7VxwWHe/MR68DWS3tRzyoZ4qcj47hTmBDxpxk9BXrUkiD3S6nx3CsXwD854WjrAJZTISbQBrHjFKs/ArcVTWRq3AN3SSYsOcMGYHu/1uSqgDpZMpbKyJDBDUqPjJ6fVHX1H1F1dBxxWclhuPchVa+LUvr+wJ7LEu2o7BRU4oxH9sLFRQdbmdEMsyi1k7jILhi8ycK0pZmDrn0QHK3hAM9y20hEBGBak2GghjLQT3JpF95yo7okguR6ExUWlUfwuMAwQHMV5MHTyJNpVf0D+GUijuVHeIHHDr0zFwQ/H/F12sFV7aurTFLSrOwfvs5Rrmgw02A41fe7J2gPl0WX0t29Ut/d9DZ2WqOta+y+nZ1zEoAsI5b33Tzw4ajZiDkZX+QpKN6rjnZB4BLcuKTSTg4e0RL
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5176.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(136003)(366004)(346002)(396003)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(86362001)(36756003)(33656002)(82960400001)(41300700001)(71200400001)(91956017)(76116006)(66556008)(478600001)(6506007)(53546011)(66946007)(66446008)(64756008)(66476007)(38070700009)(26005)(6512007)(38100700002)(122000001)(83380400001)(2616005)(5660300002)(2906002)(966005)(110136005)(316002)(6486002)(8936002)(8676002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FwglXnO76KWZ/Qr9A+EYtnaO7S+gHgqIbpOWyOlv0zyUqOZbqOEQOc6Z0pXvlvqkml1+krtLGHwK4TPnfzOo0BhanQbKMsdGcks1A51Aew/yIux+mkLSU2FV7RQUsSw78WnMpnkfvD9Y1thtXPItlJyfmtEl500eKyhH7DPAfY7+R8tYYVGh2uMfiU0QyMOYY5yKtCaA/uX1ew4hYoZJ1Apq6lzDIqLtljelEy80oDlrytbyD+Dhp6h6+pEmdWhKm++k7s5IE11n80vryJdGeZUq74UFitOIE/4XGOaY5fHK32VJN7Xqc3lRpJ26wgo2OK2BskcjwZaSckGB3BRJ1jwxsPWvTRzXDDDhUobGgmzHTTAMF2hucBRZdu3p04aLvU1BU9wu2SMhcrkjLfJMBhOQURzqfNi/J3I3eIs4eTgToE408bZCEgxkb42Hpy/HpvHJYT/IMWH9r2gMg6x1Xwb82eOklQNlhMJCxiDti9L85scYdACz/Vkcj7UeL3J5dwCokXDFGZro91oQavNaUrlO0DbJMCR0S+xG8RZxwWlAI37KI6z+KwJWXgjIuEZI3zkSHbdBjM/WlIyVoM6KyRyERTbi4/+au3VOW7mLNU23tYtplzQDUtFEV5345IRUatdjIs/E+sSkH4OAPY4DDwJeZER7HqHm2Zr7tKtfihmrzxmcxDa6Q60el3grgrCOinEb7y4DVQ6Yyf6DbNLNABwpu32JnmRv+6bglVEIJcu7D0x2lKLaUc35j7PsY9VLU/yw6R5ImQxieNW363JjVBrvXzauzoTLYShzVKirnvfJAZHwPWGOXL9XazbLOz2H88M5pZWRHctY9UNojkL5ZNMuv/R0IqX18e/w0rBQmsP2o0moWl4NL0IF67ada1EhIFuyb/aAzh6Jr8ZWfjaViMmO3s/zgZ0rA4YLSyLJK0yl8MQXmhKch2W8BKhdWFFEydK2ZQw65sek+9mraIMKABRVLT83rhEwoJVvhxxXdtTN69X6DryEzjXiKaGFwmWENAHHHgniUjA/vEFE3sl3kvPFRj4SZTcgO/LWXDKJo/conHdmschRTBuuf+wDi9CIT0aTjM3oweVciOSbdqw8ZZc3T0W8VzZ+I//ZWKbGI3em3cMfTlTUZhgC02SxBff8i4+1s/rvBAdr4ZTFZnItetQ5xLuLz2gP2IhAx9BkBNbiSsDUkkhouNYBjoJgbzxp/cTP0MlIikDaxGE1NlK4FjH6LjvGnXV4DPQhX7ELMXFpHC5hJ4ZCkLiDLrx/FZTPpBPyQLoTcYYepAjz5sh1hutwvvwUpBivqeW6RgkO+nC7Ka1ZLi1opmc5Mj6NfVep/Zw1DHYpZmSnMzHS5zNOLqRDrBsKWbNrULdW4SehGjAI2yaBsLlJc1sJM0F7vBFg2LrsZRCQEopXMz68hm9sXpmf8lZ6fg1uvXSsV/h/6UMG0+cj9f+LbuSZ9wMxMzkrUUcOy0Td8NvUNxmOv9WOyYkmtp5NRNt8xZBHdEyVUC66AYLH9ICoMexAaFOR112Ppvsmati2b+Uz3It7O0mv/Ttk7SmystuM1+asjDjDWW0t2WcE/MPF/f9YphrGdizMegxrO43nzNfjlMeWSufTZg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <151444901150594CA88B73EB93865524@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5176.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 48623d44-0480-4106-0f3e-08dbfce0c9d5
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Dec 2023 20:10:59.2002 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3coa2ZYqqW97N2BTIyGH863FeCFKjY1qLDIikgHvYX5Kgnfo04v2UWe1HQmjm7YCCeDQF643TEB+PyuWHA3ZFQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5282
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/5C27C86Dt9HjPQDQcLmkxvmCc0E>
Subject: Re: [Rats] CoTS and CoRIM
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 20:11:06 -0000

> I think the change we should make is to not use the term "reference data" as shorthand for a CoRIM.

+1 (not as chair)

Since 9334 and I-D Endorsements define terms "Reference Values" and "Reference State", these are preferred to alternatives that are amalgamations of similar sounding terminology.


On 12/14/23, 6:47 AM, "RATS on behalf of Carl Wallace" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of carl@redhoundsoftware.com <mailto:carl@redhoundsoftware.com>> wrote:






On 12/14/23, 9:28 AM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> <mailto:rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>> on behalf of henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de> <mailto:henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de>>> wrote:




> Which text gave that impression? Could you please file an issue or even better a PR?




Ah I see. Muhammad's recently filed issue points to text in 
draft-wallace-rats-concise-ta-stores.


> https://github.com/ietf-rats-wg/draft-wallace-rats-concise-ta-stores/issues/3 <https://github.com/ietf-rats-wg/draft-wallace-rats-concise-ta-stores/issues/3> <https://github.com/ietf-rats-wg/draft-wallace-rats-concise-ta-stores/issues/3> <https://github.com/ietf-rats-wg/draft-wallace-rats-concise-ta-stores/issues/3&gt;>


The text of the issue that was filed is: "As correctly noted by Hannes, the introduction gives the impression that trust anchors are Reference Values. To me, this originates from the second paragraph of introduction.
Please clarify that trust anchors are Endorsements and not Reference Values." 


As I noted in a reply to Hannes, I don't think trust anchors are endorsements. It also looks to me that the architecture draft also does not view TAs as endorsements. See section 7.1 and 8.2 in RFC9334. I think the change we should make is to not use the term "reference data" as shorthand for a CoRIM. So: 


"The extension in this document aims to enable public key material to be decoupled from CoRIMs for several reasons, described below."


Several uses of the term "reference data" in subsequent text are fine, to my eye (though perhaps the more formal "reference values" would have been better). Would the above change help eliminate the source of the misimpression that TAs are reference data?









_______________________________________________
RATS mailing list
RATS@ietf.org <mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>

v2.23.0 | Report a Bug | By Email