Re: [Rats] concise-ta-stores
Thomas Fossati <Thomas.Fossati@arm.com> Mon, 27 June 2022 11:24 UTC
Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F2E6C157B50 for <rats@ietfa.amsl.com>; Mon, 27 Jun 2022 04:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=qWRMq2Mx; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=qWRMq2Mx
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQk2ltjVldyZ for <rats@ietfa.amsl.com>; Mon, 27 Jun 2022 04:24:48 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80059.outbound.protection.outlook.com [40.107.8.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BB56C157B3F for <rats@ietf.org>; Mon, 27 Jun 2022 04:24:47 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=IUTEloaqLyeqNrva2U759L3Cgj6ewbYJNHUIvJAjfCae3dKp1xpv7VX6stSBr2d4+YIC8t+qxjo23Srsg/xp1WfQsarb8Y27gKfEwWd7RYf3DgYGElJl+JAY577shkn7dM92Fp21pZvkf4NtZMpcdcBt3JjbwCfU5zvFI8SFvq07KbkviVlnSYcE7LoEWoi1IrCi/wef40V4SCkSzXK1X+wIQcj4C/6HK8aTNAu5ocoxQnzeSw6AfePOXHgxU9iSauG48dIbmjQcWVgcovllAyut8blNQhETyKxJxdc4jgIUTt+lCk21D6U33gqsbZYcVnLrBrZIpuRke5i46mjcbw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EH/oSX4shLjlNQLR+wh+/At6OXo/6Fgo/b7kBa2Fi8s=; b=JXJ3qgmB3QEWdPfThOV+i7sXeotktc+8OHTsOXzM3qkwB7kOlDUAXmS6WHduLBPlk4XVJBU9TVOZfMPK6b+4beSyThmeeXDh8ZOTqffTXxJ5eh/Lg7HuUIs/CLllEJtxvc1loM6oDbo0laKa8i9yrHjRQB5w5cR2kD6GxhOClqypektHkVqVJ3u18QhiQgzmYNLNa5pZyv+AfZP8Q7X/Ye5lOI5/u5bg/AWFHBvwXfF0ykCwXC3wvqaXv1qN2aCRl1G0mHcvVvCUZX/rVrVamjp+6I8XSkAPx0Y5xFEtK2R8kLdqOjXMY03/WEZlGp6xOjBdV4fKKq5zs3sp22VHug==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EH/oSX4shLjlNQLR+wh+/At6OXo/6Fgo/b7kBa2Fi8s=; b=qWRMq2Mxj+c63bfmE21chQaTXzIVzLS/eXEEFoMRFPTE5qvhwUO9YQfCFAmCiNcV7X83aihialqOBB6nf806ELIJdM7dqzhesvysTOWf65zrgmBAzPszR2SP+jl2GUlW1DRjvQm9T+6KCxPpILUQ4nigAHuzgEwSRASALi8+OWU=
Received: from AS8PR07CA0037.eurprd07.prod.outlook.com (2603:10a6:20b:459::9) by DB6PR0802MB2184.eurprd08.prod.outlook.com (2603:10a6:4:83::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.18; Mon, 27 Jun 2022 11:24:39 +0000
Received: from AM5EUR03FT047.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:459:cafe::6d) by AS8PR07CA0037.outlook.office365.com (2603:10a6:20b:459::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.11 via Frontend Transport; Mon, 27 Jun 2022 11:24:39 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT047.mail.protection.outlook.com (10.152.16.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.15 via Frontend Transport; Mon, 27 Jun 2022 11:24:38 +0000
Received: ("Tessian outbound 4ab5a053767b:v120"); Mon, 27 Jun 2022 11:24:38 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 328bc17dabd45c0f
X-CR-MTA-TID: 64aa7808
Received: from 035fe1b2e504.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 05839F43-F612-4939-982E-304E05EABA81.1; Mon, 27 Jun 2022 11:24:32 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 035fe1b2e504.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 27 Jun 2022 11:24:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hTQpXNUI83rpT5IwfB98099WOTBf59OczkIvKJfgzagNwWFe/WHRiyIWXhzn4cEP6chwbXGp3CWY5DUTAZsB0doHXkqrRm3fiyME/BGZukEsV3K6wSOIqsv2g1rGJM6mMJDk9GY8gVkt7RULfogbIRFM9t2kH6Mj62D+CvgFdzYsmWcvtRdbGXcqic8cTqiJtzwHmkr8QEL6I8ZwpZoav36f5KPj65bcLu4HQcTVdY2sgazDIOys+3GHxiuUh40mpyaWWE9KqKxyeVpcP4eML2WzpSuZJa5KO86u6HvraPwg410bW9Pvs3ylK/gkwIrqpKBB2i6LKA6YMnKCvxX/oQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EH/oSX4shLjlNQLR+wh+/At6OXo/6Fgo/b7kBa2Fi8s=; b=I8cbuZUw6ld2Pt8MKUFOhlvNXXTK+Q67r6GkULJs9BimETQFx1PfsDnt/pL0GjmDcZqVshx7KirQg0ZvEh3wFEak52Ia2zcMJiYvsUFuXxSpXNsVEW2hzxn2pQ4d1YzYcf2s/GI6iNIAjiTgmIbbe8YjjxESoabp8KplnDI/f/Q2FyT6qfkCreZtNiUkkgmW5uEgXrbpaQOGgZDParM6mpAmks+GTxakMGhwJjV7436LBDz8uX9GT7C76M8Vuc49s7exmsMrRX7wu5GMCufxK8b81CvzvAU3MD8YrXxqCAqA6TUtxF8dG9roIeBr05PGMi5zztDYsou/k/4sbmr+vg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EH/oSX4shLjlNQLR+wh+/At6OXo/6Fgo/b7kBa2Fi8s=; b=qWRMq2Mxj+c63bfmE21chQaTXzIVzLS/eXEEFoMRFPTE5qvhwUO9YQfCFAmCiNcV7X83aihialqOBB6nf806ELIJdM7dqzhesvysTOWf65zrgmBAzPszR2SP+jl2GUlW1DRjvQm9T+6KCxPpILUQ4nigAHuzgEwSRASALi8+OWU=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by VI1PR08MB3214.eurprd08.prod.outlook.com (2603:10a6:803:47::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.15; Mon, 27 Jun 2022 11:24:28 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::a45e:c9e6:74af:caff]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::a45e:c9e6:74af:caff%3]) with mapi id 15.20.5373.018; Mon, 27 Jun 2022 11:24:28 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Carl Wallace <carl@redhoundsoftware.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: concise-ta-stores
Thread-Index: AQHYh1J3bDn/GTcIZkK30f/4nnJSB61jHq2t
Date: Mon, 27 Jun 2022 11:24:28 +0000
Message-ID: <DB9PR08MB65246370C56E3629399676DD9CB99@DB9PR08MB6524.eurprd08.prod.outlook.com>
References: <C3323069-1BDF-4229-B912-02BF0AF1DD29@redhoundsoftware.com>
In-Reply-To: <C3323069-1BDF-4229-B912-02BF0AF1DD29@redhoundsoftware.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: aad9e469-0665-4052-1af4-08da582f9f73
x-ms-traffictypediagnostic: VI1PR08MB3214:EE_|AM5EUR03FT047:EE_|DB6PR0802MB2184:EE_
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: sqpYMA+Xywl2HyY3+DjtEa11V6xXiw4JN6PRSeR5/pi7TlJ1wPZBfRHt8IFalGQ4IjDICQx5IoSZFTAmnNE6VIKE4x5Q9M9xWYAbtVD+E1o9Y7pygHwf0v1ntttioiVWhJu0s1jqko1ick7cDt7KLh8AFurcLj9DyM6KnFn+MWdBdPjZXXx65EVXJYuIwX79OtYqWPpHoJTdG142kn0x3GkYQVGKcYjhh/kYhqymMeQuJW1nJOcQrGnMknbON1VTDqxrPn4OtK+udoJSEI0eZT1Radyo8nAknYnL3uLDazcN/g2zS3nHI/lW56JH7drTLKjE75qIgcFx8nGepSOOVvKc3yKBlVdEurGsuwzksOR96Htpvgu24cNOlGtJff8htkvl8qyWCgbYY/hkFKSzDeo670xhI7eRWeHQlVwxb0IhaZb59FHfmgX1hCReg5FrXF3El7WIOJGxOxTW1n5vRnQkzGEUlOpN2Oykryd9RIDhA2vK8Xb7PR0TrEIrNlJ1oZ8Aqn5K2Lnrj6/oMCP69jM6U8cMx+FNEA7lmYcUCBzlXKLDfz2ErWrRugdpXdek8aBg5BSJaXoghdXe/eIJeJK+c5O5zs+swlIgnLv8LOGWmmZIDcvnVbVbvU5I44Rxp3sSz7i1VW8J8A3YPmy8zPlK3cXMZvsMRPjbaD36Nu9ACKZbY2rtgzZjce9BFggGotu4f/pVxtc/uQOB/Yxkp2rYJcdDALzl5FkuyGhB/LQsEQ9jO5/XpB8vVyKy7xfnFxRtfrY0eevtxJ7YOueRhvrH8vnA6jVe+kACmyhIu9goEzthvn/YOTnLxjDnTuMPuZEA4lsZc15pkK2dZgDdBHrMIs7RDgSaDzSVZemtlI4=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(39850400004)(396003)(346002)(136003)(376002)(8936002)(76116006)(52536014)(86362001)(38100700002)(2906002)(5660300002)(9686003)(110136005)(122000001)(26005)(66446008)(41300700001)(33656002)(966005)(9326002)(64756008)(3480700007)(55016003)(91956017)(83380400001)(316002)(6506007)(186003)(8676002)(7696005)(66556008)(38070700005)(66476007)(478600001)(71200400001)(66946007); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DB9PR08MB65246370C56E3629399676DD9CB99DB9PR08MB6524eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3214
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT047.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: b649a6b6-8693-491c-897d-08da582f9955
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 97dr/cduXKdXIbadkeFvtxuWLGNkXXnZUjrp9dNuW82yfJqKvY5fHit6GxStigW7wXv7SgtHRxfhyGTshrTYGwNXhmrxUzRbKdUUt7ZeMeopgME7LT+gChGFyWlm8VTrCFC4nCVFYCHBmJh3MYqHE3q1LSYYcHBDhxI0OuRHXkOFzFhH9IwwE9kK3FeaR8CVwVohMOMF/+lLcKU4IGYxLC1qC1ZlCN92UH6FgNmQH2eejqotK7USipZU1uMP+ceHCy0njdBWc7rCgqbd9+GjKzhOxOh1x5kU5JYgxj4UBcmPtE0VixERLaHLv7Xh5xkmqIkk8msuidhNIMR0g74ItSx2QLuSKjtLAGbRJbDw5SBxuN/aGPS6KJZtpFT/bX1VSjF83PB+NIM9UDTdob8hVnPUpLuXO8Jdxiw9GPn/iJozfl0V+anV1Z6xLY04qwtgmTUFVCw9yYnWOaclspU3Q1hN/u3McaPDMZYjXpzMQHa5tL8TugpCd8O5Ip+r/BZb/fFCG9wcRoYf5+O1NNINRygkCW7XDXvBa55Xx8cShaQxvhXiC0wuoasgC0EXZq9Zh+fgnrL5GNWPCxY60E/cBWTtEeBPTbw+yuJp/Qnx2MqN1PMVoPh7XUt2Nb+J41akDhqtCmo3b063Xw/VYPfpFVACVS0o59kw8vQuOCGhqcstwqZCYWfJwkhW8n/89w7f3Iu4/Q1SSvrceYKfrFqV6fGLQNyzMH78+TdSzzGznRtt/BPyS25E/1Y+y0A0Y0H2mjShsnLFEarc168Mx1yD7Hzz0fvgARSN40gx7eyMGPujiDVJtcXEs9DVxHvlZCP7qiIdKWlF6af9bPSZ0v39T7STKPXur+WOfhPzpzJgQbc=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230016)(4636009)(39850400004)(346002)(396003)(136003)(376002)(36840700001)(46966006)(40470700004)(7696005)(336012)(41300700001)(81166007)(8676002)(110136005)(83380400001)(5660300002)(316002)(356005)(966005)(82310400005)(40460700003)(86362001)(9326002)(26005)(70206006)(186003)(55016003)(33656002)(2906002)(40480700001)(70586007)(82740400003)(9686003)(3480700007)(47076005)(52536014)(36860700001)(6506007)(478600001)(8936002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2022 11:24:38.7393 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: aad9e469-0665-4052-1af4-08da582f9f73
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT047.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2184
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/iOAfLJWym2g8eGE5LtkzuCFtw9Q>
Subject: Re: [Rats] concise-ta-stores
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2022 11:24:52 -0000
Hi Carl, > Carl Wallace <carl@redhoundsoftware.com> wrote: > > Below is a link to a draft that was submitted yesterday for > consideration for adoption by the working group. It Is an extension of > the Concise Reference Integrity Manifest spec > (draft-birkholz-rats-corim-02). It aims to enable decoupling of TAs > (and CAs) from reference data and to add support for constraining the > use of trust anchors, chiefly by limiting the environments to which a > set of trust anchors is applicable. > > https://datatracker.ietf.org/doc/html/draft-wallace-rats-concise-ta-stores-00 Looks like a very useful addition -- in fact, it's an enabler for virtually all RATS use cases -- and I think it makes sense to frame it as a CoRIM extension. > A fork of the source repo for the CoRIM draft with support for this > spec added is available at https://github.com/carl-wallace/corim. > Note, the source does not yet reflect a change made this week to add a > unique tag to the concise-ta-store-map type and will be updated to > reflect this change next week. Awesome job. Looking forwards to see it merged into mainline veraison/corim. Cheers, t IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] concise-ta-stores Carl Wallace
- Re: [Rats] concise-ta-stores Thomas Fossati
- Re: [Rats] concise-ta-stores Ira McDonald