[Rats] Re: Call for adoption: draft-deshpande-rats-multi-verifier-04 (Ends 2026-04-24)

[Henk Birkholz <henk.birkholz@ietf.contact>]

Hi Manu,

the authors, some significant part of the RATS WG (I assume), and 
definitely me, scope the term "Trusted Computing Base" to *only* the 
Attester, on which that term represents the set of Attesting 
Environments that have passed remote attestation plus the set of Target 
Environments that have passed remote attestation.

Nothing more.

A CSP ist not a TCB, a Relying Party is not a TCB. We should find very 
different terms for any "TCB"'ish thing that is outside of the Attester. 
And this is a hill that I'd be willing to fight for (please note the 
missing "will die on" 😉).

Let's not overload yet another term, please. Just compose a definition - 
that is what is important and name it conflict free (maybe by prefixing 
some existing term with some qualifying words).


Viele Grüße,

Henk

On 23.04.26 00:46, Manu Fontaine wrote:
> Apologies for not participating actively, I don't have enough bandwidth.
> 
> We agree this work is important; our perspective is that all relying 
> party trust decisions are compositions, which require multi-verifier 
> architectures (we currently operate a network of "verifiers of verifiers".)
> 
> We also strongly share Usama's security and privacy concerns, which 
> amplify with each additional independent system. We wish RATS approached 
> the problem from the relying party's perspective.
> 
> The full CC value proposition can only be achieved by minimizing trust 
> dependencies all the way to the relying party. This proposition degrades 
> quickly with any additional independent system added to the attester's 
> trust base (we sort of disagree with the sentence: "The Verifier is not 
> part of the Attester’s Trusted Computing Base").
> 
> We hope these issues get addressed later.
> 
> Thanks,
> M
> 
> 
> On Wed, Apr 22, 2026 at 6:42 PM Simon Frost <Simon.Frost@arm.com 
> <mailto:Simon.Frost@arm.com>> wrote:
> 
>     I support adoption. The need for multi verifiers is growing and
>     adoption will help bring an appropriate level of rigor to address
>     the challenges from the additional complexity.
> 
>     Thanks
>     Simon
> 
>     -----Original Message-----
>     From: Ned Smith via Datatracker <noreply@ietf.org
>     <mailto:noreply@ietf.org>>
>     Sent: 17 April 2026 15:32
>     To: rats@ietf.org <mailto:rats@ietf.org>; rats-chairs@ietf.org
>     <mailto:rats-chairs@ietf.org>;
>     draft-deshpande-rats-multi-verifier@ietf.org
>     <mailto:draft-deshpande-rats-multi-verifier@ietf.org>
>     Subject: [Rats] Call for adoption:
>     draft-deshpande-rats-multi-verifier-04 (Ends 2026-04-24)
> 
>     This message starts a rats WG Call for Adoption of:
>     draft-deshpande-rats-multi-verifier-04
> 
>     This Working Group Call for Adoption ends on 2026-04-24
> 
>     Abstract:
>         IETF RATS Architecture, defines the key role of a Verifier.  In a
>         complex system, this role needs to be performed by multiple Verfiers
>         coordinating together to assess the full trustworthiness of an
>         Attester.  This document focuses on various topological patterns for
>         a multiple Verifier system.  It only covers the architectural
>     aspects
>         introduced by the Multi Verifier concept, which is neutral with
>         regard to specific wire formats, encoding, transport mechanisms, or
>         processing details.
> 
>     Please reply to this message and indicate whether or not you support
>     adoption of this Internet-Draft by the rats WG. Comments to explain
>     your preference are greatly appreciated. Please reply to all
>     recipients of this message and include this message in your response.
> 
>     Authors, and WG participants in general, are reminded of the
>     Intellectual Property Rights (IPR) disclosure obligations described
>     in BCP 79 [2].
>     Appropriate IPR disclosures required for full conformance with the
>     provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are
>     aware of any.
>     Sanctions available for application to violators of IETF IPR Policy
>     can be found at [3].
> 
>     Thank you.
>     [1] https://datatracker.ietf.org/doc/bcp78/
>     <https://datatracker.ietf.org/doc/bcp78/>
>     [2] https://datatracker.ietf.org/doc/bcp79/
>     <https://datatracker.ietf.org/doc/bcp79/>
>     [3] https://datatracker.ietf.org/doc/rfc6701/
>     <https://datatracker.ietf.org/doc/rfc6701/>
> 
>     The IETF datatracker status page for this Internet-Draft is:
>     https://datatracker.ietf.org/doc/draft-deshpande-rats-multi-verifier/ <https://datatracker.ietf.org/doc/draft-deshpande-rats-multi-verifier/>
> 
>     There is also an HTML version available at:
>     https://www.ietf.org/archive/id/draft-deshpande-rats-multi-verifier-04.html <https://www.ietf.org/archive/id/draft-deshpande-rats-multi-verifier-04.html>
> 
>     A diff from the previous version is available at:
>     https://author-tools.ietf.org/iddiff?url2=draft-deshpande-rats-multi-verifier-04 <https://author-tools.ietf.org/iddiff?url2=draft-deshpande-rats-multi-verifier-04>
> 
>     IMPORTANT NOTICE: The contents of this email and any attachments are
>     confidential and may also be privileged. If you are not the intended
>     recipient, please notify the sender immediately and do not disclose
>     the contents to any other person, use it for any purpose, or store
>     or copy the information in any medium. Thank you.
>     _______________________________________________
>     RATS mailing list -- rats@ietf.org <mailto:rats@ietf.org>
>     To unsubscribe send an email to rats-leave@ietf.org
>     <mailto:rats-leave@ietf.org>
>