Re: [Rats] CoRIM Comments
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 04 January 2024 14:03 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16F99C18DB80 for <rats@ietfa.amsl.com>; Thu, 4 Jan 2024 06:03:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sit.fraunhofer.de header.b="IJ4MhNYo"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="nwd4OBAY"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vujl_HBDVT1D for <rats@ietfa.amsl.com>; Thu, 4 Jan 2024 06:03:36 -0800 (PST)
Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [IPv6:2a03:db80:3004:d210::25:24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 903E8C1654F3 for <rats@ietf.org>; Thu, 4 Jan 2024 06:03:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sit.fraunhofer.de; i=@sit.fraunhofer.de; q=dns/txt; s=emailbd1; t=1704377015; x=1735913015; h=message-id:date:subject:to:references:from:in-reply-to: content-transfer-encoding:mime-version; bh=/NlIzXceUgN535dDuoHGPtIBXF2QgQV3kKhRF08cYso=; b=IJ4MhNYoxyInTPMtCdO4g2k1/ZhZXURMqA6M9Jn/0lewghssLXci8MFG H25uWcSn5RQdeuBNyoQrbME3eUe3qhg0QgFmKcDl8WDLgAi5/JUWkT7ET 9pTq+SmbZcHROldHoFc4Up2fCxpOebCQO80RDRDj1TbW5s29Zik6pzg2o wnPpmH/V0z7gWiM+Abm4SiAjBlR1rcCBufVRzpLZ5OFRUyIFE6IT3xiHT aEf/+HJ8Xf2AiCom3uE6rRWhZzhO50HtVdtjt/tMn1WlGP1JrAncczvt9 IcP3gNvQVcK9vwB0MAp1Vxnf1XZSxXi/dc49uLkgXdoIbkxGP4LhQGtNn Q==;
X-CSE-ConnectionGUID: jiKIaRHQQqOpWYkHchYymg==
X-CSE-MsgGUID: OFCSybYYRRmAeFXITD1pIQ==
Authentication-Results: mail-edgeF24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-IPAS-Result: A2E7AQAvupZl/xoBYJlaHAEBAQEBAQcBARIBAQQEAQFAgT0FAQELAYIQKHyBXwOEUJE2LQOSTheGbYMDgSyBJQMuIgYPAQEBAQEBAQEBCAEuDwcEAQEDBIILgnQChzcnNgcOAQIBAwEBAQEDAgMBAQEBAQEBAQYBAQYBAQEBAQEGBwKBGYUvPQ2DeYEeAQEBAQEBAQEBAQEBHQIPJgwoAQEdAQEBAQEBAQEBIQ8BBQgBASwMBAsJAhIGAgImAgImCxcOBgEMBgIBARWCZwE1gXYDDiMUBpJpmzl6gTKBAYIKAQEGUnAYDywDTq09GGCBYAMGCQGBEC4Bg2aEGhoBaIgbgR0CFx+BVUSBFScOgnU+gX5jAQEBhTqCaIEgf1WCEDcmgi4DgT6GCwKFLVR/HwOBBQRqGw8eNxEQEw0DCG4dAjE8AwUDBDIKHAshBVUDQAZJCwMCGgUDAwSBMAUNGgIQGgYMJgMDEkkCEBQDOwMDBgMKMQMwVUIMUANlHzIJPA8MGgIbHg0nIwIsQgMRBRACFgMkFgQ2EQkLKAMsBjgCEgwGBgldJgcPCQQlAwgEAyspAyN0EQMECgMUBwsHUAMZKx1AAgELbT01CQsbQwKUPAIBgUQBECwBNGQEIgYTCBAiJAgNKhslCxwZFCQiGAOSOVIFjwGhO2MiNAeCNIFggVsGDIg4gWCHFo19BhMvhAGMdYY+N0CQf2SYTSCNSpU0BASFFwIEAgQFAg4IgWoEggtNJE+CZ1IZD44gDBaBCgEIBII/hRSKZnUUJwIHAQoBAQMJimAIAQE
IronPort-PHdr: A9a23:Jlo89BcmQklU4LZR1vmnQ5gDlGM+/N/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvQr3qsBGrhrVi+RjGZsTOX+hueWie0 45zFgLDpAwlMgIZ9U/bo5xeq5tCr0fywn43ydvSf43JE9BXT7zPZ/IiS0Vte88AV3VOK7ntN tdQLsosbNlygM6m+Fs+8CWuQlOBPvju8GNahV3shpEK6rojCT7igRIOBokui33bq42uCaQ0D snu4fDYwwSadslw0hHEwobIczw5oKzQbOpIS/jg21MyNl76oVuajo7gAi2kjPQBn1mF7do+Z dn3oEs8hhx6piC+2v0ittKZjLso0hP72CR1nLsFGPzlSG1xPfvxQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvGLfIWmuE6lWvyYPDF4g3xoYvSzikX6/Uuhz7jkX9KvmBZRr yVDm8XRrH1FyRHJ68aGR/c8tkes0DqCzUbSv8lKO0kpk6rcJZM7hLk2k5sYq0PYGSHq3k7xi cer
X-Talos-CUID: 9a23:MfO2V2rBwIM7P94MbuPyJFPmUcIkUVzU9lfpGlafEVlYS52eSW6B/awxxg==
X-Talos-MUID: 9a23:c6M4gQmfN+SaXeLik0FPdnpFGuxT8q6fOXo3lLwLlfmlCQApIxak2WE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.04,330,1695679200"; d="scan'208";a="67258940"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jan 2024 15:03:23 +0100
X-CSE-ConnectionGUID: 9V2BTQAvTtaY+oQpZkVMlg==
X-CSE-MsgGUID: CssQwys9Q0ui3PEKQFW10Q==
IronPort-SDR: 6596baa9_8Ca4PPCt/P8Azx/rM27I0KqB6PhFf91uTi9E0fFbkUaWPPd 4i6PyTHJjevTWUdGcgyasOCSCbRkjy0RJzi83kA==
X-IPAS-Result: A0DfAQC6uZZl/3+zYZlaGwEBAQEBAQEBBQEBARIBAQEDAwEBAUAJHIEYBAEBAQsBgWYqKAc+N1iBBwOET4NNAQGFLYZFAYF0LQM4AZIVF4ZtgwOBLIElA1YPAQMBAQEBAQgBLg8HBAEBghKCdAKHNAInNgcOAQIBAQIBAQEBAwIDAQEBAQEBAQEGAQEFAQEBAgEBBgWBChOFbA2GRQEBAQEBAQEBARARDwEFCAEBFBgMBAsJAhIGAgImAgImCwcQDgYBDAYCAQEVCYJeATWBdgMOIwIBARAGkmqPTgGBQAKKKHqBMoEBggoBAQYEBEpwGA8sA06tPRhggWADBgkBgRAuAYNmhBoaAWiIG4EdAhcfgVVEgRUnDoJ1PoF+YwEBAYU6gmiBIH9VghA3JoIuA4E+hgsChS1Ufx8DgQUEahsPHjcREBMNAwhuHQIxPAMFAwQyChwLIQVVA0AGSQsDAhoFAwMEgTAFDRoCEBoGDCYDAxJJAhAUAzsDAwYDCjEDMFVCDFADZR8WHAk8DwwaAhseDScjAixCAxEFEAIWAyQWBDYRCQsoAywGOAISDAYGCV0mBw8JBCUDCAQDKykDI3QRAwQKAxQHCwdQAxkrHUACAQttPTUJCxtDApQ8AgGBRAEQLAE0ZAQiBhMIECIkCA0qGyULHBkUJCIYA5I5UgWPAaE7YyI0B4I0gWCBWwYMiDiBYIcWjX0GEy+EAYx1hj43QJB/ZJhNII1KlTQEBIUXAgQCBAUCDgEBBoFqBDGBWU0kT4JnTwMZD44gDBaBCgEIBII/hRSKZkIzFCcCBwEKAQEDCYpfCAEB
IronPort-PHdr: A9a23:wgIttxNMsGHHwVElxN8l6nZKDBdPi9zP1nM99M9+2PpHJ7649tH5P EWFuKs+xFScR4jf4uJJh63MvqTpSWEMsvPj+HxXfoZFShkFjssbhUonBsuEAlf8N/nkc2oxG 8ERHEQw5Hy/PENJH9ykIlPIq2C07TkcFw+6MgxwJ+/vHZXVgdjy3Oe3qPixKwUdqiC6ZOFeJ Qm7/z7MvMsbipcwD6sq0RLGrz5pV7Z9wmV0KFSP2irt/sri2b9G3mFutug69slGA5W/Wp99Y KxTDD0gPG1w38DtuRTZZCek5nYXUTZz8FJCA13Zxgr4ZMbB7TTbh7Ym0RGIZZfWEYwIcCz88 oxHYz3ttAcCGTIQoE/ws9V/2fE+wlqr8hpgz9LzSqikK+hkX5vTUv8/TDtBB8l4bX0YXtydT 6ZeMMAuer0Hr7mgmUtJ9zaEHgiWWPHs6CUTuk/Pg68i7MB8Dy/fhywbFt0J6C/pr/OqHfw/C PC7/fDR9xPIScp81zf8xJDJL0wQ+cm2b4Nia9fwlHYAGQnijFCtt72/Lz+55/oPgzar1LJLc PmClmUjsxBtmDaTnZcms7TRxb04y1yYyBVE4ds1BtfkbRsoKc7hEYFXsTmdLZczWM45XmV07 T4z0aZV0XbaVC0DyZBiwgLWSNXdLc6G+Bv+UuaWLzpiwn5oK/qzhBe3pFCp0fa0FtK131BDs jdfn5HSu2oM2R3e5onPSvZ08kq7nzfa/w7J4/xCIUc6mLCdLJgkw7UqkYEUv1iFFSjz8Hg=
IronPort-Data: A9a23:xOzaVqLhyZ0ILNh8FE+RrpAlxSXFcZb7ZxGr2PjKsXjdYENS0GEEn WoaWWqDM/qON2PwLY1xPITgp04PuZCBmNMwGwsd+CA2RRqmiyZq6fd1jqvUF3nPRiEWZBs/t 63yUvGZcYZsCCea/0/xWlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2+aEuvDnRVvR0 T/Oi5eHYgP9gmYoajt8B5+r8XuDgtyi4Fv0gXRjPZinjHeG/1EJAZQWI72GLneQauG4ycbjG o4vZJnglo/o109F5uGNy94XQWVWKlLmBjViv1INM0SUbriukQRpukozHKJ0hU66EFxllfgpo DlGncTYpQvEosQglcxFOyS0HR2SMoUXxuXtHUGWr/CPxnyFdEL08fZQKUU5aNhwFuZfWQmi9 NQDLSwVKB2TjOLwzqiyV+9sgcouNo/nMevzuFk5kGqfXKlgGM+SBfyQure03x9o7ixKNfbTY clfYzt1bxTHZw9nIVYLTpwklfquhn7xficepF/9Sa8fvDWMkl0vgeWF3Nz9UceRfNpEhReh/ n/HpFzUISg0C4XH8G/Qmp6rrqqV9c/hY6oSHbu+++UsnEaYxmsdBRsXWg7n+fa8mgi4Vs53J 0kd4CForKUu+gqsVNaVdwexvGWsvxMAVZxXCeJS1e2W4vOJuEPIWS1dEW8EMYZ58tEzAzds2 EWAgtXpAjJiqvuZRBpx64upkN97AgBMRUcqazUNUA0F5Nfuusc0iBfORcxkC6m7kpv+HjSY/ txAhHNWa2w71JZTjfeI7hrcjiiyp5PEaAcw60+FFiim9w51LsrtLYCh9VGRv74KIZe7X2uxm iEOu/Gfy+QSUrCLtiiGG9sWEJ+Tuv2qDTz7gHxUJacHyQiDwXCZQN1v0GlMH3sxascgUh31U XDXojJUtcNyPmP1TKpZYLCRKsUNzIryHOTcS8LSTNpCXcV2flW1+CpvOE2i5EH2sU0WiapkE 4yqQcWtKnc7CKpc0zu9QdkG44Ir3iwTwWDyR4jx6gaOiJ6yRSeyZ+8eEV2sausZ0vu1kD/N+ YwCC/rQmgRtbuLuRwL2r6gRFAkuBlomD8nUr8d3SLayEjB+Ejt8N86LkKITQK07raF7jeySw 2qcXHVfw1/BhXHqDwWGR3RgSbH3V6ZEsnMJEn0wDGmsxkQcT96j3IUHe7szWIsXxuhp4Pp3b vsCIuGrIPBETBbZ8DU8M7j5iqFfdyqQuAHfBBr9PQADfKNhSTfZpf7iXA/krxcVAgSN6MARn ryH1yHge6QleThMNsjtRcyK80KQplkYweJ7YFvJKIJceWLq64lbFBbyhf4WfeAKDwnP5hKH5 TaWAx4z+OzGpqFs+tzJm5KBkZaNFtF6P0tFHlv06aS9Gjna81GCn65BcresVhLMWFzk/J6NY b1u8Mj9F/kcjXB2s4ZYOJR6/5IUvtfAiedT8VV5IS/tcV+uNIJFHlCH+st+7ot22b5TvFqNa HKlo9V1F+2AB5L4LQQ3OgEgU+Wk0MMUkBn06dAeAh3zxA1zzYq9fXRiBTu+ow0DE+ItK6Ig+ /krh+AO4Q/mihYKDMePvhoJy0uydE4/Q4cVnbBEJrT0izgb6EBIOr3dLS7U3KuhSftxNmsSH zvFo5aa2pp9wBLZfmsRBEr9+7NXpa4ztSBgyH4AIFW0meT5uMIn4S0J8RkKSlV68xYW9cNyJ WlhCGNtL4qs4TpDpZZOTkKsKS57FTyb/U36kV9RsGjrXniYaHHEAzw4C9as4XI2zmN4VRpY9 YG+12zKf2vLfsbw/y1qQm9jiaXpYuJQ/z34uvKMPpq6DbwlRwH6k4mSZWYsgDn2M/Mb3UHoi 7Fjw7dtVPfdKyUVnZweN6Cb8rYhEDa/O21IRKBazpMjRG3zVmm75mmTFhqXZMhIGv3t9H24A exIIuZkdUy39ASKnwAhKZ88GZ1Gt99324NaYZLuH3AMjJWHpDkwsJ7wyDn3tFV2f/pQy/QCO qHjXBPcNFePhElkuX7H9+hFHWuaXeMqRiPB2MKNzeFYMK5b7c9Ndxg+3ILh6j/ReEFi8gmPt QzOW77OwqYwgc5wlo/rCeNYCx/yNdr3U/+S/Ruut8hVK+nCKtrKqxhfv2yP09665lfNc48fe WyxjePK
IronPort-HdrOrdr: A9a23:U4LrpamzimhLCcLw7se9Ituh3PTpDfLS3DAbv31ZSRFFG/Fw9v rPoBx4vSWftN91YhwdcL+7Sc29qB/nmaKdg7N+AV7KZmCP01dAR7sC0WKN+VLdMhy73vVc3q 8lXrRkANb0AXR/hcb+pDSiG9wjzMKm/cmT9ILj5kYoZRprYKklyRx4BAadGlB3QwcDLYMhEZ qX7tdGoT3IQwV0Uu2LQlEfX+PK4/vRlJznZhYaBxkorDKDhTatgYSKcCSl4g==
X-Talos-CUID: 9a23:3JBgMm9iHNOsQFcurJyVvx8qQOoZS1TD8GvZEgy/MH5bS4OwTVDFrQ==
X-Talos-MUID: 9a23:+xHuXQwXXmAThp3KH1Zl85D537OaqI+1E3kSgI5XgpGZNHdIFhSkogvuGrZyfw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.04,330,1695679200"; d="scan'208";a="75769695"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jan 2024 15:03:20 +0100
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Thu, 4 Jan 2024 15:03:20 +0100
Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28 via Frontend Transport; Thu, 4 Jan 2024 15:03:20 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JfxENNxqPC4QcZ6aEqC9Fzo2vQWnuUrVE+RpfT+ul9FeGwhnsSAM7s3sU+oB43FPLthDcKOWgl9lEaj6ZOuusA3FcxTlZbqfowee51h0pFWAqWqbk4OJjMgtNIit1ecUkI6GsnN+hRBLSv/XOwUbqfA/rdx2WSOpm6jTTFhWrqDY8d2ttQeScozinKwRSAPPuk/1U/IUE2HZ4r24cdcvvm2tEWncCAIRIQUjiMh7qkmC9XKOgFE9aJMsNDTffGxSMYsbv3ZQA+9ybu07zTmH5e2oTXCFk7srjGWImwKzgxCovE5Tzuc+U1IrRyT5M63QqtD/ztLVb3SBE+YonNcDTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tBsjR9X7wIY43aPz02H4TTAp6uCDCJmTHmFdA8FOQqg=; b=akSInTJJ3vWmgPutYaCXNhaVi+1y9O2qP2Fxy6zpm9DymP/r+vwndDxz/EfKpAS7pJtFzkh1AQxxhskTBSqeLSWuIzgj/MFu2j7iU/luxRblDywzOBc0DKcyxDMmVP56KiZpBHYhGrut6ORYCSJqWQ5/jcaHsa2A9WrKVwumO6R9If63aFfJrvA8D9iesqrJRI71AKb95kaP8GRU127+s6CQwUYp8LndQppg/sDXTXknh1aFCr9ekBpqoBUtZAO56BlLMu00nIWkEW0GQhd7t3P+NCPQqi2Pb2cwsxDB3DAmx0hTwjRVmAFbfTJz5QU301H8UBIqeUjXugWBcRsf4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tBsjR9X7wIY43aPz02H4TTAp6uCDCJmTHmFdA8FOQqg=; b=nwd4OBAYwzrIPfGDMa9h1gAR9147IHE9WBG/37hX5Vx/2ERsiR4zkJr3TXQ6jpWL5vFq3HSago03UkN7A3E1xfY1qRNcNQBfhiDpi54Y0PRZYzruI5WGfbOjmUvY2xdDYvjX6XS0CMsEuclpytRfT38bQUp+WEid4UXUI5hKb4M=
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8) by BEZP281MB2965.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:2e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.13; Thu, 4 Jan 2024 14:03:13 +0000
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::a3df:349f:8d92:1d7f]) by FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::a3df:349f:8d92:1d7f%4]) with mapi id 15.20.7159.015; Thu, 4 Jan 2024 14:03:12 +0000
Message-ID: <1a9b7d19-09c8-05f7-067e-7215524b3632@sit.fraunhofer.de>
Date: Thu, 04 Jan 2024 15:03:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Hannes Tschofenig <hannes.tschofenig=40gmx.net@dmarc.ietf.org>, rats@ietf.org
References: <6d9e5cb2-315a-49c7-be0d-310b82751319@gmx.net>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <6d9e5cb2-315a-49c7-be0d-310b82751319@gmx.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: FR2P281CA0162.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:99::12) To FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: FR0P281MB2879:EE_|BEZP281MB2965:EE_
X-MS-Office365-Filtering-Correlation-Id: c027b4c7-3fe1-4f9c-2540-08dc0d2de366
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 7JetSrsOUVqeGR/84Ss2BfHFhwD/rx8dyN83Hqw5Q9O0eCQVqSn5I89jyk6NCDWK+RfHRab0bNBxG2sOVsninqkCXSaUSIbbX/XB0Id37yRF3cwjVIx+tLIJt3fifeh3nyrkIEdLge/TtcYgZRZBQ3CrS7cYS4aNyKwDv/60gCjngYWESaeVf+0/XTuw8S2fNuQSwAZLB30GiQiNmrGPQGPvuFf2FWkwkAM0NRToFXg+hymVNPAbD2Z8PpFOP21KQLHzsbAdrd8QhepSB9jxnAawl2BVLZ7KAtMYjnrqEFmRkJf1snWLkPYRMs4i7MhIRi5SCySxWk9r9CPsDUgySg44QaHReNvG0fC7vcDHa5ZV5RNR1eaVXErm+E+lDyF0kvRmtZRdQs4iuj4UOv17bq7oKDJuiSdDqmoUtdqouOP8xLwKiHRdKEjaQGwleWgwSO5un+jeUoJbzDZI+LHXSY4XFwco0BdOPhw7wKgQRdIiZBFHd9IwFBdNR658l57k5u8iUEDUhRzcUfpjv64nsTzlkJBYG0JsYtvKcb7izPLLbyNxlia2NrGLQxCsbELtoLn+4UOCbRZennaBxtPHzhQttDII1CYDhfkqVAVTR8/YFEWrg6KyWbGjHeb9JXAeTu93TRcSKU2H853mM1qAOHblJJtXZB6KnO8xTqoqdJFVGXqXOza/SF4hFFwqfoR6GrHl6MqIbEbvCOV24lo8lA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376002)(396003)(346002)(136003)(39860400002)(366004)(230922051799003)(451199024)(1800799012)(186009)(64100799003)(966005)(26005)(2616005)(83380400001)(38100700002)(82960400001)(41300700001)(8936002)(8676002)(316002)(30864003)(5660300002)(2906002)(44832011)(6666004)(478600001)(6512007)(6506007)(53546011)(66476007)(66556008)(66946007)(6486002)(31696002)(86362001)(31686004)(66899024)(45980500001)(43740500002)(15398625002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: n5VzA67B+UoNkCvpdCmm9nWYSz5i7M9XJDH3lQlsgP4PJDdv8ZINKXkGk9iFQKMNnJDwdoR97cCMhzcvTPc40a6O1GSi/krodYQ2J5KIPT+byh1lhAqcVShPMVOtLjlBLstT5x/P/iMFDdtFTpjwpCzEUFOwcvsoMNRXbfgF753rSIQepHu+taRnTqmW3gAuIRIsZOeN6+pmVYbZ1vPGRqHBw4uXPazJKOkIPtfm/OAmR8gpJpdJ4Pe2RMchQPhSiGuhGcpV+hDXLVGGl3x35t7pyZMA25Q0FmE+NX3a6Mx2wliTFWTar2vFDfAvBwdG9dgrpHpjhldtzjK5ywnlaAAf9257MH/BNuOYVP/HwMAPtmVvMSlAfeyM4z+Pls9WuCOF4mJSDVEf4HgTnk7v3uj1l7VVapSPjPp683YRwtb83tAtjcmKZoMEFGEXZ5GAst6XQ9016zZl3VZPGNn4J39R+9eSJLKxeOP+ANLWnd8ut1gsBGR47LE8Zt5vQbVxX40ryKG8aLX9cbnTX2eOKbrK8wYjtV1i+aaTpFIdD06rrz1PJK7EWYnMBDoNZnUbgtCFqM3FJXngkPo1x35+U3UsqF+wiAOfW+gHw0th3gsoFcUfJoUtlkfYQoYHSVoBXr63uJkbJbqutaKapkXmkisOYpjje+GTNpLO9+h+zJh8FnILoM8d4ui3KI4VxLa08VNI3zTPx2tmrms+1tZsefa4g7SyMXVvrDn4qMIaii8JFW2p09I6gO2lZCSfvPEG5FghOLgkyiRbD6QXwzBdbG/m2jm24atahoQfBoKKRkyVNNEBcPLiMZZMj/GZIaDcPntCiVvRuLxiyOCFMrCjcpHVXeInvFVmDZNohPYTU75oumqZDs8CA+3txKO/BnNXT/fKsXSoFXgCBtNJ0SyVStzTq1zIfrDlLhIFukpOuyJ6F1OHNGl6hH+5cYrg/yAtswMmf5cqqScyezZb4IV4rBqEIznGz6tkgxPYXNsjCIXCP9tPyo33S0W/wu9mjYWJzs0xnR1Nr2U8GcImTZp+5iXUVWli7Z4rJmDlW//PG0AL9+q0pmenjLtmwiI1XPdD9h0zbYkzgN+8Hlo4HNsDXxEdVECDMO5JD2VMXOFKzwd+T9r0Mf9XE8aL+FWntbqA36XakQDEai7aMhvPQB7EfwY75q8d+b/If+5Dix/Nkqanhjvd/Fa3gxNlmmter0cUkzrk/nNLprnDQSISBtaqhah913+LdgTKqpLcXr8PfcItTCuGo64qqpBvICYy5o0LnYGHGk3QbaaZ7KBupliCOuZSyLY31YhEZ84qjJhEiJOb/e2scJzHbrMQVw6iV+qZztVWWpp2uwzJ4tCr4Mlnr3gAGEDTvIFExZlEjbTo+HUWXUi/0d5kPOW56DwrLpZvSyVshGEE8xxw9yUWcuNxuWWooe5BT/6scGhNgnybM+eRcuZIAFoK9E8cGrBG/yzGEduPvwzKPF0VBxKX/3y4YC9ZsEfLWBzI8b8BT7HG+nRfgWkIP31/6yyBstRn0TFXnnrTy8kNVYgMQ6j6goszrFrWmqVewIGLu8FXO9xvqhYpovAtP4VBXtpjNLjTj3G0LXeM/y9QUtlq3resSDA4EyEH0HonvrFfVdoDCejO/Js=
X-MS-Exchange-CrossTenant-Network-Message-Id: c027b4c7-3fe1-4f9c-2540-08dc0d2de366
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jan 2024 14:03:12.0504 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: fmNQE1kx0kP0OjzBLZM2UDDZOxl+2d07j85FQMf3otKr4lcOrSBIj95CTr9xrJ80ZnS82BOVmGt2Lpu6Crhb7m8J7Yr31RPmILkb7eX0QkM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEZP281MB2965
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/MkIx--ezPuQ1UZbpjU1kcZo-nyk>
Subject: Re: [Rats] CoRIM Comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2024 14:03:42 -0000
Hi Hannes, Yogesh just replied withe the most important essentials. A few additional early replies in-line. Viele Grüße, Henk On 04.01.24 14:41, Yogesh Deshpande wrote: > Hello Hannes, > > Thank you for reviewing the document. The CoRIM team would work on clarifying more in the introductory section the overall goal. > > In the meantime, please feel free to raise specific github issues in the `corim` repository for specific sections! > > In terms of general concepts about CoRIM, please also have a look at the equivalent TCG document: > > https://trustedcomputinggroup.org/wp-content/uploads/TCG-Endorsement-Architecture-for-Devices-V1-R38_pub.pdf > > May be that we can borrow some things from the above document, to enhance general readability. > > Regards, > > Yogesh On 04.01.24 13:13, Hannes Tschofenig wrote: > Hi all, > > > I have read the Concise Reference Integrity Manifest (CoRIM) > specification and in light of the weekly meetings various people have to > progress that document I thought I should share my impressions. > > > It is unfortunate that the RATS architecture does not even mention the > term "Reference Integrity Manifest" but that's a pattern we already got > used to. I am less worried about new terms instead of using terms from the architecture incorrectly. The CoRIM I-D inherits quite a few terms from RFC 9334, but the quality of the text is still mediocre in some places, admittedly. But there are various contributors and text consistency is going up and down while the document progresse I'd be more worried about not using the wording of RFC 9334 correctly, such as the stand-alone use of 'attestation', which is a pattern that is definitely discouraged by RFC 9334, but still it happens all the time. I hope we do not get used to that. > It is not clear why this is a good term to describe this > functionality but absent a clear definition in the document it is > difficult to argue. RIM is a decades old acronym introduced by TCG (the SDO that basically came up with the core concept). > > > Overall, the document is hard to read. As a reader one is lost in > details and there is no big picture. The introduction is 2 paragraphs > long to be followed by lots of CDDL definitions in the terminology > section. I strongly agree. Contributors and editors currently work bottom-up to address and align industry use cases. The draft definitely lacks more expositional test as it dives into the details real quick (not to forget the currently way to detailed toc hierarchy). > The document also defines new abbreviations, which do not make > it easier to read. I don't believe there is much value in introducing > terms like CoBOM and CoMID. I personally strongly disagree with that notion. I cannot really speak for all contributors, but I am rather sure they would disagree, too. It is important to name concepts in order to differentiate them from other semantics (and to find out where they can re-applied and where new ones are necessary). The 'names of the named concepts' can change, if the meaning changes too much. But it is most vital to name different things differently in order not to talk past each other when aligning contributions. > > > What is actually the goal of the document? The goal is to explain Attesters to Verifiers in support of the appraisal procedures conducted by Verifiers. The messages defined can convey the RFC9334-defined Reference Values and (conditional) Endorsements. The 'default profile' that CoRIM comes with addresses the appraisal of Evidence produce by DICE, but TPM-generated Evidence is on the roadmap. At the end of the last year, editors/contributors agreed that a definition of Verifier behavior must also be part of the draft to enable better implementation interoperability. > The abstract points out that > the task for the Verifier is rather complex and it needs a lot of > information. It talks about two pieces of information, namely > endorsements and reference values. We know from discussions on the list > that it also needs trust anchors and policies. Policies, as far as I > understand, are not covered. The trust anchor provisioning is, as > discussed on the list, in a separate draft. As far as I can tell, it is > not possible to create an interoperable implementation with the CoRIM > and the CoTS specifications alone. The CoRIM I-D text is based on real-world implementations and not the other way around, see for example Veraison. If, for example, two implementation decisions collide, then that is resolved via specification text, collaboratively. The resulting resolutions though do not trickle back as fast into the corresponding implementations as they are agreed on in the I-D text, which leaves basically two types of inconsistencies while the work is in progress: * existing implementation decisions are not in sync with I-D text * existing resolutions are not reflected in implementation yet During I-D progression the amount of inconsistency is an up and down with a trend to go down, luckily. > > > I am wondering whether the CoRIM draft even takes the right approach. Is > there an interoperability problem that needs to be solved? If there is > one, what exactly is it? I am not even sure whether the underlying model > is in practice so simplistic. Reading in between the lines the model > seems to be that Evidence is the input and then there are expected > values compared against in an equality-matching-style. It would be good > to spell out what the limitations of the model are. There are definitely limitations to the intended 'default profile' scope and the I-D will include appropriate expositional text. At the moment, the majority of the work is on a technical level to allow for proper interoperability. After addressing the topic of Verifier Behavior this year, the goal is to come back to more abstract text, such as Introduction and Overview > > > The draft does not contain examples (yikes). As the actual layout of the CoRIM data structures are currently under churn, it requires significant (automated) effort to keep them in sync with the CDDL definitions. There are quite a few examples though. Both in the github repo as well as it's corresponding wiki, which is used to align proposals quite frequently. > Since I wanted to see > examples I looked at Veraison, which offers an implementation of the > draft. As you can imagine, a developer has to write these complex > structures somehow and pass them into the tools. JSON was obviously used > for this purpose. Unfortunately, the names of the elements in those > JSON-based structures are not in sync with the CBOR-equivalent from the > draft. Since the document focuses on CBOR there is no such equivalence > to expect but it makes the life of a developer so much harder and why > CBOR has been used here for a unconstrained Web interface is a mystery > to me. Here is an example. Imagine you want to specify a reference value > for a bootloader - a concept that should be super simple. The draft > defines the following structures (simplified version for readability): > > > reference-triple-record = [ > environment-map > measurement-map > ] > > environment-map = non-empty<{ > ? &(class: 0) => class-map > ? &(instance: 1) => $instance-id-type-choice > ? &(group: 2) => $group-id-type-choice > }> > > class-map = non-empty<{ > ? &(class-id: 0) => $class-id-type-choice > ? &(vendor: 1) => tstr > ? &(model: 2) => tstr > ? &(layer: 3) => uint > ? &(index: 4) => uint > }> > > measurement-map = { > ? &(mkey: 0) => $measured-element-type-choice > &(mval: 1) => measurement-values-map > ? &(authorized-by: 2) => [ + $crypto-key-type-choice ] > } > > measurement-values-map = non-empty<{ > ? &(version: 0) => version-map > ? &(svn: 1) => svn-type-choice > ? &(digests: 2) => [ + digest ] > ? &(flags: 3) => flags-map > ? ( > &(raw-value: 4) => $raw-value-type-choice, > ? &(raw-value-mask: 5) => raw-value-mask-type > ) > ? &(mac-addr: 6) => mac-addr-type-choice > ? &(ip-addr: 7) => ip-addr-type-choice > ? &(serial-number: 8) => text > ? &(ueid: 9) => ueid-type > ? &(uuid: 10) => uuid-type > ? &(name: 11) => text > ? &(cryptokeys: 12) => [ + $crypto-key-type-choice ] > * $$measurement-values-map-extension > }> > > > Here is what I have to specify in Veraison with CoCli > > (CoCli = Corim command line interface): > > > "reference-values": [ > > { > > "environment": { > > "class": { > > "id": { > > "type": "psa.impl-id", > > "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" > > }, > > "vendor": "ACME", > > "model": "RoadRunner" > > } > > }, > > "measurements": [ > > { > > "key": { > > "type": "psa.refval-id", > > "value": { > > "label": "BL", > > "version": "2.1.0", > > "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" > > } > > }, > > "value": { > > "digests": [ > > "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" > > ] > > } > > }, > > ... > > > As you can see, the two do not align. > > There is a lot more to say about this draft but I have to start somewhere. > > > Ciao > Hannes > > > PS: Just a few random notes from reading the draft: > > - CoMIDs are, for example, claims about hardware and firmware while > CoSWIDs are claims about software. Firmware isn't software? Later in the > text CoMIDs are then re-defined to be claims about hardware, firmware > and module composition. I am not sure what "module composition" means in > this context. Section 3.1.4.1.5 then defines measurements and says it > could be about "software,firmware, configuration files, read-only > memory, fuses, IO ring configuration, partial reconfiguration regions, > etc." Is this confusing? > > - In the intro of Section 3 we are told that CoMID tags contain triples > and it lists 7 of them. The triples are the meat of the entire document > and their description is buried in Sections 3.1.4.2 - 3.1.4.10 (note > that there are 9 subsections defining triples). The triple is supposed > to describe a subject, an object and a predicate. If you, however, look > at the definitions of the triples then they are not triples. For > example, the reference value triple from above is a tuple with an > environment and a measurement. The predicate is the text in the draft > and says "predicate = expected". If you like this RDF-style, then why > not also encode the predicate to really make it a triple? This would > give the entire approach more flexibility. I fear that you will need > even more flexibility, which you can only accomplish with a language. > > - Section 3.1 defines the concise-mid-tag structure (not the comid-tag > structure) and lists the map elements. One of the elements is called > "language". A few lines below the definition it is then referred to as > the "lang" member. Just small inconsistencies - but they are everywhere. > > > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats
- [Rats] CoRIM Comments Hannes Tschofenig
- Re: [Rats] CoRIM Comments Yogesh Deshpande
- Re: [Rats] CoRIM Comments Henk Birkholz
- Re: [Rats] CoRIM Comments Hannes Tschofenig
- Re: [Rats] CoRIM Comments Thomas Fossati