[Rats] Document Action: 'Remote Attestation Procedures Architecture' to Informational RFC (draft-ietf-rats-architecture-22.txt)

The IESG <iesg-secretary@ietf.org> Wed, 28 September 2022 22:05 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Cc: Kathleen.Moriarty.ietf@gmail.com, The IESG <iesg@ietf.org>, draft-ietf-rats-architecture@ietf.org, rats-chairs@ietf.org, rats@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <166440270854.39868.10004049809051432919@ietfa.amsl.com>
Date: Wed, 28 Sep 2022 15:05:08 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/REmRx5O8GmKLzqLVDb3XghKf0tY>
Subject: [Rats] Document Action: 'Remote Attestation Procedures Architecture' to Informational RFC (draft-ietf-rats-architecture-22.txt)

The IESG has approved the following document:
- 'Remote Attestation Procedures Architecture'
(draft-ietf-rats-architecture-22.txt) as Informational RFC

This document is the product of the Remote ATtestation ProcedureS Working
Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-rats-architecture/

Technical Summary

In network protocol exchanges it is often useful for one end of a
communication to know whether the other end is in an intended
operating state. This document provides an architectural overview of
the entities involved that make such tests possible through the
process of generating, conveying, and evaluating evidentiary claims.
An attempt is made to provide for a model that is neutral toward
processor architectures, the content of claims, and protocols.

Working Group Summary

This document represents a unification of the working group on architectural
considerations. While earlier versions did come with some disagreement, this
version has had good cross working group participation and the editor team
did a nice job of incorporating feedback as appropriate. The working group also
reviewed IPR submitted and ultimately determined to go ahead with this
informational document (https://mailarchive.ietf.org/arch/msg/rats/3nCTOkNYW8ydEo0zHZlQoY8F92A/).

The document is informational as it lays out the notional architecture for implementation. It is not document as a sufficient level of detail to be a proposed standard.

During AD review, the WG discussed the need for the text that is now Appendix A and refined the language in the terminology (Section 4) and the example topologies (Section 5).

Document Quality

There are existing implementations of the RATS architecture and supporting
documents. Industry points to RATS when discussing remote attestations to
follow the standards being developed. The approach encompasses other existing
formats and protocols that are well excepted for conveying, signing, and
validating evidence. This document is an important one to explain the overall
architecture and considerations for remote attestation, a very important
capability for information security assurance. With industry's push for
increased use of encryption, the endpoint must be more secure and there must be
a way to detect variances from what is expected on a system. Attestation
provides a simplified way to do this over previous posture assessment
technologies. This particular document is an important step toward the goal of
understanding this simple, but complex set of standards.

Personnel

Document Shepherd: Kathleen Moriarty

Responsible Area Director: Roman Danyliw

[Rats] Document Action: 'Remote Attestation Proce… The IESG