[Rats] Re: CoRIM signing
Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Fri, 22 May 2026 14:32 UTC
Return-Path: <jodonogh@qti.qualcomm.com>
X-Original-To: rats@mail2.ietf.org
Delivered-To: rats@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E5572F340822 for <rats@mail2.ietf.org>; Fri, 22 May 2026 07:32:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779460369; bh=WPvH3yEN7HiJynRNVdfLb3hVFwd9Airtgiu4A4jmUNs=; h=From:To:Subject:Date:References:In-Reply-To; b=cElFW0K8xJAncdpXzGjgJFyPNIWU/VjCcMxMKels3SSaG2WmVTEXshvTNVYn+S3u/ s5TdgyOCnK5PVTBrSndFSAuwQ4Rg1xzA5cGRaiWPA0vzWM+7iqjunAjb3N1eod2g95 MuFwIg1zk3wqyX4DXnd1rnka8nNZqczDsALCGdv8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.695
X-Spam-Level:
X-Spam-Status: No, score=-2.695 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=qualcomm.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FNAlMZnLeeXl for <rats@mail2.ietf.org>; Fri, 22 May 2026 07:32:46 -0700 (PDT)
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D65E5F340657 for <rats@ietf.org>; Fri, 22 May 2026 07:32:00 -0700 (PDT)
Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64M8gdOK399382 for <rats@ietf.org>; Fri, 22 May 2026 14:31:53 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=qcppdkim1; bh=6TabxDdrqqNN0uhXWLvSzqHZ bvHzonfe/xAB6522TH8=; b=TE8jMW5uOZ910UdeDJjQAUVptizvqsXkWcsIzqN5 8uSbKerxtss41WOMgu3BAS1VwpCi0od0OR4YRGHmgIfY9F+Pz5k15rC5Yxst5Sj0 Zc33X3B5mGjVOBTu9q+ox4yeitmeT+uyYa1Hlo1i013Ukv8Sxtvwp3esvwGNhOoF 4RC4IBYqIFnBQ6Fe7gl4HKrP4HGYGJI4y0vGqkrtPcWRrVy9rTHGVOJbsOIrRRdv Nkpf1szigp4Yi2GuJNOYicioCpLofWWEzhNtHuLdUf70btU2Lde6qT5NWuVEVeyA DIDqs49r+BoTtZIsGQMyDSsqK59hCZHYhfpnYrozQw6uEQ==
Received: from bn1pr07cu003.outbound.protection.outlook.com (mail-bn1pr07cu00302.outbound.protection.outlook.com [40.93.12.2]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4ea5p9vqdn-2 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for <rats@ietf.org>; Fri, 22 May 2026 14:31:52 +0000 (GMT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=c+uIM/mlsOBtjaQMDwbqIEgIpDEja4PucaKrxSJi9RjjRC2D74hqAIl0HTADEV4YD4yu4lBpcPmKFIo8GrZvNoho3fcA2FZcV2/3PrRaydDKCUNFsKAtsX8N4qDiF5v6b9yGLyrkH9SXHg4Mcc20xyqvAmkF3QZ1HbOn+6vA8VwhMXclwLHekF8kSHrMqIIamg7paJA3LqMGe2NoZ653DpyMUC7WI2dbOVkyDJQAhk3MWiHxT8cUssm5x1KyCJ3rqIJzJ6Ef0EcxInIwG2d6yfFz4yKzX3CpmInu6F9G+KmTuspbBKHdaEiSc8p2dewThn85/njyPf+vIREFVO5V8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6TabxDdrqqNN0uhXWLvSzqHZbvHzonfe/xAB6522TH8=; b=ZymMSHcb6NBSafXTOzZV1peVFgIFLJf9o4BjNtlTOL9fqilF6wACrg7zK3U2CieOlfM5EVFfR5EOArx1rYcfcub8HUvoXucF8HTLMa9DcKUQ6tZmMIrHJB+XDJp64koLNPB+xTX3/fofMZGxaGa0lm8Ms74trnU8eD7fhHCrSPbHI6tpMCgY10vEUXFOCX5VaTPnVRw8obH4vcM7pwZB7q62NZ4NabDXW/DrRgRqcP20jITtzghQpx/trfSuTkccNNWWyWUtidAh8odlZjyVd/xrrFhHALuew234ZyX3g2isZXGTijmvACXWHjCrOPyasUUIKRc6x2sWPB3QjB0gNg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from DS4PR02MB10844.namprd02.prod.outlook.com (2603:10b6:8:2ab::21) by BL3PR02MB7906.namprd02.prod.outlook.com (2603:10b6:208:351::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.17; Fri, 22 May 2026 14:31:48 +0000
Received: from DS4PR02MB10844.namprd02.prod.outlook.com ([fe80::723c:4b42:2f11:ba]) by DS4PR02MB10844.namprd02.prod.outlook.com ([fe80::723c:4b42:2f11:ba%3]) with mapi id 15.21.0048.016; Fri, 22 May 2026 14:31:48 +0000
From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
To: Yogesh Deshpande <Yogesh.Deshpande@arm.com>, rats <rats@ietf.org>
Thread-Topic: CoRIM signing
Thread-Index: AQHc58/jYyGqGiLLhkaoKx0Wo0FeAbYWndJggAN/Xc0=
Date: Fri, 22 May 2026 14:31:48 +0000
Message-ID: <DS4PR02MB108441D504A4F57BB00E82394F20F2@DS4PR02MB10844.namprd02.prod.outlook.com>
References: <DS4PR02MB10844919EA0D15D844AC65D23F2002@DS4PR02MB10844.namprd02.prod.outlook.com> <DB9PR08MB985130C3496089D95B3752C18E012@DB9PR08MB9851.eurprd08.prod.outlook.com>
In-Reply-To: <DB9PR08MB985130C3496089D95B3752C18E012@DB9PR08MB9851.eurprd08.prod.outlook.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS4PR02MB10844:EE_|BL3PR02MB7906:EE_
x-ms-office365-filtering-correlation-id: 3faca526-e03a-49b2-8266-08deb80edb8a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700021|8096899003|22082099003|56012099003|18002099003|13003099007|6133799003|11063799006|4143699003;
x-microsoft-antispam-message-info: kRc+kAzpeejRP+njvZ6b3P6v2RuqPILlePhKlMIgRcnlkwHK347D3xaME+jFgV8w633p+CJF59zyoKGG52N1usqquuHKt/6O7k0JLbv9w/y2Ig/a1epWPZ3yTqnXBp7k9i5IKjmVZVbLvqJmBjn/dmyFifBRUpLIZvdznKrNjeiyLTm8M22Lm9/9FMZ3ojS/6jWsD3woTs0jaVnZKf5ECrrQjNAD6Whirh/cfBw8XZq/kgEjeBblG1p68qndke6waeEUBKtLkM6NtuPg4uJwWWxGDfTZPWQ/uoFiuCbQvkLCdeYtEnCkgrCTWR/byg+AOykbQPWxLMJU3wSfLXh3CyHFtLmmneuL2ifpibCsbbQNebvsz1W6jIqrkAfm3ghollNaMhVOamucIxvDESLU/X7mT6QXO3TD4s8IB3uiqPwFp75ZZ0L/d7QczpZHKvs1pRKJJc5ijKBlEx1JhkArWfEHSvbeNW+8d0HQabJl4uQP9TFuLoLy2gOWaBeOJ3Vdy430KSyjwY/wBzfgvDxVD5suHuhz5dJfmmx3T+FCpvFeOYJOqgrJtO+rE0w385cDNWACvVeWidCk6HfELhuxTHHPqDA0SI8ne/lkJE3STKWdg7uPei6K5xiXXevHzijvAh32pUIK+8/4tiXkqd216qe+tmu2vRkduxNKXv507mY5vyoSm0vfbfVzMyyKzJhbrZUciTbakj86OjCo0qZjGS4QbAqao0qjKHbuJy2Oaa9e8VFLtmMLt80vLXmiddNG
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS4PR02MB10844.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700021)(8096899003)(22082099003)(56012099003)(18002099003)(13003099007)(6133799003)(11063799006)(4143699003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2ouLm3GJiOnW+aoG8qAt8558OGt2OjzPupYTSD2bJl5izrVpz+ubjbuRPeDbSAYzLxJ4JlITANJ2XJQ34zGodGB5arpxNaGX2OFXvxctGPNi4BQu3ikiP3lhVukLq0R0yHcJiurxW0wjsZT+hpOFQMbn1tsyu+SkeDd2sWAbvp2tBw+527hY6otQsluurfLw1L0nmnIWyDn2QDxodBCaRqQTofMpYuoktju6NxhmEGdtmdev7AaPWTk6OP8+fcJ6s7qjBJeWSR8VHHabfkPmLSfHbJ4z5h49GEo769zpbGKYj0qwk5T+hA8xvAQTbf1Uow2mX7dKvmXwMdBDRUs1/g9sCznm28XEHWus+wZg4MF2oXycrE2yIZ8ndpQBe6EMw0+r5DWCx13nby50u18gNs9UYhvicZTZU7RUFzg7WFL4wwMS4Z7FHccaM3I1Bc5CnwtaDMaQdeOIN9YNI/p+URXzmHnGteXLL1nIaSo5vot7jI1mUTFT19E+dF3eaPyusyj8pyGMPJcZcfGvQXAHoZQufwRU7nf71kFdPk7X+FIx8gx5mmoC1xAXAGx3fxItVORV72D2/OhvZW/N9ciGC67FYuW8OkPsAcm2BpXrfKSSpzTPeQpntQgVyVGN20qaMWl+BE2ST++tnnYi7szrpBxps0rBjEnRsqRbw9AcjkP7GNP4N2iXzHJgi6Tv17CUWfEfA/cSyMxomCFljtF0xI2QkNMvsvvaduLK66s1vhGPciCPOBGxSuEmGEpjTd22VU00GCTNyUreCgXI0w6mpoMmCJnmhubAkCdJdZSeID+3stT/rFmrmNt2D9onZf3uBKNPFgK9fzZKn78k+lsmzoyuaWnoGmtPcsnPzfoey/By6djx5BC/Hg3up1ICeJ+jY321twciL0Ew5a+POQvW8JBJT23AJrHLgFMOJr77j+O5p2Wq/MZglr/VU2HIMgbBGTjWnFSBaadG2xNRV59ZVyESPgBt1TV5FDT7ScDtp5ukHjq1LVJ7ZMUtIpHTHexFETxavBz4k6L5mqAwRCSy4eBxj5ytad+O0e9RdQZdfRkSZoHDMvbMS7PbQ8OIUfczkxmaWqmwndJvxu3o4aazSxvLLsmUBjIaasOdjBVJMUFX3lZJA5Yfy1CkCKYbKX9MchtVZM7WldtRE85Jo03N9MilLseSJD1zo3Pe6qUlh5I2ACQXaziD2wiHnoAgJVqfpfjTYO9retk0HzMy9aDdAVPvuzh1pJOZ+J2knESAkL750wYk+QbR9ihuYROMQ0aZjVgeGGqNY4jaIL9/RY/uAwbdH1+Vhi4AwNshQq1AXWMDAmckUn1jp9n+JHOqj7DCqmtIT3mu9hp2yVm3wwKq1M/tVmqAzB0ejmtf+oyio6UGR9VR331pQo5AS0icNvTDeNXYSuTw09qykWkthe+CfHZXLxlKQHpgxMV4ltx0bqycRnt3fjvfU2ABMN9YuE+vqo8Dde1Q6528Sg3NEe1Ywvzs7qkFekP0gOzML4RqE/whr6hDhd+BeDuWYDlBP3b30VomuqHFpb2PZo0sFvGaImVxZSn7ng5BtaGQEtCEZ1trxf9qdYByY2rcLlFCxaLCo0p6hJ6KfricnP3P6Gej1zS+mOzPc5RDuhKzXAsHfYb69eoExVZbQadDjbgv79JwuHXCzsFyx+kD1GxjndaiyjWmH58OC/DJy93ixiUgrwXPf/qo4uFRXIvKxydFAP9Le3w5CAQZkdXhGD85g8RxcA==
Content-Type: multipart/alternative; boundary="_000_DS4PR02MB108441D504A4F57BB00E82394F20F2DS4PR02MB10844na_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: bY80ZExZj7gjJtD1bORzij/fZOllVSyBSVT2r9hrw9ZSRwlyy3+/M2rLf25iALcU074elq6Z8Q2tDJfXxq3fWHyDsZq2R8GkqDJgsUVqAYpRrDyjsmUTYCvKaiW3XwwN/hVgKTJhbgfFss0OekBaPVnw2nqgagbVBTsyTPjw9N+Sou14T8G+e3CRfhFQ2d2XaRpW8JQmt6Bs6RYhpzBIHlpU+mLudlI0fVcBkS/SNMM54MOWm/I6C2w+7W52Ey3bXsp3l8nSTv+SdICjM/MAZAROgO/Gff5vF0/7uwmLYNwHU3NNXSAZaa5FFlSWrJcIKmrVtkLbFivyJ9D2kVijjQ==
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: ZXOv7jC1VCEdZMBi5lzq20Zvs/hSXLJ2N0bD8f2zHaz46TYjgBqm8yjowrXeQyuiGlhEHYY7feZ3raWc6pqGPmpihMlaOVFKShYHvID6wSKaDyirpJgXVeAYAuOaRaUEcYnk/cm/dmVrFQPtyXvEdCDccX0d9tLekTD77s1ef3KvXD7YaZEs63gVTHP7ZMnNpy1LNEDz4bhWX1nbbKHPvurGcQ6TYItFHvWZJy0xC3517HTbEuRWnUDh+2nyyq/PsT2FMb9gORN3eHe8yj/A5mhjGM/CYaD95B/S/5OgbDErsMbs+b6MKXQ9E+wteSaluDecbSV9BMuI5wrTSVv/Uxs12vips/jVYCs2OYftOdmK3Xa3WwJXQxHWmhgL4Ego9IVSwZ8NrVjtlIOE1n12kyNSqwuzHJSo7WLPD0tCd3gYDboJzPIMNta1VMaPe7/XaKbUfHbdOQaH85SUY+0KsUSGl0K6Vtc5B3yl01owkHgofWdfm3ZbRnfV1FMfsm+NqvWLV+nWOmktO7irXmnef6yyi9vcIadoAI45OacXLFjBD7Uk1fZ1UHWeX3gdE4WJofvzFWIUn88zfzL3Iw3SdB0/uLn3RjjLBxrQw6bAPI8gLITJkUkj32AhbPkWMpJK
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS4PR02MB10844.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3faca526-e03a-49b2-8266-08deb80edb8a
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 May 2026 14:31:48.4834 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6fN5yrc0uCuHoOQoZ3SNNBS6UeAKl3dJNqBVhi0BOfzDx0vCX0zlIsaF63wcx98ZvWWubuAypwtmuR/Kvy7iuEi50fpAkAJ0S0fNbiNFtFE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR02MB7906
X-Authority-Analysis: v=2.4 cv=DKm/JSNb c=1 sm=1 tr=0 ts=6a1068d8 cx=c_pps a=dnfMuGzO9A70ZUHb+u8gqA==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=eoimf2acIAo5FJnRuUoq:22 a=48vgC7mUAAAA:8 a=NEAV23lmAAAA:8 a=7CQSdrXTAAAA:8 a=EUspDBNiAAAA:8 a=i_Ol7jpGIXKOxONAJtoA:9 a=CjuIK1q_8ugA:10 a=o8DTkw9AAKPfG96RvTIA:9 a=OlRDTqr4Jz38MaB9:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22
X-Proofpoint-GUID: Ik1S1RMxanVqLDyFfOSVjCLpXZ17bAYx
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIyMDE0NSBTYWx0ZWRfX0afBqR1NTGyo zeoZh929Z+R6mQlQLjOff4QT5tx3oOZ0sIPe59MIpWUKuT/VbVmMI2N0R5JDTfmQR1cNeq7zlP2 0O7EE0ZtBTyYOgq5vRtipP+pdL26m5+G5hWMIXcXLhPz37bwUaTDoN/XwBBQZ7hqV5UN2Uq2TkK gaYYPZBe6elnu6Afbhj72WRWUsM9opAZFmqf6pYtHRwAjDTFumXPYxdtrHjdCf5RDLC7OGD3Q+Q sDFnjk78JFDMsjRGZ0ugepAfdyj7yBofphkZHznXP7uQAb8IlRvDbSk1ARXKnUgrjl1q3k38rx1 pkbggOGN74edC3IRgBO/uLaQhan1Xo86uSVIzauJ6s07YHD+7aAS5IeomqOKCGPsiCOnGMXwnJy OGOJoSQHYw66kGxNKUARF8L6fYU0JOLHAQxRhtD7qEF6rHDU0zR2oZig1wZr7HNY3o9YXaWQDM2 RWdntw57QKffcI+W5tA==
X-Proofpoint-ORIG-GUID: Ik1S1RMxanVqLDyFfOSVjCLpXZ17bAYx
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-22_03,2026-05-18_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 malwarescore=0 spamscore=0 phishscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 adultscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605220145
Message-ID-Hash: 4NBVUEPGF5LAH43TMTZR7LMV4WKXNOUR
X-Message-ID-Hash: 4NBVUEPGF5LAH43TMTZR7LMV4WKXNOUR
X-MailFrom: jodonogh@qti.qualcomm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: CoRIM signing
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/VJBtUqMEB124axlQ-z_3bt_MifA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi Yogesh, I agree that a single Authority is responsible for ownership of a CoRIM, however consider the following problem: A manufacturer wishes to produce a CoRIM relating to some product or deliverable. Some customers can require single ML-DSA signature, some require hybrid ML-DSA with ECDSA, some have not yet enabled PQC crypto infrastructure and some Chinese customers require SM2-DSA. In some cases these cryptographic requirements might be regulatory. In this case, the manufacturer either produces four internally identical but differently signed CoRIMs to comply with the present specification or it produces one multiply signed CoRIM where the same signing authority has simply used different cryptographic mechanisms to endorse. I do not think the countersignature case covers this ideally as a countersignature serves as a notarization by a different counterparty whereas in the use-case I describe - which I believe occurs inevitably in a diverse cryptographic environment - we have different mechanisms all representing endorsements by the same owner. Glad to hear that the second point is covered and I look forward to the new draft. Best regards Jeremy ________________________________ From: Yogesh Deshpande <Yogesh.Deshpande@arm.com> Sent: Wednesday, May 20, 2026 10:03 To: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>; rats <rats@ietf.org> Subject: RE: CoRIM signing WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros. Hi Jeremy, Thanks for the review and getting back to the CoRIM Authors. 1. For Signed CoRIMs we anticipate a single source of Authority taking ownership of CoRIM (hence signing via COSE_Sign1) and then there can be multiple Counter Signatures Endorsing the same CoRIM. Counter Signatures are fully supported as per COSE Spec: https://datatracker.ietf.org/doc/rfc9338/ 1. For your second point we have already noticed the anomaly and hence please see : https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/575 The spec Version 11, will have a clear statement that would indicate use of separate triples, as you suggested: using multiple reference-value-triples. Regards, Yogesh From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Sent: Tuesday, May 19, 2026 9:53 PM To: rats <rats@ietf.org> Subject: [Rats] CoRIM signing Hi CoRIM editors, A couple of points on draft-ietf-rats-corim-10. I believe there are valid use-cases for a Signed CoRIM to have multiple signeds (i.e. allow COSE_Sign in addition to COSE_Sign1. An example of such a use-case is a dual-signed artifact (e.g. signed by a silicon vendor and an OEM, or both classically and PQC signed). The alternative would be to produce separate sets of CoRIM with the same payload. I believe this would be a straightforward change. In addition, I have a question on the text: The ref-claims in a reference-triple-record can contain one or more entries. This multiplicity can have different meanings: 1. Each ref-claims entry can represent a different possible state of the Environment. 1. Each ref-claims entry can represent a possible state of a different measured element (identified by its mkey) within the Environment. Note that the same semantics can be expressed using multiple Reference Value Triples. Allowing different meanings for the same record seems like a recipe for interoperability problems in future. Is there a good reason for this rather than either defining a new triple (dependent-value-triple-record) or simply using multiple reference-value-triples. Best regards Jeremy IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] CoRIM signing Jeremy O'Donoghue
- [Rats] Re: CoRIM signing Yogesh Deshpande
- [Rats] Re: CoRIM signing Jeremy O'Donoghue
- [Rats] Re: CoRIM signing Yogesh Deshpande