IETF Logo Mail Archive

Re: [Rats] CoTS and CoRIM

Carl Wallace <carl@redhoundsoftware.com> Thu, 14 December 2023 14:46 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54D90C14CF0D for <rats@ietfa.amsl.com>; Thu, 14 Dec 2023 06:46:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1I_ES-f48cYS for <rats@ietfa.amsl.com>; Thu, 14 Dec 2023 06:46:41 -0800 (PST)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C877C14F68A for <rats@ietf.org>; Thu, 14 Dec 2023 06:46:41 -0800 (PST)
Received: by mail-qk1-x734.google.com with SMTP id af79cd13be357-77f380d8f6aso478648485a.2 for <rats@ietf.org>; Thu, 14 Dec 2023 06:46:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; t=1702565200; x=1703170000; darn=ietf.org; h=content-transfer-encoding:mime-version:in-reply-to:references :thread-topic:message-id:to:from:subject:date:user-agent:from:to:cc :subject:date:message-id:reply-to; bh=1xsw6vonfE7qvibEIZYRNc1M8vxl6m/aXJf29GyOgV4=; b=B03N12AYwVbfC7/06760xtrWDWQV8biLnQP0AsQ1JFWL5HO2FAs3a2xFtcHMKx1Opg OYNLVz3CjwxNPB6WHnl6mZKZMClLoXjbbE+uhflODNe8dnWe7bf92wJ7++UhfD4dYEdx J1WPd5qd2dA48fJMkl/uYDvREC8IoajIjM8PY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702565200; x=1703170000; h=content-transfer-encoding:mime-version:in-reply-to:references :thread-topic:message-id:to:from:subject:date:user-agent :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1xsw6vonfE7qvibEIZYRNc1M8vxl6m/aXJf29GyOgV4=; b=bzjTlfDpE+Hic+vy7OWj3Nu4f1rZ7NjZKof8Hpj+1BMrcjL8NA2iS8q3HFuUpIMxEP Y9z1Na6h2ur0VLGSYcdC8Fd0uMrkWgz+/5KvSaHrF4DVIiK9Wspjg36yJbPlUuAjHJTT hAgwaaWeaMtOhNEZC4yYTVI6KEI3WlGdaWFQoFBvlMEfJjZuY5CrTASnCYA37eOjBpuV Ftj+JPQ8Afzr/UptGZjvjke+IyZgK4dzLdL3XoCZvyP50efgLcskmctJkjn/2Ji8bEly qwbhiz38iqd9DjR4qNlvl/A2Zx4RNDqocFE3Ybbgm0SheGZfxwWDCIiG7yaMV5YaSr1u agWg==
X-Gm-Message-State: AOJu0YwLkIW+1QaU0X8X0Y79obERhQeCtLmKcin+Gm8CdNf7Wyf8NubV 87zVv3MBJxyt5+L8l6Y7LyDdPw==
X-Google-Smtp-Source: AGHT+IGSGObI103pNuw7LLV9n6jjCigGxFxB+uGb8dh1UzG0uHFDx96NYQqaP0G93+uFvjQILN3dQg==
X-Received: by 2002:a05:620a:1a22:b0:77e:fba3:9d0a with SMTP id bk34-20020a05620a1a2200b0077efba39d0amr13699546qkb.110.1702565200186; Thu, 14 Dec 2023 06:46:40 -0800 (PST)
Received: from [192.168.2.16] (pool-96-255-232-167.washdc.fios.verizon.net. [96.255.232.167]) by smtp.gmail.com with ESMTPSA id h4-20020a05620a13e400b0077dd463da60sm5353331qkl.126.2023.12.14.06.46.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Dec 2023 06:46:39 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.80.23121017
Date: Thu, 14 Dec 2023 09:46:39 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, hannes.tschofenig=40gmx.net@dmarc.ietf.org, 'Yogesh Deshpande' <Yogesh.Deshpande@arm.com>, "'muhammad_usama.sardar'" <muhammad_usama.sardar@tu-dresden.de>, rats@ietf.org
Message-ID: <89A69594-7D1E-4FE1-937A-E277C28521D6@redhoundsoftware.com>
Thread-Topic: [Rats] CoTS and CoRIM
References: <005701da2e02$6acec900$406c5b00$@gmx.net> <84e6047b-b87b-4053-8e5a-fb2c8347defc@tu-dresden.de> <AM6PR08MB43257B9CB8ECD1BF6768D2138E8CA@AM6PR08MB4325.eurprd08.prod.outlook.com> <013001da2e8d$bf3c08a0$3db419e0$@gmx.net> <66f72845-9aa8-3c05-0d89-4eea5652ae78@sit.fraunhofer.de> <4b9837d8-1975-e13f-3b67-db0e3da1ca46@sit.fraunhofer.de>
In-Reply-To: <4b9837d8-1975-e13f-3b67-db0e3da1ca46@sit.fraunhofer.de>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/d4R8_HQZs0NASGRkEH6OgcWn9sA>
Subject: Re: [Rats] CoTS and CoRIM
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 14:46:45 -0000


On 12/14/23, 9:28 AM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de>> wrote:


> Which text gave that impression? Could you please file an issue or even better a PR?


Ah I see. Muhammad's recently filed issue points to text in 
draft-wallace-rats-concise-ta-stores.

> https://github.com/ietf-rats-wg/draft-wallace-rats-concise-ta-stores/issues/3 <https://github.com/ietf-rats-wg/draft-wallace-rats-concise-ta-stores/issues/3>

The text of the issue that was filed is: "As correctly noted by Hannes, the introduction gives the impression that trust anchors are Reference Values. To me, this originates from the second paragraph of introduction.
Please clarify that trust anchors are Endorsements and not Reference Values." 

As I noted in a reply to Hannes, I don't think trust anchors are endorsements. It also looks to me that the architecture draft also does not view TAs as endorsements. See section 7.1 and 8.2 in RFC9334. I think the change we should make is to not use the term "reference data" as shorthand for a CoRIM. So: 

"The extension in this document aims to enable public key material to be decoupled from CoRIMs for several reasons, described below."

Several uses of the term "reference data" in subsequent text are fine, to my eye (though perhaps the more formal "reference values" would have been better). Would the above change help eliminate the source of the misimpression that TAs are reference data?

v2.23.0 | Report a Bug | By Email