IETF Logo Mail Archive

Re: [Rats] Entity vs. role

"Smith, Ned" <ned.smith@intel.com> Tue, 22 March 2022 17:58 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F05463A0E05 for <rats@ietfa.amsl.com>; Tue, 22 Mar 2022 10:58:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id luviqzjUdGSi for <rats@ietfa.amsl.com>; Tue, 22 Mar 2022 10:58:49 -0700 (PDT)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 991643A0E00 for <rats@ietf.org>; Tue, 22 Mar 2022 10:58:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647971929; x=1679507929; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=KSu2CNjFMTRTapoG74OrbODOnpXQeAh78pzuFqXqvfc=; b=aPYiVmn2DKCQbyrYF9HbjhIPLF5gACoh5asnBBoyEl1utQlC1fB4oUzF dLfbwdSqq71tSI5UrENzffWcs/SWTGzrtx7d5UyPlkbmzTIwZLhOsRkWb brdiJKdQL9kl2UVdb4/tYYELoNh3rpLgCKBb8BsCPXR2HuMRL61m1RKMf S6ihzOnoZ4s8DN2fPhoujQ6RGBoi9Unv6tXW4ISOpIQ/99JpAHB/fYHbq 4T316T+v8UhDw5BBTgtz1DpQuYqQM5wof3777VO7HRT5MdNA0QAjPLMYa ZBxOwt9XE40k6SuAFDx49MHo+uG+ek8RCNXhaf95jNG/9nL/79P7UpZdK Q==;
X-IronPort-AV: E=McAfee;i="6200,9189,10294"; a="255465816"
X-IronPort-AV: E=Sophos;i="5.90,202,1643702400"; d="scan'208";a="255465816"
Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Mar 2022 10:58:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,202,1643702400"; d="scan'208";a="583371412"
Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by orsmga001.jf.intel.com with ESMTP; 22 Mar 2022 10:58:47 -0700
Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 22 Mar 2022 10:58:47 -0700
Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 22 Mar 2022 10:58:46 -0700
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21 via Frontend Transport; Tue, 22 Mar 2022 10:58:46 -0700
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.169) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Tue, 22 Mar 2022 10:58:46 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dq69tNj2k2IHftiigrxomWX3mJ3hXWe6nDJ5D7sZ7rWvk85irHzcNyFFoYQnQo8BeZQ6d2mnTwbC3CU7n/okKVc0pP2jGR8yHBMqETcH5ajs84BspZf5Wrh1oeBoVzc6D/rlR9gjJsKdOZRY2RvEHNHSNzfyu/QPDZwJjsLpztpv8HRf8k0SsVaOFGBjrxMlJ9rHd0rfJc4XsGffGbjYDLJ+M5Va4cF29X5M+Ji9sM5bIMIRuUrJTWiM0wryVnNgPS0E6TAzy5oQufSNQS/ew2DbDcxCoMslHtp1UwazvgPJ5J0wGD0VP2yQkTWt+vM/RCh7xQQqQ3RHNlg/kQ5uDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KSu2CNjFMTRTapoG74OrbODOnpXQeAh78pzuFqXqvfc=; b=nqumnxxrjXnQQ04mvOhysI+YGEfAFxEBVGYnzV4jZmwRbtbwjapSRc+X79jsyTBGnmi+QVj4+nj+AE8Zw+Xz2Qaz6VAGNbCnk9zVlgU0PNVK81Ue0mxPBgF6ITv6OMafDLsFRkQQsAIHX8CvtgQqyY3GYtaCEpUTCfXqbXDWwLa+f2GgaOcIZCqHmRZ4Z4tuRziqDLTDedcVWqyHqMrVNFIXAQa7LcI91KtOwwp+bcZMKuEgUN5wBWknQQgOhIId4soUkEgIbUUAAQ2Gq2rINXKj2QJHBAu47AnGsqkr3W5wlPLiHwVc4XGpenQCWFrBOgYwciLTdFljltQTwxpclw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by MWHPR11MB1855.namprd11.prod.outlook.com (2603:10b6:300:10e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.16; Tue, 22 Mar 2022 17:58:45 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4%3]) with mapi id 15.20.5102.016; Tue, 22 Mar 2022 17:58:45 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Thomas Fossati <tho.ietf@gmail.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Entity vs. role
Thread-Index: AQHYPe6PgQWbu8zDYE+F8zzrq4lIsazLg0QAgAA+kwA=
Date: Tue, 22 Mar 2022 17:58:45 +0000
Message-ID: <03B59C5A-2DE7-4427-84D6-896B1733CE46@intel.com>
References: <3407CFB9-B713-4E13-BDA3-08EC7B5A905E@intel.com> <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com>
In-Reply-To: <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bd707303-a3b9-4dee-087e-08da0c2d9bba
x-ms-traffictypediagnostic: MWHPR11MB1855:EE_
x-microsoft-antispam-prvs: <MWHPR11MB1855AF967939C7ABAEC2EF36E5179@MWHPR11MB1855.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: h+DzLXpM4CUSoSQnwcrlVF/H/JjDlTsKC4PtYLaz0V0CJA/MRQuzaATxH16cHOItKx/hgfXUXNG3y2KJq4dwlwAotF80bGoNphOh2Jsno7wq3yKfxMMm8fZInM/p2JPXyLTp7wOd9c1v8hNo82hCn3UuP9pCZwBvcIOoB8AyHlA6yZXlGJM5iQOEcds8pMnZmLtFbNnI1fF4iUOSb9aGHANMMKNFwLbBgRCiSTZVxOUj3+TMR1awnOBkNZjjoo6p4H97aNhZUyteCrM9ttyluF2Ki4InFqCD16p0T/VEPW604GacuPJf1BgvYVV4+oZtEcVaqiSktjdljTzvBL/CdyVxLl0Vboq+4sAn+mE5vEtVqzuQg8P87CvQapBY7krf4+C9LT9hFaYltMvq/odYRu3VZjfa9pzVIUY8EVVvz57gwBKeuAjiawdLovV+bxgI3A+9sv4uMDyctnlgzBjwPl7rIi16BEWkZGWlo3/tlOLtj2fGiJLLnschun3es76La70v85jKkQiU4zro2lCIHC/RoAU83RzqvuTSbdybvLfgGSJMzNsqvwXs93tLcRff+y2AIPGpyCMUMHVFD899nSZd2PBinCtjdZMTInDBS/yDZNm/5Wd5uk8Wq2J9pgE0Rd4ftoE5/GvqiCer6Xt3gstXwnYgyHglA+zh3kVP3UttKMzjFOo2WiFM4o3+hPVLKnyXJi7tvrrHLCcJm+px4hqetAY04pKn3JwFDpGI48WLcX7R8yUogyPvXyn4O+6T
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(86362001)(91956017)(36756003)(38070700005)(508600001)(2616005)(53546011)(316002)(6916009)(83380400001)(186003)(26005)(33656002)(5660300002)(8936002)(122000001)(6512007)(6506007)(71200400001)(82960400001)(4326008)(66946007)(76116006)(66556008)(66446008)(66476007)(64756008)(8676002)(6486002)(38100700002)(2906002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: z1ZZ6XcGh99XIowzsm7mavRT2UQgSIfWC7Zx5Q33GdB6IlV3LNYHZ/VNLVwulRLhVErsteQqyxq3EcXaFE+Pr4S5PMd88+sAh60ARxkrDsi3FKyEqgkJ8JZmFY4h/8F5Wp1J7BPpONMuA7t5w1FjGcqK0zO0j8T9oN+IpEpnUirHC8YRFz5IDwXFwLy8XdRMw/0oADl0B3gkyG2xVQWRYdGbKuVWQWUaFBycwVvvOzh/PHFwVP2RsjGGcBix3Ykw7SODT3uOLNZ4SEE3mibs/SxMz3x9NU+81NmxrFluAbrSKtlzOVDFTe+1sLJut1Qkxw4oaxJ4eQsC12orL7HNovAAJnwyi/mrLSWBupVRpkCMNJHVTcKb45EOk+o9cqPylA3SFImpvWY3XMF7lRVblnwVnepBkjtiRUG7KkfDTvN4YJ+jwRGozyeq2hI1WSD8CIxK6X8NnvZHnIz/0aieL5KbHUAkK9QRkFLeUlCECmdhSJN9geNjzQa45nTucVnMTii6NhQOj88tIBr9zSrEoDMzQKN/0zEzGI5WZ0Uktvh1UE6DKhPU2AQ5b4K2P67e7nQPQ7/wKM0x/wcWm2DTBVDuIz/j7NGbcvg3I3eJpyvSW8FZeMbH0vE8ajclKoGD8EMHZytLnFjp/jJiPvKMfNBHpTMx1XchJKxDqang1Uoikc4501uwcAVk9oRDbDX3R08856nGciBwDntesdFhi/Xj0tLw8YhPhibuAEAa2sKWBv7dC2wp2xum2n7hFD438PhxDiBul4wYNBXBSpym4PjF8QV4Vum8yTJh69CbDI7SgOQD2UlpdQHMsxoq1BnObJTYJKXUUZ7lB/00igu5AGnFRnaOkpNkuiXM1WTS5kPCAI5MRXLArFt1OVFwJvJH5ijeEWt7PTg0FZqInKrnQ1bwD5ze+qRqYhkha9Yx5DVoLWTKgUgl+w6zkmBPtqqlve7ELIVi7n6BuUaa2aXDxVMrzZBAALZmZ7zru6+yyZFotl4k9MmgaX21AGAYu7uoNTqK8thYSUpffqKUwa1YuKqQVM0e6IODAlSthMuuk1lebeS0JBmqTp+9xPKgm9PT1MhIp/O2Y+NLU9ZgAcEagO61w/TPtPCn5P7zPqQmNAKdKHYW4IrZjj2KPbLnwy4lWlwYQB4bh+ns+oHUNNmCIXHH/a+G+QYmglVjvCHcmAtdg/O8R4oIvdacdSgRAHJi78WXrsv3LHGzVm/DDK2CvLJy49WW98KbeoDG0kL/h/PudXST72rkgfSSz4oGvy57L5c+xT2ttwJjl4QgOjMSLeEWHOZ9Zc+CRY98rVCBu87+ErdSS6AhNAP+toUGKH/orfOlf55B8K6Jhs9VyOQzV5HDd9dDBZ1A2aWuTilh8B686vmqkuUX1AW6OlydOJOJ876f+We0EuP1l6zOvEbR93HLP9M4tATwFV6xc5e7O8Wu6mlCU40yAwpjPRAg2113wD1jO7JYESQP7OVy4SGdJg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <DBF5FA4A031FEA4C85ECA8E20855E835@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bd707303-a3b9-4dee-087e-08da0c2d9bba
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2022 17:58:45.1287 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2ju+AFHSvuOf7GZ9naIkxWFMq4M3fFKt2H5z/tZInonFBBrd+ntTYjtdFAIT7sdyHqFYjqCoYHgR9Xq6YxJRzQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1855
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/j8rLqI0hzdAwhuAnXueN7cDmEvU>
Subject: Re: [Rats] Entity vs. role
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 17:58:54 -0000


On 3/22/22, 4:15 PM, "Thomas Fossati" <tho.ietf@gmail.com> wrote:

    hi Ned

    On Tue, Mar 22, 2022 at 1:13 PM Smith, Ned <ned.smith@intel.com> wrote:
    >
    > (not as chair)
    >
    > One of the topics discussed during RATS113 session I seemed to focus on architectural considerations for entities vs. roles. The architecture draft summarizes concisely:
    >
    > “In essence, an entity that combines more than one role creates and consumes the corresponding conceptual messages as defined in this document.”
    >
    >
    >
    > This is different from a distributed Verifier that operates on a portion of a conceptual message and (possibly) forwards a portion for some other Verifier to consume. The architecture didn’t attempt to name partially processed conceptual messages distributed across multiple entities.

    I fully agree with this.

    > It may be helpful for drafts to give names to partially processed conceptual messages

    As you say, a Verifier implementation can fraction and distribute the
    appraisal box the way it wants.  It seems to me though that trying to
    name these intermediates equates to making the internal
    (implementation-specific) interfaces explicit, which is something we
    should really avoid at least until we decide it's time to revise the
    architecture to break down the Verifier box.
[Ned] I'm suggesting that I-Ds qualify the architectural name in some appropriate manner such as "partially evaluated Evidence" rather than make up some new name that appears to be architectural but actually isn't.

    > but until processing is complete (and therefore becomes a different conceptual message) it should still be correct to refer to the partially processed conceptual message by it’s architectural name (e.g., Evidence that has been authenticated but not appraised would still be regarded as Evidence architecturally. Appraisal results that haven’t been authenticated to a Verifier might still be called Evidence up until all the requirements for being called Attestation Results are satisfied.)

    I also fully agree with this.

    -- 
    Thomas

v2.37.1 | Report a Bug | By Email | System Status