Re: [Rats] use case document updates on Roots of Trust

[Michael Richardson <mcr+ietf@sandelman.ca>]

Ira McDonald <blueroofmusic@gmail.com> wrote:
    > If the term RoT continues to cause heartburn in RATS, then we might
    > just use the generic "Trust Anchor" which is widely used to encompass
    > both hardware and software RoTs in a number of SDOs.

No, that's exactly what I don't want to do!

A trust anchor is a thing you have in your system (such as your browser),
that let's you validate other certificates.  While in abstract concept it
shares many properties with a RoT, it's a very different thing to people
who don't live and breath attestation.

A reason I don't like the term RoT (not the definition, btw), is because in
some languages the order of the words doesn't matter.  So a Trusted Root
(Certificate), might be easily confused with a Root of Trust!
{It's taken me six months to get this into my head right, and at the Linux
Plumber's Conference, I watched several others fail to deal with the issue}

As I understand it, the RoT is the component which is forced measure itself,
because there exists no other component.  The trust is "Immaculate".
If I could replace RoT with another term, I'd use "Birth of Trust" or
"Immaculate Trust" or something like that.

I'M NOT PROPOSING TO CHANGE THE TERM.
I'm just airing dirty laundry, to explain that we need to be clearer about
this somewhere.


The only reason the use case document cares, is because I think it is
important for the use cases to be clear if they require the Third Party
Attestation of the RoT Claim in order to operate.

Some use cases do not, as their dependancy is upon a higher level
attestation, or the device has been attested to use Secure Boot 
rather than Trusted Boot.

-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-