[Rats] Re: New Version Notification for draft-sardar-rats-sec-cons-03.txt

[Nathanael Ritz <nathanritz@gmail.com>]

Hi David,

As someone following both the RATS WG and the SEAT WG discussions, I can
appreciate your concern about preserving the security guarantees of
draft-fossati-seat-expat. From a RATS perspective, I also share concerns
regarding RA integrations with secure channel protocols more generally. I
share your overall sentiment that care must be maintained, but I am
uncertain that an Informational-track document like
draft-ietf-rats-multi-verifier necessarily implies a new inherent risk that
you (or anyone else relying on protocols such as expat) may now be forced
to uniquely manage.

In many deployments, a monolithic Verifier already incorporates complex
internal components that the Relying Party must trust implicitly.
Therefore, compared to a single opaque Verifier, a multi‑Verifier
architecture does not inherently increase the Relying Party’s trust
surface, even if complexity on the RP side may increase. By making these
components explicit under a multi‑Verifier design, the approach (as far as
I understand it) enables a Relying Party to examine, limit, and
cryptographically verify individual components with greater transparency
against the mandatory trust dependency set than was previously specified.

That said, I understand that active research on the security of
multi-verifiers is ongoing, and I'm sure the WG would be very interested in
learning about any concrete failure modes where the multi‑Verifier topology
itself breaks any specific guarantees you as an I-D author depend on. A
specific example would be incredibly helpful to ensure the threat model is
fully understood.

Cheers,

Nathanael

On Thu, 7 May 2026 at 17:06, David Condrey <david=
40writerslogic.com@dmarc.ietf.org> wrote:

> Hi Usama, Yogesh, Jun, Houda, Henk, and the RATS WG,
>
> I am replying to voice my strong support for Usama's request to include
> the security and privacy considerations from draft-sardar-rats-sec-cons-03
> (Sections 8.1.1 and 8.1.2) into the multi-verifier draft.
>
> From the perspective of other active work in this space, preserving the
> security and privacy guarantees of TLS Exported Authenticators (expat) is
> critical. As the author of drafts utilizing the Proof of Process (PoP)
> framework and related cryptographic proofs (such as
> draft-condrey-cfrg-posme and draft-condrey-rats-pop), my proposed
> architectures fundamentally rely on those expat guarantees remaining intact.
>
> If the multi-verifier architecture breaks the expat guarantees, it creates
> a cascading issue that undermines the threat models of downstream drafts
> that depend on them.
>
> David Condrey
>
> On Apr 29, 2026, at 4:08 PM, Muhammad Usama Sardar <
> muhammad_usama.sardar@tu-dresden.de> wrote:
>
> Hi Yogesh, Jun, Houda, and Henk,
>
> We are doing research on the security and privacy of multi-verifiers, and
> we will share any solution that we will have from our analysis.
>
> For now, we have revised the proposal for security considerations
> statement [0] based on the adoption call discussion that we would like to
> be added in the draft until you or we find some reasonable solution.
>
> Privacy statement is unchanged [1] and we would like that to be added in
> the draft as well.
>
> Thank you.
>
> Best regards,
>
> -Usama
>
> [0]
> https://www.ietf.org/archive/id/draft-sardar-rats-sec-cons-03.html#section-8.1.1-3
>
> [1]
> https://www.ietf.org/archive/id/draft-sardar-rats-sec-cons-03.html#section-8.1.2-3
>
>
>
>
> -------- Forwarded Message --------
> Subject: New Version Notification for draft-sardar-rats-sec-cons-03.txt
> Date: Wed, 29 Apr 2026 15:44:15 -0700
> From: internet-drafts@ietf.org
> To: Muhammad Sardar <muhammad_usama.sardar@tu-dresden.de>
> <muhammad_usama.sardar@tu-dresden.de>, Muhammad Usama Sardar
> <muhammad_usama.sardar@tu-dresden.de>
> <muhammad_usama.sardar@tu-dresden.de>
>
> A new version of Internet-Draft draft-sardar-rats-sec-cons-03.txt has been
> successfully submitted by Muhammad Usama Sardar and posted to the
> IETF repository.
>
> Name: draft-sardar-rats-sec-cons
> Revision: 03
> Title: Guidelines for Security Considerations of RATS
> Date: 2026-04-29
> Group: Individual Submission
> Pages: 14
> URL: https://www.ietf.org/archive/id/draft-sardar-rats-sec-cons-03.txt
> Status: https://datatracker.ietf.org/doc/draft-sardar-rats-sec-cons/
> HTML: https://www.ietf.org/archive/id/draft-sardar-rats-sec-cons-03.html
> HTMLized: https://datatracker.ietf.org/doc/html/draft-sardar-rats-sec-cons
> Diff:
> https://author-tools.ietf.org/iddiff?url2=draft-sardar-rats-sec-cons-03
>
> Abstract:
>
> This document aims to provide guidelines and best practices for
> writing security considerations for technical specifications for RATS
> targeting the needs of implementers, researchers, and protocol
> designers. This is a work-in-progress, and the current version
> mainly presents an outline of the topics that future versions will
> cover in more detail.
>
> * Corrections in published RATS RFCs
>
> * Security concerns in two RATS drafts
>
> * General security guidelines, baseline, or template for RATS
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> RATS mailing list -- rats@ietf.org
> To unsubscribe send an email to rats-leave@ietf.org
>
>
> _______________________________________________
> RATS mailing list -- rats@ietf.org
> To unsubscribe send an email to rats-leave@ietf.org
>