Re: [Rats] Function of an endorsement relative to evidence
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Wed, 08 June 2022 06:09 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F091C15D89E for <rats@ietfa.amsl.com>; Tue, 7 Jun 2022 23:09:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.785
X-Spam-Level:
X-Spam-Status: No, score=-3.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.876, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-WLjKCGr3bq for <rats@ietfa.amsl.com>; Tue, 7 Jun 2022 23:09:47 -0700 (PDT)
Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [192.102.164.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3151CC15D883 for <rats@ietf.org>; Tue, 7 Jun 2022 23:09:44 -0700 (PDT)
IronPort-SDR: Oc4ljH8ygPlF1jtlz7Vr+2k4SSS/QBytSTXoDVKu+e1/tLMFYpr7TAjdhrAgQBMq/ocRm8lMgI sHMZoq7qXjsA==
X-IPAS-Result: A2GAAAA1PKBi/xwBYJlaHQEBAQEJARIBBQUBQIE9BgELAYIjgQFRgQaET44LgwIDmzqBLIElAxgzCQsBAQEBAQEBAQEHAQEsCwsEAQEDBIR7AoVIJjYHDgECBAEBAQEDAgMBAQEBBQEBBgEBAQEBAQYEAgKBGIUvOQ2DU007AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBQJBRwwxAQEBAQMBASEPAQUIAQEsCwEPCQIOAwMBAgECAiMDAgInCxQJCAYNAQUCAQEVBoJeAYJlAzASkDybGHqBMYEBgggBAQYEBIFNQYJ/GFyBXAMGCQGBByyDFIkfgjMXIIFVRIEVJw+CRDA+gmIBAQIBF4UcgmVjjgiIeCgEDwMaLTQSgSFxAQgGAwMHCgUyBgIMGBQEAhMSUx0CEgUHChwOFBwkGQwPAxIDEQEHAgsSCBUsCAMCAwgDAgMjCwIDFwkHCgMdCAocEhAUAgQTHgsIAxkfLAkCBA4DQwgLCgMRBAMTGAsWCBAEBgMJLw0oCwMUDwEGAwYCBQUBAyADFAMFJwcDIQcLJg0NBBwHHQMDBSYDAgIcBwICAwIGFwYCAnEKJg0IBAgEHB0lEAUCBzEFBC8CHgQFBhEJAhYCBgQFAgQEFgICEggCCCcbBxYZHRkBBTYnBgsJIRwKHwsGBQYWAyNzBQo+Dyk1NjoWHBsoARsCmFhpYDgLDgIgOz4GNRAUMAQGLAEHEZIxrRZ8NAeCFIE9gT0GDIlOlF4GEy2DdYw/hiuRfJZpjS2ZXQIEAgQFAg4IgWgFggpNJE+CaFEZD44gDBaDUIUUhUxzAjkCBgEKAQEDCY90AQE
IronPort-PHdr: A9a23:beW+4RYDLASFSdY8a3kgUzH/LTAhhN3EVzX9orIriLNLJ6Kk+Zmqf EnS/u5kg1KBW4LHo+lFhOzbv+GFOyQA7J+NvWpEfMlKUBkI2skTlhYrVciCD0CzJfX2bis8S cJFUlIt/3yyPUVPXsjkYFiHuXyuqzAIEwj5NQ17K/6zFoOB5/k=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,285,1647298800"; d="scan'208";a="44059220"
Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jun 2022 08:09:42 +0200
IronPort-SDR: IicA8pE856ED25h446ksZlZotbX+u+fEaWV5R5XqoGnzuABwQktrj2vgAJRrVMiIdB7ty4QvPN 3bOR43EXNf1erZiIoiVvJgsx4sXqWlc2LXKSZXjA5z1ebbhdwa4NSdUZBZQmCGoIrYHl6W5Hcb xe8SvWshfNl4Enu5dUHfunh6Sbq0yZzuiBDVtC/6EvyZWkbxgWvxKkhw/tz+8aovDrWkWz242Z KR1OqjASNraJt7nLR6YnfAjDqOnXe2Kq1Zwg+gX2VUY3axlzXF+qrBd4zY1QW+CPFlHdmbUoAI caWAmNxNP1cnaHDSI25TdXXD
X-IPAS-Result: A0DsAAC8PKBi/z6wYZlaHAEBAQEBAQcBARIBAQQEAQFACYE0BQEBCwEBgVBSB3pQAQcpVoROg00BAYUxhQtdAYIkAzgBmwGBLIElA1QLAQMBAQEBAQcBASwLCwQBAYUCAoVFAiY2Bw4BAgQBAQEBAwIDAQEBAQUBAQUBAQECAQEGBIEJJwZeBmiBT4FhEws0DUABEAGFcAEBAQEDAQEQEQ8BBQgBARQYCwEPCQIOAwMBAgECAiMDAgInCwcNCQgGDQEFAgEBFQYDglsBgmUDMAIBAQ6QPo84AYE+AoofeoExgQGCCAEBBgQEgU1Bgn8YXIFcAwYJAYEHLAGDE4kfgjMXIIFVRIEVJw+CRDA+gmIBAQIBF4UcgmVjjgiIeCgEDwMaLTQSgSFxAQgGAwMHCgUyBgIMGBQEAhMSUx0CEgUHChwOFBwkGQwPAxIDEQEHAgsSCBUsCAMCAwgDAgMjCwIDFwkHCgMdCAocEhAUAgQTHgsIAxkfLAkCBA4DQwgLCgMRBAMTGAsWCBAEBgMJLw0oCwMUDwEGAwYCBQUBAyADFAMFJwcDIQcLJg0NBBwHHQMDBSYDAgIcBwICAwIGFwYCAnEKJg0IBAgEHB0lEAUCBzEFBC8CHgQFBhEJAhYCBgQFAgQEFgICEggCCCcbBxYZHRkBBTYnBgsJIRwKHwsGBQYWAyNzBQo+Dyk1NjoWHBsoARsCmFhpYDgLDgIgOz4GNRAUMAQGLAEHEZIxrRZ8NAeCFIE9gT0GDIlOlF4GEy2DdYw/hiuRfJZpjS2ZXQIEAgQFAg4BAQaBaAUwgVlNJE+CaE4BAgECDQECAgMBAgECCQEBAo4dDBaDUIUUhUxBMgI5AgYBCgEBAwmLDoRmAQE
IronPort-PHdr: A9a23:yGNxSRSDeaaeqKR0cpcM0Vfqotpso7PLVj580XJvo75Nc6H2+ZPkM QSf4Ph2l1bGUM3d7O4MkOvZta3sGAliqZaMuXwPatpAAhkCj8hFkwkpGsXQD0r9IbbjZDA7G 8IXUlhj8jm7PEFZFdy4aUfVpyip7CJUFA/2KAx1Ier4AMjegpff6g==
IronPort-Data: A9a23:srWwO6uf+FZrANa6z2FBBofJ9efnVIVeMUV32f8akzHdYApBsoF/q tZmKWHUaayLZjfyeNkiO4mz/E0Gu5OGytNmTQQ6+3tjFCgRgMeUXt7xwmUckM+xwm0vaGo9s q3yv/GZdJhcokf0/0zrb/69xZVF/fngqoDUUYYoAQgsA149IMsdoUg7wbRh3NY42YHR7z6l4 LseneWPYDdJ5BYpagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDf3Zw0/Df2VhNrXSq 9AvbF2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/RPjnRa70o1CBYTQQQPjiyAsNZL8 vRcioSMVBwwFKPsxutIBnG0EwkmVUFH0KTCPWD5vNyYzwvIaXLxxfVpAkwse4EVkgp1KTgTr rpJd3ZUMU7F2bjeLLGTEoGAguwjIc/oeokeoHJgyjXLJe0nXdbNWazX499f0joqwMxDdRrbT 5tANGQxMkmbC/FJElcvIpQvt8eyvUn2XAMDkF2avKkZ5meGmWSd15CoarI5YOeiQcpRtkeDo mvA8yHjDwodLsDZwj2Amlq2j/PUtSL2RIxUE6e3nsOGm3XKmzdWWUJTDATl5KfjzFC7HdkZJ VYd5ywuqqY/7gqnQ7ERQiGFnZJNhTZEM/I4LgHwwFvlJnP871nLC24aYCRGbdB65sY6SSZzi Q2Sns+vCyZmrbuVTnyQ7PGYoGrqayQSKGYDYw4CTBcEuoWy/tts00iXFtszQrSoitDVGC3rx 27YpiYJh4IV0ZwB2ZK98A2VmDmrvJXIElU461yPDGKo5w90fqC/YIms5QSJ5PpMNt/GHEKAo D4KgcGD6uAJA5yX0iCAGb1fELas7veDETvdnV82Q8h/rWvwoSb7cNkJsj9kJUpvPsIVQhPTY Rfe6VFL+ZteHHq2dqspMYi/PMQdy/SyH9rSUP2JPMFFZYJ8dVPc8SxjORyQ0mTqnBR+mK0zI 83AI92pEW5cBLRszHy4Xe4A178syC0kg2/eHMipwxOi2LuYRXiUVbZcbArQNL9ktvvcrVWH6 ctbOuuL1w5bDL/0bB7R/NNBNlsNN3U6Wc37ppAFbOKFOQY6SmgtB+WKm+F4JtcgzvsQz7iWu y/nHFFdjlG5i2fONAOKbX5ucvXjUM8n/348OCUtO3eu2mQiONr+sv1AKsFvJbR3pvZ+yfNUT uUef5nSCPp4TDmaqS8WaoPwrdA/eRmm7e5U0/FJvNTik0ZcejH0
IronPort-HdrOrdr: A9a23:2ZC+h6AQCdGHFUjlHeg0sceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6Ki90dq7MBXhHPlOkPYs1NaZLXXbUQ6TQr2KgrGSpgEIdxeOjNK1kJ 0QDpSWa+eAfWSS7/yKgjVQeuxIqLLskNHKuQ6d9QYXcegDUdAQ0+4TMHf9LqQZfng+OXN0Lu v52iIRzADQB0j/I/7LTUUtbqzmnZnmhZjmaRkJC1oO7xSPtyqh7PrfHwKD1hkTfjtTyfN6mF K13jDR1+GGibWW2xXc32jc49B/n8bg8MJKAIiphtIOIjvhpw60bMBKWqGEvhoyvOazgWxa2u XkklMFBYBe+nnRdma6rV/E3BTh6i8n7zvYxVqRkRLY0LrEbQN/L/AEqZNScxPf5UZllsp7yr h302WQsIcSJQ/cnQzmjuK4GS1Cpw6Rmz4PgOQTh3tQXc81c7lKt7ES+0tTDdMpAD/60oY6C+ NjZfusq8q+SWnqL0wxg1Mfg+BFBh8Ib1W7qwk5y4CoOgFt7TFEJxBy/r1bop8CnKhNPKWsqd 60dpiAr4s+PPP+XZgNd9vpfvHHf1AlYSi8eV56cm6XXJ3uBRr22urKCfMOlaaXRKA=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,285,1647298800"; d="scan'208";a="91566653"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jun 2022 08:09:38 +0200
Received: from XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Wed, 8 Jun 2022 08:09:37 +0200
Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.175) by XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22 via Frontend Transport; Wed, 8 Jun 2022 08:09:37 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RZOC8F/rxxV7nri/h8hy4bQWft/eLvcmzTC+vOIM91JqJ2jyufm1aMy9AeIe/U9xPDk1Oop+lN7NJ9bHqhkclPx/frbmi2YA5DjroLn+EW70GzTJ0OCOR1JeYToDfjRSApNQZqzArY2I8rp6bJmvaaKNRiLElFBKZjzRImDZGowfUQHSUehG7V6LuHXlTYKzQeIvSIL2wVVhXBIyT1xEBwA3N5Dn+Gnnmsl+WLIqkB9Ko0iQtioluEJ8S7zfJf099VtwS1uXmFh+OABAGQHINbZugnSkzoAbCLynlQZ+fol7lvr1sjeNvNZmAP/7CzHw3xecfei1qu71SuPPoAuLZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7tp/VDOqY2qIzjyYghpRGSJ+wywRkwHOwe+NFHVR+sE=; b=TqypRoHV61tNB5g8ic9vPNpahkDVWU7nuZAb/go4zbTyhVvYTpBO482kqybNrkq/pU2Vpc0bZTkbQXQX1vYGTHorAFEcNuvUWD6pI6gyh6uPd3BSVAOoGBVgARuaTu7T/fHpVdpajuNeWmiDJc54cEFpPoRF4qlvzGssI/BUwDxbekChB6tCS51BuCIuARMPnQdyaVQq0aM5Qw8JsQTnWzP8pwSOPD+XQtfW89kERm5HRK4aKilUW7jQ53OLq3I30lHnEZnn9sNq2aWUwlvSmvDWKKxGtf+KoUvlJjf0ipBvF2D+ap1fCmDFIzTURRDf3nzCbqjTvitXtBs016qE9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7tp/VDOqY2qIzjyYghpRGSJ+wywRkwHOwe+NFHVR+sE=; b=cHltoOmg4boAZ56XLIOKmvYWUEGslfsGkQl+nIfSz5MjYQpu4/aDvHpGxjWPPtaoIaHtnnmwqx81FvGTCgm7faV+v4uV7cP2IEooQzQzDSkV7xZp5AK1Ymf8La2syJ360E1nVgPJhdPmV3lbkcjGAIXIf3pJH05M5WC8LtRSHtA=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13) by FR2P281MB1495.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:8e::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.6; Wed, 8 Jun 2022 06:09:36 +0000
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::cd9e:51f7:e546:7010]) by FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::cd9e:51f7:e546:7010%8]) with mapi id 15.20.5332.012; Wed, 8 Jun 2022 06:09:36 +0000
Message-ID: <458fba10-db39-8a90-6a1e-f6ca125143b0@sit.fraunhofer.de>
Date: Wed, 08 Jun 2022 08:09:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Laurence Lundblade <lgl@island-resort.com>
CC: rats <rats@ietf.org>
References: <6F919543-37BA-484B-AA7E-BAC3497EB125@island-resort.com> <ee639c74-b365-e127-b4ec-d6f9df0014e6@sit.fraunhofer.de> <3907E124-5080-442C-801C-C14F227687E6@island-resort.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <3907E124-5080-442C-801C-C14F227687E6@island-resort.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AS8PR05CA0025.eurprd05.prod.outlook.com (2603:10a6:20b:311::30) To FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 006d8a1f-837e-4a67-beff-08da491576ff
X-MS-TrafficTypeDiagnostic: FR2P281MB1495:EE_
X-Microsoft-Antispam-PRVS: <FR2P281MB149506F5FDCBF6B20A39C3B9A8A49@FR2P281MB1495.DEUP281.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9xDFMDH6apGhvnyM3ImD0VM81QpDFskLxIlmASaedP1VbY4pS1hxEy4PjUILjf82qAYoXw328xaCJiZT8i8SIy4ZwZBVPiwskUFx8ISMq5rDUC8SRhd67xl8k/UL1o/yHSfm2HdKaH/W7TiwNeVyN2uN4KtwLYz0Cs77/JZJy+pQKbFFC+laNOB7ZXfmBJPejArA8GleFNe557HFmcgcrG/0odHmo7YMIX4bdfdCGzvq88XiDAQwYvjDD0wbsgy8MLswK8WbVhrWhmVYNzLx6rzpbJRgg9g0owUPYCgP2uvFnUwIiJSuN15jQeXAd0k/fRkryDsWYf8My5s+QWYMuwIUe8WsK/vs5p9uOrB7rVNfJnC7gjW17C9orxSUrhBQF/6Pwauvfi8iM1T+oNBfZm4yAN+BIHW0pjtALwOrIK4D4V2ae5ic2dtEgtJLvbOrzOPvksHsxkcSWlYg6QjX/L3hZQq7PNTj2AMatDi2DXPh+tvv5NNGAV2vb+HIdbw4LFAQi6pYXKOINbm/H2h9hCJ2U3lQphLuosiUeb2ZUgYMYPpuHkqAISYR7lLOKRs2NyQ3bHAr0hSY/ubUQ0wsgEG/xn76zzrCcGG9W2+dauSJfOZnivkjnIL/qSPStXdR4ZJ3WqawsBUIZZq0X+kZbFc1N+hjY2GLhURCY+IbettZkR5ViH3n4RapSyTs0dkjsf/5cvm6TJBNHnrXXBPmovxME6ZLdpK/Rrz8WP8mXnEMb0wwLcEiS+onVh+teOLkKKQMBITqxv/9Sblp8sVxM7IpgvqvsXMZSX6zVMtf8NU0ZKxyXjoxtqel3kRFSqWk5R1EKK/LWpoUAXQ9qrUltYHeRNsSdE5udH1L8lENqiDsFLtkHvGZcwyEjrR+T0l9
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(83380400001)(31686004)(38350700002)(38100700002)(508600001)(2906002)(966005)(82960400001)(6486002)(5660300002)(26005)(6506007)(8936002)(52116002)(2616005)(53546011)(186003)(31696002)(44832011)(86362001)(316002)(66946007)(4326008)(66556008)(66476007)(8676002)(6916009)(6512007)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Z/iSqvZyUvgQ/XLfq8B93sGVut1F75VsoId6v9LczLWT8004r1EbAmvfO1BErVB44ky2Imm4GVBYC00Lt7ruoef+8/eKsYdPFqu33YC50uvhRz3URRpy4XznHLgMvBC8J5EyLhM5Jc5lMRmDacLJ/bTzgsiX2xFX9ekm6rpJRzVRkXjqoxaUASqMsZkme4qZJnrPwHxZJRAfult4YXHqiF4bNRn0uIssrrPNK8WSz2C7iT6KUmBVb0EpXe/Qaz8crEn07ob2Fu4jSlql4Oau0fpaIXOoRRfElnR27AAoQeGzuYlQSmAbW1dIa1FCWStuCibm6kNi3iLT4p7GOvLOtLLZfgJ2q3pN7hHVjtGLcWOGNO0MhyVHi8g0DzJdGPAAFyrneeX+QyIGZ0gBWwuCHJKooqw4Yj3AVWClXGXrD4mYcHKaIIRLwk9PqXLvUnK58Ic9WALwvAx/PlyGQEAGt6rdHyxN5uSvCPCc9ZweSjvve98kQ998KyKClyWg49Qz+JevUJqhM1R0UopZCgumQOXXj/FCDC5ICgynok9EdfKQFBPYQyijaFoBcL+4bE2L0b5oWU+SjGGu/B8JYAJHxc883299KoZBjbpEwYFHk45qiJNBFI1lk04RuL1rWGSmxo9G083GlU6T5rSCfFN9f8BmJ45rI0yVi7DJ6iCfNRrcBUxBtINiH1y/8ZvteFTR6+tUkGgsH8VC4K+0UrkQKKMeuhAtP/+VpwX1D4jGBenmh835TlSXciynTjGADO9SyQh8TJfvsT6jAgAIYGkrWK+y18K6hu3vAn8gYgDaH+nm3Atfo9DAIaqoTsH5Jl+MkKyIBQsWXnPWRIB0JAJPwb2BOa9+7U2mxMZmiam2Qjt1nakco803xhKh1soSBsUhKF/kK2uSyG/DX0Seuk+tbEEFnNVtNUGNXY4moDAmdMsjCQPTK0Yqtei62L1wcmaHHgb1bkzUANCegh/13skVBS5LzfIcOhBLe/6KPbLnHPLWgS1tGNQlu1RQZBCRHCqhR29QvfaC1LTwp8HVfuzCysA52KgmiL9E0O3Sj7mTZFL1KiWWAlt4laLZViEbMtzhVqqIB4oTjGp5Hq893peZzLirgBpwYdMom9s5afVvJC6zeBQ6dpf/4m2dn4iO+E3M/uyIpfAc0meqvE/CyeQo5aT86AA0NW37Zuna4vDgUV3eg4USsHnyuiHTJfsFp8cWzoa6tI4T95DYm0sNrmaGJsOWTDc3733F6Pbx/Y/dJhQ/t4z8BfPmmulty8ifOvthbf8QAiKaIK4TypD6j8Vi8vH0UNfSH5++aqqltUG04GhhqIU16Zg6bYJ15AqAspUrZ4mMIVAiYI1Ud9TwhcU7AW7XxbhNyesfSjgnFbFSL/Goni4yB2GE9DPRBIGCYFlN7OMi2V/2Bs1tMoSE7qOHGfmOV5zeRpH52Lc8KaRSsUX5c+iMAmtQ6wIYSRqJJX5pHLXT2rw0SB+fTLITKmt0Kdmai4fM5EpPy/RICCtxWZ4fAPyO94CmALPE6fubZCRifehzNMXtnSh/TW9GoE4QxwuKG0mkwiwp67nVjDKrZaUBiiwctCeAfqHj9Ja7ILnNhXHd5mcipuzS3pIJjKLLdCR7E2mBh2Plmj3uEENwgZgUZCXgXaeKqTNl3fEMpWPbNZ06J7x4kuo9epy8GbMtgxOYKiFACow0L7fzc7+mJEqpm7LYy2VOgx55O2bGAb+m7PWCWq0fBcrY1xBLBDRdA8ONPSVivF3R3OHi/SsJPaRObx7FPissz2iu0MudIYvE
X-MS-Exchange-CrossTenant-Network-Message-Id: 006d8a1f-837e-4a67-beff-08da491576ff
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2022 06:09:36.7677 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: xDMj/uIhh4zjLRaqI18WSR5l4JhHuYmd4RM4zVOveJDJpTeNomYrCA8yoZMCYDY61lDvg3MI9HihXTXwWoWrV6AZR5iILm3hd9NaULTWRck=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB1495
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/sfJjlYfHNXezu5n2ifJ3pBZBRMk>
Subject: Re: [Rats] Function of an endorsement relative to evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2022 06:09:51 -0000
Hi Laurence, okay just fore representative purposes, I am doing this once now. Please don't be mad with me :-) What are attestations? Viele Grüße, Henk On 06.06.22 21:44, Laurence Lundblade wrote: > I’m using this thread to comment on the general issue of claims in > endorsements vs attestations even though some of that discussion is in > the other thread. > > It’s right that attestations should not be signed by the same key as > endorsements: > - The type of exposure to attack of the two signing keys are very different > - They have very different deployment, operational and life-cycle > characteristics > > I don’t know what the Endorsement standard will look like, but agree > that going for a unified Endorsment/Attesation design now is a leap > we’re not ready for. But, I don’t think we need that to progress the > issue at hand. > > > That said, I stand by my comment (quoted far below) that data items can > get from the Endorser/AttesterManufacturer to the Verifier either > through 1) an Endorsement protocol/token or 2) by being embedded in the > Attester at time of manufacture as a static claim. > > Restating as three paths: > > 1a) Signed Endorsement transmitted B2B perhaps secured by TLS > 1b) Independently signed Endorsement embedded in the Attester that > the Attester conveys to the Verifier along with the Evidence > 2) A static claim in Evidence > > > I don’t think we’re ready to design an Endorsement token/protocol here > and now so no further discussion on 1a) or 1b). > > Think about these static Attestation claims set by the Attester > Manufacturer: > > OEMID: Set once at manufacturer time and never changes; it is the > same for large numbers of devices > UEID: Set once at manufacturing and never changes; it is different > for each device > HW Version and Mode: Set once at manufacturing time and never > changes; large groups have the same ID > > We’re fine with these being set and sent as claims. They don’t have to > be in an Endorsement, right? Some of them could be in an Endorsement, > but there is nothing wrong with them in Evidence. > > Of course if they are sent in Evidence, then there has to be an > Endorsement that tells the Verifier they can believe these claims in > Evidence and the signature on Evidence has to be verified. > > To me security-level (the static statement of designed security level; > see here <https://mailarchive.ietf.org/arch/browse/rats/?qdr=d>) is > pretty much the same as the above claims in the way it is conveyed securely. > > What ever the outcome for security-level is, I think getting to common > understanding of how claims are secured relative to Endorsements is > critical to Rats. > > LL > > > >> Begin forwarded message: >> >> *From: *"Eric Voit \(evoit\)" <evoit=40cisco.com@dmarc.ietf.org >> <mailto:evoit=40cisco.com@dmarc.ietf.org>> >> *Subject: **Re: [Rats] security-level claim (was Re: WGLC for >> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat >> <https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat>)* >> *Date: *June 6, 2022 at 11:05:43 AM PDT >> *To: *Giridhar Mandyam <mandyam@qti.qualcomm.com >> <mailto:mandyam@qti.qualcomm.com>>, "rats@ietf.org >> <mailto:rats@ietf.org>" <rats@ietf.org <mailto:rats@ietf.org>> >> >> I am not suggesting any changes to the charter. I am trying to help >> articulate an Endorsed security-level claim capable of transiting an >> Attester. And that it is possible to verify this transit has happened >> without modification. To me this falls under the RATS charter item [6] >> which says: "Standardize interoperable data formats to securely >> declare and >> convey endorsements and reference values." >> >> I believe endorsements need to signed with a private key not found in the >> Attester. And I believe any endorsements transiting the Attester need >> to be >> passed through to the Verifier and/or Relying Party with this signature >> intact. >> >> This is why I proposed requirements (1) & (2) below. These >> requirements can >> be met using a single properly constructed x5chain or an x5bag. >> >> Eric > > >> On Jun 6, 2022, at 9:44 AM, Henk Birkholz >> <henk.birkholz@sit.fraunhofer.de >> <mailto:henk.birkholz@sit.fraunhofer.de>> wrote: >> >> Hi Laurence, >> >> On 04.06.22 23:16, Laurence Lundblade wrote: >>> The fundamental purpose of an Endorsement is to tell the Verifier >>> that they can believe what they get in Evidence. There may be some >>> varying degree here from claim to claim and device to device, but the >>> basic principle always holds. >> >> Well, actually I'd say that is a subset of what Endorsements are >> about. The few components in a Attester that you cannot produce >> Evidence about need Endorsements instead. >> >> If an Attester does not know that is painted green, then that is a >> Claim about the Attester that has to come from the outside, has to be >> endorsed trusted third party (and here we go traditional... >> manufacturer, owner, etc.), because the Attester would never know that >> (only in weird cases, that is not the point) on its own devices. >> >> On 05.06.22 21:34, Michael Richardson wrote: >>> So, it is*NEVER* useful as Evidence. EVER. >> >> As the Attester can at the very best "cache" or "carry" an Endorsement >> put there during manufacturing, I think I have to agree with Michael >> here. Please note, in order to be useful and believable, the >> Endorsement is not signed by the Attester, but the Endorser! With key >> material not available to the Attester. >> >> Viele Grüße, >> >> Henk > > > >> On Jun 4, 2022, at 2:16 PM, Laurence Lundblade <lgl@island-resort.com >> <mailto:lgl@island-resort.com>> wrote: >> >> This is a step back for framing for the security-level discussion. >> >> The fundamental purpose of an Endorsement is to tell the Verifier that >> they can believe what they get in Evidence. There may be some varying >> degree here from claim to claim and device to device, but the basic >> principle always holds. >> >> Assuming for the sake or argument here that the Attester Manufacturer >> and Endorser are the same, it goes like this. The >> Endorser/AttesterManufacturer only puts private keys into devices that >> it knows are built correctly. They won’t lie. They’ll protect their >> keys. They produce correct claims. This really is the fundamental work >> of the Endorser/AttesterManufacturer above all else. >> >> For example, maker of a device with a TPM selects a good TPM and also >> carefully writes the boot code that does the measurement. They make >> sure that the devices that the TPM is soldered into always has the >> good boot code. Then they publish the public keys supplied with the >> TPM to the Verifier so it knows it can trust the measurements. >> >> In the TPM world, you can’t really have the Attester send much more >> than PCRs in Evidence, but in the non-TPM world, lots of stuff can go >> into Evidence. >> >> Tell me if you disagree with this! >> >> >> By all that, Evidence can be a parallel channel for the >> Endorser/AttesterManufacturer to convey claims to the Verifier. >> >> The Endorsement can mean “believe all the Evidence from this >> Attester”. (It might always not be all the Evidence, but it will >> always be some of the Evidence). >> >> By this it is entirely reasonable for security-level to be transmitted >> either as an Endorsement or in Evidence. >> >> >> I think there is also room for security-level in Evidence in composite >> device attestation. One Attester may have a good way to evaluate the >> security-level of a subsystem, perhaps a subsystem that varies from >> device to device. >> >> LL >> >> _______________________________________________ >> RATS mailing list >> RATS@ietf.org <mailto:RATS@ietf.org> >> https://www.ietf.org/mailman/listinfo/rats >
- [Rats] Function of an endorsement relative to evi… Laurence Lundblade
- Re: [Rats] Function of an endorsement relative to… Ira McDonald
- Re: [Rats] Function of an endorsement relative to… Michael Richardson
- Re: [Rats] Function of an endorsement relative to… Laurence Lundblade
- Re: [Rats] Function of an endorsement relative to… Henk Birkholz
- Re: [Rats] Function of an endorsement relative to… Smith, Ned
- Re: [Rats] Function of an endorsement relative to… Laurence Lundblade
- Re: [Rats] Function of an endorsement relative to… Henk Birkholz
- Re: [Rats] Function of an endorsement relative to… Eric Voit (evoit)
- Re: [Rats] Function of an endorsement relative to… Michael Richardson
- Re: [Rats] Function of an endorsement relative to… Smith, Ned
- Re: [Rats] Function of an endorsement relative to… Laurence Lundblade