IETF Logo Mail Archive

Re: [Rats] Entity vs. role

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 24 March 2022 13:11 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42B1C3A14E8 for <rats@ietfa.amsl.com>; Thu, 24 Mar 2022 06:11:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.606
X-Spam-Level:
X-Spam-Status: No, score=-9.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=asLrHHlf; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=D6BZhqnE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i6sQspLPU1yJ for <rats@ietfa.amsl.com>; Thu, 24 Mar 2022 06:11:28 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01E2F3A119D for <rats@ietf.org>; Thu, 24 Mar 2022 06:11:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25003; q=dns/txt; s=iport; t=1648127488; x=1649337088; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kuEgyI8llcKz1f0sgajScrzMLnA6g3bGavlTBSm7dlE=; b=asLrHHlfP2V1Rx1yPKLa7Fcyp9wCq79v61FtUEdaU4qvhEsaOfQ5d2Vb xATqvqpAE9TjLF+vr12fgBE1mCmUj8ar0IdBPCE0g1oRGGpkNV+3/+kFv Ory7mIp5D1Z3g+ZMOztXQ6UYT2CACY8dDcA5/jLDaF5RKIgFUpaxekeg7 M=;
X-Files: smime.p7s : 3975
X-IPAS-Result: A0AQAABsbTximIYNJK1aHQEBAQEJARIBBQUBggYIAQsBgSAxKC5+LC43RIRUg0oDhFlghRCDAgOLEYsOhRaBLoElA1QEBwEBAQoDAQFDBAEBhQcChEwCJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAQkUBwYMBQ4QJ4VoDYZCAQEBAQMSEQQGEwEBNwEPAgEGAg4DAQIBAigDAgICHxEUAwYIAgQOBQgGFIJiAYIOVwMeEAGSA482AYE6AoEOiRF6fzKBAYIIAQEGBASFCw0LgjAHCYE8AYFTgT2DAIElAQGBH4FihBEXEByBSUSBFUOCZz6CIYImHhaCZDeCLpgmakeBAyxkAQEnMxiRYyqDC0epYmsKg0mBPIQygyCQaoYZFYN0kwyLYoVellsgkEeVcgIEAgQFAg4BAQaBYYIVcBWDJFEZD44gGYNZil51OAIGAQoBAQMJkEIBAQ
IronPort-PHdr: A9a23:D5XaZRz8ALYiEDrXCzPZngc9DxPP8534PQ8Qv5wgjb8GMqGu5I/rM 0GX4/JxxETIUoPW57Mh6aLWvqnsVHZG7cOHt3YPI5BJXgUO3MMRmQFoCcWZCEr9efjtaSFyH MlLWFJ/uX+hNk0AE8flbFqUqXq3vlYv
IronPort-Data: A9a23:n9vrTaMU2arM9UXvrR3okMFynXyQoLVcMsEvi/8bNHDolHp+jmZWi jtAB3bGYazJZX+2Io4oOcnztx82DaSljYs6FVdy7S52J54hgZDODtqTdU79Mi+ecpGcQB9pt J9ANNKbcclkF3XWr06hPrXo9nBxiKzZTLOkVuKVYCp/GAY9RX5/0R48kLRk2tcAbbRVbe+ok YuaT5r3Yw76hlaYS14p1p9viC+Dndz4sj5F7gNjP/lGtQSPx3RNUskRf/DhdyaiGIBfQ+fhG c/Oneqzlo/7E7jBKT8EfpLTKBBirmv6ZFDW4pZuc/H+xEAE/ETe645jXBYmQR8/Zw6hwpYgk L2hibTqEV1zZvaWxLxHO/VlO3gW0ZNuqeevzUeX6aR//2WeG5c766wzZK2eFdRwFtdfWQmix 9RBQNw+Rkzra9aN/V6OYrIEavLPgyXcFNh3VnlIlVk1BBu9KHzJa/2iCdRwhF/cii3SdBrTT 5JxVNZhUPjPSy99Bw8zAsocpbq1g2DiXX55mG6nn7VitgA/zCQpuFTsGNPRftrPTsJPkwPB/ CTN/n/yBVcRM9n3JTitqy33wLSR23qgHttJSNVU9dYy6LGX7mENDxwKfVC6uvK+zEW5XrqzL mREp3d+9PBsqRbDot/VRRiy/nu2nS4gYIQOK7Ee7lCWzYP3/FPMboQDZmcRNIN53CMsfhQw3 0OSt9LkGTIpt6eaIVqB9rDSrD6uNwAaKGYDYWkPSg5ty9/urMcoixPTTv5iFrK4ipv+HjSY6 zSFqAA/nLEai8JOzaig+krbxTmro/D0ohUd7wHTWCeu6Rl0Idf/IYep8lPcq/1HKe51U2Vto lA2qfXGyOpWL6jQiSmUXctOPYGV1cyaZWi0bUFUI7Et8DGk+niGdI9W4S1jKEoBDiriUWK1C KM0kV4KjKK/LEdGfocsONvoVJpCIbzIUIW7CK+FN7Kid7AoLFfvwc14WaKHM4kBemAFlaUyP /93mu7zUC5DUsyLINdKLtrxPJciwiQ4gGjUX52+lk7h2ruFb3nTQrAAWLdvUgzbxP7ZyOk22 48CXydv9/m5eLakCsUw2dVKRW3m1VBhWfjLRzV/L4Zv2DZOFmA7EOP2yrg8YYFjlKk9vr6Wo iHlBBcCkAGg3SKvxeC2hpZLNe2HsXFX8CxTAMDQFQrAN4ULONz2t/5PK/Pbg5F+qLUzpRKLc xX1U5zQXqsQItg20z8cdpL65JdzbwimgBnmAsZWSGZXQnKUfCSQooWMVlK2rEEmV3Pr3eNj8 +zI/l6KGvIrGlU9ZO6IM6jH5w3q4hAgdBdaAhGgzi97Ihu8qeCH6kXZ05cKHi37AUmcl2HGh lfMXX/1Z4Dl+ucIzTUAvojcx6/BLge0NhMy87XzhVpuCRTnww==
IronPort-HdrOrdr: A9a23:HC1v3qFb8P7ONzE6pLqFXJHXdLJyesId70hD6qkvc3Jom52j+P xGws526fatskdsZJkh8erwXJVoMkmsiqKdgLNhcYtKOTOGhILGFvAb0WKP+UyDJ8S6zJ8h6U 4CSdkwNDSTNykAsS+S2mDReLxMoKjlzEnrv5al854Hd3AMV0gU1XYBNu/tKDwReOApP+tdKL Osou584xawc3Ueacq2QlMfWfLYmtHNnJX6JTYbGh8O8mC1/H2VwY+/NyLd8gYVUjtJz7tn23 PCiRbF6qKqtOz+4gPA1lXU849dlLLau5p+7Y23+4gowwfX+0SVjbdaKvi/VfcO0aWSAWMR4Z rxStEbToNOAj3qDyeISFDWqnfdOX4Vmg7fIBmj8CLeSQiTfkNgNyKH7rgpKicxonBQzO1Uwe ZF2XmUuIFQCg6FlCPh58LQXxUvjUasp2E++NRjxEC3fLFuIYO5l7ZvtH+90a1waB7S+cQiCq 1jHcvc7PFZfReTaG3YpHBmxJipUm4oFhmLT0AesojNugIm0UxR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY+8C3DLQxjLLGWOSG6XXp0vKjbIsdr68b817OaldNgBy4Yzgo 3IVBdCuWs7ayvVeLuzNV1wg2fwqUmGLEbQI5tllutEU5XHNc/WDRE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.90,207,1643673600"; d="p7s'?scan'208,217";a="855810652"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Mar 2022 13:11:26 +0000
Received: from mail.cisco.com (xfe-aln-003.cisco.com [173.37.135.123]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 22ODBQAX013342 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 24 Mar 2022 13:11:26 GMT
Received: from xfe-rtp-003.cisco.com (64.101.210.233) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Thu, 24 Mar 2022 08:11:25 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-003.cisco.com (64.101.210.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Thu, 24 Mar 2022 09:11:25 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HhXTFzIYJxQMgA8x0rPW1EhGNIfQ82xLcSToEfcbr5bP05crSJLzqgIb3UqMo6nY48QDbgluteT4GrBMRrHiLha38OQUL0WHXY3bKlnKriyeTjVFrttAnqKfYtmT3LqjqoA93EXkKBCDIxrtfXKMkqbFIIli1YQaVGdhEad1h8kYBz1I52qcsbBEbO3xIuCM+KnE1NlnVYZfztAZk2SxcDZd4LZgtHceCPexSDaczy09ejKhNwxcx+kh6c541ZEIGoule3sFVLrdp2SvXO/bBCX0Smeyz00otiuc+Fw4COCq4RA/Qb9+aBseeuS5Q5Mg2Q6c+1fDJQ4NQHdrXZGF5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RksgJmuTtGrhwMhtWMaGuOgKuG8sDdM0MVkLKeJCVNw=; b=k2ywZ/cGTWRS7G0XcCkDmzrSj9s5tsNE9G7/11BYYf5kIBbYm96kPAsQnZd5bKDlUli41pZUsCoi3mDo+fn4UzwyseuG6S3/yY98KQFJyBGQ4cnAt6F8Ac1oEXCRd3NhFewFeZjuLU2jo9l+skDZ4MbFmpCp61vFf57cxtlocwTZFir/kre1DkedwE74SrQqXwqKWTov9hX38762phnu3YyL5fSBYzfXCZlubMfs+hO5QlMG2GWPfrOId8aN4uQDgcCya5+fUXbAm+b481RPu+9MujUOR/EUH37OEZG6deznaKlrcds4+a7nJtOa/gzndP1iRAXIJVXPAz1049Td9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RksgJmuTtGrhwMhtWMaGuOgKuG8sDdM0MVkLKeJCVNw=; b=D6BZhqnEpUEMjpcIG6+JxyBSbl3M5zvxPeVLEHNL+KsfgNb3qrydG/R/P4CqdRc1bN5ZfrtWk8SyWogcYhtQpqfXNX42t2QwM5hLEDZ+XeFljjl+Uf3YbNbmtwzRLXf91FS3FeFr+JQcjQtd/1O4v4W8UgXnpFEXx7qQjujtIg8=
Received: from SN6PR11MB3135.namprd11.prod.outlook.com (2603:10b6:805:d5::20) by DM6PR11MB4300.namprd11.prod.outlook.com (2603:10b6:5:1dc::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Thu, 24 Mar 2022 13:11:24 +0000
Received: from SN6PR11MB3135.namprd11.prod.outlook.com ([fe80::cd2f:e3f:19e3:6409]) by SN6PR11MB3135.namprd11.prod.outlook.com ([fe80::cd2f:e3f:19e3:6409%4]) with mapi id 15.20.5081.022; Thu, 24 Mar 2022 13:11:24 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Laurence Lundblade <lgl@island-resort.com>, "Smith, Ned" <ned.smith@intel.com>
CC: Thomas Fossati <tho.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Entity vs. role
Thread-Index: AQHYPivMgQWbu8zDYE+F8zzrq4lIsazL5rMggAC1voCAAEulcIABc/iAgAAOLgCAABlMgIAAAEtw
Date: Thu, 24 Mar 2022 13:11:23 +0000
Message-ID: <SN6PR11MB313507647DEB776A425ED124A1199@SN6PR11MB3135.namprd11.prod.outlook.com>
References: <3407CFB9-B713-4E13-BDA3-08EC7B5A905E@intel.com> <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com> <E20F61DD-8775-4E68-8E56-E6EC92682A18@island-resort.com> <CAObGJnOv8ePE=R6vvdg5uib3Y9=WS8A5vcOdpWY0sREXA98aPQ@mail.gmail.com> <2BC14C43-80D0-4611-BEA0-9D9B9948BE0C@island-resort.com> <BYAPR11MB31255F64BDB773DB93A0C6CCA1179@BYAPR11MB3125.namprd11.prod.outlook.com> <9BFD1E45-569D-4E2F-BCD7-5DA6FF5A1BDF@island-resort.com> <SN6PR11MB3135EBAF7783D637C7BBA04AA1189@SN6PR11MB3135.namprd11.prod.outlook.com> <70179B54-6E99-4AD0-B28D-00284AA6BC86@island-resort.com> <86F9EC57-C752-407A-8E8E-C3C2C3A97F8A@intel.com> <716BA0A9-0EDE-425E-BE17-A072AF04832E@island-resort.com>
In-Reply-To: <716BA0A9-0EDE-425E-BE17-A072AF04832E@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 87f9db05-2fee-4b09-52ac-08da0d97cc00
x-ms-traffictypediagnostic: DM6PR11MB4300:EE_
x-microsoft-antispam-prvs: <DM6PR11MB4300D9469E779BAF9D7782ADA1199@DM6PR11MB4300.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +Pf8dZw8ymmX8wJqCQWSKO50bW5s7/u/u0fuRRzTg8UTgWugRVBXNbynLSfCIxzAQtanKfMaPBLKJVPLz8i5WyZRWBwdLqcfAhclEYwYF1RHT4AmVVpb2cJM1OIkR4+vMvnU4CEg/ySANqbgnl+L7bHMYSl/xJvOUKmDoNb646z0GyHk30alhGF341OJ3WRMh3tVN3HlSN4pwxNezIRKkiIEvtLI/5n5kZgPsYYrwBb9/Lrre69KriW4EuUCJf0fsJgrXZK65TN2ivP3HOREoEM/GS26RgMoiUcBrEOC5JquRu0rdlRRG5uFi3DQ5NTrCbI+rRMz9agG4uvo7SsQqNhyP5CjxL41aqf3DFq0JD0AFtVKRpx1HaHoTH+/54LELYhSOogcQQa4+Eh0GSBtB2jbGYmPhtqyKeniRMX1Tq1INuyLlOm1hLYc90sAFjnm65QAL2pLRGkIjDimsdHh4EhM5jDni+KBaMNVqObPlWpnBr3ovNhfx6QN1PtI08acAM6qxHUisULs/fC63Yfg9B9mvmShQC2is927XpmvZNxXcv9VN2n2FSEf2RwpGuapvaoiXNBorQlkFmvotO5+TwF7haiBp3aeG0HOMA6WUteCLZeoi6EphSkadZlt6IswbdNNwI40iB2uz9NHxCKDVfPpVcfykUUorTf45XrNiG6zryPVs/ZujqmN0Y1Rv44AZag4RuW4ab5OJCl2xNJCmA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR11MB3135.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(83380400001)(26005)(110136005)(186003)(99936003)(66446008)(64756008)(316002)(4326008)(66476007)(54906003)(71200400001)(66946007)(76116006)(38070700005)(8676002)(66556008)(508600001)(2906002)(9686003)(52536014)(8936002)(86362001)(5660300002)(33656002)(38100700002)(122000001)(55016003)(7696005)(6506007)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XEGx0rqLC9VrPF4ho88XkYh/m6e56J52EeXRfGR8C3PDZJs8k1ETOlkZUBi/TP6hhAsJ/fUZgnyyi+xgAuufa7Zy8yQYhbqZ7YamLYGvA8RmmksX5JoDGiRpmofYsqba010NhipDze/rbsl6e5DNaKMd/flP6NOX/ON86Nzrk8cSvupvzpzDqWteq28kel1/rHN/y7jz2o55gQ/bqUaKxToclrs8O/sirj5v1+C19d8gS8AMVGJBaPnGqP+pKHypsDJ5vuXnc0xJHAH4sMFP1xnQlfIZwzagPgPNa9F9L8RshQN+g9BRCi83h5qY5ugu7dJ10vbwGLIOZ5/JGyQSr1iilYQH3hiJpHIh7jjcVhalLkWITBahJdA0AqbnufmKngk41MuEoOaB0uUk5vKYDpJ8tWN1Zt0bndXC0PBavpU4NGG3H38vCvrM4+JWqYY22zSs7ATbrCW0w6r5Cyu7POAVUnETdEdLmp8I0jeBwvab0jnZ2JHSrl96U9lUWUxm21vI+QgRQUH2xT2YfxneE1v+bnC5Th80SWERjoYCfsJ/brv6aFZHdQmHZwb1PKSEhvjQtana92tSXh6F4Z8i+Zt4g30a6gE6IceV1O2WL+QNj/TsvfaPv3pcqWqra0xfxdnie7X7jUZi7sgxPuZT4LhGVgsG8jupF9vdd+o8Blo1GbQzHJ9wF6lQ+J4FHyOPFwQxIsnqUDF2gbslRh2Om6UKLavaABjEQaoWluLiEC2mW/a5XuJhbnmyep4fvan4QhJbNDoO2jLXz+T/bbbko7KXf1ue94Rbp1b1FFkNznLu9mw/uCLA1FhdEqgCkTLCaVN21hn6JDNnXnchhz3fRB8dyaysMjQTX8UB+1ItbHeiezs/8BcOkNFyY9g7jLS9U+ISfxv2pyyfSUufco4ja/O+SVQdoNZ9tVwYYyDnVmIxa6v36izKuhWSAd2LNHSUpYHsI23b0B+P4fSEh16Rugvqtju2MeNY4ErNdxGIAilad/HBHD00jI8B5/qzhkAOVWdUiCOst54LN1cO3i7k2s3clDoyRt5ZuboWRWJ3DZ2STpjeOLP6h7qkXNozaLk23kyPnHYiETKIy/lL/KzZ0Vb96dNLytKRfBpbujTsz+yWjIUghH/Qbwn9KozKB+nXzSGOANiYLvFI/2YLwcFcw/L5Wob4BuGjR1A8v1T9gkVpZCnYet9E3/K5a/Z4/q8jhLrBSuWi9INPCPSj3cU2iQPqlpyFnWF4O0ZN+1pADHP8oGvgv+i1fJUhg7HciuoeEih26Cnch38k5UEmwSCquJxd01DryO8BJXAM/zlnN13K7MRuL55UsVMKbmFjCVslV5KDQQ8aK/5bjeSIPJnZ2KSML3qnrGDIP6md7vc6sVmJr7azV0/d5jzIhm+7Uf0wG0udPcIyhd4xJSN4CSNmaQbpkK2ExXMADJz4bbvBYxa83jcyf3hJoxMsYamsfwSn
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00DE_01D83F5F.23B86640"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3135.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 87f9db05-2fee-4b09-52ac-08da0d97cc00
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2022 13:11:23.9205 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BU4Dt0a51sZfQGhhIVgohK266ra/5YrjtjmycfaqLCRfks8/nbPulK2m0F6pC62u
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4300
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.123, xfe-aln-003.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/skLV_GoVr7_x2gTAbBh_xk28lv8>
Subject: Re: [Rats] Entity vs. role
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 13:11:33 -0000

Yes, the four boxes on top enclose RATS architecture roles required for the ar4si "Below Zero Trust" use case.

 

Eric

 

From: Laurence Lundblade, March 24, 2022 9:06 AM



Isn’t everything in this diagram a role?  If not, shouldn’t it be? 

 

     .----------------.
     | Attester       |
     | .-------------.|
     | | Attesting   ||             .----------.    .---------------.
     | | Environment ||             | Verifier |    | Relying Party |
     | '-------------'|             |     A    |    |  / Verifier B |
     '----------------'             '----------'    '---------------'
           time(VG)                       |                 |
             |<------Verifier PoF-------time(NS)            |
             |                            |                 |
    time(EG)(1)------Evidence------------>|                 |
             |                          time(RG)            |
             |<------Attestation Results-(2)                |
             ~                            ~                 ~
           time(VG')?                     |                 |
             ~                            ~                 ~
             |<------Relying Party PoF-----------------(3)time(NS')
             |                            |                 |
   time(EG')(4)------AR-augmented Evidence----------------->|
             |                            |   time(RG',RA')(5)
                                                           (6)
                                                            ~
                                                         time(RX')

 

LL

 

 

 





On Mar 24, 2022, at 12:35 PM, Smith, Ned <ned.smith@intel.com <mailto:ned.smith@intel.com> > wrote:

 

Technically, the RATS Architecture is informational. Hence, no normative “requirements” but that doesn’t mean a I-D based on the architecture should assume conceptual messages can be routed to some other role or that some other role can produce a different conceptual message. 

 

The main point of this thread is to highlight the difference between role and entity. And to try to avoid conflating them. But they are intimately related nevertheless. The examples I provided help illustrate how they relate but without conflation.

-Ned

 

From: Laurence Lundblade <lgl@island-resort.com <mailto:lgl@island-resort.com> >
Date: Thursday, March 24, 2022 at 11:45 AM
To: "Eric Voit (evoit)" <evoit@cisco.com <mailto:evoit@cisco.com> >
Cc: Thomas Fossati <tho.ietf@gmail.com <mailto:tho.ietf@gmail.com> >, "rats@ietf.org <mailto:rats@ietf.org> " <rats@ietf.org <mailto:rats@ietf.org> >, "Smith, Ned" <ned.smith@intel.com <mailto:ned.smith@intel.com> >
Subject: Re: [Rats] Entity vs. role

 

It seems to me now that we need to sort out some of these use cases a little better as Henk suggested in the room in Vienna.






On Mar 23, 2022, at 1:54 PM, Eric Voit (evoit) <evoit@cisco.com <mailto:evoit@cisco.com> > wrote:

 

From: Laurence Lundblade, March 23, 2022 4:03 AM

...

 

Ironic in a way — I want to forward/passthrough Evidence in Results, you are forwarding/passingthrough Results in Evidence :-)

 

<eric> It is not me that puts Results in Evidence.  It is the definitions in the architecture document which requires it *must* be specified this way.

 

5.1 describing the passport model does not imply or require (or preclude) two verifiers. 

 

Section 5.1 does not require that AR be embedded in a new AE message when sent from the device to the RP. It puts no requirements on that transmission. I don’t think it even Requires the Results be relayed by something that has security properties.

 

None of the examples in section 16 work this way. 

 

I think the design is a fine and good, but I don’t see it in my read of the architecture document. (I searched for occurrences of “passport”). Apologies in advance if I’ve missed something in the architecture document.

 

LL

v2.23.0 | Report a Bug | By Email