Re: [Rats] how does the Verifier work

Henk Birkholz <> Sun, 07 February 2021 14:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 30D783A0FD7 for <>; Sun, 7 Feb 2021 06:51:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KVUq5kiMtDnx for <>; Sun, 7 Feb 2021 06:51:26 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F3B2D3A0FCF for <>; Sun, 7 Feb 2021 06:51:23 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,160,1610406000"; d="scan'208";a="28794715"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2021 15:51:20 +0100
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,160,1610406000"; d="scan'208";a="105578530"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2021 15:51:18 +0100
Received: from ( []) by (Postfix) with ESMTPS id E3A6E80267; Sun, 7 Feb 2021 15:51:17 +0100 (CET)
Received: from [] ( by ( with Microsoft SMTP Server (TLS) id 14.3.487.0; Sun, 7 Feb 2021 15:51:17 +0100
To: Michael Richardson <>,
References: <31999.1612560697@localhost>
From: Henk Birkholz <>
Message-ID: <>
Date: Sun, 07 Feb 2021 15:51:16 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <31999.1612560697@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: []
Archived-At: <>
Subject: Re: [Rats] how does the Verifier work
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 07 Feb 2021 14:51:30 -0000

Hi Michael,

thank you for putting some attention on this reoccurring pattern that we 
encountered in discussions a few times. I agree with the notion that the 
scope of the architecture document now reached its intended limit and it 
will we be completed with its current content and remaining open issues 
(aka "closing the mic again"). Anything else will have to go in separate 
documents. "The architecture of the Verifier" is one prominent thing we 
should look into next. There are some corresponding and reoccurring 
requirements we will have to take into account, I think. Maybe it helps 
if I elaborate a bit on two major topics that came up repeatedly:

* Implementing RATS requires some kind of defined management logistics 
that effectively make Conceptual Messages move around. For Evidence, we 
to take on that task, but there are "other arcs in the diagrams" that 
point to the Verifier, too.

* Shedding some light into how appraisal procedures conducted by 
Verifiers actually look like will be very useful to implementers. Some 
experts are already implementing: I'd like to point out this quite open 
and inclusive effort as an example 
that we can build on.

My expectation is that some of the presentations at the next (virtual) 
meeting will touch these topics already and if time permits, maybe we 
can plan for explicit discussion on these topics.

Viele Grüße,


On 05.02.21 22:31, Michael Richardson wrote:
> In issue
> and in quite a number of discussions in the design team, we ratholed on
> whether or not we were specifiying a normative description of how verifiers
> worked.
> In the architecture document we want to specify what goes in to the Verifier
> (from the Attester direction!), and what goes out of the Verifier (to the
> Replying Party only).
> We did not want to specify the other arcs (Endorsements, Appraisal Policy for
> Verifiers), but we did need to place some requirements on what was possible.
> For instance, that Evidence would be signed, and that Verifiers could verify
> the signature on it.
> The large X diagram at:
> which in many ways started the entire architecture document, remains an
> intentional black box from this document.
> It seems that there is a desire among some participants to more clearly
> articulate how many (but perhaps not all) Verifiers work.  It seems that with
> an appropriate initial narrow scope that such a document could be written by
> the IETF.   For pretty much all the cases of "perhaps not all", then it is
> probably the case that the specifics will be very specific to a vertical, and
> should be written in that technical consortium outside of the IETF.
> This email is basically the concluding recommendation of the design team: we
> aren't going to put this into the architecture document, but we don't object
> if someone else wants to write _Architecture of common Verifiers_, or some
> equivalently titled document.
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]        |   ruby on rails    [
> _______________________________________________
> RATS mailing list