Re: [Rats] Minimizing the Attestation Results objects which can represent overall Attester trustworthiness
"Eric Voit (evoit)" <evoit@cisco.com> Mon, 16 August 2021 21:54 UTC
Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F2A33A1655 for <rats@ietfa.amsl.com>; Mon, 16 Aug 2021 14:54:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.098
X-Spam-Level:
X-Spam-Status: No, score=-10.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=U7OEeSkw; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=lQRjmP7e
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bGX68f-quo7v for <rats@ietfa.amsl.com>; Mon, 16 Aug 2021 14:54:03 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66F113A1631 for <rats@ietf.org>; Mon, 16 Aug 2021 14:54:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12845; q=dns/txt; s=iport; t=1629150843; x=1630360443; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=fUtwCroIhloSgCWWoyACQvqczVbw3J5vT4zcdhYqs2k=; b=U7OEeSkwOsLgEc6gJ2M7R/Z1LiUI/4Z8zaqhuYzhaWXtxQR9QflHkfVN qurILJZGx5d0bRBiB9MQTnCQzAEVwxJpJp5YVna3wZDFi7Q7CGqtH4ZhR 7tsEkI3bCIZaO+i2ay5XyFky92lI7UtDKuNpHN29l4sEqo0WXJpwq7/Sj o=;
X-Files: smime.p7s : 3975
IronPort-PHdr: A9a23:170jzxTdBb2m7So5mh2B1cepxdpso1PLVj580XJvo6lPbuKt5Z3/OkzY6/h3ylPEDs3X6PNB3uzRta2oGWkN+o2Iv31KdptQHwQEhsMbk01FYoaFBET3IeSsY3k8G8JPB0Rk4ze1K0FIHsb5aVDI5HG/vnYeHxzlPl9zIeL4UofZk8Ww0bW0/JveBmcAhDe0bb5oahusqgCEvcgNiowkIaE0mXP0
IronPort-HdrOrdr: A9a23:CRbtaKHR9wMR3DIbpLqFSpHXdLJyesId70hD6qkvc31om52j+fxGws516fatskdvZJkh8erwX5VoMkmsi6KdgLNhfItKOTOHhILGFvAY0WKP+UyEJ8S6zJ8g6U4CSdk/NDSTNykBsS+S2mDReLxMrKjlgcKVbKXlvgpQpGpRGsddBnJCe36m+zpNNXB77PQCZf6hz/sCgwDlVWUcb8y9CHVAdfPEvcf3mJXvZgNDLwI76SGV5AnYq4LSIly95FMzQjlPybAt/SzuiAri/JiutPm911v1y3LT1ZJLg9Hso+EzRvBky/JlbwkEuDzYI7iJaIfy+gzdZ9vfsWrCpeO85yvI+f4Ds085MFvF+icFkDOQoQrGo0WSuWNwx0GT+/AQgFkBepZ8bUUzSGqF16NohqAO7Itbm22erJZZFhXGgWD04MXJTQhjkg6urWMlivN7tQ0TbWIyUs4bkWUkxjIeLH7AJlOM1Kk3VO11SM3M7vdfdl2XK3jfo2l02dSpGnA+BA2PTEQOstGcl2E+pgE382IIgMgE2nsQ/pM0TJdJo+zCL6RzjblLCssbd7h0CusNSda+TmbNXRXPOmSPJkmPLtBKB1vd75rspLkl7uCjf5IFiJM0hZTaSVtd8XU/fkr/YPf+lKGjMiq9CVlVeA6dhP22y6IJz4EUdYCbRxFrEmpe4fdIi89vdvHmZw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AHCwAO3Rph/5xdJa1aHQEBAQEJARIBBQUBQIFZgVNRB4EjLjcxiA8DhTmIaQOPcYpJglMDVAQHAQEBCgMBAUEEAQGBbIJ1AoJuAiU4EwECBAEBARIBAQUBAQECAQYEgREThWgNhkIBAQEBAgESLgEBNwEECwIBCBUDIwsCMCUBAQQBDQ0GBg6CUIF+VwMOERABmy8BgToCih94gTOBAYIHAQEGBASFLhiCLQcJgTqBU4ErhnuDehcQHIFJRIEVQ4IyMD6ERhWDNoIug0EJbA5gQwuBChomBgIRSQUGCSSRL44gnXsKgyiFP4MIliQSpnWWEaAZBBuEZAIEAgQFAg4BAQaBdySBWXAVO4JpUBkOjiAMFhWDO4pdAXM4AgYBCgEBAwmJdQEB
X-IronPort-AV: E=Sophos;i="5.84,327,1620691200"; d="p7s'?scan'208";a="920024211"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Aug 2021 21:54:00 +0000
Received: from mail.cisco.com (xbe-aln-003.cisco.com [173.36.7.18]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 17GLs0Sb002525 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 16 Aug 2021 21:54:00 GMT
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xbe-aln-003.cisco.com (173.36.7.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Mon, 16 Aug 2021 16:54:00 -0500
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Mon, 16 Aug 2021 17:53:59 -0400
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Mon, 16 Aug 2021 16:53:59 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b1WmOf316Ly8IySIxic16HlpprBGy3jJvIImoEE1RELPLRKVpwPOVnpzC0bhxR2aK69c29mf+q63WAc1ni6RCHCjWNxj1A40EChaIKSutzOWucRPo/L3gOp8lKthNt+KLsDqGWqzGrvghMJ33MSiFIFeoAHZlGdO+GGWjNguE+ESvSkX76ZvTCdof517i6piawWDZZ6E+s1JKmMo8jrZqXzgvMFUbiRNKqTc8IPmOeNtBQ7YHz0s0NWGJiajEwgoOqAehzqqOk32Zom/j8sQUkb6bVs9fpB2bsvOeOSHXmT/dW557NC0x5QOmwRm1t4DKvzOAZ+K7tMqSqZxCv8bAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yQ66Z/TqXnfNzTD0+OPe5AsF8eTGPZVVK/Dd9WFnCgA=; b=DOj+GvgmdhXpHEcyVNXAHwfRlPtldv+Yi34seE7+Nv3IljBhK5m9y+H4MCXJs4D1ZdqVElEqH29cFaJnJ3AHgBihIgd6kN/NKUM1xcaDfRVn7Z8LdJcZRNvRyg8fQ3BwU1e1k+jTUqlM/U4AoXJvHNXl7O39lD8u4wmjbiijEsFuu4OcaBzGGookSmtUISsRhDy1JJ9rniw/RowuqRqKZ6I8pzHjb9kUnkqPHR/4j+uG5NuI/lgvnVuM/YEuZFeVOfIAOtNyCmOHuBZ9LXs9/5CBCyVwTUIp4GvYW7AbK8e54C1NxWYc7kvcomKKrh/ZqoEOIBs2aQvW6wR4ALlF0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yQ66Z/TqXnfNzTD0+OPe5AsF8eTGPZVVK/Dd9WFnCgA=; b=lQRjmP7e7Ncpe6Bv/R5wXsaPJdb39m+sVBODE7Peq4dKFwUtgxzdsiKKsqi4EvS0q7AAdFCmh8rhXCXfV51qRyszMqj+EHIbdiljqLQJZtTjEB2f5HUw10QA8ssHru38baxYU0JvCyWPvOyYLiH2n2pA7Nvp89Cx+3Oj2eTOBh8=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by MN2PR11MB4302.namprd11.prod.outlook.com (2603:10b6:208:179::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.15; Mon, 16 Aug 2021 21:53:58 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::9923:df2f:c942:4aaa]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::9923:df2f:c942:4aaa%7]) with mapi id 15.20.4415.023; Mon, 16 Aug 2021 21:53:58 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Laurence Lundblade <lgl@island-resort.com>, rats <rats@ietf.org>
CC: Thomas Fossati <Thomas.Fossati@arm.com>, Thomas Hardjono <hardjono@mit.edu>, "Scarlata, Vincent R" <vincent.r.scarlata@intel.com>
Thread-Topic: Minimizing the Attestation Results objects which can represent overall Attester trustworthiness
Thread-Index: AdeOJ92sIe44PjiKTG2YzmuXnbyfjwErRkAAAARiqrA=
Date: Mon, 16 Aug 2021 21:53:58 +0000
Message-ID: <BL0PR11MB31224EF7FED9EAA8D0C6C382A1FD9@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <BL0PR11MB31227C3A0BC34E904B0C62FDA1F79@BL0PR11MB3122.namprd11.prod.outlook.com> <1fda2b91-f5f7-b2b4-864c-5b0253e36abd@sit.fraunhofer.de>
In-Reply-To: <1fda2b91-f5f7-b2b4-864c-5b0253e36abd@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: sit.fraunhofer.de; dkim=none (message not signed) header.d=none;sit.fraunhofer.de; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: eb65dd14-63b7-412b-ab66-08d9610059e3
x-ms-traffictypediagnostic: MN2PR11MB4302:
x-microsoft-antispam-prvs: <MN2PR11MB43021310071D1F449BCF21D4A1FD9@MN2PR11MB4302.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /aHG7al1QWUovSHU7E0vYxn1J4+AzKJh8NqwoRgbOyva8R7mBvlvxcB7MbTtOMVd2SKrBaYvJAU7cC2IX8CDrNNYTI8SzvtR59Rcq2pHxc4r3aDrdJSzpDJSLD/e0DCylREzKvd9Z9tzWPugpsnFx/SreE/4LKX3t/PuW/l1Cm9mXNCZ7H+zgOK2L7Kg5gDQ7ERKxocbfQmxn/LL72I2ic49+RQB4HknMljxyOn/EHtwCXkM49W+wRU1ikMPPhpqM4NnUZ5bx8OHuNenhwTbwzZ0Kuyor0RPkJwcTSQ05pR6ecji+s71cWdO1lGGtcsTJ+WCtNPlHC+HUZU81w8502I/Fs3HpCqQ90w5kRNV9Vakn6RR8MK4g98HS49HX7o3g6uocPL1UAePKsMi6cdvHi3e1i4oKr6EdMkyTeTfRyZbKTDE6atcv/b5d3CXrKgMe6FdwF5/L4TueHYA/TTNe2C4DrTg92jGcUUUpn3kvl9jGg+pfy3Gi/3av2728xVTLI+E5v7f89LOJxRQKxSUtXA6JYYwpy+Jde2OllbVqh/6gBCQHaFkeElz2UfUH86eMYDNVIyT6PWT8vxJHhLlXETv5OzrIN1Ab/ex1JmJ/xmv4xI7kRHjobzQohrqkh0qi9RYv+Uf5teutfCAiEoICdBMUXQKDCQnwS5PqMmyJx/aMBrhcnP+dJPzDVYpBHNRr8f13W8y8K8C5ep6aqHlJw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(39860400002)(366004)(396003)(136003)(346002)(86362001)(53546011)(99936003)(33656002)(6506007)(7696005)(5660300002)(478600001)(186003)(122000001)(26005)(83380400001)(2906002)(8676002)(8936002)(66556008)(52536014)(64756008)(66446008)(54906003)(38070700005)(66946007)(9686003)(110136005)(66616009)(55016002)(71200400001)(316002)(4326008)(76116006)(38100700002)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jb2bkOHFKoICdKMzLalz0UwabTBJVks2d3u4w3W7+ZPU7Zdk4YAoy6Vze6x8ibrxBQnVHgjDVVJrJAu6Q/BSXKfPTicQzx+WMjCciV2CCJVYpdArfQROhDMhc2AiRHMUEWaZ6pa+kBrWs1R2omUhxzp0Bs55MANJouda8iX6SRgJpAtT3vu8sA8wOkaPKZwfeBp2bd4lLoImPFlDVYN6egyWMXmO+eOJpvMXDTKkkvUbkFodcpPg2ipGgGRKT0mgc9jx97Pcq/EtIMrWo1Ap+uam56I9NSr+8KUrxlZB7NxkYnYfUYlCZ6brooKHI6NdE8mnyEe479pBJYspAjOJp2fDuzi/NFq6ryTJQyX9aaz4sivIJdWTgyQlwc750BsPVEjcc/q25bho99jXijeyxC7nUoOZyibBsxgGWFAEQ5SrCN2F2S+hlp3F5WXvmVilT/MxBK2hqTto6XUWVZDRNiOUJpvg9npc/pGiSZd+YunQrdEA2cxK7KR7HWjryyyhQ65g7W3aamuR8+VIbKhHizhNBe4YTweEH4YPxubPpw9HSL0yB1PRayb3j3iiYgPDX2ln9KIernD5F5Ilr0FsmSSTHI6O1c/L130cWxr4pTwG46z+EOXUOUlZgZpGYrFO7PqBqF+DnM9mrEIHGED/jTWCNocrjxezdnvtoxmEIkjknpIrSmynDtblSZAaaIKmHd2PAFmzJGFZ6yirFSGn3YuLLiFCxrmEq27hjBkwHoZhAedxbYhNlBSBmQ++ZkUWinNlAJU4pZdekrWKRm9FEt+0+DVAoiZ/4ar9XDvjK+0vV+iqQbmQ+uaIKh6M5LWHVXQXV5ZxzICtJuRcQayvb3cwmd8TFIT1mX9xGcqKzNzC1H+GSOqiXiA5YOdDkVfNmWPCantk6x5DuygFRSAAMijqGvtmmqxhXXOtdXQ93w07QfmfDbqIZvfp2f58itjLUwNFg2RRXUC9/FYOVMuWO0vyMW3O0orK5Fup3B5BEXOeNH2fxckQ6wwE6VsjWNd9HlgDVQdzrKBXM+MVHphEvxH8zOn55A1tO688QRxizzcYO5BG0dsrZ/gofhP3qX+7QToN04SemhE0LAVYO2sXZtz+tzL7+aNE00NIzSEYd+b1HF68xYEZExXkOisrKmYPIeh0x3BFtcgOFuFRYr3oQgID9CYLK34t2Hfr/VvxX8ACZluoXBAh6LpM5NbpgH8p+JDJJCXsw7ccv2pXpxzFLFT2+vPyXJB+6jVArXPlmZAvpDwUe6egEk9CJey0iaa8k2X05yVSs4Uk5qGJ7DkyJn7aRfS0couyvALLFLe29+Gb6bamJ781YMdHMhO3xyEf
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_02D8_01D792C7.A221F2C0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eb65dd14-63b7-412b-ab66-08d9610059e3
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Aug 2021 21:53:58.4893 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZcS45uL/spzenNurx6GCknDXFO88kvQIs3A9EqczZ04wdeB1zo8SlSn9LMRym+iO
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4302
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.18, xbe-aln-003.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ujXCUrtQd4PduHqgmSnrLKNn37M>
Subject: Re: [Rats] Minimizing the Attestation Results objects which can represent overall Attester trustworthiness
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 21:54:09 -0000
Hi Henk, Yes. To me, the Verifier is interesting because it is responsible for the *hard* problem: can I trust you at all? Only when general aspects of trustworthiness established are specific claim sets actually helpful/actionable. If the WG accepts this premise, then how do we (as a community) converge on the general aspects of trustworthiness? That is that the conversation the design principles below is attempting to start. Eric > From: Henk Birkholz, August 16, 2021 3:29 PM > > Hi Eric, > > what you are highlighting here, I think, is an important distinction. > There are two "layers" of Attestation Result Claims here. (1) Attestation Results > about the intrinsic trustworthiness characteristics of an Attester and (2) > Attestation Results that a Relying Party can trust, because they are about an > Attester associated with such trustworthiness characteristics. > > I-D.voit-rats-attestation-results I believe is strictly scoped to the former set (1) > of Attestation Result Claims. These Attestation Results (the Trustworthiness > Claims) MUST always be generated by a Verifier's appraisal procedure. It is > virtually impossible that only a signature (or secure channel) verification will be > enough to allow for the generation of Trustworthiness Claims (basically the only > assurance generated by that would be a proof-of-possession that implies "trust > everything I do, because it is 'I, the key holder' doing it"). > > To enable interoperable "understanding" of Trustworthiness Claims, their > number must be suitable small, unambiguously actionable by Relying Parties and > they must, of course, be Verifier generated and never Attester generated. > > Set (2) of Attestation Results can be vastly more refined, specific, expressive or > voluminous, I think (and potentially also even Attester generated). The swresult > Claim highlighted, I think is an excellent example of a highly versatile Verifier > generated Claim that conveys additional context information to a Relying Party. > > Viele Grüße, > > Henk > > On 10.08.21 23:00, Eric Voit (evoit) wrote: > > Hi Laurence, > > > > During the RATS IETF 111 sessions, we both shared views of how to > > encode Attestation Results (AR). From the perspective of > > draft-voit-rats-attestation-results, the AR in scope are Verifier > > generated claims* about trustworthiness of the Attester itself. Some > > examples of such claims include: > > > > * the Verifier asserts that the Attester has only known good software > > loaded > > * the Verifier asserts Attester's configuration doesn't expose > > security holes > > > > We are now beginning to standardize these Verifier generated claims > > (and associated AR object definitions). We need to do this with the > > stated objective of maximally simplifying the interworking of > > different types of Attesters, Verifiers, and Relying Parties. That > > maximal simplification is essential as we diverse group of RATS roles > > and developers spanning different industries. And to accomplish this, > > I suggest we adopt the following set of design principles: > > > > (1) We should only have a small number of Verifier trustworthiness > > claims standardized at this time. Reason: a plethora of similar > > trustworthiness claims will result in divergent choices made between > > different Verifiers. This would place a lot of complexity in the > > Relying Party as it would be up to the RP (and its policy language) to > > enable normalization across rich incompatible Verifier object definitions. > > > > (2) Any objects from (1) which we do standardize should only include > > specific enumerated states that could viably result in a different > > action from the applied Policy for Attestation Results. Reason: by > > explicitly disallowing the standardization of any enumerated states > > which cannot easily be connected to a use case, we avoid forcing > > implementers making incompatible guesses on what could happen. This > > will eliminate many types of errors. > > > > (3) Verifier and RP developers need explicit definitions of *each* > > state in order to accomplish the goals of (1) and (2). Without such > > guidance, the Verifier will send plenty of raw info, as it relieves > > the Verifier of making the hard decisions. Of course, this raw info > > will be mostly non-interpretable and therefore non-actionable by the RP. > > > > (4) We do need extensibility for this type of Verifier generated claim. > > But Verifier generated claims should be worked in the WG and managed > > via the RFC process, rather than being in a separately maintained > > Attester Claims list. This will keep a tight lid on extensions which > > must be considered by the RP's policy language. > > > > These design principles are important to keep the number of Verifier > > generated claims low, and to retain the complexity in the Verifier > > rather than the RP. We followed these design principles in > > draft-voit-rats-attestation-results. Consequently, the next version > > of draft-voit-rats-attestation-results will include a total of 9 > > Verifier generated Trustworthiness Claims supporting a total of 18 > > enumerated states. 18 enumerated states feels like an easily > > digestible number for the developers of RP policy language :-). > > > > I am hoping we can connect this thinking to your swresult object from > > your IETF 111 slides. Looking at your slide on the swresult claim, > > *each* software measurement could include a large array of results. I > > believe this unbounds the complexity of the RP policy language. > > Effectively, the Evidence to the Relying Party may often be richer > > than that originally sent by the Verifier. In what scenarios do you > > see Relying Party applying such a rich language? And at least from > > the perspective of deciding whether Attester itself is trustworthy, do > > you see ways for just a few Verifier generated claims to expose key > > trustworthiness attributes and states evaluated for the Attester? > > > > I know this is a complex question which might only be worked in an > > upcoming interim. But I figured I would start the dialog now. > > > > Thanks, > > > > Eric > > > > * Note from above: these Verifier generated claims are not the same > > thing as a Verifier ratifying specific claims generated within the > > Attester (such as UEID, location, software manifest, etc.) Many of > > your AR definitions within the swresult appear aimed at this context. > > So there might not be an explicit overlap between our drafts. > > > > Eric Voit > > > > Principal Engineer > > > > *.:|:.:|:. *Cisco Systems, Inc. > >
- [Rats] Minimizing the Attestation Results objects… Eric Voit (evoit)
- Re: [Rats] Minimizing the Attestation Results obj… Henk Birkholz
- Re: [Rats] Minimizing the Attestation Results obj… Eric Voit (evoit)
- Re: [Rats] Minimizing the Attestation Results obj… Laurence Lundblade
- Re: [Rats] Minimizing the Attestation Results obj… Eric Voit (evoit)
- [Rats] Claim encoding formats (was Re: Minimizing… Laurence Lundblade
- Re: [Rats] Claim encoding formats (was Re: Minimi… Eric Voit (evoit)
- Re: [Rats] Minimizing the Attestation Results obj… Smith, Ned
- Re: [Rats] Minimizing the Attestation Results obj… Eric Voit (evoit)
- Re: [Rats] Minimizing the Attestation Results obj… Smith, Ned
- Re: [Rats] Minimizing the Attestation Results obj… Eric Voit (evoit)
- Re: [Rats] Minimizing the Attestation Results obj… Smith, Ned
- Re: [Rats] Minimizing the Attestation Results obj… Laurence Lundblade
- Re: [Rats] Minimizing the Attestation Results obj… Laurence Lundblade