IETF Logo Mail Archive

Re: [Rats] draft-ietf-rats-endorsements-00

"Smith, Ned" <ned.smith@intel.com> Thu, 14 December 2023 19:05 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E37AEC14F682 for <rats@ietfa.amsl.com>; Thu, 14 Dec 2023 11:05:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ofEpmpJC1eA for <rats@ietfa.amsl.com>; Thu, 14 Dec 2023 11:05:30 -0800 (PST)
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EC50C14F603 for <rats@ietf.org>; Thu, 14 Dec 2023 11:05:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702580730; x=1734116730; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=BFfQD57Nl3Uy/2X/T1XDTEAbLudzGXRqJOGzNcDrAJw=; b=WRA8ZtfT0LDIg8ibzYgA7EX29NiSVuM6LSNJke+Cul8jFFBZt4bM9dOy X53gLtB8Xx/0cZZwR0ehEl2nwY2vDvwIas22g8U/DThYr9iUcOu8v7nYE nieS6hsgcEDFVZ8nQlRFqtvd8lX7dSR9yWqhT4zog/OHU0lqqIa2Nm3tE Dck7y2Y8Um7tPyrSep5+RNJlPPQAuuwhFQmrxLSB97KiTSiipJwZ79UKm pIBamI/MNTTWoyN4XPgu/EU3uDdPS/PkzsqsG/18+DMn7scZjzRsq8ZM+ EHlbfYb7yj+VETqoMvDw5o8SkDfMM99uCEGfoZGQHHAAkdlivE5vIVTmR w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10924"; a="2024955"
X-IronPort-AV: E=Sophos;i="6.04,276,1695711600"; d="scan'208";a="2024955"
Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2023 11:05:29 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10924"; a="750642129"
X-IronPort-AV: E=Sophos;i="6.04,276,1695711600"; d="scan'208";a="750642129"
Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga006.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 14 Dec 2023 11:05:29 -0800
Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 14 Dec 2023 11:05:28 -0800
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 14 Dec 2023 11:05:28 -0800
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 14 Dec 2023 11:05:27 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RVfpAe4h21IO4DTXtYs09dOWbv7+oiPDP3BUDnJpWeRKS1kJm+F7d70TwnKhELb31BI06cH8DG2nTi/+nmfeQPR340rSLCLsrerKg+XBMhrvC4mBTGYLQEEmE6kiSkh3ioL2B2+0dH1CabiCOlw1xXiuCuV7yEB1Pis7vn2RO/pgklCpdGpWB6ghHq9s4Kga8+quhBmotohxKKc0D5GeGHLpDk/f3T8xZWkBfmkn9vsWET/HGk4Ecj+vpmLw3i4HgCaNynC6JXmF9ylik5xvA/nchZU9Qdk8wpXVOa+x9lQxZyKmZRVhii+2/HpmWIjoMe1cNcjBU9GDEEWysQEK+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BFfQD57Nl3Uy/2X/T1XDTEAbLudzGXRqJOGzNcDrAJw=; b=Mjv6XrdldlaLuCsXrkE8K51oJHw9i+i0C4gabmIODYy9aCl+INmcJQkxfQQ8s/tWkw8h8twK+fYpjIzQgLTgcIMY5eHrEJy1YjTh9zPbojlJzEJVQfvv7p5QWv3oda+iXkAZ44JjF4xcVCqhkCdLbU6gs2x3SccRzejxtxBrm7XDyLNgoZItyCKMmD17TY/wy0RKCczdZUce9y9878kGEkixcUgQYEOGO07YY7WkM/Rqkd505WBtV52ehcXgLwyO2rabAk/+PJbfd/YvAFD4CVBYGZqe8wb+LKP066g60B5TdBG+KXYCMY1W3I83DgGnaZkxgQXsDpU41P8RSSZh7w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by MN6PR11MB8241.namprd11.prod.outlook.com (2603:10b6:208:473::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Thu, 14 Dec 2023 19:05:19 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::1e79:a12c:3916:2398]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::1e79:a12c:3916:2398%4]) with mapi id 15.20.7091.028; Thu, 14 Dec 2023 19:05:19 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "hannes.tschofenig=40gmx.net@dmarc.ietf.org" <hannes.tschofenig=40gmx.net@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] draft-ietf-rats-endorsements-00
Thread-Index: AdouAVcK9pFVk5AUR+O1SAuL5EYUMgAj87AA///YjAA=
Date: Thu, 14 Dec 2023 19:05:19 +0000
Message-ID: <D23CA3B3-71AB-4B22-8F30-D0C80444EB78@intel.com>
References: <007101da2e02$b7cf0120$276d0360$@gmx.net> <8973.1702560390@localhost>
In-Reply-To: <8973.1702560390@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.80.23121017
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB5169:EE_|MN6PR11MB8241:EE_
x-ms-office365-filtering-correlation-id: cca689c3-def4-4112-9b5c-08dbfcd79d74
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UU4VCwr0xIwRAWQ6PhogD6b+3ttI0qOi0gn4udwjlaynE5woEMMyj/2McIHuLLNBKpDqwC5PSt/5qniHOpHiAX0F6iTtfPlXloV6DyykMBp4Pjn1jNje4f+epR9FvLBxCQb+RbZB5IETfFwQSjhO35XcTmr7d6vtg9tkfNEJe+KMRPLDERpXk1ukhiQzciovshmhocnzcy7AmzBWouqCdf4gnMZTm9S3aDab7cB6THsq3jKLUe3jJVU1xQkOV6v5xfxiif+dj5cEqsLvA+f4ANea1IrwLo87Twv5VIzqD0zm0SfEo49T0ap2AVZjCHOOELV8eMlb2Gm6yUUIlAfzJv093OAerABVjJ+CNbSTgKt8j8L+gJSb5iiiuhv2pppqV2g9Ygsyq8l3gko9bD51hPpz+eGPDrxiGz2CwUF6FhE/xYqMKpcqvn3fsGEa6/XqKvdUUTtF8w3uVfzUYsUtgL2IunVBN8C/IB1DUkbj2ZE2M0Jpx1cqEdhOVdmLidTGiBV6Pq5w9LTfFszh4yXj9Zp6cDmJafsTcAIn7Ll6TxxPCvh2ANI1WXH4WmpIQmKCr5rl1ia4hVRpw/31CMg77o6Zq++eDvH2AmZGprDlP/RdM+2+xXKdyNFgr9yUEJMLwBagAeYNcyvcOjEiukxhiA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(376002)(136003)(39860400002)(396003)(366004)(230922051799003)(64100799003)(1800799012)(186009)(451199024)(478600001)(5660300002)(6486002)(6506007)(6512007)(66446008)(316002)(64756008)(66476007)(66556008)(82960400001)(2906002)(122000001)(66574015)(2616005)(86362001)(26005)(71200400001)(38070700009)(36756003)(76116006)(66946007)(110136005)(8936002)(8676002)(41300700001)(83380400001)(38100700002)(33656002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: q1AOKOu4bFoaiSOXMFs/9hox4nK0rNnnfKrxuFw3Ytoou4X6G9MsXtXgxafBDl5szDpvl9h/2T9QxYnGflu5bJv7Ys3aIYNhuFMpTVNt6gJuuH6357UenpV6InOWCJmP2FuhaxlKSeATPrp3FL8GpGlN9lcc3W568GB5WZ4bhWeDHkIin8sOdpNhRXNbiJyCF3ZG0W7QaS2MFdBLLi7Lbd5ApNDoUNe2Kz5GVPlmuXjmBIqeU0dwYPbI3HUVmiW6eUB5BOqBeSSIFvBJqNWfoCo26lB9wguZWs1zncvwPv4amgeTpgCT+oBH5CEDW8QsmKPvUo383X/O5BMCygcEYZbcMxH3OkA72Dh/294TKBF6MtHb5zYGnt6+6YIaxUzjrSQasgikoGPI15RXuaxPdTeZrk2Fu4JCd+zog05Sqo45krDq6k6Y0smfkvyUjXrltmcoBAMsl3ux1WWBvks5B9iTHc1LJH/xsnn77o5oow6udaM/cLCpyKRQzaiGxVICt5gf14EJp1pYS0qsJVsMRzhwaz7BpnQ+oTnYduAHEnO1hiaPN153VWcD74uEyIficy+jHQsD3rnHSD7O5ShNl4tid5i4tzue5xKb/drlA5FdXB5Kv6rpjLMH7fjyi44gdj3zdPCwMrTz3MHCUD26eO9/4Okw2SaMAzkKCUIXfeHXf2Io2I1oWRrpEiTNPMdPeu5Ex6FE8XH+MBcZmty/nRfy2RGlWxFWdrygxoMdFZLhqSayQaziXATY3UEGovB/Aq79fUfvhHLMvH6PdUcYsCKOl2kd++IFs0ka6Ck9PdXLmA5sJ5XJrO2lR6eqelOr7D3j9mVLcecfSnrAwva/nDAOwETAp6Ior+SRMK47+mXoWocf31BSuh4YJYKfUzhShgSZzcHlIC2Jc/dxU7zSgz95G3WN5VUgC7Hipxj1NpaoYanrUE3BQChD2PU3zGk9gZsEiITOFtimeATt/OQ+YALjcl2wGuEwUwm0xfWbOgNZGW3egCZaVLlZ+ja9AGyAY0gjD9J3fk5dR+f4yo6ktaPQ4YsrB/9hunSVP3c44qgBOPNXvmrcr5wKyQTVkyM11leQ/wos3YAh5snT9S13ILHb2owzw/Yh6Sb02QG5y0UQe1Z4Kr7BRZsC4PYxas82VfKcDHQv1FXAzlR8k726rqCTjVekjNs4yD3cAzlkOwmbwRnA/gHhXt3E7pjRdoZT7bMHZhWmforSHBl4OPhNAhrTkQuH2nLJFS9yc1zkDdVInOnxKFDGmrGsCOpczGGxPxzPSUdeNhDpLvQcMODDOz5yJZ8JB/XOSUxAMiFq2rKCrPUMnbDaUirw3W2P3XUqL6WDkFAAWJvu4hg26xkzAZSz8GtnM+vx7mPULZUIVL77BPBO2HVm/sjoDWm3avnazApllGW3nRvMQEy+8R1E0nZvxeWk01k2JW2obN1e4wpGvj9+3VD0trR36jx22WxIB0rM58AIU+ZUPVXRzSmI3fz50OFBnECMPweKTBVd2O9UVB72b9fsrAKgp8WX+t+hgzHErRGp1uBuBkVBr5HCrKsmpNiA4bVcvZFr9RvW1WCEdn8IjpMgGG/iBxT3Tm+TiRnU/94XxEgtNZ5tNwH7tw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <1D5B431E043EE14AA7C94CCE6276A0C2@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cca689c3-def4-4112-9b5c-08dbfcd79d74
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Dec 2023 19:05:19.2405 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HRgfJZegJyuJvlVNu77v+bsC40QFbMELLt8fi6A2MEk15rbqrut26XS1+nwgfnA2aG4mRLEJxHzv1fAtvIRlJg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR11MB8241
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/xi03jm1o07YJWBGymexxSrL9F1M>
Subject: Re: [Rats] draft-ietf-rats-endorsements-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 19:05:35 -0000

Some have suggested that the DAA I-D is also an update to the architecture. If we're talking about -bis documents, then this could be considered as well.
-Ned

On 12/14/23, 5:26 AM, "RATS on behalf of Michael Richardson" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of mcr+ietf@sandelman.ca <mailto:mcr+ietf@sandelman.ca>> wrote:




hannes.tschofenig=40gmx.net@dmarc.ietf.org <mailto:40gmx.net@dmarc.ietf.org> wrote:
> I read the RATS endorsement draft and was wondering whether the
> document shouldn’t have become a section in the architecture
> document.


I agree that in a different universe, that it could have been included.


I think that the architecture design team drew a line around the three core
components (Attester, Verifier, RP), and focused on getting consensus around
that.


For some environments, the Endorsements are configured (via
policy/configuration) in the Verifier. Trying to cover that situation while
also defining a structure that allows for signed endorsements would have
confused some readers.


> I am unclear about the direction it will take. Currently, it
> reads a bit like a transcript of a hallway conversation.


I understand your complaint; I didn't find it too transcript-y, but I agree
that it spends a lot of text on pre-amble which might not have been necessary
if it were part of 9334.


> Wouldn’t it be better to create a -bis of the architecture document and
> to include the content of this document?


I don't object to making this document Update: 9334.
I feel that it might be two years too soon to do a -bis document.
But, if there is consensus to do what you suggest, it could be done.




--
Michael Richardson <mcr+IETF@sandelman.ca <mailto:mcr+IETF@sandelman.ca>> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email