IETF Logo Mail Archive

[Seat] Re: New Version Notification for draft-mihalcea-seat-use-cases-02.txt

Henk Birkholz <henk.birkholz@ietf.contact> Mon, 11 May 2026 10:05 UTC

Return-Path: <henk.birkholz@ietf.contact>
X-Original-To: seat@mail2.ietf.org
Delivered-To: seat@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9EA24EC6998D; Mon, 11 May 2026 03:05:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778493905; bh=xRaHlLCGY7bFOC27wxUWgEC36BlUEcYYyLzjjl5l7Tw=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=b+/1tSzzdsYuPMKLjY8eC5o0ju9lnxK0hMrSTNvwHig1ENeQYmej+lX0GyRvEXJO8 +qKObNlRvyv60V3imhKnSY7R6iDIBmKUh8l9S+vDXiYi6Q/CtBilIEu53RUeUtwCru G1krif5D5Bfq1T56QybOo3OEeeRnDz3OR1YI0O/Q=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.423
X-Spam-Level:
X-Spam-Status: No, score=-4.423 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.624, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ietf.contact
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T5fu3acgAXLM; Mon, 11 May 2026 03:05:01 -0700 (PDT)
Received: from smtp03-ext2.udag.de (smtp03-ext2.udag.de [62.146.106.30]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 54098EC69981; Mon, 11 May 2026 03:05:01 -0700 (PDT)
Received: from [134.102.119.215] (eduroam-pool7-2007.wlan.uni-bremen.de [134.102.119.215]) by smtp03-ext2.udag.de (Postfix) with ESMTPA id 9B922E0104; Mon, 11 May 2026 12:04:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ietf.contact; s=uddkim-202310; t=1778493894; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u4fV+DvQFOVNkvxpIRc6UPgUk855mCV0j+PM7Z6mGPI=; b=40ptUT8LD9GRKqRq6zTxnB/kZuB8IAxp9sYqoNPDELZufRSU6AH94SBWk3tQGmwjG0nSoU 7d+VPEcKB+67fOwwnwNtK+HWyupKj19ek4825AwEhwgYVrjtkwVrgoDrYGewKv2wI2BnOr Lyn7sLOd1c/uJTdUD5Si+044iDolCERiesfEKjA5dCWsyOFFWj0tU5H/AhdMGcPW0A5rri A/AwS9I5svRtX4RWHW2YhTZaV8ze4Oep5ppzw1Xlzb98zGGtuR/Q32HJbhoM1TZZwL6YEI sKs+RKqTZBwm/SBjhLnV11ge9Dm4cOXpXBkuHq4ICx+gTwWT8XrYRE5pICcL8w==
Authentication-Results: smtp03-ext2.udag.de; auth=pass smtp.auth=henk.birkholz@ietf.contact smtp.mailfrom=henk.birkholz@ietf.contact
Message-ID: <d1893315-1a28-e9b7-6b4f-7fa4a02fdba8@ietf.contact>
Date: Mon, 11 May 2026 12:04:52 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>, Thomas Fossati <thomas.fossati@linaro.org>
References: <4a03bb9a-542d-49b4-b307-238c2555db1f@tu-dresden.de> <5407A9DD-080F-4E46-979C-DE53BF2E52FE@aiven.io> <ea78e97b-3596-4fc8-87cc-59292499f754@tu-dresden.de> <57cf40db-bdfa-457e-a4dc-913eb0630e20@tu-dresden.de> <CAHxYnaNbiuSsZ2bH+X2u_HHDV60yEWeO3=vkQ5DRizHbnRZZKQ@mail.gmail.com> <48537165-5019-40b7-a8c1-8909fe1c2d66@tu-dresden.de> <CAHxYnaNSZdyV9rEmkg3xQsbtPDG-HQAbc8PtFYg_kANWV_r-Tw@mail.gmail.com> <CA+1=6yexMaTV53rONk2=5QtUJe2uPLa_=JmXH23FVP4fv7v=Bg@mail.gmail.com> <4e0dc848-2a72-4c2a-a74d-e6e1753c4b92@tu-dresden.de>
From: Henk Birkholz <henk.birkholz@ietf.contact>
In-Reply-To: <4e0dc848-2a72-4c2a-a74d-e6e1753c4b92@tu-dresden.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: JAKCK334BJQ5ULGGKYJJRS5QT3KLOZGF
X-Message-ID-Hash: JAKCK334BJQ5ULGGKYJJRS5QT3KLOZGF
X-MailFrom: henk.birkholz@ietf.contact
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: seat@ietf.org, draft-mihalcea-seat-use-cases@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Seat] Re: New Version Notification for draft-mihalcea-seat-use-cases-02.txt
List-Id: "Secure Evidence and Attestation Transport (SEAT) WG" <seat.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/seat/9cN9AZfHWMhGISIDH6CE8dYAL4I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/seat>
List-Help: <mailto:seat-request@ietf.org?subject=help>
List-Owner: <mailto:seat-owner@ietf.org>
List-Post: <mailto:seat@ietf.org>
List-Subscribe: <mailto:seat-join@ietf.org>
List-Unsubscribe: <mailto:seat-leave@ietf.org>

On 10.05.26 17:29, Muhammad Usama Sardar wrote:
> Hi Thomas,
> 
> Thank you for your feedback. I have updated the PR [0] with some 
> additional clarifications. Please check if that works for all of you. If 
> not, please propose edits in the PR.
> 
> On 10.05.26 12:47, Thomas Fossati wrote:
>> If we leave it in the document, it should be presented as one possible
>> defence-in-depth approach, rather than as a requirement.
> 
> I'm concerned that this might open a new discussion, rather than closing 
> the one at hand. I think the line between "defense-in-depth" and 
> "requirement" is a bit fuzzy, depending on quite a lot of factors. For 
> example:
> 
>   * In some cases, the Claims may not change at all. In those cases, TLS
>     nonce might be sufficient.
>   * Some cases might just need one-time attestation.
>   * In almost all cases, the attestation nonce -- in current hardware
>     architectures -- does not go as deep as it should actually go.
> 
> And so on...
> 
> Does all of it mean that we remove Evidence freshness as a requirement 
> and instead make it defense-in-depth?
> 
> Best,
> 
> -Usama
> 
> [0] https://github.com/tls-attestation/use-cases-and-properties/pull/43
> 
> 
> _______________________________________________
> Seat mailing list -- seat@ietf.org
> To unsubscribe send an email to seat-leave@ietf.org

There is a difference between recentness and freshness that we cannot 
discuss away or into oblivion.

a) recentness and policy can derive freshness (for your application's 
purpose)
b) freshness means that an authentic and time-bound assertion (e.g., 
RATS Evidence) reflects reality as is. That of course is an unobtainable 
golden principle. E.g., the coherence of Evidence generated and the 
Verifier processing the Evidence until an Attestation Result is 
generated might overlay with a change of reality, which would render the 
Attestation Result moot on reception.

There are various ways to deal with that "timing issue".

https://www.ietf.org/archive/id/draft-ietf-rats-ar4si-09.html#name-below-zero-trust 
provides a generic approach to improve the assertion of freshness.

Policy can define certain (overlapping) windows of freshness;"some 
tolerance".

In the end, it are the Relying Parties requirements that impose the ways 
freshness is derived. The relativity of time in space inherently always 
renders this a policy problem in the end.


Viele Grüße,

Henk

v2.43.4 | Report a Bug | By Email | System Status