Re: [Suit] [Rats] [sacm] CoSWID and EAT and CWT

Michael Richardson <> Tue, 03 December 2019 13:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EBD7812002E; Tue, 3 Dec 2019 05:04:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lrYdvaewDSsV; Tue, 3 Dec 2019 05:04:33 -0800 (PST)
Received: from ( [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6CCB8120019; Tue, 3 Dec 2019 05:04:32 -0800 (PST)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 6476E3818F; Tue, 3 Dec 2019 08:00:55 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id E37484AD; Tue, 3 Dec 2019 08:04:30 -0500 (EST)
From: Michael Richardson <>
To: "rats\" <>, "suit\" <>, sacm <>
In-Reply-To: <>
References: <> <27435.1575305487@localhost> <> <>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 03 Dec 2019 08:04:30 -0500
Message-ID: <19794.1575378270@localhost>
Archived-At: <>
Subject: Re: [Suit] [Rats] [sacm] CoSWID and EAT and CWT
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 03 Dec 2019 13:04:38 -0000

Smith, Ned <> wrote:
    > The architecture slides presented at Singapore showed Attester-Verifier
    > interactions supporting multiple signed formats. Therefore, it could be
    > reasonable to consider [Co]SWID as yet another payload format the Verifier
    > needs to handle.

That's an interesting take on things.
My reading of CoSWID is that COSE signatures are almost an afterthought
(appendix A), and in any case, would be produced by manufacturers rather than
as evidence.

It seems that inclusion of an unsigned CoSWID into a SUIT Manifest is
appropriate as the manufacturer is authoritative for both.

    > Another consideration might question whether it makes sense for [Co]SWID to
    > be regarded as Evidence. Maybe it should be restricted to Endorsements?

I think that it makes more sense as Endorsement only, as such it falls
outside of the normative part of the RATS architecture.

    > The important distinction from the perspective of the RATS architecture is
    > that Endorsements (signed by a mfg – aka “Endorser”) are still Endorsements
    > even if they are stored on the Attester and conveyed to a Verifier over a
    > conveyance protocol that supports conveyance of Evidence. Evidence and
    > Endorsements are signed by different keys. How they are conveyed isn’t
    > interesting to the Verifier per se. except where freshness is a
    > consideration.

If the manufacturer-signed Endorsement is communicated within EAT, then it's
not a seperate token format. It's just payload for a Evidence carrying EAT.

Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-