-
Notifications
You must be signed in to change notification settings - Fork 10
Terminology, dataflow/roles, and trust model #6
Conversation
Includes new terms Endorser and Appraisal Policy Signed-off-by: Dave Thaler <dthaler@microsoft.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Attester definition seems biased towards the perspective of a Relying Party rather than being described from the perspective of a "Verifier Appraisal Policy".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Relying Party definition could be more specific to attestation roles by identifying the "verifier" as the entity that it trusts to provide Attestation Results.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Verifier definition could be more specific about evaluating Evidence information about an Attester.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the trust model section I generally don't like sentence structure that ends in a preposition. Could be worded better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The word 'health' is generally being used where other words such as 'trustworthiness', or 'state' could be used. I'm concerned that 'health' might not easily be synonymous with 'trust'. It also seems to bias the architecture toward NEA (RFC5209) which IMO does not define attestation.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
a451e02
to
11e8f50
Compare
Done |
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Done. (But if you have feedback on a sentence like this in the future, please attach the comment directly to the code line under the "Files changed" tab, to make it easy to find which phrase you're referring to.) |
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Done |
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Updated. How about now? |
dataflow.txt
Outdated
| | ||
Evidence |Endorsements | ||
Appraisal----. | | ||
Policy | | Attestation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Who is speaking the Appraisal Policy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Predominantly, it is the local organization/domain-administrator. Administrative-Domain. Or Owner.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Endorsement is a kind of manifest, like for a ship (a shipper!)
draft-ietf-rats-architecture.md
Outdated
* Endorsement: A secure statement that some entity (typically a manufacturer) vouches | ||
for the integrity of an Attester's signing capability. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the Known-Good-Value/Reference Value fall into Endorsement or Appraisal Policy? Is it better to add some text into the explanation of the related term to explicitly express that this term includes the Reference Value?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Appraisal Policy! (No, could be both) Reference Value is a 1:1 comparison. But, for geo-coordinates it would be more like a policy, a calculation is required. Appraisal Policy is a super set of Reference Value/KGV. An Endorsement is spoken by a supply chain entity, while an Appraisal Policy is spoken by an Owner.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Appraisal Policy. And as Michael implies, Reference Value is just an example and is not sufficient in the general case so we do not want to imply that there is necessarily such a thing as a Reference Value, except in a specific example.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it. Use Cases draft or 'Use Cases' section is a good place for giving an example to explain that Reference Value is one case of Appraisal Policy.
draft-ietf-rats-architecture.md
Outdated
the validity of information about another entity. Compare /security policy/ | ||
in {{?RFC4949}}. | ||
|
||
* Attestation: A process by which one entity (the "Attester") provides evidence |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this term gets re-introduced here, without any annotation.
The appraisal policy are the rules on how to test the evidence.
Here, "Attestation" is the creation of the evidence
Often people use the term "Attestation" to refer to the whole process.
Suggestion that we should define this term somewhere, but maybe "Remote Attestation"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FIDO has NONE-Attestation-Type, where there is no assessment. TCG would call this Implicit Attestation. https://www.w3.org/TR/webauthn/#none-attestation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's take this to the WG, and maybe we can not get consensus on this term.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Charter says: "Remote
attestation procedures (RATS) enable relying parties to establish a level of
confidence in the trustworthiness of remote system components through the
creation of attestation evidence by remote system components and a processing
chain towards the relying party."
448f1ea
to
c6b1cd4
Compare
c6b1cd4
to
d6bceb1
Compare
I would like to discuss the possibility of combining the terms "Endorsement" and "Attestation Result". Just like we have an Appraisal Policy for a verifier and an Appraisal Policy for a relying party, some might view an Attestation Result as an Endorsement for use by the relying party. I'm ok either way, but wanted to discuss this in our next call to see if others think it would help or confuse things. |
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
I still believe my original definition of Attestation is good, I haven't seen any comments here about what the problem was. For comparison, https://en.wikipedia.org/wiki/Attestation says it's "The process of validating the integrity of a computing device such as a server needed for trusted computing.". I'm also ok with that definition. |
d975fe8
to
b069478
Compare
b069478
to
cc60ab7
Compare
I’m OK with that wording for introducing the concept. It may break down if the terminology for ‘device’ and ‘trusted computing’ become overly specified / specific.
From: Dave Thaler <notifications@github.com>
Reply-To: ietf-rats-wg/architecture <reply@reply.github.com>
Date: Tuesday, December 17, 2019 at 6:59 AM
To: ietf-rats-wg/architecture <architecture@noreply.github.com>
Cc: "Smith, Ned" <ned.smith@intel.com>, Review requested <review_requested@noreply.github.com>
Subject: Re: [ietf-rats-wg/architecture] Terminology, dataflow/roles, and trust model (#6)
I still believe my original definition of Attestation is good, I haven't seen any comments here about what the problem was. For comparison, https://en.wikipedia.org/wiki/Attestation says it's "The process of validating the integrity of a computing device such as a server needed for trusted computing.". I'm also ok with that definition.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub<#6?email_source=notifications&email_token=ABPMCSA5A36322ZD6PAQN63QZDSENA5CNFSM4JSMUVFKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHCUPCI#issuecomment-566577033>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABPMCSEVNW5TYYWUW3O53ITQZDSENANCNFSM4JSMUVFA>.
|
Here's a first attempt to combine terminology sections, and trust model.
Includes new terms Endorser and Appraisal Policy per recent discussion.
Signed-off-by: Dave Thaler dthaler@microsoft.com