Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rework the CoRIM Intro #6

Closed
thomas-fossati opened this issue Sep 23, 2022 · 2 comments · Fixed by #68
Closed

rework the CoRIM Intro #6

thomas-fossati opened this issue Sep 23, 2022 · 2 comments · Fixed by #68
Assignees
@yogeshbdeshpande
Labels
enhancement New feature or request

Comments

@thomas-fossati
Copy link
Collaborator

Text (temporarily) expunged:

Concise Reference Integrity Manifests (CoRIM) contain tags that describe the
composition and measurements of a platform, device, component, or software.

CoRIM is an envelope to carry information typically exchanged between Endorsers
and Verifiers {{-rats-arch}}. Endorsements are information produced by
Endorsers and consumed by Verifiers. CoRIM contains Endorsement Claims. Inside
CoRIM, Claims about hardware or firmware are described using CoMID tags.
Software Claims are described using CoSWID tags.

CoRIM can be integrity protected and authenticated using cryptography. The
CoRIM signer is the entity that asserts Endorsement Claims.  In a complex
supply chain, it is likely multiple Endorsers will produce CoRIMs, pertaining
to individual components they produce, at different times. Hence a CoRIM can
provide a link to other CoRIMs such that a combination of CoRIMs describe a
device class.

There are a couple of problems with that text:

  1. it mentions RATS-ARCH but does not use the vocabulary correctly (specifically, it squashes together endorsements and ref-values into endorsements -- and their providers are merged accordingly)
  2. there are some other clarity issues that popped up in a quick skimming session before submission of -03
@thomas-fossati thomas-fossati added the enhancement New feature or request label Sep 23, 2022
@nedmsmith nedmsmith mentioned this issue Jan 12, 2023
Closed
@henkbirkholz
Copy link
Member

Every big topic needs its introduction. E.g. the whole document as discussed in #4

the list of topics include:

  • CoRIM docuement
  • BOM
  • CoMID
  • reference to CoSWID

@nedmsmith nedmsmith mentioned this issue Jan 25, 2023
Open
@nedmsmith nedmsmith mentioned this issue Feb 28, 2023
Closed
@yogeshbdeshpande
Copy link
Collaborator

Some of the sections referenced in this issue, especially CoRIM Introduction and CoMID Introduction is addressed by:
#68

thomas-fossati pushed a commit that referenced this issue Mar 29, 2023
@yogeshbdeshpande @thomas-fossati
Add intros
f21d124 
Fix #4
Fix #6
Fix #7

Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>
@thomas-fossati thomas-fossati mentioned this issue Mar 29, 2023
Merged
@nedmsmith nedmsmith mentioned this issue Sep 6, 2023
Merged
@andrew-draper andrew-draper mentioned this issue Sep 27, 2023
Open
@nedmsmith nedmsmith mentioned this issue Dec 12, 2023
Open
@nedmsmith nedmsmith mentioned this issue Feb 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yogeshbdeshpande yogeshbdeshpande

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Initial Introduction addition ietf-rats-wg/draft-ietf-rats-corim
3 participants
@thomas-fossati @henkbirkholz @yogeshbdeshpande