measurement results claim --- seems too general purpose to be useful

[mcr]

> 12) 4.2.18. The Measurement Results Claim (measurement-results) This
> claim is a general-purpose structure for reporting comparison of
> measurements to expected Reference Values. This claim provides a simple
> standard way to report the result of a comparison as success, failure,
> fail to run, ...

> This feels like something that should be accomodated with some kind of
> vendor specific extension process.  I don't think that the document or
> specification benefits from having a claim that is intentionally
> specific.

> I would, in particular, not want it to be sent from the Verifier to RP,
> since I would have no idea what's inside it.

Some changes were made, but none addresses the core of the comment.

[laurencelundblade]

The claim definition explains that a receiver of this claim will not be able to interpret them without additional information in most cases. It is up front about this.

To a varying degree this is also true of other work and definitions in EAT and RATS. This is because EAT and RATS are for widely varying device architecture and operating systems. Attestations system will also vary in the checks they provide. EAT submodules will vary from device to device. CoRIM and CoMID and even AR4SI are similar in that the receiver will need additional information.

That said, it is possible to produce a very simple measurement result that indicates “all checks passed”. (The receiver still has to find out what all checks where done from an outside source because we are not defining an architecture to describe all possible system checking).

The claim is not specific to any particularly measurement system and should accommodate the reporting of measurements results from measurement schemes from many vendors.

[gmandyam]

As per decision in RATS interim WG meeting on Dec. 12, 2022, it was decided to address the concerns underlying this issue in the AR4SI draft: https://github.com/ietf-rats-wg/draft-ietf-rats-ar4si/issues