From 770cfd3e038e5192b3a930e5e80eea47c2c84387 Mon Sep 17 00:00:00 2001 From: Fabrizio Damato Date: Mon, 18 Aug 2025 19:54:32 -0700 Subject: [PATCH] Remove Attester Topology from IETF EAT Profile - As It doesn`t belong to a profile definition Signed-off-by: Fabrizio Damato --- .../diagrams/attester_binding.drawio.svg | 410 ------------------ specifications/ietf-eat-profile/spec.ocp | 24 - 2 files changed, 434 deletions(-) delete mode 100644 specifications/ietf-eat-profile/diagrams/attester_binding.drawio.svg diff --git a/specifications/ietf-eat-profile/diagrams/attester_binding.drawio.svg b/specifications/ietf-eat-profile/diagrams/attester_binding.drawio.svg deleted file mode 100644 index 5101f60..0000000 --- a/specifications/ietf-eat-profile/diagrams/attester_binding.drawio.svg +++ /dev/null @@ -1,410 +0,0 @@ - - - - - - - - - - - - - - - - -
-
-
-

- - - -
- - - -

-

- - - - OCP Profile - - - -

-
- - -
- - -
-
- - - EAT-NONCE-0 - - -
-
- - - EAT-NONCE-1 - - -
-
- - -
- - -
-
- - - Signature - - -
-
- - -
- - -
-
- - -
- - -
-
-
-
- - - OCP Profile... - - - - - - - - - - - -
-
-
- - Lead Attester - -
-
-
- - - Lead Attester - - - - - - - - - - - -
-
-
- - Sub Attester 0 - -
-
-
- - - Sub Attester 0 - - - - - - - - - - - -
-
-
- - Sub Attester 1 - -
-
-
- - - Sub Attester 1 - - - - - - - - - - - -
-
-
-

- - - -
- - - -

-

- - - - OCP Profile - - - -

-
- -
- -
-
- - EAT-NONCE-1 - -
-
-
-
-
-
-
-
- - - Signature - - -
-
- - -
- - -
-
- - -
- - -
-
-
-
- - - OCP Profile... - - - - - - - - - - - -
-
-
-

- - - -
- - - -

-

- - - - OCP Profile - - - -

-
- -
- -
-
- - EAT-NONCE-1 - -
-
-
-
-
-
-
-
- - - Signature - - -
-
- - -
- - -
-
- - -
- - -
-
-
-
- - - OCP Profile... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
- Lead Attester EAT -
-
-
- - - Lead Attester EAT - - - - - - - - - - - - - - -
-
-
- Sub-Attester EAT -
-
-
- - - Sub-Attester EAT - - - - - - - - - - Text is not SVG - cannot display - - - - \ No newline at end of file diff --git a/specifications/ietf-eat-profile/spec.ocp b/specifications/ietf-eat-profile/spec.ocp index 3715c79..aaf83de 100644 --- a/specifications/ietf-eat-profile/spec.ocp +++ b/specifications/ietf-eat-profile/spec.ocp @@ -168,30 +168,6 @@ integrity-protected wrapper for concise evidence. The cwt-eat statement is defined as follows: -## Attesters Topology - -In certain setups, an attester may need to gather evidence from additional -devices, including a **Root of Trust (RoT)**. In such scenarios, this attester -acts as the lead attester, while the other devices serve as sub-attesters. - -Ensuring the freshness of evidence collected by the lead attester from the -sub-attesters is essential. To achieve this, the attester will present a -secondary nonce. The Lead Attester creates a random value and uses it to -request evidence from the sub-attesters. - -Both the lead attester and the sub-attesters are required to attest to this -value: it **MUST** be present in both lead attester and sub-attester evidence -as a Nonce claim. - -A Remote verifier confirms that the evidence from the sub attester has been -gathered by the lead attester by verifying that one of the nonces in the -lead attester’s evidence matches a nonce located in the sub attester’s -evidence. Additionally, the requester is expected to relax time constraints to -accommodate any latency the lead attester may experience while collecting -evidence from the sub-attesters. - -![Lead Attester binding to SubAttester](./diagrams/attester_binding.drawio.svg){#fig:attester_binding} - ## CWT Integrity Protection The CWT is protected against integrity breaches and can be cryptographically