Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

using the term Reference Values more consistently wrt the architeture #34

Merged
merged 1 commit into from
Apr 25, 2021
Merged

using the term Reference Values more consistently wrt the architeture #34

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 9 additions & 11 deletions draft-ietf-rats-reference-interaction-models.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,13 +229,11 @@ Claims ('claims'):

: Claims are part Conceptual Message and are, for example, used to appraise the integrity of Attesters via a Verifiers. The other information elements in this section can be expressed as Claims in any type of Conceptional Messages.

Reference Claims ('refClaims')
Reference Values ('refValues')

: *mandatory*

: Reference Claims are components of Reference Values as defined in {{-RATS}}. [Editor's Note: Definition might become obsolete, if replaced by Reference Values. Is there a difference between Claims and Values here? Analogously, why is not named Reference Claims in the RATS arch?]

: Reference Claims are used to appraise the Claims received from an Attester. For example, Reference Claims MAY be Reference Integrity Measurements (RIM) or assertions that are implicitly trusted because they are signed by a trusted authority (see Endorsements in {{-RATS}}). Reference Claims typically represent (trusted) Claim sets about an Attester's intended platform operational state.
: Reference Values as defined in {{-RATS}}. This specific type of Claims is used to appraise Claims incorporated in Evidence. For example, Reference Values MAY be Reference Integrity Measurements (RIM) or assertions that are implicitly trusted because they are signed by a trusted authority (see Endorsements in {{-RATS}}). Reference Values typically represent (trusted) Claim sets about an Attester's intended platform operational state.

Claim Selection ('claimSelection'):

Expand Down Expand Up @@ -291,7 +289,7 @@ The way these handles are processed is the most prominent difference between the
| |
| signedEvidence, eventLogs -------------------------------> |
| |
| appraiseEvidence(signedEvidence, eventLogs, refClaims)
| appraiseEvidence(signedEvidence, eventLogs, refValues)
| attestationResult <= |
| |
~~~~
Expand Down Expand Up @@ -319,7 +317,7 @@ With the Handle, the Authentication Secret IDs, and the collected Claims, the At
While it is crucial that Claims, the Handle, and the Attester Identity information MUST be cryptographically bound to the signature of Evidence, they MAY be presented obfuscated, encrypted, or cryptographically blinded. For further reference see section {{security-and-privacy-considerations}}.

As soon as the Verifier receives the signed Evidence and Event Logs, it appraises the Evidence. For this purpose, it validates the signature, the Attester Identity, and the Handle, and then appraises the Claims.
Appraisal procedures are application-specific and can be conducted via comparison of the Claims with corresponding Reference Claims, such as Reference Integrity Measurements.
Appraisal procedures are application-specific and can be conducted via comparison of the Claims with corresponding Reference Values, such as Reference Integrity Measurements.
The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness.

## Uni-Directional Remote Attestation
Expand All @@ -340,8 +338,8 @@ The final output of the Verifier are Attestation Results. Attestation Results co
evidenceGeneration(handle, authSecIDs, collectedClaims) |
| => Evidence |
| |
| evidence, eventLogs -------------------------------------> | | |
| appraiseEvidence(signedEvidence, eventLogs, refClaims)
| evidence, eventLogs -------------------------------------> | | |
| appraiseEvidence(signedEvidence, eventLogs, refValues)
| attestationResult <= |
~ ~
| |
Expand All @@ -358,7 +356,7 @@ The final output of the Verifier are Attestation Results. Attestation Results co
* | | *
* signedEvidence, eventLogsDelta -------------------------------> | *
* | | *
* | appraiseEvidence(signedEvidence, eventLogsDelta, refClaims) *
* | appraiseEvidence(signedEvidence, eventLogsDelta, refValues) *
* | attestationResult <= | *
* | | *
************************************************************************
Expand Down Expand Up @@ -407,7 +405,7 @@ Methods to detect excessive time drift that would mandate a fresh Handle to be r
| |
| signedEvidence, eventLogs -------------------------------> |
| |
| appraiseEvidence(signedEvidence, eventLogs, refClaims)
| appraiseEvidence(signedEvidence, eventLogs, refValues)
| attestationResult <= |
~ ~
| |
Expand All @@ -424,7 +422,7 @@ Methods to detect excessive time drift that would mandate a fresh Handle to be r
* | | *
* signedEvidence, eventLogsDelta -------------------------------> | *
* | | *
* | appraiseEvidence(signedEvidence, eventLogsDelta, refClaims) *
* | appraiseEvidence(signedEvidence, eventLogsDelta, refValues) *
* | attestationResult <= | *
* | | *
************************************************************************
Expand Down