align endorsement definitions

ietf-rats-wg / architecture

RATS Architecture

Other

16 stars 10 forks source link

align endorsement definitions #350

Closed thomas-fossati closed 2 years ago

thomas-fossati commented 3 years ago

In §4.2 Endorsement is defined as: "A secure statement that an Endorser vouches for the integrity of an Attester's various capabilities such as Claims collection and Evidence signing."

§8.2 uses a more restrictive description: "An Endorsement is a secure statement that some entity (e.g., a manufacturer) vouches for the integrity of the device's signing capability.", which seems to limit the scope of an Endorsement to the verification of the Attester's signature on Evidence.

I think §8.2 should be rephrased to align with §4.2 so to allow Endorsements to be more than just verification keys.

Besides, the definition of Endorser in §4.1: "[…] Endorsements help Verifiers appraise the authenticity of Evidence" could be relaxed to drop the (seemingly) exclusive coupling of Endorsements with authenticity appraisal.

nedmsmith commented 3 years ago

+1 Re: §4.1 the alignment of "Endorsements" with "Evidence" seems overly constraining since Reference Values are expected to match Evidence while Endorsements are not expected to be compared to Evidence. The wording "authenticity of Evidence" is what Endorsements qualify but that is too narrow as it could also appraise other Attesting Environment functionality such as Claims Collection, key generation, signing as well as launching code, transitioning to other environments, storing secrets and there could be more.

henkbirkholz commented 3 years ago

Huh. I checked both sections and... I think you both might be right here. While it's not the intent of Section 8.2, factually it seems to be artificially constraining (by accident?). I have to admit, I did not catch that discrepancy. My initial assessment is that - as we took great care with the "normative anchor" that is Section 4.2 - we did not pay enough attention to align Section 8.2 with that.

Taking into account @thomas-fossati's and @nedmsmith's assessment, I think this is an editorial issue. Could @thomas-fossati please provide a proposal and @nedmsmith please review that first, so that we can address this issue along the upcoming next review phase. This action depends on this change remaining to be a editorial harmonization (again, which I think it is). If there are any counter indications that this is bordering on normative impact, please highlight so.

nedmsmith commented 3 years ago

"In some cases, an Endorsement is a secure statement that some entity (e.g., a manufacturer) vouches for the integrity of the device's signing capability."