RD AD review: evidence

[mcr]

** Section 8.1
   Evidence is appraised by a Verifier to establish
   its relevance, compliance, and timeliness

What is meant by having to establish that evidence is relevant? Is the concern that the Attester would provide evidence that is not relevant? Is than attack or attempt a subterfuge?

[nedmsmith]

Relevance can refer to how trustworthiness claims are associated with the Attester (Target and Attesting Environments). Claims associated with TA (a) may not be relevant to Claims associated with TA (b) if (a) and (b) are parts of a composite device. Conversely, if (a) and (b) are layers in a layered device, trustworthiness in (b) could depend on (a) trustworthiness claims as well as (b) trustworthiness Claims.

[mcr]

We are erring on the side of the attester oversharing, and we deal with this issue in the Privacy Considerations.

[mcr]

https://mailarchive.ietf.org/arch/msg/rats/zGTPhKrQfRfC14MTT_TKku5G5kY