mcr
commented
2 years ago We need to acknowledge that there is a deep hole (not infinitely deep, but not trivial) where we need to look at integrity of all of the different platforms.
The way that the compositions are composed is a bit tricky, and the results are sometimes different than other people would naively assume.
Are there references here to other papers that we should include?
[Roman's comments on -13] I didn't come away from this section with a strong, consistent understanding of which interactions needs which security properties or what considerations are need for which roles. Section 12.2 is at least clear on integrity, but it also makes vague allusions to other properties.
-- Section 12.2 This section lists that there might be a need to support additional security properties and provides list (i.e., E2E encryption, DoS protection, authentication, etc.) . What actionable guidance should be taken from this text? How should one reason about those properties?
-- The overall Section 12 seems silent on:
o Endorsers and endorsements? o Reference values? o What is the implication of combining roles into a single entity as described in Section 3.4 and 6. Does this lack of separation present any additional issues? o Compositional devices per Section 3.3?
[Roman's comment on -15] I didn't see any discussion on text changes in this section related to these comments. I saw https://github.com/ietf-rats-wg/architecture/issues/367 which seemed to match this feedback, but the associated pull request seemed to fix an editorial issue.