Evaluate impact of Measured Element Multiplicity (in an Environment) to Conditional Triples

[yogeshbdeshpande]

Once https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/266 is resolved, via via PR #268 which sorts the compatibility with the TCG, this has an impact on the Conditional Triples.

PR #277 points to this issue as it's motivation.

This issue tracks the impact of Introduction of measurements of one or more Measured Elements in an Environment on the following:

1. CDDL Schema of (a) conditional-endorsement-series-triple-record AND (b) conditional-endorsement-triple-record
2. Impact on Matching Semantics and Introduction of Endorsements to ACS

[yogeshbdeshpande]

My Initial Analysis:

• Stateful Environment MUST change to reflect that the entire Environment needs to be stateful, meaning all the Measured Elements state needs to be recorded, hence the multiplicity of measurement-map needs to be expressed in the stateful environment.

; STATEFUL environment with one or more measurements that must match evidence stateful-environment-record = [ environment-map, [ + measurement-map ] ]

• Conditional Endorsement Triple {#sec-comid-triple-cond-endors}

conditional-endorsement-triple-record = [ conditions: [ + stateful-environment-record ] endorsements: [ + endorsed-triple-record ] ]

There is no ambiguity..

When a Stateful Environment with multiple measured elements all match then only An Endorsed Triple containing One Env, with Multiple Endorsements each pertaining to each measured Element within an Environment applies and added to ACS.

The Supply Chain Actor decides, how many of all measured-elements it wants an exact match in stateful environment, prior to one or more measurements each belonging to the SAME measured elements, it wishes to ADD via endorsed-triple-record.

[deeglaze]

What is the meaning of the authorities in the endorsed-triple-records? I would hope they're either instructed to be ignored, OR they make the endorsement addition yet further conditional on all the endorsed measurements matching the ACS with the listed authorized-by keys–the action is then only to add the CoRIM issuer to that authorized-by list.

[yogeshbdeshpande]

I will reply to authority inside endorsed-triple-records

The example is : as I tried in the other issue, is say a Test House has run certain benchmark tests on a Stateful Environment, to keep it simple, an Env with one Measured Element (With an Mkey: Value 1, Meas-val: Digest, Revision 1.0.0.

The Test Results are the Endorsements.

The Test House lists the Authority in the meas-map of Endorsed triple.

The Integrator or some other authority signs the CoRIM : So now it has a Statefule Env: and an Endorsed Value with the Authority of the Test House completes the Endorsed value triple!

[nedmsmith]

Once #266 is resolved, via via PR #268 which sorts the compatibility with the TCG, this has an impact on the Conditional Triples.

This issue tracks the impact of Introduction of measurements of one or more Measured Elements in an Environment on the following:

1. CDDL Schema of (a) conditional-endorsement-series-triple-record AND (b) conditional-endorsement-triple-record
2. Impact on Matching Semantics and Introduction of Endorsements to ACS

The issue name is misleading since TCG specs didn't define conditional endorsement triples (assuming the simple endorsed-values-triple isn't lumped into this class).

[nedmsmith]

The impact of making element multi-valued on conditional-endorsed-series-triple-record is as follows:

• stateful-environment-record should also have element multiplicity
• mkey should be added to conditional-series-record

The following CDDL changes are implied:

conditional-endorsement-series-triple-record = [
  stateful-environment-record
  [ + conditional-series-record ]
]

stateful-environment-record = [
  environment-map,
  [ + measurement-map ]
]

conditional-series-record = [
  refv: measurement-map
  endv: measurement-map
]

These changes do not attempt to address other concerns such as:

• Whether condition matching should span multiple stateful-environment-records
• Whether the target of the series match (aka selection) should differ from the matched condition.

[nedmsmith]

Conditions that span multiple ECTs (aka stateful-environment-record) introduces ambiguity for series selection in the current series triple because the selection target defaults to the matched condition. With multiple conditions, the default behavior is non-deterministic.

The evs relation addresses the non-determinism by requiring the selection to include the target explicitly. This can result in Awkward or bulky statements for the happy path use case where the condition and the selection environments are the same.

Additionally, the addition in conditional-endorsed-series-triple-record defaults to the current selection environment as the target for supplying the addition. However, if the addition is given more flexibility to target which environment to apply the addition, then the full ECT context must be supplied. This, however, results in yet another instance of the full ECT replicated in the RIM entry for the happy path use case.

The net result of a generalized evs-based conditional series triple is the common case will seem bloated with seemingly redundant information. (Actually, three copies of environment and measurement values will exist). If the addition is just a single or few claims, then it seems like it fails to realize the principle that "simple things should be simple, but complex things possible". Instead, it is an example of: "simple and complex things are achievable".

A reasonable compromise is to have two forms of the series triple, one that is optimized for the common / simple case and one that is more powerful but also more complex.

[nedmsmith]

OK to close this issue? Fixed in PR #276 and PR #268

[yogeshbdeshpande]

OK to close this issue? Fixed in PR #276 and PR #268

Yes, I will close this. Thanks for the reminder!