Evaluate TCG Compatibility on Conditional Triples

[yogeshbdeshpande]

Once https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/266 is resolved, via via PR #268 which sorts the compatibility with the TCG, this has an impact on the Conditional Triples.

This issue tracks the impact of Introduction of measurements of one or more Measured Elements in an Environment on the following:

1. CDDL Schema of (a) conditional-endorsement-series-triple-record AND (b) conditional-endorsement-triple-record
2. Impact on Matching Semantics and Introduction of Endorsements to ACS

[yogeshbdeshpande]

My Initial Analysis:

• Stateful Environment MUST change to reflect that the entire Environment needs to be stateful, meaning all the Measured Elements state needs to be recorded, hence the multiplicity of measurement-map needs to be expressed in the stateful environment.

; STATEFUL environment with one or more measurements that must match evidence stateful-environment-record = [ environment-map, [ + measurement-map ] ]

• Conditional Endorsement Triple {#sec-comid-triple-cond-endors}

conditional-endorsement-triple-record = [ conditions: [ + stateful-environment-record ] endorsements: [ + endorsed-triple-record ] ]

There is no ambiguity..

When a Stateful Environment with multiple measured elements all match then only An Endorsed Triple containing One Env, with Multiple Endorsements each pertaining to each measured Element within an Environment applies and added to ACS.

The Supply Chain Actor decides, how many of all measured-elements it wants an exact match in stateful environment, prior to one or more measurements each belonging to the SAME measured elements, it wishes to ADD via endorsed-triple-record.

[deeglaze]

What is the meaning of the authorities in the endorsed-triple-records? I would hope they're either instructed to be ignored, OR they make the endorsement addition yet further conditional on all the endorsed measurements matching the ACS with the listed authorized-by keys–the action is then only to add the CoRIM issuer to that authorized-by list.

[yogeshbdeshpande]

I will reply to authority inside endorsed-triple-records

The example is : as I tried in the other issue, is say a Test House has run certain benchmark tests on a Stateful Environment, to keep it simple, an Env with one Measured Element (With an Mkey: Value 1, Meas-val: Digest, Revision 1.0.0.

The Test Results are the Endorsements.

The Test House lists the Authority in the meas-map of Endorsed triple.

The Integrator or some other authority signs the CoRIM : So now it has a Statefule Env: and an Endorsed Value with the Authority of the Test House completes the Endorsed value triple!