thomas-fossati
commented
1 month ago What Section 2.1 of rats-endorsements says agrees with Section 8.5 of the architecture.
Closed nedmsmith closed 5 days ago
thomas-fossati
commented
1 month ago What Section 2.1 of rats-endorsements says agrees with Section 8.5 of the architecture.
nedmsmith
commented
1 month ago What Section 2.1 of rats-endorsements says agrees with Section 8.5 of the architecture.
I'm not following. Did I mention 8.5 of RATS Arch?
thomas-fossati
commented
1 month ago I am saying that §2.1 or rats-endorsements is currently per §8.5 of RFC9334.
If we want to say something different here we need to:
(Note that 2. may already be the case.)
nedmsmith
commented
1 month ago I would prefer to update RATS Arch rather than have multiple RATS Arch specs. I think I-D.DAA also updates a portion of the architecture.
dthaler
commented
3 weeks ago Section 2.1 describes appraisal policy as the source of comparison rules for relating actual state with reference (possible) state.
Yes, appraisal policy is described as the authoritative source of such rules. Inputs to it can come from an attester (via evidence), from an endorser (via endorsements), and from a reference value provider (via reference values).
However, there are significant comparison dynamics that can occur independent of appraisal policy. For example, a verifier can assume exact match semantics given the reference values are identical to the evidence values. No appraisal policy is required to instruct a verifier to apply exact match semantics.
The appraisal policy (which is authoritative) in such a case is to assume exact match semantics. Such an appraisal policy default could be hard coded into a verifier, but is still appraisal policy as defined.
Additionally, a profile such as https://datatracker.ietf.org/doc/draft-cds-rats-intel-corim-profile/ defines Reference Values that define actual value must be in the set of allowed Reference Values and actual value must be in a range where two Reference Values are the min and max.
Yes, section 2, and also (as Thomas mentioned) RFC 9334 section 8.5 both explicitly talk about those possibilities being used in appraisal policies. The fact that a reference value provider can provide such suggestions does not change the fact that the appraisal policy can accept them or override them.
This suggests that the RVP has insight on how best a verifier should apply matching rules.
It might have insight, as might an endorser and an attester as well. But the appraisal policy is authoritative.
The current text seems to ignore this important aspect.
We can add a sentence saying appraisal policy is authoritative though in some implementations other roles (attester, endorser, reference value provider) might provide hints/suggestions that might be used as input.
henkbirkholz
commented
3 weeks ago Yes, section 2, and also (as Thomas mentioned) RFC 9334 section 8.5 both explicitly talk about those possibilities being used in appraisal policies. The fact that a reference value provider can provide such suggestions does not change the fact that the appraisal policy can accept them or override them.
Isn't that the killer argument? Policy trumps suggestions contained in other Conceptual Messages?
dthaler
commented
5 days ago I believe this is fixed in the latest draft. Please reopen (with explanation of what is remaining) if you disagree.
Section 2.1 describes appraisal policy as the source of comparison rules for relating actual state with reference (possible) state. However, there are significant comparison dynamics that can occur independent of appraisal policy. For example, a verifier can assume exact match semantics given the reference values are identical to the evidence values. No appraisal policy is required to instruct a verifier to apply exact match semantics.
Additionally, a profile such as https://datatracker.ietf.org/doc/draft-cds-rats-intel-corim-profile/ defines Reference Values that define actual value must be in the set of allowed Reference Values and actual value must be in a range where two Reference Values are the min and max.
This suggests that the RVP has insight on how best a verifier should apply matching rules.
The current text seems to ignore this important aspect.