search

ietf-rats-wg / rats-endorsements

Other
0 stars 0 forks source link

Requested feedback #5

Closed muhammad-usama-sardar closed 9 months ago

muhammad-usama-sardar commented 1 year ago

It may very well be the case that there is only one Reference Value per Claim per component (e.g., MRENCLAVE in SGX).

As a counterexample, CPUSVN inside PCK cert (Endorsement) may be older than the one in Evidence (QE Report Body).

One of the major purposes of Endorsements is to provide identity endorsement, which is never discussed in the draft.

For example, I am thinking about attributes and Security Version Numbers in SGX/TDX. For instance, SGX TCB Security Version Number (SVN) has 16 components, so would each component be treated as a Claim, or would the SVN be treated as a single unit?

dthaler commented 1 year ago
  • The following is NOT always applicable:

where actual state has a single value per claim per component applying to one device at one point in time, reference state has a set of values per claim per component (§2)

It may very well be the case that there is only one Reference Value per Claim per component (e.g., MRENCLAVE in SGX).

There is no contradiction. A single-value can still be represented as a set of size one in such a case.

  • The following is NOT always the case:

Actual state: Evidence, Endorsements, Attestation Results (§2.1)

As a counterexample, CPUSVN inside PCK cert (Endorsement) may be older than the one in Evidence (QE Report Body).

I don't understand the relevance of your statement to the quoted text. Please clarify your feedback. I suspect the "Conditionally Endorsed Values" section will be the answer to your question.

  • I think the draft currently focuses on a very specific case rather than the goal stated in the abstract:

explains the purpose and role of Endorsements

One of the major purposes of Endorsements is to provide identity endorsement, which is never discussed in the draft.

Draft-02 added section 4 "Endorsing Identity".

  • Clarify "group of claims" vs. "set of claims" (e.g., as used in §2)

"set of claims" is used synonymously with "claimset" in other documents, where Evidence can have multiple claimsets, one per component. I'm using "group of claims" to refer to a set of claimsets. Will clarify.

  • Clarify the definition of "Claim" and explain:

for our purposes we will treat such a list as a single unit (§2)

For example, I am thinking about attributes and Security Version Numbers in SGX/TDX. For instance, SGX TCB Security Version Number (SVN) has 16 components, so would each component be treated as a Claim, or would the SVN be treated as a single unit?

The hardware is a component, and has multiple claims of which SVN might be one unit if the EAT profile (or CORIM or whatever else) defined it as such.

  • Clarify "reference values" vs. "Reference Values"

Should be the latter for consistency.

muhammad-usama-sardar commented 1 year ago
  • The following is NOT always applicable:

where actual state has a single value per claim per component applying to one device at one point in time, reference state has a set of values per claim per component (§2)

It may very well be the case that there is only one Reference Value per Claim per component (e.g., MRENCLAVE in SGX).

There is no contradiction. A single-value can still be represented as a set of size one in such a case.

If both actual state and reference state can be represented as sets, then the distinction between actual state and reference state in the draft is very weak. The distinction should be more precisely clarified.

  • The following is NOT always the case:

Actual state: Evidence, Endorsements, Attestation Results (§2.1)

As a counterexample, CPUSVN inside PCK cert (Endorsement) may be older than the one in Evidence (QE Report Body).

I don't understand the relevance of your statement to the quoted text. Please clarify your feedback. I suspect the "Conditionally Endorsed Values" section will be the answer to your question.

Just to clarify, this was not supposed to be a question. This was supposed to be a counter-example that as opposed to what the draft (e.g., quoted text) says, Endorsements may not always represent actual state.

  • I think the draft currently focuses on a very specific case rather than the goal stated in the abstract:

explains the purpose and role of Endorsements

One of the major purposes of Endorsements is to provide identity endorsement, which is never discussed in the draft.

Draft-02 added section 4 "Endorsing Identity".

Thanks, I was reviewing draft-01. I will have a look.

  • Clarify "group of claims" vs. "set of claims" (e.g., as used in §2)

"set of claims" is used synonymously with "claimset" in other documents, where Evidence can have multiple claimsets, one per component. I'm using "group of claims" to refer to a set of claimsets. Will clarify.

I hope to see this question clarified: Is one "component" representing precisely one Target Environment? I think that will precisely distinguish "set of claims"/"claimset" and "group of claims"

  • Clarify the definition of "Claim" and explain:

for our purposes we will treat such a list as a single unit (§2)

For example, I am thinking about attributes and Security Version Numbers in SGX/TDX. For instance, SGX TCB Security Version Number (SVN) has 16 components, so would each component be treated as a Claim, or would the SVN be treated as a single unit?

The hardware is a component, and has multiple claims of which SVN might be one unit if the EAT profile (or CORIM or whatever else) defined it as such.

This is very ambiguous to me. The definition of Claim that is used in the draft should be independent of EAT profile/CORIM.