findthomas
commented
1 year ago Hi Yaron,
Using one example, the Lock-Attestations (set of asset-related claims) is above the TLS layer.
It has to be a standalone blob & signed by G1, so that it can be stored by both gateways for future legal disputes.
When we use the word "Attestation" or "Receipt" we are using it in a legal sense, similar to signing a Word/PDF doc or JSON which in the US is covered under thew Clinton's eSignature ACT of 2000.
The "Attestation" is more like a legal/financial assurance and the willingness of the Owner/Operator of a Gateway G1 to take-on financial liabilities if G1 lies or makes a mistake.
ps. I think the word "Attestation" maybe confusing here. We did look at the word "Claim" (as in signed claims or assertion).
yaronf
Sec. 6: Why is attestation even in scope? We are setting up a secure channel, and this may include (per policy on both gateways) authentication of both sides, and possibly attestation. But ideally, this should all be done at the TLS layer.
And then there's the question whether it is even expected. Typically in a cross-domain setting, authentication is much more relevant than attestation.