Internet Engineering Task Force 113, 22 Mar 2022

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF113-RATS-20220322-0900

Description

RATS meeting session at IETF113
2022/03/22 0900

https://datatracker.ietf.org/meeting/113/proceedings/

A

I didn't scare her too much mike. I promise just enough.

B

That's what I did yesterday. It helped me anyway.

B

C

Some of some of them are just the same presenter.

A

Oh yeah, I don't care about the presenter.

D

I care about the time. Hello. Thank you. Thank you sure three minutes.

E

D

Gonna keep them.

C

Oh, you got, you have the wrong. You've got the wrong one.

B

And I just downloaded.

F

Them from the data tracker.

A

Kathleen, if you can help us with the note takers, so giddy and and I armstrong data to help but as I believe, we'll probably be getting into deep discussions, it would be great if you can make sure that we have the items.

G

Captured, yes, the only I'll have a problem, the last 15 minutes. Just because that's when I have to get my kid ready for school.

A

B

C

Step three from eric start off and then basically four from ink.

A

But the the presentations.

B

And the times haven't changed right.

C

They're just the order, so you don't have.

B

Okay, I got you.

B

I was looking at the wrong one.

B

ah I see said the blind man.

A

Oh, my goodness, you know what no.

C

I can I can slip back and forth.

B

Yeah, that's true.

B

This is the only way I can keep track.

A

Well, given that we have a packed agenda and we're only allocating three minutes to some I'm trying to keep everybody.

A

You're being serious.

C

Okay, well we're gonna get started so uh welcome to uh rats working group session one and uh we're gonna we're gonna go through uh a few of the chair, slides to be to get started. So uh just a reminder. uh The uh in terms of the no note well uh information pilot. I have policies on uh on ip, so this is a reminder that the init that the ietf policies are in effect for various topics such as patents, code of conduct.

C

That is meant to point you to the right direction. Exceptions may apply uh the ietf's patent policy and definition of the ihf contribution and participation are set forth in vcp 79. That information is here on this slide and available, and these slides are available on the data tracker.

C

There's some meeting tips for uh for meeting today, uh if you're, an in-person participant, make sure you sign in the session using the media. Echo data tracker uh also use mediaco to join the mic too, keep audio and video off, if not using on-site version and for those in the room. Please keep your mask on for those who are would like you to do that. Remote participants make sure that your audio and video are off unless you're, sharing or presenting during a session and use of the headset is strongly recommended.

C

uh The resources for this meeting are are here and available on data tracker. If you wanted to access those.

C

And uh just a reminder for the code of conduct uh extend respect and courtesy to your colleagues at all times, uh have them personal uh discussion uh device solutions for the global internet that meet the needs of diverse technical and operational environments and be prepared to contribute to the ongoing work of the group.

C

A

Just quick agenda bash so um we're gonna flash through this really fast. Hopefully everybody can hear us fine. If you can't, you can put it in the uh in the jabber um and we'll try and do better get closer to the mic.

A

So, as you can see, and if you flip to the next slide, we have a very packed agenda for today. Hopefully you guys have seen this because I don't know that we have a lot of time, we're already one minute over in our our time slot to bash it. um So I'm going to do a call once twice no changes, let's go ahead and get started too late.

A

E

Sorry go ahead, hank.

A

What's the change.

H

I think that I I subtly changed the order of the agenda. I'm sorry for that, because the the presentation blob is, I think, doing daa after uccs now, so that that's just a minor thing, but I think the root sequence is like off now.

C

If it's all in sort of a group, yeah go in whatever order, just as long.

A

C

Make sure that I'm presenting what it is you're talking to yeah and I have everybody's slides. I think I have everybody's slides together, uh and so I could present for you if you like. That's what I want.

A

To say, I think, in the interest of time we will be presenting the slides. You tell us how to flip them, uh so the only challenge would be if the order is changed. Yeah.

C

If the orders changed from what was in the so so the first first up is eric eric.

I

Hey everybody. Can you hear me.

A

Yes, we can good morning eric, let's go.

I

uh Good morning to you guys, um I'm gonna do an update on shara and, as you can see, we're up to version 18 if you've been following the list, we've been going through the isg next slide.

I

And before I get into chara the details, just to remind you and review the set of relationships between documents, we have interaction models, uh r4c uh network device attest you'll, hear that from guy later and the rest that you'll be hearing now uh and uh so there's a deep set of relationships between a lot of the giraffes that are being progressed and a number of them are at the isg next slide.

I

We are just about at a pass at the isg. There are two discusses which I believe are minor and might also be closed. At this point, we think we've answered all the comments that are there, so we need one more vote in order to close the document. Changes that have occurred during the isg review include adding a appendix describing ima doing some reference changes and doing some xpath uh syntax tweaks.

I

uh I really don't think, there's anything. That's a blocker at this point next slide and that's that one so that'll help you get back on track right there. Any questions on chara before I go to the next one.

I

All right, thanks for.

E

I

Event stream subscription and this one will be even shorter, just to make sure we uh get through stuff uh what uh what event stream subscription is is it uh takes chara and the subscription work over in the netcomf working group to make sure that you can get a stream of uh tpm uh measurements off of a router or another device, and the goal here is to be able to not have to do challenge response, which is what chara really talks about, but instead get a stream of information when the pcrs are changing in a tpm, and so the result is a verifiably fresh set of evidence flowing from one device to another.

I

Next slide status, uh it's stable there have been many comments, have been some updates.

I

We've been doing this mostly because, as we close out, chara we should be able to after char is done with the iesg to go ahead and write a social and socialize a security considerations document and then go to working group last call. It really is not a big document. It should not be a controversial one, but since we have a dependency on chara, we are sort of completing that work.

I

Before going and requesting working group last call out of this group and that's pretty much the update for this any questions on um on the subscription work.

A

None from the room.

I

Excellent and last deck.

I

And here's the r4c and we'll keep on going so next slide.

I

It's broken into two parts. The first part is the information element, definitions for attestation, results that are generated by verifier to support interactions, secure interactions between a tester and relying party, and so the first part is really about claims effectively claims that are generated for secure interaction, support between two devices.

I

The second part is end-to-end implementation options, both via a background check model and what we call ar augmented evidence, which is a combination of a background check and a passport model.

I

There are two implementations of this out: there trusted path, routing which does things with a tpm as well as verizon, which is an open sports project, and I haven't updated the slide because it actually has been adopted by the confidential compute consortium so that you can make the interaction models with the information elements, work in confidential compute type of deployments, and so this really is a general uh draft aimed at multiple types of uh testers.

I

I

Now, there's been a number of changes since uh itf 112 first thing is working group adoption and thanks everybody for chiming in and providing comments. It was a good set of discussions on that. We've done a bit of text, clarifications on the values of specific trustworthiness, claims and trustworthiness. Claims are types of attestation results again that are generated for the purpose of understanding the trustworthiness of one device for another. There's also been mailing list: comparisons with the eat, security level and mailing list comparisons of the eat.

I

Software results we'll have one slide on the software results, but again we're just doing a quick update. Also, we've been aligning the trusted path. Routing document we have a new uh author there because of the the additions from meling ching from china mobile. So we are continuing to percolate that draft, but we're not requesting working group adoption until we really get some market uptake.

I

There are at least some people that are testing the service out, but there's no point in standardizing it until we have some more general uh adoption to make sure people are going to go and stay with the same type of deployment. Next slide now quick highlight on trust, reminisce claims and trust rhythmist claims.

I

uh As I said before, this is an older slide and I say it's based on the passport model.

I

It's really a combination of the top half of the interaction model, which is a background check with a passport model, and I highlighted from the slide verifier b, and this is because we've had some discussions on the mailing list about what's the difference between attestation results that are being sent from uh in the passport model, effectively from a central place to again a a relying party that also has a verifier on it and so highlighting that there's a difference between attestation results and the new evidence, which is then sent off to a verifier b in the last step.

I

Here is very important, because the relying party and verifier b is a multi-uh role that is gotta, be well understood as we define the information elements that are part of the ar augmented evidence. Next slide.

I

uh Other thing that I'm going to pull out and we're not going to read the text here. There are a number of design principles around the ar and in this case the ar for trustworthiness claims, and these are important as well for when you're designing attestation results, and these have been in the draft for about a year or so.

I

At this point, and it's very important to ins- understand what you're trying to to nail down as the rules that you're using to create ar, in this case, they're exposing a small number of claims uh enumerating very explicit states, making sure that you have very explicit definitions that rp developers understand and you ex support standard and non-standard extensibility.

I

And as we go through. The trustworthiness claims in future. Itfs.

I

Making sure that these trustworthiness claim uh rules are hit, makes things a lot easier for the implementer of the creation of the attestation results and their digestion by a policy language sitting in the relying party policy uh on the foreign device on the right from the last slide. All right and last slide.

I

We're going to probably talk about this more later in the day here, as we go ahead and talk about some of the items that lawrence wants to do.

I

This is a table that has undergone some discussion on the mailing list over the last few weeks, and that is the comparison of the intent and design of some of the trustworthiness claims for executables and file system and some of the claims over in the east side with software results, which I think might be getting renamed and while we dive into it, I wanted to highlight that there are certain things that we want to make sure that we handle when we look at the various uh specific objects that we're handling. For example.

I

These things are, what is the target, that's being evaluated, what are the number of includable states and how understandable are they and how complex is the language for then having a policy on the um target device? What is the purpose of the of the um of the claim? What are the different encodings and serialization?

I

That is needed, so I don't think we have time to dive into this, but I want to keep this in the back uh pocket to understand that there really should be some commonality of the claim designs, as we try to figure out what needs to be encoded for passing across the network, particularly when we're talking about writing some policy language on the relying party for interpreting. What's going to be coming from the attestation results and please chime in on the mailing list.

I

If you have any specific comments about these, but there is a lot of meat in this slide. We don't have the time to digest, but I think it's a important for your your consideration and I think that's all the slides. I have at this point now. If there's any questions on r4c.

A

No but um eric I want to go back since roman, put in the um chat for the chara draft.

I

A

uh He noted that it would be good if you can get the discusses addressed before the turnover completes so roman. I don't know when that turnover completes anyway, because you have enough votes now to make it move forward. You just need to address them and and read the draft.

I

All right, as far as I know, the discussion has been closed covered. I just need the responses from people on.

J

Yeah correct so this is roman jumping in since I I got invoked yeah eric is exactly right. I'm in contact with kind of rob to please ask him to to re, rob rob wilton to revisit his discuss, because I believe the edits that the team put out. Thank you. Eric uh uh do address the do address the feedback and the ballot turnover will happen on wednesday at the at the plenary. So we're all pushing to get things cleared as fast as possible.

I

Excellent right, so if anybody sees rob in the hallway grab them and take them to a computer.

A

And I know- and I saw him on sunday but I'll- keep that in mind thanks eric.

I

All right thanks, everybody.

A

Okay up next is architecture.

H

Hi, I'm hank, I have been have been told by the list to present my name, I'm hank, and this is about the architecture, so um michael richardson, most uh mostly did all of this content. So this is a report because we are in uh in a good state. The tiny little letters on the left side are hiding who's um contributing in the last half year and longer uh helping us getting this document uh done.

H

uh There are some little star asterisks at some of the names. These are the editors of the documents, so we have now uh no remaining issues uh 185 in total, the tuesday's meetings are and hiatus at the moment, and we have addressed literally all of the pull requests except the ones after uh my uh editorial cutoff. So we will not touch any uh content of the document until there will be a next action um that might be, I don't know actually so uh next slide, which is what is happening next, that's the conclusion.

H

So we have a diff, you can look at it. We added a few things at the end, we um upgraded the references and our state is a very limbo state of uh being submitted to isg, which can mean everything I assume it's not dead, and so I don't know what's happening next now, so we will not edit anything at that document at the moment until we know what the further steps are. So that is my question to the room. What are we doing now.

A

So, roman, you can help me out now that it's an iesg publication. It does go up to the isg. I expect to have reviews from the ads you'll get feedback that.

H

Would be great, there has no been, has no issue, no, no, no doctors, no directorate, no area has done reuse yet so that might be the next thing. I guess.

A

Well so roman help help me out here. Do you want me to trigger a directorate review? I mean.

J

I apologize, I was, uh I was in the chat window. Are we talking about the rats architecture document correct.

K

J

Right so none of the pre working group last call reviews were triggered it's in pub wreck. For me behind a much larger document. I have it half open, so I would say just for expediency.

J

Give me the rest of the week and I'm sorry the rest of the week after ietf week, and I should have it because I think that my early review dropped all the comments I would have and they they largely appear resolved. I just need to double check and then we can go to ietf less call and trigger their direct reviews. So the action is with me.

H

So we are not in the final last call, yet we have had the last last call, and now we initiate the next working group. Last call is that correct.

J

A

No, it's the publication.

J

Has been requested.

H

Right: okay, thank.

J

A

It was not matching.

H

What I was thinking it was on the slides so.

A

He said ietf last call. Oh.

H

Okay, I was sorry, thank you, okay, then! That's it! That's, basically what we're at um so. uh As roman said, the actions are now clear and we can move on to the next item.

H

I'm shocked ah interesting. That's the next item. Okay, um so we have. uh We have a daa document in an adopted state that has happened due to the split from the uh interaction. A reference interaction model document um daa by itself seems to be its own thing. That has is worth worth discussing having its own issue tracking, and I think that's fine. So now we uh recently uh convinced the failure to be a co-editor of this, and now we have a few next steps to be done. So um I don't know how familiar with da.

H

I think the timing is not for me enough for me to uh to highlight all of this, but there's a daa issuer, it's about anonymity.

H

So then you can't really distinguish one a tester from another, so that's done by having a third party, it's a daa issuer and that might be very similar to a rat's, endorser and, and that has to be fleshed out. So there has been some comments on the list and some comments on the uh on the document itself that we have a strong relationship here. We haven't addressed those yet so that is the next step.

H

One next step, then we have a trusted computing group concept called the privacy ca uh privacy would also be literally in support of being a dia issuer. So we haven't been talking about that in the text right now, but it's, I guess, the same function so that has to be uh again elaborated on, and then we have the dice concept, the composer identifiers from tcg. That's using, not hardware, root of trust, about the existence of a certificate and if the certificate um creation chain uh has been is there.

H

So if you with an existence of a rule of trust certificate exists, so then, then you can can imply that all the other certificates were fine. So there's a the trust consumption of the dust chain in the dice concept and that again would have to be addressed and correlated to the daa issuer flow. That's been done so I think that's been done outside of tc of our atf in the tcg. But again the document doesn't talk about that. So these are the three items.

H

I think we want to uh um do on a working group level. Next, I I'm pretty sure that not everybody is super interested in all of these. But this is a group attestation thing and there are a lot of identical things and I don't know cloud centers or iot swarms.

H

That would uh really benefit from this, because you don't really know that that exact thing was wrong, but maybe the concept of your whole swamp might be wrong, and so so that's the attestation, uh our scope, that we are targeting here for, and so that is our next steps, but I have to admit that we haven't prioritized that work at the moment. So that's just a status report. Any questions on that.

A

Can you get up and recognize yourself sure.

L

Yeah hi, this is lawrence. um I just wanted to understand, um is it focused I mean dea could apply to eat as well as chara. I don't know what you're thinking is about that I mean it's, uh so I just wanted to yeah.

H

I I bring that issue up could apply, but I have no clue how it would okay. So if you have an idea how to map that we are welcoming any input on that, I think that's great yeah, but that hasn't been done yet so that we literally knew work right and it might even be another document, I'm not sure.

M

Yeah but but yeah, but I.

H

Think, yes, uh testing a group of uh sorry, I'm I'm creating a trustworthiness, assertions about a group of similar things that you don't want to be distinguished. I think it's a real world application that a lot of people want and if it can help us there sure yeah.

L

H

It's just maybe it's kosei work.

L

H

Yeah, okay, all each work summer was cozy work. I think um so you might. You might have split off some some uh input there. So.

A

Thomas arjunu is putting in the uh comments that daa has been designed for the tpm, and the current draft would need more work um if we wanted to look into privacy ca for dice.

H

Yeah, that is exactly true. That is my point because it hasn't been done yet that's item too.

N

That's precisely, this is the envelope. That's precisely to understand this, because this is new to me and I wanted to so. The goal is about, as you said, to not necessarily distinguish among many similar things that you don't care or is about because looking at the private cca, the first impression you get is that what you want is to protect privacy of the of the attester for whatever the reason yeah. Whatever.

H

N

Exactly yeah, but but we're talking about many similar things, privacy doesn't make any sense there just to understand what we're talking about so.

H

If I'm talking about, I want to say some cell phone- and you know all of these- are kind of identical and we're not talking about the sim card thing, the individual part but the rest of the composite device. And now you can do a group attestation for all the cell phones at the same brand for scope. Let's say it's an enterprise yeah.

N

But but this is a let's say: this is a case that is related with privacy, because a cell phone is associated with a human that is moving around.

H

And that's why you have the daa issuer. They give you a certificate, that's not individual! Okay! So it's.

N

A group group- okay, so that's it, but it's applicable there and, on the other hand, is applicable. To I don't know one million. uh I don't know uh temperature or humidity sensors that we can spread exactly.

H

With the devices nothing to do with privacy in the on the other hand, exactly the devices do not lose their individuality, they get issued, something they can say, but I'm of this group that's basically the role of the issuer and that's why it might also be an endorser, because endorser is very similar to that. So there's a bit of some discussion how to generalize it, for example, for it yeah.

A

Diego would you mind re restating because uh gidi missed your comment for the minutes.

C

A

If you can just go to the notes and update it, that would be great. Okay,.

L

uh Lawrence again, one one: you have.

A

To make it quick, because we need.

L

To move on, that's fine! uh I just wanted to respond to thomas d.a.a. My understanding is a general cryptographic concept. It's not bound to tpms, for example, fido supports the da protocol in some ways and there are a lot of flavors of daa, and so there's a it's a big rich space and it's not associated with tpm's solely.

H

So I'm not thomas, so I'm not putting worth in his mouth, but I would say yes, but the only specification existing are we tbms?

H

Thank you. That is not wrong, but fido has no dice extension because we are working on that right now on my institute and I'm pretty sure about that. Yes,.

A

Okay, can we can we take that to the mail list please and.

O

But I think what I'm hearing is.

A

There's a distinction to the two use cases tpm versus otherwise so it'd be, would be good to clarify. Have the authors clarify it as well as you lawrence as to what your intent.

H

Is but I'm pretty sure, there's no dice extension in fighter. Please.

A

Do that on the mail list? Okay,.

H

Sure we do that so next slide, please uh it's an action model, it's cool, um so yeah, that's where we split the dar stuff off and we've already heard eric talk about the um background check model about subscriptions and challenge response. So the yang module is about challenge response. The subscription model is about apparently something else again, and then we have the time-based new directional models. These are general interaction models, how you convey evidence and, to some extent, always could apply to attestation results because they inherit the freshness characteristics.

H

So now um the uh um challenge, the chara, the challenge, request, response attestation and the subscription and the time-based ones are there, but in the architecture of rats we have defined the um background check, interaction model, which is a composition of interactions and the passport model, which is again a composition of interactions. So these haven't been covered by the uh interaction models id yet.

H

But there is a um a project: linux foundation, project out there, that's called a c2pa, it's a coalition of content, provenance and authenticity, and- um and they want to implement all this, so they switched already to sieber and cddi, and they really they really wanted to have. uh We need a document to refer to these specific implementations, specific interaction, combinations here for the models.

H

So that's why we pull that in to the mercury at the moment and eric, for example, also highlighted the uh ar augmented model, which is again a combination of the backpack round, check model and the passport model. So so that's also something we could consider to put in here. We don't know where the demarcation line is, but I think we won't go anything beyond that. So, but that is what's happening right now.

H

So c2ba was the reason to do the uh background, check and password combinations, and today now please review that, but I think you're a very good state, so we can also unders try to find out. Are we good with that?

H

Can we can we? Can we close the feature like? Are we leaving alpha and I'll go to better? So I think I think that's the point.

A

If you feel that the um the draft is mature enough, we can do an early last call and same thing. I can trigger.

H

Earlier or some some um directorate or uh some other people.

B

Aren't letting me finish, that's what I was going to say. I can tweet.

H

B

O

N

Will let you finish that.

A

Rhetorical we can move on.

H

What's the next thing.

H

Oh yeah uccs, so uccs by name hasn't changed but, as lawrence is probably well aware, um be included now in the appendix of the uss id um a option to accommodate both json cbor as a feature with cddi. So there are two features in c sorry: it's two capabilities of the cddi expressiveness. One of them is called feature and another one is called a generic.

H

So by selecting a feature which is apparently sieber or json, you can now switch to alternate generics that would allow you to uh use the json prelude or the sibo prelude and therefore it would not create any conflicts with any c detail. Definition whatsoever. When you do a json and sibo compliant cdl is back so lawrence took note of that and- and he already wanted to encompass it actually does incorporate it in the each spec, because it uh also has a target of uh addressing jason and sibo. So we haven't changed the name.

H

Yet it's in the appendix it's an informal, uh an informative thing. So now I think the next question for the working group is to understand. Do we want this id to be about uccs and or also ujcs?

H

I think it would be called then right so so we didn't dare to do that just without consensus, but this is basically the the the call out to uh um that.

H

We can start that discussion on the list um and and if we want, if everybody is want to have that, I think it's it's not specifically related to rats, um but I think it's very important to highlight that um every any um specification about something unprotected has to come with a very prescriptive threat model that tells you why it's okay to have these claims sets, be it in or sabor, I'm protected.

H

So what we're doing here is we're introducing the concept and we always bundle it with at least the very first application scenario and that's rats. So I think it's still very fine to have this in reds, because we can't release the concept into the wild by saying and then you have to do a threat model, and this is just how you do it, because then people will just do it that way and don't have to write down their security implication about why you're doing this and how this is done.

H

I think that's a very important part of uccs and now, if it would become something that you yet you jcs also yeah, but it even gets more important. So so that's why this is in rats. It's actually about cwts, but you can't just do this with any cwt.

H

They have to serve a purpose like eat, and then you have the threat model and the security consideration about that. That's what's happening in this id. So that's why it's not in a cwt space. That's why it is in the red space, but in general to be honest, the core of it can apply to any kind of cwt. I hope that makes sense to you. If not maybe look at the draft. A bigger discussion on the list.

A

Okay, gary just mentioned as an editor he's recommending decisions on uccs be deferred after his presentation.

A

H

They'll be deciding anything in the next few days.

A

H

A

A

I didn't think we were deciding anything.

H

I'm just I'm just highlighting that this is why this isn't right. I think that's the last slide. I think I have to present on yes, yes, so lauren's next and I bye-bye.

L

Hello, this is lawrence, um so that's uh the slide. I've always presented kind of the the list of planned eat claims.

P

Because otherwise, every time you turn your head around, you miss the audio.

L

All right is that better yeah, okay.

L

There we go, I'm not I'm not into that kind of never done karaoke.

A

You try it out now.

L

um What no next slide? Okay, please!

L

So here's a uh kind of a status of the the blue arrows of things that have changed in the dash 12 uh draft. um So that's where work was done um and, as you can see, most of everything is green, which means it's ready for last call. So the two areas that are still need some work just in terms of the individual claims are, you know measurements and results basically stuff related to attestation results ar next slide.

L

uh Here's just a list of uh interesting changes from the the dash 12 draft, um with the definitely improvement in the language, mostly thanks to comments from hanus.

L

We added the hardware model claim so now that there's this oem id hardware model and hardware version as uh identifiers for devices that kind of a standard triple then there was the boot odometer claim was added um uh some privacy considerations.

L

um The hardware version claim was improved um and then the uh ayanna section was was filled in to some degree. The main purpose of the the dash 12 draft was actually to get um things published for early allocation, which uh that's uh I'm not going to talk about that today. I think that's just administrative at this point next slide.

L

uh So here's a uh thing I wanted to bring highlight um planning for the dash 13 draft is to group. The claims uh in uh you know they're, all in just one big list now put them into four, uh so one is claims about the entity.

L

So these are the things we've been thinking about a lot in the past already then, there's claims about the token itself. So these are things like the profile of the token.

L

What the intended use of it is, uh you know what is expected to be in the token or not uh the and the timestamp, so you're kind of separating what are claims kind of metadata about the token versus claims that are about the the entity and um that was kind of came to light, partly in the ar discussion and then nonce is kind of a special case because it kind of goes through, and then there's also some uh discussion about how to include key public keys um and that's not exactly a claim.

L

So there's a pr to um uh you know rearrange the sections that also has some good discussion about ar in it um that that pr next uh in the this is this is the um work queue.

L

One of the the items is just to complete the cdl um and get it all to work that jc generic is the one that hank was referring to um and that's the uh ability to write cdl that can be verified against uh json or verified against sebor.

L

That's an interesting thing. I mean the. I think the cddl tool is a little bit shaky on on the the jason parley. So I've had some trouble with that um and uh so there's there's some work. That'll that'll be in the dash 13 draft. The um you know finishing that off um that uh jc generic actually is making the cdl a lot simpler. So it's actually uh helpful.

L

I mean, I think it's we're on the edge here in terms of the use of cvdl, but I think it's a good direction and then that uh rearranging the sections to to group the claims better. I think that's a good one uh that that's uh that's basically straightforward work um next next slide, so here's uh topics that I think we need consensus on still so there's some uh issue about the relationship between eat and uccs and geary's. Going to talk about that. I think the real core here is: is there a normative reference or not?

L

And what's the uh the sort of dependency and the ordering and, like you know, in terms of last call process and stuff like that, we don't want it to get hung up by a hard dependency on on uccs.

L

um There's the security level claim, uh there's been a lot of discussion on that.

L

I'm not saying that's a showstopper, but we got to figure out what we're going to do and then um there's the the attestation results discussion. So you know: what's its role in attestation, results is attestation results a separate profile.

L

Is there a general result code? What's its result, relation to ar 4si, and I think there's a discussion later today for that next slide?

L

Okay, that's it for, for me,.

L

Questions do we have we have time for questions no.

A

You're a minute and a half over.

A

um We can save that for later. If there's questions is it, is it guy or who's who's presenting on riv, guy or eric.

Q

uh uh Hi nancy, it's guy.

A

Guy, hey guy you're up next.

Q

How are you doing, oh thanks for.

A

Being in the queue.

R

A

On roman, were you in the queue I didn't see you there you go, go ahead, roman.

J

What did you announce the the really great news, if folks weren't, watching the mailing list, that the early allocation for eats are now approved through the through kind of the the normal kind of processes? So at this point, what we are waiting for is ayanna to just perform their batch administrative action to get those claims posted.

A

Thanks to michael for helping mike jones.

J

Indeed, thank you mike.

Q

R

Mike jones, of course, um I think the discussion educated a lot of people, including myself, so I'm glad we had it. No.

A

And I appreciate you helping expedite it all right with that. Sorry, guy, okay, you can.

Q

Go yep: it's uh it's guy for darko! Speaking uh on behalf of the um remote integrity, verification draft! uh um Next, please, I think we're doing pretty well uh just as a reminder. The objective here is to standardize the way that you could you that you can use uh tpm based devices to do remote attestation, that is, to assess the the the uh uh integrity of the software and of the device that you're you're trying to validate.

Q

The point is to make this technology, which has been around for a while with tcg equipment, to make it into something that can be used by network operators with.

Q

Without requiring a proprietary work along the way to standardize the interfaces next, please.

Q

um As a reminder, this is the following: the so-called background check model.

Q

That is you you go to the device and ask it how it's doing uh and then the verifier looks at the results to produce uh uh a passport if you will to say that uh sorry to produce a result which says whether the device is uh working uh as intended, this does not include explicitly riv does not explicitly include the interaction with the relying party that that we declared out of scope at the start, but is subject to the same discussions that we've been having about how you how you communicate between verifiers and and relying parties.

Q

um Next, please, um I think the status is that the discuss comments I think, have been resolved. um There are a couple of other uh none, as I understand non-blocking comments which require resolution, but I don't think those are hard and I think I can probably get them done even perhaps today or tomorrow and from there. I think, we're on to the rfc editor. As I understand it, next.

Q

Yeah so again, the next step is simply to resolve the the couple of the couple of comments that are still open and I think that's all I need to say the next slide is eric's um eric's uh document chart. So we've seen that in the previous presentations are there any questions on this.

A

No, I appreciate your responsiveness in trying to get this draft done. It may be the the first draft out of the rats working group.

Q

Well, yeah, you see.

A

Q

We're we've been keeping it more or less synchronized with chara as well. So I I think, phil.

A

Well, they're, both going together their package still.

Q

Okay, thank you.

A

All right with that um next step is for us to have the discussion on the charter.

A

There's been quite a lot of exchange on the mail list as the chairs. We believe that um I don't know it may be worthwhile for you to share the charter text. If you can.

A

So we started the this well, we started the discussion a while back, but back in ietf 112.

A

There was agreement that um there was some new work that needed to be done that wasn't in the charter we needed to expand the charter. There was some proposed text. We did a.

A

Call for interest to see if there was interest by the participants in this working group if they wanted to extend the charter and if they liked the proposed text, and so there was a lot of discussion that went on in the mail list, um and so we wanted to do the pulse again here. I'm trying to talk as much well while ned brings up the text um to see if there were any other remaining issues, vis-a-vis the revised text for us to recharter the group.

A

So um let's see hmm this is a hybrid. So how do I do this? Pull show of hands? Do both.

C

If everybody's logged in.

A

Is is everybody logged in here who's on site.

H

A

H

No, no! No! No! No, not everybody.

C

A

Let me do it the other way. Is anybody not.

A

Okay, so I'll take your poll literally, um so I want to have a show of hands of who has read the um proposed charter text.

B

Of course, I'm the one typing this.

A

um And ned ned is showing the charter text. um Oh.

J

So this is wrong. That's the old chart text. That's what we already have. That's the existing scope.

A

Yeah, the one on github, that's the proposed new charter text.

P

That would have been interesting if people have checked now.

A

Yeah wow is a test who is awake? Okay, I did start the poll um so raise your hands. If you have read the proposed charter text, that's on github and ned will bring it up and we can. We can have ned read the proposed charter text as well.

A

So we do have quite a few, and there was only one in the room who was not on the meat echo. So hannes, not to put you.

H

Everybody in the room will meet echo and raising your hand. Okay, good.

A

Otherwise, I'm gonna call you out.

O

You can't find it I'm digging for it.

B

It's uh github. You want me to.

S

B

This drug and clarifying.

S

So if you are using the a small light version, you can vote from there or you're going to watch the full mutual conversion either one works so harness. Even when you have tried to get into the with the qr code. You're going to vote still.

A

Thank you, ditto.

A

Here's, the link, if you want to see it.

T

I think this is all right.

B

A

Okay, most of you have not read the charter text, so ned will be bringing it up.

A

You can't do it, of course, I'm running the poll, so I don't.

U

N

A

Yeah, I will conclude the poll yeah.

A

So we had 24 participants, they they had not read the text. Only eight had read the proposed text.

C

A

Are you sharing it.

C

um I'm sharing it. Okay,.

A

You want to read through.

H

It little bit of a character size increase one size. Thank you.

C

Okay, so the main change to the charter was to expand the program of work to include endorsements and reference value, endorsers and reference value providers, so that that text was added to uh item six in the program of work, which is standardized interoperable data formats to securely declare and convey endorsements and reference values.

C

There was some other minor cleanup of the terms in the in the program of work, but no substitute change to the original intent of the other program of work items.

A

We updated the goal saying you know, since we now have an architecture draft, we updated some of that text, but the substantive change is to add the program of work again, just to reiterate um adding to our charter on standardizing the data formats for securely declaring the endorsements and reference values.

A

Comments, we are now open for comments and feedback.

H

So just uh yeah, that's actually a comment so there's some a symmetry on the protocol work for the rats charter at the moment. I'm not a super fan of that, but I understand why it exists.

H

So uh um the chart allows for new protocols to be specified in the working group when it comes about through the conveyance of evidence from the test of the verifier, and it is talking only about reusing existing things when it comes to conveying attestation results from the verifier to the lying party.

H

um I'm okay with that um there is enough um text in the charter. That says sure that will work, and I don't think we need to new protocols there. um I just want to say that protocols that can convey evidence from an attester to a verifier could in theory, also be used for that, so they are not. They are not literally invented for that, as said by the charter, but they invented for the other thing. So this is like a weird loophole: how you could invent new protocols for the other thing you know.

A

You recall five was there to begin with.

H

Yeah, I understand that and.

A

The discussion was that we needed the data schemas.

H

Okay- and I also understand that yes, I just want to say that that, for example, 2da is a protocol for a test of the verifier, and if that is getting standardized, it's a protocol and then you can apply to the other thing. So the asymmetry in the text does not really matter, because if you did the one thing you can do it for the other thing it becomes symmetric, so the asymmetric text in the charter does not serve a purpose.

H

I think, but again I don't mind that because, as you just said, it doesn't matter so that's my only concern on the asymmetry and protocol design.

A

Okay on the queue we've got kathleen and then dave.

G

Hi, so um for the first item and sorry, I didn't get this to the list. What's the gating function for a document on extensions and the reason I'm asking is because you'll have cases where you have to register uh things into registries and some might require, um might require a document. You know into cozy and.

G

uh Jots, sorry, I'm still really tired.

G

You're nervous function right, so that might be the case where we publish if a claim has to be registered and requires a document specification required. Yeah.

A

I think that's what six is going towards kathleen.

A

That that we would have a document for that format, is that what you're, you're trying to ask, and and are you asking as a chair to the group.

G

uh Yeah, so I guess it doesn't read clearly to me that I didn't see the connection.

G

So you mean strictly use cases but use cases without a definition or an extension. Okay.

A

Yes, that that was the intent. Yes,.

G

All right, it wasn't entirely clear.

A

Okay, dave saylor you're in the queue.

V

uh Checking audio, can you guys hear me.

A

Yes, we can hear you.

V

All right, uh so I got in the key. I was going to say something very similar to what uh hank said uh and I think what uh ira just put into the chat. I think it would be useful to clarify 0.5.

V

Yes, it was in there before, but we kind of have an agreement that says we much prefer existing protocols where they exist, um and so I guess my original uh thought that I put in a chat was: maybe it should be standardized use of interoperable protocols, but uh maybe even better would be to say specifically that uh the group um will try to reuse existing protocols whenever possible right now, it's more open-ended that that you know people can propose.

V

You know alternate protocols, even if there's already a standard, one that exists um and just being more explicit in the charter, I think, would be useful to say really. The burden is on uh somebody proposing a protocol to say why would you not be able to use an existing one right, and so I'm just suggesting some wording that does not preclude necessarily new protocols but at least raises the burden of of um of proof for those proposing it to say.

V

Okay, you can do one, but you've got to be able to say why existing ones aren't. Aren't you can't be used in that situation. So thanks.

A

Thanks dave, hank.

H

So yeah hi this is hank dave. Do you think that would put me in any position to again argue why tuda has a valid point? If so, I would not like to do that, but if you think it's obvious that tudor is a standalone thing, because it does things differently, I'm I'm not. I don't have a problem with it and just just as an individual, because I don't like more work.

V

um I can't remember to what extent that would classify tuda as a protocol per se, but I'm taking you you do um I'd have to go back and read it again.

V

I guess my point is that um there's a couple of different legs in the architecture document like a protocol between a a tester and a relying party, and then there are protocols between, say a verifier and one of the other two and uh protocols between the attester and their lying party might be pre-existing that you're, adding attestation to, and so the goal is to, whenever possible, put attestation into existing protocols and do authentication right now. But your legs that go off to you know an endorser or a uh a reference value provider or a verifier.

V

You know, maybe you need new ones that might be using. You know http or something else as a transport and those might be okay, but trying to reuse, say a test you're lying party protocols um for the horizontal leg and the diagrams. I think it should be a strong bias there and so, but you could be layering things on top, and so I don't have a specific answer to your question.

H

Okay, so so, just as an additional comment to what you just said is I I don't know what a test I would rely to a convey to a relying party at all. So.

V

Well, for example, in the in the uh uh passport model, it's conveying attestation results right in the background check, it's containing evidence and, in the background check, of course, neither of the it's just using it as a transport right. It's it's putting evidence over the top of whatever that protocol is not that the relying party knows that it's evidence right, it's just an opaque blob, but it has to pass off to verify. I'm on your background. Yet yeah.

A

I think both of you are are oscillating, but agreeing on the the need for us to use the existing protocols just with.

V

Clearance in particular to put into point five.

A

H

The exception of the tudor thing that we are what I'm targeting for so if this is in scope, fine, if somebody exer assesses this, what excluded? I'm, not fine, that's very obvious! So that's all! I have okay.

A

um All right so pengling you're in the queue.

M

A

Yes, we can hear you.

M

Yes, my question about the number five is that what layer the protocol will be used in transport layer? I think the tls will be a very good example to use the protocol.

A

I don't know that we've made that explicit.

M

uh I mean that if it's a transport layer I think tls will be a good example to use in this scenario.

H

Yeah so we made that explicit, as we said, profiling existing protocols example dtls, coab or mud, which is a lot of layers.

A

H

I think we've set some examples in the charter text.

A

Yeah, I oh okay, I didn't think we called them out explicit, but yes, we, oh, we did.

P

A

Corrected we did.

P

Hi, this is hannes. um What I hear is- and I haven't followed that discussion is previously- is you guys want to restrict what is being standardized? On the other hand, everyone who has a specific favorite protocol wants to make sure that the dex covers what they are have in mind, uh which is kind of odd. You essentially want to like it feels like.

P

Well, you should label this and and just continue start the work, because otherwise everyone will anyway, um as always, people will do what they want to do, and they will then just change the way that or reinterpret the chart and the way that it fits their needs. Well,.

A

And- and that gets to the question of existing protocols right if if we could not to be pessimistic, but if we continue to delay there be maybe a new protocol and then we'll say hey, we should be using that one.

A

All I'm saying is it's subject to interpretation right, but but again what I'm trying to come back to was. If you recall, when we went to charter rats in the beginning, we struggled to get the program of work lined up and agree on the text which landed us on those first five.

A

The discussions in the last few months have been the notion of how do we do the conveyance of um other information and, admittedly, to to get us to move along faster? We we added that number six um narrowing the scope to number five or, I would say, tightening the language I think is fine.

A

We have put so I've asked ned to to update what's in the github right now, and so we parenthetically just added. You know the note um and the intent is to use existing protocols where possible.

A

So what's interesting was we took a poll on the mail list and there were no dissenting. There was discussion by lawrence. I believe right and I believe we we tried to do some of the methane on the github.

A

um I'm thinking we probably need to do another poll and confirmation on the mail list, given that we've updated.

A

We just updated the text on the proposed charter. All right did did I just run this out of time.

A

Oh, we have one minute left lawrence. It looked like you had a comment. No.

L

uh I'll only one comment um yeah, this is lawrence. um uh Most of my comments were around whether or not eat was going to be discouraged as an attestation results protocol, because there was seemed a lot of consensus around that, and I was hoping for a little bit of an adjustment in the wording to be clear that we're not excluding uh eat as attestation results and that we're we have an expansive or basically, we have an expansive view of attestation results, not a narrow one. So so that was, that was my main concern.

L

If I look around at the architecture, the charter, other things, I mean it's, it's not as strong as I'd like, but it's reasonable.

A

We do best effort so that we can get the actual work moving forward. I don't think we would be precluding anything lawrence there.

H

Yeah, I think that's what this is saying. um I think there's also another distortion item under exactly that. The next session, if I'm not mistaken about the attestation, result scope and such so that would tie into that correct, yes, yeah, so so I will postpone that that that content discussion and then we can bring it up in the next session.

H

A

Okay, okay, so um can I just get a show of hand? I mean we're we're gonna shoot. I have to do another poll um well we're out of time. So why don't? I just go back to the.

C

A

Yeah, um well I mean we're gonna have to confirm things on the mail list anyway. So um please I'm strongly requesting that you guys read through the proposed text. I will do another call for support for the rechartering of this text um and we'll go from there on the mail list. Okay, reasonable, okay! um Next up, I believe we're going through milestones.

A

Can you put those up so I'll fall on this one we've been remiss, we have actually been updating the milestones we are behind.

A

We need to make sure that we can tighten the scope of some of the work that we're doing just so that we can move them forward towards publication.

A

If there's more work to be done, I don't think we are excluding new drafts to come in, um but we wanted to review this and so part of the discussion.

C

There's some updates that are interesting.

A

Oh yeah, roman just updated it uh can you share it.

A

So we wanted to go through the milestones, also to get an idea for for new added ones, but given that we're not adopting you charter texts, um we'll uh we'll hold off on the new ones, roman you're, in the queue thanks ditto.

J

Hi, uh yes, I want to just uh kind of continue on with the discussion that you're narrating about. What's in the milestones, uh I will say I have, I saw there were some pending milestones. I approved some of them. I did not release kind of some of them, so that's why you may notice that things are in a halfway state based on the edits, we're making, and I think it's uh it's all informed by this charter conversation. My meta.

C

J

uh Would be as we're thinking about milestones is first, of course, we'll need milestones for the recharger activity, but I would really caution the working group to make sure that we're pipelining the work correctly, that we actually in fact have enough energy to kick off and start everything. uh You know I I don't want to say at the same time, but you know we can finish kind of all the work and we're not in a situation where we uh fan out. We start a lot of things and we lumber we lumber slowly toward completion.

J

So if the working group would want to think about waves or sprints of related work, we want to work on this first then another kind of toronto work that may make things a little bit more productive, but I leave it to the initial proposals to figure that out.

A

I like that idea thanks roman okay, so um I don't know that there's going to be much to discuss on the milestones, but we just wanted to show you that we we are. I can't read.

A

You want to go through them, I can go through them. Yeah.

C

Yeah so in most cases we had work progress without updating the milestones, so the recent flurry of activity is essentially to go back and provide um milestones that reflect the the actual status of the various um drafts, uh and so uh several of those that are currently in every direct review are fit into that bucket. uh And then there were a couple of uh milestones that were submitted that were in anticipation of the change to the working group charter.

C

um So those are, I think, those are in your q, q, roman.

A

They're pending yeah.

A

Any comments or feedback.

A

Nope, I don't see anybody on the queue, so I guess we can continue to move forward.

A

um What's next taxonomy eat.

C

Attestation and results taxonomy.

L

So how long do I do I have for this? I was little.

C

uh You asked for 30 minutes yeah, okay,.

L

A

I mean if the chairs were nice, we can give you more than 30 minutes.

L

Oh, the chairs were already already nice for giving me 30 minutes. So thank you. Thank you.

A

For that, I'm often accused of not being that nice so.

W

Actually, you won't give it to him.

W

A

This is to say, you know: we've allocated 30 minutes.

W

A

Actually, we gave some time back because um the charter and milestones went quicker than we thought.

L

Okay, I don't have 30 minutes of slides or 30 minutes of talking to do myself. That's for sure, um mostly, uh I wanted to have some good discussion about attestation. Results and kind of some of the framing around attestation results. What we're trying to achieve here. So I just have a few slides to kind of introduce some things and then I just like facilitate some discussion to try to back and forth. It seemed like it was a little.

L

uh You know difficult some ways on the mailing list. I would try some of this so uh next slide.

L

So um one of the things I really a point that seems really important to me is that attestation results are for a full range of security strengths, so that ranges from a piece of hardware that is designed. It's not a tpm. It's designed just to provide authenticated a tested device identity, maybe all the way to the rp, so no measurements, no software, so the no tpm. So I think that's that's a use case and I think we want to be accommodating that use case in both evidence and results.

L

Another use case is um uh simple: uncertified software. So attestation, like is built into an android app like a fido implementation inside an android app. So it's all software, there's no tpm, there's no, not much really going on to measure. It can't really measure itself so, but it is a form of attestation right. We see, we see, implementations like that. You know fido so and then there's everything between which is kind of where we're spending a lot of our time.

L

You know on things like uh tpm and tees, you know without a station there and that's that is, I think, that's the right place to be spending a lot of time, but um we can't focus just on that next slide.

L

So system architectures, um so I think we need to think about attestation results for a full set of system, architectures so again, purpose-built hardware that just does attestation there's no uh software in it at all. It's not and it's not a tpm again app-based, so the attestation is implemented in java or swift or python, or something like that.

L

So no measurements, just some simple attestation and then everything in between so uh and actually, uh I think back in august there was a discussion on the list about adding 0.5 to the principles for ar 4si, and they basically said all that, but- and I think there was agreement on the list to add this as a principle- these two things as a principle for ar-4si, but I don't think it actually got incorporated.

L

um Okay, so that's uh so so I do think when you are incorporating all of this. It does change how you think about ar um next.

L

H

um So there's a thing: adjustation results are intrinsically tied to evidence. That's correct.

L

Well, that's a very general statement and I don't really quite know where you're going with that. But.

H

L

H

L

H

Let's know so, if evidence becomes stay at the station results become stale, there come somehow a ghostly entangles right. um um You don't know, apparently, because the the the technology around that you know that the nationalization result is stale depends on the somehow, knowing that the evidence becomes stable. Now evidence not known to you and mostly so that that's in general, the the challenge of rats so now you're saying um that everything that produces evidence uh can relate to attestation results.

H

And now what I would like to highlight is that the testing environments in the testers create evidence, that's a first and then the testing environments can't just be signing fools. I think that's obvious right, yeah yeah! So so, but if you say everything can be in a testing environment by saying everything is in a tester, it can be a signing fool. I think that's a contradiction.

H

So how do you make sure that whatever creates the evidence in the tester- and I think it's always, of course the testing environment is not a signing fool.

L

I mean my answer is so.

A

When well hold on, we've got eric on the queue as well.

L

Can I answer that yeah.

A

No, I just saw hannah's coming up. I wanted.

L

A

L

I'm when I say uh go back to uh if you go back a slide, please when I say system architectures and security levels, I didn't say that these were signing fools or attesting fools. I just said you can implement them in all these different ways. It's this is just implementation um and you know sorting out who's the fool and who's, not the full.

L

That's really the job of the verifier right, and so some and I mean you could be a verifying fool too, but but assuming we don't have verifying pools, it's the job of the verifier to say what it is and- and they may say like okay, this this attestation came from a python. You know on a something or other, and I it's not very good, and then you can use it if you want, but it's not very good, and so that's that's what I'd say all right. Okay, thank you. Hank says thumbs up.

A

I

One yeah adding one thing to the discussion uh that relates to the previous discussion: it's important to remember that you can sign stuff and be sending it to or lying party the physical device and that's okay. uh Dave taylor really did a good job of educating the our forza people that the relying party also has a verifier in most cases because it has to interpret the evidence as well on the passport model is something that was evaluated before so just because something sent to our lying party does not make it at the station results.

I

It has to be evidence, that's evaluated uh to become attestation results, and so we really have to remember that split role where the verifier, if it does do some kind of ai type, lookup or other types of functions on the evidence that just because it's received by the relying party device does not make it out to station results.

L

Yeah, maybe let's go for some more discussion. I'm not sure. I agree with that. One but honest.

I

It's not even really something to discuss, because it's base architecture that the relying party and uh the verifier are often co-resident in the the passport model. So I don't even think it's something that can be discussed unless you want to argue the architecture.

P

Hi this honest, um I think both eric and hank um responded to the slide in a way that was completely unrelated to what's on the slide uh uh so which is uh which with great points. uh But but if, uh in my discussions, which are unrelated to rats with uh the various people, there's always an attempt to make a judgment about the security of a system that they are describing and, interestingly, it shows up actually very nicely in these and these different categories.

P

um And there is often uh um for many people like there's an assumption on what they consider the threshold to be what the minimum buy is. And, of course there are some preferences and biases that go along with it. And I think I hear you um learn saying that you have these different models um but you're not trying to make a judgment of whether that's good or not.

P

um Right and- and I think that's probably the right way- uh sort of like leave that policy decision out there and let someone decide but be aware that there is obviously a spectrum and those deploying the solution need to make a decision about what they consider useful and what which one not and it it. I think it also then boils down to in in context of rad, not just about like judging the overall results, but actually individual values within inside uh of a claim as well.

P

So, for example, um you take a a security level claim uh sort of a lifestyle life cycle state claim. So typically, if you have some hardware id in there, there's a life cycle state associated with it, but if it's in certain states any information for example, if it's in a debug state you can, you can have a perfectly secure solution, but you can then switch it into a debug state, different forms of debug state.

P

If it's in a certain level, you cannot really judge make any useful judgment about the data you get when it's in that debug state, because you could modify any of the values then, and obviously someone needs to be mindful about those aspects and in practice that will be a challenge I could imagine in in deployments.

P

So I don't know if you uh lawrence, if you plan to document these different levels uh and of course for example, I wouldn't go there to be honest, because it's very difficult, uh many people tried um and it's part of us of certification schemes, because they, additionally they try to define different security levels and then match that up with ways to verify that to demonstrate that I'm actually meeting that security level.

P

um So um what I'm trying to get with this is it's it's difficult, even for us technical people to really um talk about this without a lot of emotions, because we have our.

M

Own preference of where.

P

We put the bar on like I personally, I'm not too happy about level this. That level two part, and I have a different perspective on level one of course, but I'm sure everyone in the room is different, so I don't know how you best want to convey that so that people in in future, discussions who are not part of the group or iedf in general will then not stumble over the same issue.

L

Yeah I'd like to respond to a couple of things there: um okay uh and then the next thing, the q. So I spent a lot of years started out as a software guy and then I got a job doing some hardware and it really opened my eyes about like what's what's going on in terms of hardware, I mean to me, hardware was just a cpu.

L

You just ran stuff on then I started understanding what's really going in the hardware and how variable it is and how you attack hardware and all sorts of stuff like that, then I spent a couple years: designing certification levels for fido and that really deepened my knowledge. You know understanding common criteria and how people, you know, actually uh evaluate hardware security, so I mean so you know 15 years ago I would have been like. I don't really understand this hardware stuff and it's just like it's. We just need to do a good job.

L

Now I see security as very as a huge sliding scale from a whole bunch of over a whole range, and my main point here. The thing I'm really after is that we can't narrow in on one security level in rats. We should not do that all the protocols I mean. If you want to design a specific protocol for a thing, then it then that's fine, design it and call it out, as this is just for this security level or just it's not a universal solution, but rats should be designing for universal security.

L

Any core protocol, so eat is definitely that way. He definitely thinks about the whole range of security from the weakest to the strongest, whether you and you don't have to use it for all of those things. It's just that's what we're trying to accommodate.

A

Can I can I just put a pause on that? Just you know having been a systems architect for a long time trying to suit everybody you'll, never.

M

A

You're never going to be able to please everybody, yes and every design. So I think as a goal. That's laudable right, but I think some of the work that you've seen have been very specific to some hardware platforms or architectures, and we made sure that you know I'm speaking to the child, one which is more tpm specific. As an example, that's fine.

L

I mean I I don't I I know it's hard. I don't think we should just give up, because we can't you know on the get-go I mean I think eat is doing okay at this full range, so I think there's some possibility there and I just went up and we're recognizing char as tpm specific the question the real question for me is: is where does ar-4si fit in this? Is it universal yeah for all the levels or is it narrow to a specific one? I want.

H

Another comment on hannah's statement that um you should somebody that decide if this is good or not it's that's a literal quote. You just said right from coming from the target of every asian. That is the attester.

H

So so you should let someone that decided. That's good or bad. That's what you said right. That's a verifier! That's a policy on there right, so it's defined who and what and when will decide this in the architecture. I think that's very important to sound, because when you said it was like some miracle occurs, but no the architecture really decides this and the very fair decisions, and that's why this is defined through attaching results, and I think this is to be discussed right here right now, so yeah.

P

uh This is honest again, so the architecture is a very abstract thing. Of course, in the end, it's uh people need to decide. That's what I'm trying to get to like people need to make some decisions on what they find acceptable and what's not okay, but those are the people later who deploy. The technology is different from us here.

P

Standards people deciding that only only on the the lowest one, um the level three or whatever you call it is the one we want to focus on, or we want to focus only on a dbm um slash.

P

uh I think we could do that too, and some organization did that, um but I'm I'm I'm there more with lauren saying that um support a wider spectrum, because, needless to say, like you guys talk a lot about dbms, because that's what you use, I would want to have my uh our stuff included as well, um and probably dara wants yet something else um and and so being content yeah.

P

um There is just here for the warm.

X

P

A

P

A

I I understand your point and I'm I'm going back through the charter. I don't think the charter has precluded that right. Yes,.

P

A

Not clear to me that the architecture has precluded that either.

P

M

A

Trying to understand and frame the discussion right because and I'm not saying it's a bad discussion, I'm trying to understand the goal, because now you point into a specific draft.

P

A

So if you're, pointing to a specific draft, perhaps and sorry I'm just very target fixated of you know- is it that you're asking that draft to be more precise in its scope of where it lies, or are you just objecting in its approach.

L

I'm well I've written extensively on the mailing list about ar 4si and I don't think we're done yet I just wanted to, and I don't think we will finish today. I I just wanted to have this open discussion about the framing here. Exactly.

A

And that's fair so and.

H

I have to say again um what I just said is independent of the assumptions on that slide. All these are acceptable. What I'm saying is that the decision made by someone is located at a very, very defined, not abstract, not vague, but very well-defined role in the architecture, and that is the verifier.

H

If your policy says all of this is okay, it says, and if you don't agree with that, that, I think is the problem. So that is the problem we have to discuss here, because the.

M

H

Will tell you pure hw everything, that's a policy decision and the only the policy basic decision maker here in this architecture is a verifier. Developing party then, can make sense of the assessment. The result that is created by the verifier, that's fine and then.

A

I just want to point out policy of you can define the expectations, but defining policy is out of scope. Yes,.

H

And that it- and that is the better- the miracle occurs that that hana said because some people define something we don't express, how but it's enforced by a single role in the architecture that is very, very defined and not ambiguous and not abstract, and that is a verifier and if you are contesting that that, I think has to be very spelled out, because the architecture is done at the moment. If you didn't agree with this in the last five years, that is a little bit curious. So.

L

Let me explain my comment on that sure.

A

I just want to recognize brendan is also in the queue so go ahead.

L

A

We'll let go so.

L

Here's my example: um uh I'm clearing a uh I'm, a bank clearing a uh 100, 000 transaction. I want it to be done with something: that's common criteria: certified I'm a bank uh clearing a 50 cent transaction. I really don't care if it's an android app. So as the relying party, the bank in this case is deciding something about security level and they're deciding it in the context of the transaction.

L

So the verifier, I don't see the verifier as uh doing things like deciding whether a transaction is good because we don't want the verifier involved in the transaction amounts or who the people are or what country they're in or anything like that. The verifier is about verifying the the hardware and the software and the device, it's not about application specific stuff.

L

So I think we will have verifiers that are just about sorting out uh android apps one android app from another, and we will have verifiers that are about sorting out um secure elements one from another. We will have verifiers that can sort out android apps from that. So the verifier has a role, a big role, a super important role, a critical role, but so does the relying party.

L

So it's not the job of the verifier to make the final decision. It's the rolling party. That makes the final decision and they are the end user uh and consumer of attestation. So we have to serve them.

A

L

A

Brendan go ahead, brendan you've been patiently waiting. Sorry.

K

All right um so so this took me a while to wrap my head around and I went through the the same, um the same cycle that I I think you're going through. uh So maybe I can offer my my insight on on how this all fits together.

K

um I was looking at this from a firmware attestation, point of view and a firmware update point of view and when I first approached this uh this, the the rats architecture, I was thinking about it in terms of you know, an entity that needs to verify which firmware is running on a device and a separate entity that says that the report it gets back from a device is trustworthy.

K

Now that to me looks like two separate roles, one relying party and one uh verifier, but I have finally got it through my head that this is in fact three entities. You have two verifiers and a relying party, so what you have is a verifier who says yes, this result is trustworthy, a separate verifier that says yes. Indeed, this is the version of firmware that it should be running. And finally, you have the relying party that says: okay, both of these guys said it's okay. So now I believe you mm-hmm yeah good sounds good.

K

I think what you're looking at is exactly that same hierarchy. You've got your bank that has multiple verifiers, one of which has the role of selecting, which other verifier to trust.

I

I want to violently agree with brendan and and lawrence we've had this discussion. Please listen and I'm saying this respectfully, because dave thaler did educate us before during the architecture that the verifier is embedded in the relying party. It's a actually not something pretty about the architecture, but you have to talk about attestation results as coming to our lying party, even if they're co-resident it is not at the station results just because it's sent over to the same physical device. It's the relying party.

N

Okay, this is uh diego speaking again. I remember in the good old days when we were dealing with identity federations in academic space.

N

We ended up talking about something I mean the different uh um usages of the of the identities and the quality of the attributes and the sources of these attributes etc, and people ended up with the concept of a level of assurance. That is what you want to verify, depending on the transaction, whether we are talking about one hundred thousand dollars, or we are talking about two cents, just a suggestion.

N

That might be that, precisely when going about which elements in the architecture could do what um and what kind of uh of uh of token could be useful or used, or the the several steps of verification might be that now that we are with the charter, someone's someone could write a draft on level of assurance or how to express them.

L

I would say that the the dloa's claim is kind of, because that gets the certification and the dlla's claim actually is in that direction.

P

Yeah similar to lawrence and- and I think eric also uh repeated that as well as brendan, I think we, despite the initial differences, I think we actually talked about the same stuff uh and have the same view. I've witnessed the same debates in fido with regards to these uh sort of like multi-stage decision making processes.

P

um The question, then, is: is that really documented well in the architecture document which I hadn't had now time.

M

P

uh And that's and maybe maybe it is uh but but maybe that's what the area where the disconnect is and there's the idealization that there's one single body to verify uh somewhere totally separate from the others uh that making the decision uh and then there's the relying party who just eats whatever it's getting uh being served. uh And what I hear is it's actually more nuanced than that.

A

Well, if I recall it was it was, it is documented in the architecture. The question is based on the interpretation so again right.

L

Yeah, the I think the architecture has.

R

L

Compound attesters.

H

Exactly described.

L

In detail, it does not have compound verifiers.

H

Concept of uh collapsing roles on entities it.

L

Just just there, but that's different, maybe from a composite, that's different from a composite verifier. I think.

H

um Actually, the composite verifier is a co-located air verifier and you can.

R

F

The verifiers, with other things,.

H

So so so there has been extreme pushback in the last two years on being more precise on that.

H

That is why we just boiled it down to a generic composition capability, which has the obvious choice of co-locating verifier roles of the relying party rolls and it by no account ever says you can just have one verifier, because there were some. I would say um there was some pushback on on.

P

I think there's a difference between uh combined roles into a sim uh single entity versus what we have been just talking about, uh where there's a multi-stage uh decision, process or um kind of call it nested call it uh sequential, or I don't know, uh I think, there's.

A

I mean I'm sensing some discomfort and and I'm trying to figure out where the clarification needs to lie, because we debated some of this during the architecture.

A

Hank one conversation please, um and I thought we were staring towards the a like the a4 rsi draft, but from the abstract. I guess I'm looking at hanas right. I thought some of this had been articulated, perhaps not well, I'm looking at you in the architecture, draft or interpretation right.

L

I mean I I would say when, for me relying poly po relying party policy takes into account the application the domain specific stuff like is this. Am I letting this thing on the network? What's the transaction map is, am I verifying a fingerprint or something like that? The the verifier policy is all about device, integrity and device trustworthiness. So that's where I mean that's where how I pull them apart, uh you know, one is one, is application specific and one is really the the domain of verifying the device.

P

um Nancy, I was, I was merely sitting here and trying to make sense out of the discussions reading through some of the the emails and trying to understand like where's the disconnect and yeah.

M

That's sort of my from that.

P

Discussion and from from uh some of the list discussions I had read, um maybe maybe that is the disconnect, but uh I would have to re-read the document to confirm- and maybe I don't know- maybe it's somewhat completely different.

A

L

All right, how much time do I get? We got left.

A

um A couple minutes.

L

A

Give you a few more minutes, let.

L

Me hit a couple more of the slides, um appreciate the discussion uh next slide. Please.

L

um So this is, I wanted to make this comment. um I mean I think I mean at least the way I've been thinking about. The interaction between uh the verifier and the relying party is, it's mostly a sort of a back-end, b2b kind of interaction, and I think maybe some of you don't have have some other ideas about that, but if it is basically or at least in the in the I think the b2b uh um use case is a big one.

L

It's one that needs to be addressed um that we need to really be cognizant of. um So in that case I would say my understanding is, you know. Json plus tls is what everybody does for b2b. So in terms of that interaction, we should just go with that and let the the the it guys have been doing that stuff for a long time just handle that that kind of thing.

L

So we don't don't need to worry too much about the security of that um and but I'm not I'm not trying to say we have to write a standard for this or uh go into a lot of detail. I just want to be, I think you know. In fact, I guess what I'm saying we probably shouldn't write a standard for too much of this uh next slide.

L

um Okay, I don't think we're going to have much time to get into identity here. I don't think, but I think there's some some discussion. I don't think we have enough time to complete this, but I'll say a few things here, um uh I'm starting my my uh my understanding of device and identity. I don't think we have a definition of it.

L

Actually I don't know maybe in tcg they have one, but I don't think I haven't seen one and I'm not sure what people mean when they say device identity for me, device identity actually had a lot to do with telling the relying party the serial number, the the oem the model number and the version I mean that's.

L

What was in the original eat draft eight zero zero, as adopted by this working group that eat draft there was no verifier in there all the claims went to the relying party that was the conception and that was adopted by this working group in that form. Before the separation was really set there, so.

L

Seems to me lots of people want to know serial number oem model and version of devices I mean verifiers want to know it and relying parties want to know it. So it's like a good place to do some work.

P

P

The term identity is is misleading.

P

What, if you replace it by identifier, then you see that there are different communities or different industries have different ways to identify things they care about. The cellular industry has other identifiers that they care about on that's on a device that has a sim card versus someone who has an enterprise equipment, and so that's why it has been impossible so far to come up with a fixed number or small set of identifier types to have a good way to identify these different components that people care about.

P

That's, why there's a long list of them um and like I can, of course provide you a long list of things that people use to identify uh the aspects like from this from the seller, world uh and and from from other sectors. It's just it's just a long laundry list so um better make it extensive.

P

It's it's um it's uneventful, unfortunately,.

L

So look at the uei id definition. It is an attempt to unify them. It does bring into account the cellular industry and it doesn't bring into account um ieee based identification and also yeah.

P

L

P

It is extended some attempts to basically take all the identifies people are aware of and stump munch it into some new identifier format um and.

L

So maybe ueid is an attempt at that. uh If you think there's a problem with it, then then let's be specific about what the problem is.

H

So I'm I'm hijacking hi. This is hank um this topic, so um the uh to take up the identifier. In contrast to, I, am absolutely with harness in the quorum work.

H

We provide an extensive list of identifiers to identify the testing environment, explaining it to the verifier, because it's a reference integrity manifest it's like the endorsement and stuff and the reference values, and you have to understand what a testing environment is actually supposed to give you evidence evidence about which target environment that's very important for the appraiser process, because if something else is doing that it might be the wrong source. So, as a verifier, you have to understand which thing in the thing is giving you the assertions.

M

H

It so that that's what column is effectively all about. That's why the extensible list of methods uh how to identify a a testing environment and like a multiple of them in an attached. I think that actually is the identifier thing from so. So that's that's. The first thing I want to say, and also I want to hijack this time to come back to the multiple verifier thing.

H

I'm very I said I will not touch the architecture again, but if we want to say there can be multiple verifiers or multiple entities, pro processing the evidence from a tester, that's something I'm willing to put in that's a very small statement about how the verifier role works.

H

I think, would address all the problems that we just said. It could be a few sentences and I would be okay with it, working that out, live here on the site and then on the list.

L

So it's not a critical need for me, um but the more yeah.

C

So, just just just to point out on the architecture, we had lots of conversation about the difference between roles and entities that host those roles and it's it and the the idea was that roles could be spread across multiple entities or multiple multiple entities could implement the same role.

L

C

L

Back there, but I think there should be some discussion back and forth between you know on on identity. um In particularly, I mean you know, if you can't use ueid for your your identification use case, then let's talk about why and what's wrong with it uh that the specific comments on that I would. I would really appreciate that. Okay.

P

So um I looked at the definition uh that you defined for ueid and it has three types of random number: uh the ieee eui and the imai. And what about uh um we used? um Uuids.

L

P

So hash the uuid.

L

And turn it in and make it random and then it's random.

P

You would stuff it into a random number.

L

That's what it is, isn't it.

P

No, not necessarily it's uh like the different types of uids uh one is, for example, to create the hash, the domain name and and and so on. So there.

L

P

Different types there's like so.

L

That's the detailed discussion, but please probably don't have time for right now, but I think that's yeah. So I think I had one more slide.

L

um Oh okay, so uh I'm probably running out of time. um So there is text in uh a pull request that I mentioned on the mailing list. um I'm now calling them uh sort of verified forwarded claims, rather than pass through to clarify that you can take a claim that came from the attester forward. It to the uh the verifier can take the claim that came from the attester and forward it to the relying party. But that is subject to the policy of the verifier and the relying party needs to know what that policy is.

L

So it's not just a blind pass-through. It is subject to the verifier policy that the relying party should know and I'm hoping that resolves that question.

L

L

L

So this maybe is still um uh kind of a question of what uh what verifier does what and how you'd think about it. But um I mean it's to me: there's some some verifiers um verifiers are about not about are not application, specific they're about the device, some verifiers say the devices are good or bad and very in a very simple way. You know thumbs up thumbs down.

L

um I think in some cases.

L

There's machine learning risk engines and they want to combine application specific things like the transaction amount, the user account the spending history and all that with knowledge about the device.

L

So uh you know they could be very complicated things that they don't want to know to know that they have the job of verifying all the details about the devices. So what they want is the rats verifier to provide them a lot of validated information about the device, but not transaction specific information about the device. So I I see the range here of in antistation results is from very simple.

L

Yes, no all the way to just just check the signature know that you're getting validated stuff and pass or or forward all the stuff you you know uh on, maybe even to add some other stuff. So to me, it's a very big, uh very large range um of what can happen in attestation. Results.

L

Okay. I think that was it. Let me see if there's one more nope, no okay. I think we're out of time right.

A

C

A

The open lag time.

C

Oh at this point, we.

A

Figured we just had open mic.

L

A

L

L

H

Yeah, this is the second.

A

You want to choose a second session.

L

No, so so, maybe maybe maybe we could have a little more discussion about uh what happens. I mean to me. The big conceptual thing here is that uh it's emerging is that a verifier when, in the rats context, its job is to to do things that have to do with device integrity, authenticity, measurements characteristics about the device, because rats is an attestation, is about the device.

L

So a rat's verifier is about the device it doesn't. um The relying party implements their policy and that's when they bring into the um the application specific thing like what you, what are you trying to do? What's the device trying to do play content, uh you know, give you a measurement that you're going to look at clear, a financial transactions. So that's the relying party policy, so that's really where I pull apart.

L

um What's going on on the verifier and what's going on the relying party and therefore that kind of frames up what's going on in attestation, results.

D

Folks, I guess so: hey.

A

Gary, although hold on a sec, hank was actually up before giddy.

H

A

No okay, giddy you're up on the queue.

U

I can't hear you yet: yes, can you hear me yeah now.

A

We can hear you.

U

Yeah on the subject of pass through claims- I you know, I'm speaking selfishly as a neat editor, and I really don't want to see us getting bogged down in how a verifier would actually interpret a claim that uh that is presented as evidence uh before it. It can be sent as a as an attestation uh in the document I think lawrence's. I actually covered it pretty well on that last slide.

U

There's just two there's a there's, a large gamut of what would be required, particularly multi-stage verifiers, for uh for um how a verifier would interpret evidence against an appraisal policy before uh relaying it as a pass-through claim. um The other thing, too, is when we, when this discussion started in the working group. I looked at the rib document, which I figured was the working group.

U

It was a insufficient working group, uh um met the working group criteria for a finished standard um as far as out of station evidence and conveyance and anastasia results, and it is specifically not prescriptive on how evidence is conveyed as results, and I think uh you know I'm I'm not going to speak for the rib editors, but I believe that that's uh that's actually a good thing because, uh because I would imagine even from a tpm results can be, uh results can be interpreted and processed in a multi-stage manner.

U

Just like uh similar to what lawrence has mentioned in the last slide. So that's my comment. I'm not expecting any response to that.

H

So this is hank, um so what I heard is are two items here. That would be basically addressing the overall thing you can. You could argue that the verifier has a policy that allows to uh take evidence, values and their claim semantics and put them into attestation results, but the relaying party should be very well aware that this policy exists and it was applied, and then the second thing I heard was it's: it's. It's actually totally fine with the architecture to have multiple verifier roles.

H

One of them is co-residing on the relying party, so it can actually receive evidence without any confusion and had a further ado and do the appraisal process of um evidence on the underlying parting entity and then pass it through the relying party role. That's co-existing on the relying party. I think that is more clear, because now, with this solution, um the entity that is the relying party could also consume reference values and endorsements which a relying party cannot, and so I think, the idea that I think hannes was again going to that.

H

We can have fire nuances on whether multi-verifier things happens uh is the better solution. Because then evidence can be passed on, that's unambiguous and and and at the end the relying party makes sense of it and it's entity that it is so so I think significant, smaller, leading towards the multiple verifier thing, except instead of the policy that is re-kind of purposing the values without and then you have to understand it and might not be clear, but that's just me for now. This is a discussion. So, let's, let's do this discussion? Okay,.

A

We've only got two minutes left, so eric and dave. I'm gonna cut the cue at dave eric. If you can make it quick.

I

I'll make it quick. If you look at the architecture document, relying party, the term appears 125 times relying party device zero. So relying party is a role, not a physical item. That's it.

L

Yeah, okay, agree.

I

Well, it's important.

A

Okay, dave you're last hey.

V

Yep dave taylor. uh I just want to say first of all that I really liked uh lawrence's uh description of a bunch of the topics there. So thank you lawrence, for example, the pass-through slide. I really like that way of framing stuff so nicely done. I guess my question is: is the term passed through in any document I couldn't find it neither eat or or ar 4si or anything, it's a useful word to use, because I think that's the term that I'd like to update the teak protocol spec to be uh or keep architecture.

V

I think it's the protocol spec to be able to use that same term and reference, a document that discusses it so that teep doesn't have to, but I think it's jus it's exactly right. So.

A

Yeah 10 seconds yeah.

L

Quick comment: uh the the the pr to address this doesn't use the term pass-through, it kind of says, verified and forwarded and verified, because pass-through was generating some reactions. But um uh there is some text in in a pr that's uh to talk about this and you can sort out the terminology.

V

L

V

L

V

Okay, so then uh uh I will check that and I will update the uh protocol spec to use the same words and refer it as soon as the request is merged. So thanks laurence.

A

All right with that, we managed to be 30 seconds over, so we are going to convene again is it tomorrow tomorrow, yeah, so we'll convene again tomorrow.

A

Thank you, everyone and thank you for those who attended virtually, hopefully we'll see you tomorrow as well.

B

That's brendan.

C

So on this charter, do I want to move this text.

B

F

That should fight.

F

F

T