From d1f52f89db89acf1f9c41c2d2ec93f1c8a404b8e Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Thu, 31 Oct 2024 17:44:14 +0000 Subject: [PATCH 1/8] First revision of triples explaination Fixes #310 Signed-off-by: Yogesh Deshpande --- draft-ietf-rats-corim.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index 6940ff9f..26feb4d6 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1111,7 +1111,8 @@ The `uint` and `text` types MUST NOT be interpreted in a global scope. #### Reference Values Triple {#sec-comid-triple-refval} -[^issue] https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/310 +A Reference Values Triple provides reference measurements or reference claims pertaining to a Target Environment. +For a Reference Value triple, the subject identifies a Target Environment, the object contains reference measurements associated to one or more measured elements of the Environment, and the predicate asserts that these are expected (i.e. reference) measurements for the Target Environment. The Reference Values Triple has the following structure: @@ -1121,10 +1122,11 @@ The Reference Values Triple has the following structure: The `reference-triple-record` has the following parameters: -* `ref-env`: Search criterion that locates an Evidence environment that matches the reference environment. -* `ref-claims`: Search criteria that locates the Evidence measurements that match the reference Claims. +* `ref-env`: Reference Environment Identity of the Target Environment -To process `reference-triple-record` both the `ref-env` and `ref-claims` criteria are compared with Evidence entries. +* `ref-claims`: One or more measurement claims for the Target Environment + +To process `reference-triple-record` both the `ref-env` and `ref-claims` criteria are compared with Evidence entries. First ref-env is used as a Search criterion to locate the Evidence environment that matches the reference environment. Subsequently, the ref-claims from this triple are used to match against the Evidence measurements for the matched environment. If the search criteria are satisfied, the matching entry is re-asserted, except with the Reference Value Provider's authority. By re-asserting Evidence using the RVP's authority, the Verifier can avoid mixing Reference Values (reference state) with Evidence (actual state). See {{-rats-endorsements}}. @@ -1132,7 +1134,7 @@ Re-asserted Evidence using RVP authority is said to be "corroborated". #### Endorsed Values Triple {#sec-comid-triple-endval} -[^issue] https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/310 +An Endorsed Values triple provides additional Endorsements that are valid when a Target Environment has been verified against reference measurements. For Endorsed Values Claims, the subject is either a Target or Attesting Environment, the object contains Endorsements for one or more measured elements of an Environment, and the predicate defines semantics for how the object relates to the subject. The Endorsed Values Triple has the following structure: @@ -1151,7 +1153,7 @@ The new entry is added to the existing set of entries using the Endorser's autho #### Conditional Endorsement Triple {#sec-comid-triple-cond-endors} -[^issue] https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/310 +A Conditional Endorsement Triple declares one or more conditions that if matches, THEN every entry in the endorsements is added to the accepted state. The conditions are `stateful-environment-records` which match Target Environments from Evidence in certain reference state, for example a specific Target Environment with a specific revision of firmware with a reference measurement that has already matched. The Conditional Endorsement Triple has the following structure: @@ -1171,7 +1173,9 @@ If the search criteria are satisfied, the `endorsements` entries are asserted wi #### Conditional Endorsement Series Triple {#sec-comid-triple-cond-series} -[^issue] https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/310 +A Conditional Endorsement Series triple uses a stateful environment, (i.e. stateful-environment-record), that identifies a Target Environment based on an environment-map plus the measurement-map measurements that have matching Evidence. + +The series object is an array of conditional-series-record that has both Reference and Endorsed Values. Each conditional-series-record record is evaluated in the order it appears in the series array. The Endorsed Values are accepted if the series condition in a conditional-series-record matches the ACS. The first conditional-series-record that successfully matches an ACS Entry terminates the matching and the corresponding Endorsed Values are accepted. If none of the series conditions match an ACS Entry, the triple is not matched, and no Endorsed values are accepted. The Conditional Endorsement Series Triple has the following structure: From e131baaf7288bd18bfe838cd03735ae74cee4bc3 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Sat, 2 Nov 2024 19:12:36 +0000 Subject: [PATCH 2/8] Apply suggestions from code review Add suggestions from Ned and Dionna Co-authored-by: Dionna Amalie Glaze Co-authored-by: Ned Smith --- draft-ietf-rats-corim.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index 26feb4d6..957de139 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1126,7 +1126,9 @@ The `reference-triple-record` has the following parameters: * `ref-claims`: One or more measurement claims for the Target Environment -To process `reference-triple-record` both the `ref-env` and `ref-claims` criteria are compared with Evidence entries. First ref-env is used as a Search criterion to locate the Evidence environment that matches the reference environment. Subsequently, the ref-claims from this triple are used to match against the Evidence measurements for the matched environment. +To process `reference-triple-record` both the `ref-env` and `ref-claims` criteria are compared with Evidence entries. +First `ref-env` is used as a Search criterion to locate the Evidence environment that matches the reference environment. +Subsequently, the `ref-claims` from this triple are used to match against the Evidence measurements for the matched environment. If the search criteria are satisfied, the matching entry is re-asserted, except with the Reference Value Provider's authority. By re-asserting Evidence using the RVP's authority, the Verifier can avoid mixing Reference Values (reference state) with Evidence (actual state). See {{-rats-endorsements}}. @@ -1134,7 +1136,8 @@ Re-asserted Evidence using RVP authority is said to be "corroborated". #### Endorsed Values Triple {#sec-comid-triple-endval} -An Endorsed Values triple provides additional Endorsements that are valid when a Target Environment has been verified against reference measurements. For Endorsed Values Claims, the subject is either a Target or Attesting Environment, the object contains Endorsements for one or more measured elements of an Environment, and the predicate defines semantics for how the object relates to the subject. +An Endorsed Values triple provides additional Endorsements that are valid when a Target Environment has been verified against Reference Values or Evidence. +For Endorsed Values Claims, the _subject_ is a Target Environment, the _object_ contains Endorsement Claims for the Environment, and the _predicate_ defines semantics for how the _object_ relates to the _subject_. The Endorsed Values Triple has the following structure: @@ -1153,7 +1156,8 @@ The new entry is added to the existing set of entries using the Endorser's autho #### Conditional Endorsement Triple {#sec-comid-triple-cond-endors} -A Conditional Endorsement Triple declares one or more conditions that if matches, THEN every entry in the endorsements is added to the accepted state. The conditions are `stateful-environment-records` which match Target Environments from Evidence in certain reference state, for example a specific Target Environment with a specific revision of firmware with a reference measurement that has already matched. +A Conditional Endorsement Triple declares one or more conditions that, once they match, cause every entry in the endorsements to be added to the accepted state. +The conditions are `stateful-environment-records` which match Target Environments from Evidence in certain reference state. The Conditional Endorsement Triple has the following structure: From 510714b6a21d00e8becbaec1f414edc76db4a0bb Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Mon, 11 Nov 2024 19:22:24 +0000 Subject: [PATCH 3/8] Add github issue that discuss more on matching semantics and use cases Signed-off-by: Yogesh Deshpande --- draft-ietf-rats-corim.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index 957de139..dcf2fdfc 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1177,9 +1177,15 @@ If the search criteria are satisfied, the `endorsements` entries are asserted wi #### Conditional Endorsement Series Triple {#sec-comid-triple-cond-series} -A Conditional Endorsement Series triple uses a stateful environment, (i.e. stateful-environment-record), that identifies a Target Environment based on an environment-map plus the measurement-map measurements that have matching Evidence. +A Conditional Endorsement Series triple uses a stateful environment, (i.e. `stateful-environment-record`), that identifies a Target Environment based on an `environment-map` plus the `measurement-map` measurements that have matching Evidence. -The series object is an array of conditional-series-record that has both Reference and Endorsed Values. Each conditional-series-record record is evaluated in the order it appears in the series array. The Endorsed Values are accepted if the series condition in a conditional-series-record matches the ACS. The first conditional-series-record that successfully matches an ACS Entry terminates the matching and the corresponding Endorsed Values are accepted. If none of the series conditions match an ACS Entry, the triple is not matched, and no Endorsed values are accepted. +The series object is an array of `conditional-series-record` that has both Reference and Endorsed Values. +Each conditional-series-record record is evaluated in the order it appears in the series array. +The Endorsed Values are accepted if the series condition in a `conditional-series-record` matches the ACS. +The first `conditional-series-record` that successfully matches an ACS Entry terminates the matching and the corresponding Endorsed Values are accepted. +If none of the series conditions match an ACS Entry, the triple is not matched, and no Endorsed values are accepted. + +More clarification about the usage and matching order will be resolved by: [^tracked-at] https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/321 The Conditional Endorsement Series Triple has the following structure: From 32e07eff135f7f0fae7cb62b2744c328896ca24a Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Wed, 13 Nov 2024 15:17:44 +0000 Subject: [PATCH 4/8] Apply suggestions from code review --- draft-ietf-rats-corim.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index dcf2fdfc..89b428dd 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1136,7 +1136,7 @@ Re-asserted Evidence using RVP authority is said to be "corroborated". #### Endorsed Values Triple {#sec-comid-triple-endval} -An Endorsed Values triple provides additional Endorsements that are valid when a Target Environment has been verified against Reference Values or Evidence. +An Endorsed Values triple provides additional Endorsements for an existing Target Environment. For Endorsed Values Claims, the _subject_ is a Target Environment, the _object_ contains Endorsement Claims for the Environment, and the _predicate_ defines semantics for how the _object_ relates to the _subject_. The Endorsed Values Triple has the following structure: From d96b4eb5e2a241c225693ed67dda03ea58e1193f Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Wed, 13 Nov 2024 17:20:39 +0000 Subject: [PATCH 5/8] Apply suggestions from code review Apply simple edits that improve the language of the draft! Co-authored-by: Thomas Fossati Co-authored-by: Dionna Amalie Glaze --- draft-ietf-rats-corim.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index 89b428dd..a54c313d 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1112,7 +1112,7 @@ The `uint` and `text` types MUST NOT be interpreted in a global scope. #### Reference Values Triple {#sec-comid-triple-refval} A Reference Values Triple provides reference measurements or reference claims pertaining to a Target Environment. -For a Reference Value triple, the subject identifies a Target Environment, the object contains reference measurements associated to one or more measured elements of the Environment, and the predicate asserts that these are expected (i.e. reference) measurements for the Target Environment. +For a Reference Value triple, the subject identifies a Target Environment, the object contains reference measurements associated to one or more measured elements of the Environment, and the predicate asserts that these are expected (i.e., reference) measurements for the Target Environment. The Reference Values Triple has the following structure: @@ -1122,12 +1122,12 @@ The Reference Values Triple has the following structure: The `reference-triple-record` has the following parameters: -* `ref-env`: Reference Environment Identity of the Target Environment +* `ref-env`: Identifies the Target Environment * `ref-claims`: One or more measurement claims for the Target Environment To process `reference-triple-record` both the `ref-env` and `ref-claims` criteria are compared with Evidence entries. -First `ref-env` is used as a Search criterion to locate the Evidence environment that matches the reference environment. +First `ref-env` is used as a search criterion to locate the Evidence environment that matches the reference environment. Subsequently, the `ref-claims` from this triple are used to match against the Evidence measurements for the matched environment. If the search criteria are satisfied, the matching entry is re-asserted, except with the Reference Value Provider's authority. By re-asserting Evidence using the RVP's authority, the Verifier can avoid mixing Reference Values (reference state) with Evidence (actual state). @@ -1136,8 +1136,8 @@ Re-asserted Evidence using RVP authority is said to be "corroborated". #### Endorsed Values Triple {#sec-comid-triple-endval} -An Endorsed Values triple provides additional Endorsements for an existing Target Environment. -For Endorsed Values Claims, the _subject_ is a Target Environment, the _object_ contains Endorsement Claims for the Environment, and the _predicate_ defines semantics for how the _object_ relates to the _subject_. +An Endorsed Values triple provides additional Endorsements - i.e., claims reflecting the actual state - for an existing Target Environment. +For Endorsed Values Claims, the subject is a Target Environment, the object contains Endorsement Claims for the Environment, and the predicate defines semantics for how the object relates to the subject. The Endorsed Values Triple has the following structure: @@ -1157,7 +1157,7 @@ The new entry is added to the existing set of entries using the Endorser's autho #### Conditional Endorsement Triple {#sec-comid-triple-cond-endors} A Conditional Endorsement Triple declares one or more conditions that, once they match, cause every entry in the endorsements to be added to the accepted state. -The conditions are `stateful-environment-records` which match Target Environments from Evidence in certain reference state. +The conditions are expressed via `stateful-environment-records`, which match Target Environments from Evidence in certain reference state. The Conditional Endorsement Triple has the following structure: From b059d0dffb89722bde411f8ea56b8e1ff8d627fa Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Wed, 20 Nov 2024 15:06:24 +0000 Subject: [PATCH 6/8] Update draft-ietf-rats-corim.md Co-authored-by: Ned Smith --- draft-ietf-rats-corim.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index a54c313d..ccbb0b32 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1156,7 +1156,7 @@ The new entry is added to the existing set of entries using the Endorser's autho #### Conditional Endorsement Triple {#sec-comid-triple-cond-endors} -A Conditional Endorsement Triple declares one or more conditions that, once they match, cause every entry in the endorsements to be added to the accepted state. +A Conditional Endorsement Triple declares one or more conditions that, once matched, results in augmenting the Attester with the Endorsement Claims. The conditions are expressed via `stateful-environment-records`, which match Target Environments from Evidence in certain reference state. The Conditional Endorsement Triple has the following structure: From 44dbe481d902838776fa2c8f55fe64ba2e3472e7 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Wed, 20 Nov 2024 15:14:20 +0000 Subject: [PATCH 7/8] Update draft-ietf-rats-corim.md --- draft-ietf-rats-corim.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index ccbb0b32..51d0e737 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1156,7 +1156,7 @@ The new entry is added to the existing set of entries using the Endorser's autho #### Conditional Endorsement Triple {#sec-comid-triple-cond-endors} -A Conditional Endorsement Triple declares one or more conditions that, once matched, results in augmenting the Attester with the Endorsement Claims. +A Conditional Endorsement Triple declares one or more conditions that, once matched, results in augmenting the Attester's actual state with the Endorsement Claims. The conditions are expressed via `stateful-environment-records`, which match Target Environments from Evidence in certain reference state. The Conditional Endorsement Triple has the following structure: From ced1a3081b6008cbc79c63f86277a5801f5ba27f Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Wed, 20 Nov 2024 15:21:02 +0000 Subject: [PATCH 8/8] Apply suggestions from code review Co-authored-by: Dionna Amalie Glaze Co-authored-by: Thomas Fossati --- draft-ietf-rats-corim.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index 51d0e737..9b17ea3d 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1123,7 +1123,6 @@ The Reference Values Triple has the following structure: The `reference-triple-record` has the following parameters: * `ref-env`: Identifies the Target Environment - * `ref-claims`: One or more measurement claims for the Target Environment To process `reference-triple-record` both the `ref-env` and `ref-claims` criteria are compared with Evidence entries. @@ -1177,13 +1176,13 @@ If the search criteria are satisfied, the `endorsements` entries are asserted wi #### Conditional Endorsement Series Triple {#sec-comid-triple-cond-series} -A Conditional Endorsement Series triple uses a stateful environment, (i.e. `stateful-environment-record`), that identifies a Target Environment based on an `environment-map` plus the `measurement-map` measurements that have matching Evidence. +A Conditional Endorsement Series triple uses a "stateful environment" that identifies a Target Environment plus the measurements that have matching Evidence. The series object is an array of `conditional-series-record` that has both Reference and Endorsed Values. Each conditional-series-record record is evaluated in the order it appears in the series array. -The Endorsed Values are accepted if the series condition in a `conditional-series-record` matches the ACS. -The first `conditional-series-record` that successfully matches an ACS Entry terminates the matching and the corresponding Endorsed Values are accepted. -If none of the series conditions match an ACS Entry, the triple is not matched, and no Endorsed values are accepted. +The Endorsed Values are accepted if the series condition in a `conditional-series-record` matches the attester's actual state. +The first `conditional-series-record` that successfully matches an attester's actual state terminates the matching and the corresponding Endorsed Values are accepted. +If none of the series conditions match the attester's actual state, the triple is not matched, and no Endorsed values are accepted. More clarification about the usage and matching order will be resolved by: [^tracked-at] https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/321