Markdown Version | Recording 1 | Recording 2

Session Date/Time: 05 Nov 2024 15:00

rats

Summary

The RATS working group meeting covered three main topics: Concise Reference Integrity Manifest (CORIM), Conceptual Message Wrappers (CMW), and handling multiple verifiers in Remote Attestation procedureS (RAS). The CORIM presentation focused on updates and clarifications to the draft, especially around security version numbers and the introduction of measurement multiplicity. The CMW presentation discussed progress on the draft, incorporating security considerations and a proposed change to the typing system. The final presentation explored the use cases and architecture for handling multiple verifiers, addressing resilience and interoperability concerns.

Key Discussion Points

• CORIM:
  • Clarification on security version number (SVN) updates.
  • Tidying up triples and defining security considerations for verifier operations.
  • Introduction of measurement multiplicity to represent multiple measured elements within an environment.
  • Discussion on a tie-in between the Skit work and KORIM, potentially through guidance documentation.
• CMW:
  • Second working group last call completed, progressing from version 06 to 10.
  • Incorporation of security considerations based on Lawrence's feedback.
  • Discussion on tightening the type system, potentially removing pre-registered Cibor tags.
  • Deb expresses reservations about TN tags.
• Multiple Verifiers:
  • Exploration of use cases for multiple verifiers, including resilience and interoperability.
  • Discussion on whether multiple verifiers can be replaced by a single, conceptual verifier.
  • Addressing how to handle potentially contradicting attestation results from different verifiers (Byzantine general's problem).
  • DAA draft may offer a scalable alternative to multiple attestations

Decisions and Action Items

• CMW:
  • Decision: Need to make a decision on the type system topic (TN tags vs. pre-registered Cibor tags).
  • Action Item: Authors to perform surgery on the draft based on the type system decision and publish a new version.
• Multiple Verifiers:
  • Action Item: Further discussion on handling multiple verifiers should occur on the mailing list and during the open mic session on Friday

Next Steps

• CORIM: Encourage participants to review the draft and provide feedback.
• CMW:
  • Resolve the type system issue.
  • Publish a new version of the draft.
• Attester Groups: Further collaboration with the DA authors to investigate a scalability use case

Session Date/Time: 08 Nov 2024 15:30

rats

Summary

This session covered several topics related to Remote Attestation Procedures (RATS). Discussions included updates on PICS evidence, trusted confidential computing use cases (SASA), protocol considerations and a proposed wiki, and endorsements.

Key Discussion Points

• PICS Evidence (HSM Attestation): Discussion centered around the challenges of creating an ASN.1 representation of EAT claims, specifically dealing with submods and nested data structures. A key question was whether the working group requires the document to be split into two: one focused on porting EAT into DER (DWT) and another on HSM-specific attestation claims. The relationship between the PICS evidence and LAMPS CSR attestation was clarified - PICS evidence would define a payload that could be included in a CSR attestation container.
• Trusted Confidential Computing Use Case (SASA): Presented a use case highlighting Secure Access Service Edge (SASA) and its potential benefit from confidential computing. It then discussed the architectural aspects for distributing the verification function to the client for scalability, and associated challenges. Issues such as the timing of verifier inputs and consistency of trust were raised. The applicability of existing IETF Rats drafts like MPS and Epoch Markers was discussed, along with security and connection management issues.
• Protocol Considerations and Proposed Wiki: Discussion about the need for a central location to document the various protocols that may carry evidence or attestation results. A wiki was proposed as a solution. Participants offered suggestions of protocols and areas to include, such as SPDM. The distinction between architectural layers and underlying protocols was debated.
• RATS Endorsements 03: Addressed comments from working group last call. Primarily addressed security considerations raised by Carl and Kathleen, relating to trust establishment and different sources for policies. Text was moved into a dedicated security considerations section, explicitly referring to 9334 and emphasizing the binding between endorsements and trust anchors. Additionally, timeliness of endorsements was discussed and addressed.
• Security Considerations of Attested TLS: Presented concerns about the security considerations in RFC 9334, particularly related to evidence freshness, integrity, and relay attacks. Proposed specific security properties that protocols should provide. Urged that relay attacks are not present in RFC 9334.

Decisions and Action Items

• PICS Evidence: Need to take the question of splitting the document into two separate pieces to the mailing list, due to limited participation in the show of hands.
• RATS Endorsements 03: Chairs will post the updated version of the draft with the new security considerations section, kicking off a working group last call.
• Attested TLS Security Concerns: The presenter (Osama) will write a draft intended to update 9334, outlining specific security considerations, and begin discussion on the list.
• Attestation helper doc: Geary will lead on writing a helper doc, purely informational on attestation, evidence, Eve all the way from an application, complementing 9334. Will work with Osama and others offline before IETF 120.

Next Steps

• Mailing list discussion on PICS Evidence and Attested TLS Security Concerns drafts.
• Working Group Last Call on RATS Endorsements 03.
• Creation and population of the proposed RATS protocol wiki.