**Session Date/Time:** 17 Mar 2025 06:00

# rats

## Summary

This meeting covered several key topics related to Remote Attestation ProcedureS (RATS), including conceptual message wrappers (CMW), measured component manifests, concise reference integrity manifests (Corim), P-Kix key attestation, reference interaction models, evidence transformations, mud-based rats resource discovery, and eat attestation results.  The group discussed progress on existing drafts, open issues, extensibility, and potential for adoption or working group last call.

## Key Discussion Points

*   **Conceptual Message Wrappers (CMW):**
    *   Discussion on the CMW claim and whether it's too coarse-grained for use with the IT (Information Token) framework. Lawrence suggested defining a series of claims in the format of the CMW for specific purposes and dropping the CMW claim from the draft.
    *   Debate over the IDP CMW extension and its use in tunneling a CMW into X.509 certificates. Some participants suggested dropping the extension entirely due to privacy concerns and its open-ended nature.
*   **Measured Component Manifest:**
    *   Discussion on extensibility with the addition of a "flex" attribute, its size, and alternative designs involving JSON or CBOR. The question revolved around the size constraint and the potential for richer, more complex information in the extension area.
    *   Adding security version numbers (SVNs) was discussed, and a decision was deferred to the GitHub issue tracker.
    *   Compatibility with the Trusted Computing Group's canonical event log was raised.
*   **Concise Reference Integrity Manifest (Corim):**
    *   Updates on progress and adoption across organizations and standards bodies. The request was made for wider reviews and ideally to proceed to a working group last call.
    *   Discussion of mandatory to implement (MTI) vs. optional to implement (OTI) triples and the use of Corim in other contexts, such as bundling multiple profiles using CMWs.
*   **P-Kix Key Attestation:**
    *   Explanation of the problem domain: assertions about protection properties of application keys for hardware and software operating within PKI applications.
    *   Introduction of the "presenter" role, distinct from the existing RATS architecture. Usama highlighted some terminology inconsistencies.
*   **Reference Interaction Models:** Soliciting the working group to move to a working group last call
*   **Yang Module for Remote Attestation Evidence Conveyance and Network Subscription** moving to working group last call.
*   **Evidence Transformations:**
    *   Explanation of transforming existing evidence formats, like SPDM, into a consistent internal representation. Thomas raised the question on the scope of which evidence formats to consider.
    *   Adoption consideration with broad industry interest being expressed.
*   **Mud-Based RATS Resource Discovery:**
    *   Discovery of attestation resources through MADs (Manufacturer Usage Description).
    *   Exploring the feasibility of eat being a MAD file.
*   **Eat Attestation Results:**
    *   Presenting the EAT profile for Attestation Results (EAR) based on R4C (Result Format for Claims). Michael (Richards) expressed the need for adoption.

## Decisions and Action Items

*   **CMW:**
    *   Decide on the open issues on the mailing list.
    *   Start a second working group last call when ready.
*   **Measured Component Manifest:**
    *   Sort out extensibility based on the feedback from Hank and Karsten.
    *   Decide on the SVN topic and proceed to working group last call.
    *   Monty volunteered to compare the design of this to the TCG canonical event log and to report back.
*   **Corim:**
    *   Michael and Monty committed to reviewing the document by April 15th.
    *   Initiate working group last call after these reviews.
*   **P-Kix Key Attestation:**
    *   Mike to continue developing the draft with collaboration with Kathleen.
*   **Reference Interaction Models:** Initiating working group last call following review.
*   **Yang Module for Remote Attestation Evidence Conveyance and Network Subscription:** Initiating two week working group last call.
*   **Evidence Transformations:**
    *   Adopt the draft.
    *   Hank and Steve Seffert, David Sefford and Mimi will participate if focus goes to TPM-based solutions.
*   **Mud-Based RATS Resource Discovery:**
    *   Continue discussion of where this work can be done on the mailing list. Author to progress to a 0-1 version based on WG direction from list.
*   **Eat Attestation Results:**
    *   Adopt the eardraft.

## Next Steps

*   Address open issues for CMW on the mailing list.
*   Address the extension attributes for Measured Components draft.
*   Reviews of Corim to be completed by April 15th.
*   Continue design work for P-Kix Key Attestation and clarify the role of the presenter.
*   Progress the working group last calls for the identified drafts.
*   Continue discussion on the mailing list for Mud-Based Resource Discovery.