Markdown Version | Session Recording

Session Date/Time: 17 Mar 2025 06:00

rats

Summary

This meeting covered several key topics related to Remote Attestation ProcedureS (RATS), including conceptual message wrappers (CMW), measured component manifests, concise reference integrity manifests (Corim), P-Kix key attestation, reference interaction models, evidence transformations, mud-based rats resource discovery, and eat attestation results. The group discussed progress on existing drafts, open issues, extensibility, and potential for adoption or working group last call.

Key Discussion Points

• Conceptual Message Wrappers (CMW):
  • Discussion on the CMW claim and whether it's too coarse-grained for use with the IT (Information Token) framework. Lawrence suggested defining a series of claims in the format of the CMW for specific purposes and dropping the CMW claim from the draft.
  • Debate over the IDP CMW extension and its use in tunneling a CMW into X.509 certificates. Some participants suggested dropping the extension entirely due to privacy concerns and its open-ended nature.
• Measured Component Manifest:
  • Discussion on extensibility with the addition of a "flex" attribute, its size, and alternative designs involving JSON or CBOR. The question revolved around the size constraint and the potential for richer, more complex information in the extension area.
  • Adding security version numbers (SVNs) was discussed, and a decision was deferred to the GitHub issue tracker.
  • Compatibility with the Trusted Computing Group's canonical event log was raised.
• Concise Reference Integrity Manifest (Corim):
  • Updates on progress and adoption across organizations and standards bodies. The request was made for wider reviews and ideally to proceed to a working group last call.
  • Discussion of mandatory to implement (MTI) vs. optional to implement (OTI) triples and the use of Corim in other contexts, such as bundling multiple profiles using CMWs.
• P-Kix Key Attestation:
  • Explanation of the problem domain: assertions about protection properties of application keys for hardware and software operating within PKI applications.
  • Introduction of the "presenter" role, distinct from the existing RATS architecture. Usama highlighted some terminology inconsistencies.
• Reference Interaction Models: Soliciting the working group to move to a working group last call
• Yang Module for Remote Attestation Evidence Conveyance and Network Subscription moving to working group last call.
• Evidence Transformations:
  • Explanation of transforming existing evidence formats, like SPDM, into a consistent internal representation. Thomas raised the question on the scope of which evidence formats to consider.
  • Adoption consideration with broad industry interest being expressed.
• Mud-Based RATS Resource Discovery:
  • Discovery of attestation resources through MADs (Manufacturer Usage Description).
  • Exploring the feasibility of eat being a MAD file.
• Eat Attestation Results:
  • Presenting the EAT profile for Attestation Results (EAR) based on R4C (Result Format for Claims). Michael (Richards) expressed the need for adoption.

Decisions and Action Items

• CMW:
  • Decide on the open issues on the mailing list.
  • Start a second working group last call when ready.
• Measured Component Manifest:
  • Sort out extensibility based on the feedback from Hank and Karsten.
  • Decide on the SVN topic and proceed to working group last call.
  • Monty volunteered to compare the design of this to the TCG canonical event log and to report back.
• Corim:
  • Michael and Monty committed to reviewing the document by April 15th.
  • Initiate working group last call after these reviews.
• P-Kix Key Attestation:
  • Mike to continue developing the draft with collaboration with Kathleen.
• Reference Interaction Models: Initiating working group last call following review.
• Yang Module for Remote Attestation Evidence Conveyance and Network Subscription: Initiating two week working group last call.
• Evidence Transformations:
  • Adopt the draft.
  • Hank and Steve Seffert, David Sefford and Mimi will participate if focus goes to TPM-based solutions.
• Mud-Based RATS Resource Discovery:
  • Continue discussion of where this work can be done on the mailing list. Author to progress to a 0-1 version based on WG direction from list.
• Eat Attestation Results:
  • Adopt the eardraft.

Next Steps

• Address open issues for CMW on the mailing list.
• Address the extension attributes for Measured Components draft.
• Reviews of Corim to be completed by April 15th.
• Continue design work for P-Kix Key Attestation and clarify the role of the presenter.
• Progress the working group last calls for the identified drafts.
• Continue discussion on the mailing list for Mud-Based Resource Discovery.