MEC Endorsements #174
MEC Endorsements #174
Conversation
henkbirkholz
requested review from
thomas-fossati,
yogeshbdeshpande and
nedmsmith
as code owners
| conds: [ + condition-triple-record ] | ||
| actions: [ + stateful-environment-record ] |
There was a problem hiding this comment.
IIRC we agreed this would be the other way round, i.e.: the condition expressed in terms of a bunch of stateful-environments, the "actions" as EMTs.
There was a problem hiding this comment.
Maybe. Let's fix that nit in the next call.
cddl/condition-triple-record.cddl
Outdated
| condition-triple-record = [ | ||
| environment-map | ||
| measurement-map | ||
| ] |
There was a problem hiding this comment.
this needs to be explicitly added to the CDDL fragments' list to be visible
There was a problem hiding this comment.
Until we resolve the discussion on grouping / appraisal context, the scope of the condition-triple-record is (possibly) ambiguous as the condition scope could, in principal, refer to EMTs from a different appraisal context from the context in which the action is to be applied.
There was a problem hiding this comment.
so I thought.... actually fixed in c261262
draft-ietf-rats-corim.md
Outdated
| * `env`: the environment to which the endorsed value (conditionally) applies | ||
| * `ends`: the endorsed value(s) associated with `env` |
There was a problem hiding this comment.
these two should be dropped
There was a problem hiding this comment.
addressed in f553dd3
Co-authored-by: Thomas Fossati <tho.ietf@gmail.com>
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org> Co-authored-by: Thomas Fossati <thomas.fossati@linaro.org> Co-authored-by: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
draft-ietf-rats-corim.md
Outdated
|
|
||
| The order in which MEC Endorsement triples are evaluated is important: different sorting may produce different end-results in the computed ACS. | ||
|
|
||
| Therefore, the set of applicable MEC Endorsement triple MUST be topologically sorted based on the criterion that a MEC Endorsement triple is evaluated before another if its Target Environment and Endorsement pair is found in any of the stateful environments of the second triple. |
There was a problem hiding this comment.
I have a feeling that there might be some edge cases where a verifier needs the ability to use a more complex algorithm than topological sorting.
Would it be better to make this a SHOULD?
There was a problem hiding this comment.
there must be no ambiguity in the processing rules.
If there are cases where topo-sorting is not the unique criterion (or a completely different criterion is used) we need to describe the steps clearly.
Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
draft-ietf-rats-corim.md
Outdated
|
|
||
| Notes: | ||
|
|
||
| * In order to give the expected result, the condition must describe the expected context completely. |
There was a problem hiding this comment.
This note makes me think about a lot of different questions:
- Is there a case where other conditions might partly describe the expected context?
- What problems occur if the CoRIM author chooses to only partly describe the context?
- Why is this triple different from other triples, for example conditional-endorsement-triple-record?
There was a problem hiding this comment.
This note makes me think about a lot of different questions:
- Is there a case where other conditions might partly describe the expected context?
- What problems occur if the CoRIM author chooses to only partly describe the context?
- Why is this triple different from other triples, for example conditional-endorsement-triple-record?
Agree 100% on your last point, we need to make edits to optimise and only put forward one triple, instead of these two which are effectively singular and plural instances of doing the same thing!
There was a problem hiding this comment.
This note makes me think about a lot of different questions:
- Is there a case where other conditions might partly describe the expected context?
hmm, what kind of implicit matching are you thinking of?
- What problems occur if the CoRIM author chooses to only partly describe the context?
You'd get false positives.
- Why is this triple different from other triples, for example, conditional-endorsement-triple-record?
This is a superset of conditional-endorsement-triple-record. As such, it makes the other redundant, at a small increase in the serialisation cost.
The "series" one is a bit of a different beast: it does some sort of short-circuited OR, so in terms of condition-matching rules it's substantially different.
draft-ietf-rats-corim.md
Outdated
| Notes: | ||
|
|
||
| * In order to give the expected result, the condition must describe the expected context completely. | ||
| * The scope of a single MEC triple encompasses an arbitrary amount of environments across all layers in an Attester. |
There was a problem hiding this comment.
| * The scope of a single MEC triple encompasses an arbitrary amount of environments across all layers in an Attester. | |
| * A single MEC triple can be used to make an endorsement conditional on multiple environments across layers or in different modules. |
Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
Co-authored-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
Co-authored-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
cddl/condition-triple-record.cddl
Outdated
| condition-triple-record = [ | ||
| environment-map | ||
| measurement-map | ||
| ] |
There was a problem hiding this comment.
Until we resolve the discussion on grouping / appraisal context, the scope of the condition-triple-record is (possibly) ambiguous as the condition scope could, in principal, refer to EMTs from a different appraisal context from the context in which the action is to be applied.
draft-ietf-rats-corim.md
Outdated
| Notes: | ||
|
|
||
| * In order to give the expected result, the condition must describe the expected context completely. | ||
| * The scope of a single MEC triple encompasses an arbitrary amount of environments across all layers in an Attester. |
There was a problem hiding this comment.
The implication of a scope that covers all grouping / appraisal contexts is the EMT expressions must have some aspect that is globally unique (at least within the expected scope). EMT scope should be described as part of the EMT construction and not as a footnote to a particular triple construction.
There was a problem hiding this comment.
The implication of a scope that covers all grouping / appraisal contexts is the EMT expressions must have some aspect that is globally unique (at least within the expected scope). EMT scope should be described as part of the EMT construction and not as a footnote to a particular triple construction.
See Issue #176
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
The MEC-E part of #168 including a new record type for the conditions.