-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Account for multiplicity in conditional endorsements #277
base: multiplicity
Are you sure you want to change the base?
Conversation
A conditional endorsement series is about a target environment plus additional state expectations that lead to further endorsements. I removed the undefined CBOR tag around multiple measuremnt-maps since array and map have different CBOR major tags and a custom tag is not required. Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
; endorsed values that apply in case revf matches | ||
endv: measurement-values-map | ||
endv: [ + mkeyvalue-pair ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
endv: [ + mkeyvalue-pair ] | |
endv: [ + measurement-map] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't want to have authorized-by in the endorsed values, since it is not meaningful here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not true, Endorsements or Reference Values, all should support Authority!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, authority in a measurement-map in a CoRIM represents a condition. Authority in a measurement-map in an ECT represents actual authorities that signed the information. For any added measurement, the only authority is the CoRIM issuer. Given that the triple has already given two other positions for stating an authority condition, it doesn't make sense for the endv to have its own conditionality semantics.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand your point, however, this has a deeper implications.
By not providing a source of Authority for Added Endorsements in the triple, has implications.
It means the supplier of Endorsements has to have an implicit authority of CoRIM Signer.
It cannot inherit the Authority from RefValue provider Authority as they may not be the same!
Which implies, that for a Env with ClassID : X, with FW running from Authority coming from FW Supplier PQR (in RefVal), the Test House is vouching for its Endorsements.
It is fine to have CoRIM as a single source of Authority in this case, in most of the cases, so we can start with that.
I was thinking as Authority is optional
retaining it will provide, the flexibility to introduce endorsements coming from different authority, For an Environement, like for FW Element -1 : Authority X, FW Element 2: Authority Y
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only integrity protection you can ensure is who signed the information. #244 affirms that authorized-by is a condition, and not part of an addition. If it's not part of the condition and is actual addition, we need to have a triple signed by the delegate that the CoRIM issuer is authorized to sign on its behalf. I don't think we should do that though. You generally do that with PKI certificate paths.
Please express your example in terms of the conditional series triple so I may understand.
measurement-maps-type-choice = measurement-map / [ + measurement-map ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We agreed with Ned's PR that is optionality is not required!
Is there an issue that this PR links to so that reviewers can know the problem statement that motivates this PR? If we think there are use cases that can't be supported by the current triple it would be helpful to characterize them. If the goal is to create a series triple that is more generalized, then we should start with the internal representation.
Since the ECT can be mapped to the external representation readily, the CDDL for a revised series triple should be relatively straight forward. |
issue #288 tracks the discussion! |
A conditional endorsement series is about a target environment plus additional state expectations that lead to further endorsements.
I removed the undefined CBOR tag around multiple measuremnt-maps since array and map have different CBOR major tags and a custom tag is not required.