Shepherd writeup for draft-ietf-rats-yang-tpm-charra and
This publication request covers two related drafts for enabling Remote
Attestations on devices that contain TPMs: -
draft-ietf-rats-tpm-based-network-device-attest: is submitted to be published
as an informational RFC as it describes the profile or workflow for affecting a
TPM based remote attestation - draft-ietf-rats-yang-tpm-charra: is submitted to
be published as a standards RFC as it defines the Yang Data model for enabling
a challenge-response remote attestation using TPMs As the
draft-ietf-rats-tpm-based-network-device-attest provides an overview and
guidance for affecting TPM based remote attestations it depends on the
draft-ietf-rats-yang-tpm-charra draft; as such, they are submitted together
with their intended status also indicated in their title page headers.
2. Document Announcement Write-up
A Yang RPCs and configuration nodes are defined in
draft-ietf-rats-yang-tpm-charra (aka “charra”) to facilitate the retrieval of
attestation evidence about integrity measurements from a device on TPM based
devices. The workflow and guidance for enabling remote integrity verifications
on these TPM based devices are further described in
Working Group Summary:
These documents were one of the first set of adopted and working group
documents, with salient discussions to mature both specifications. In
addition, the “charra” draft received both early and WGLC Yang doctor review to
ensure it was following appropriate norms and conventions all comments received
have been addressed.
Both documents are well written and has gone through working group review as
well as external (TCG participant) reviews. The YANG module definitions have
gone through both early and WGLC Yang doctor review.
Nancy Cam-Winget is the Document Shepherd
Roman Danyliw is the responsible Area Director
(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for
publication, please explain why the document is being forwarded to the IESG. I
have reviewed both documents throughout the comment review period and reached
out to the Yang Doctors mail list to solicit review and follow up. At this
time, both documents have received solid review with all comments addressed,
some interoperability implementations have also occurred to mature the document
to its current state. I believe the documents are now ready for publication.
(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed? No.
(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place. The only
review needed was for the Yang modules which has been reviewed by both the
working group as well as the Yang Doctors representative (Mahesh Jethanandani).
(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should be
aware of? For example, perhaps he or she is uncomfortable with certain parts of
the document, or has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated that it still
wishes to advance the document, detail those concerns here. No concerns.
(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed. If not, explain why? All authors for
draft-ietf-rats-tpm-based-network-device-attest have asserted no knowledge of
IPR. The main authors for the draft-ietf-rats-yang-tpm-charra have disclosed
that they are not aware of any IPR issues; one of the authors (Frank Xia) has
since moved on from focusing on this document and has not responded.
(8) Has an IPR disclosure been filed that references this document? If so,
summarize any WG discussion and conclusion regarding the IPR disclosures. No
disclosures for either drafts have been filed.
(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it? There was strong consensus that
both of these drafts are ready for publication.
(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
If so, please summarise the areas of conflict in separate email messages to the
Responsible Area Director. (It should be in a separate email because this
questionnaire is publicly available.) No.
(11) Identify any ID nits the Document Shepherd has found in this document.
(See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist).
Boilerplate checks are not enough; this check needs to be thorough. There are 4
warnings in draft-ietf-rats-tpm-based-network-device-attest-08 : these are due
to document referencing an array that the idnits tool is confusing as a
reference. The document also includes informative references to drafts that
are still under construction and thus the revisions are not updated.
There are 3 errors in draft-ietf-rats-yang-tpm-charra-10.txt : as the document
includes references to the network device attestation draft that is being
requested to publish at the same time. It is also referencing an informational
draft (the RATS Architecture) which is continuously being revised and has also
completed WGLC and should be going to IESG for publication request soon.
(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, YANG Doctor, media type, and URI type reviews. The
draft-ietf-rats-tpm-based-network-device-attest does not have any such
requirements. The draft-ietf-rats-yang-tpm-charra has undergone YANG Doctor
review both prior to WGLC and as part of the WGLC, comments were received and
addressed in both reviews. The datatracker tools shows lint errors that is
actually due to a bug in Yanglint itself for which a ticket was opened
(https://github.com/CESNET/libyang/issues/1674) and resolved with the note that
the yangvalidator is still using an older version of yanglint.
(13) Have all references within this document been identified as either
normative or informative? Yes.
(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative references
exist, what is the plan for their completion? These two drafts are being
packaged together as the “network device attestation” draft is a profile guide
for affecting remote attestations using the “CHARRA” draft, so there are
references to these drafts that can be addressed as they’re packaged together.
They also reference the draft-ietf-rats-architecture and
draft-ietf-rats-reference-interaction-models which are informational drafts
that may not push to publication until the standards based specifications (such
as “CHARRA”) mature and publish first; this was the working group’s decision to
ensure that the RATs overview for how components “fit” (e.g. in the
architecture) and how they flow together (e.g. interaction model) go together.
(15) Are there downward normative references references (see RFC 3967)? If so,
list these downward references to support the Area Director in the Last Call
procedure. There are two drafts, one of which is interdependent and is packaged
to publish at the same time (e.g.
draft-ietf-rats-tpm-based-network-device-attest) . The second draft,
draft-ietf-rats-architecture has also completed WGLC and is expected to go to
IESG request to publish sometime soon.
(16) Will publication of this document change the status of any existing RFCs?
Are those RFCs listed on the title page header, listed in the abstract, and
discussed in the introduction? If the RFCs are not listed in the Abstract and
Introduction, explain why, and point to the part of the document where the
relationship of this document to the other RFCs is discussed. If this
information is not in the document, explain why the WG considers it
(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes are
associated with the appropriate reservations in IANA registries. Confirm that
any referenced IANA registries have been clearly identified. Confirm that newly
created IANA registries include a detailed specification of the initial
contents for the registry, that allocations procedures for future registrations
are defined, and a reasonable name for the new registry has been suggested (see
RFC 8126). I have reviewed the request for IANA assignments that they look to
comply with both the XML (RFC3688) and Yang parameter registries (RFC 6020).
(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find useful in
selecting the IANA Experts for these new registries. The registry requests are
for the XML namespace for TPM based remote attestation and its crypto
(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, YANG modules, etc. I have performed both the
IDNits and the Yang verification tools and provided my findings.
(20) If the document contains a YANG module, has the module been checked with
any of the recommended validation tools
(https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
formatting validation? If there are any resulting errors or warnings, what is
the justification for not fixing them at this time? Does the YANG module comply
with the Network Management Datastore Architecture (NMDA) as specified in
RFC8342? The Yang Doctor (Mahesh) has done a thorough review, the “charra”
draft actually found a bug in the lint tool for which a ticket was opened. I
have run https://yangcatalog.org/yangvalidator/validator against the draft and
see no errors.