# RATS Agenda Monday July 25th - Session I   {#rats-agenda-monday-july-25th---session-i}

Room: Independence C

Time zone: EDT (UTC+4), 2 hrs

**10:00 - 10:05 Agenda Bash & Logistics**  
 (5 min) WG Chairs - Nancy Cam-Winget (NCW), Kathleen Moriarty (KM), Ned
Smith (NS)

**10:05 - 10:08 Event Stream Subscription Summary**  
 (3 min) Eric Voit (EV) - (draft-ietf-rats-network-device-subscription) 

 EV: Architecture draft is stable. EAT is sufficiently stable. Should be
ready for WGLC in the next months (assuming Sec Cons can be done). No
real reviews in last 6 months, but more reviews are welcome.  
 Henk Birkholz (HB): Reviews done for YANG, but some tooling issues.  
 NCW: Suggestion to trigger YANG review

**10:08 - 10:11 AR4SI Summary**  
 (3 min) Eric Voit - (draft-ietf-rats-ar4si)  
 EV: Spec is progressing. Stabilizing terminology based on Confidential
Compute Consortium (CCC). Will update draft afterwards  
 Continuing dialog with EAT drafts, including security level. Agreed to
include new hardware types that map to types driving EAT draft.   
 NCW: Have there been substantive comments recently?  
 EV: Mainly overlaps with EAT draft more recently.  
 HB: Will request review from CCC.   
 Dave Thaler (DT): Request to summarize the use of profiles. EV
response: Profile may not be required in AR4SI draft, as claims
definitions will not change.  
 Laurence Lundblade (LL):- Profile will not change semantics of claims.
EV response: Context of claim can change meaning.  
 HB: The AR4SI claims will never be used in attestation evidence.  
EV response: noded in agreement.  
**10:11 - 10:14 Architecture Summary**  
 (3 min) Dave Thaler, Michael Richardson -
(draft-ietf-rats-architecture)  
 DT: SVG refinements, addressing AD review in latest version of draft.
No technical changes.   
 DT: Passport model pending from AD review. Needed clarification on what
Attester does with Attestation Results. It is meant to cover caching of
AR.  
 Roman Danyliw(RD): Perhaps add text that states that evidence can be
passed without validation. <-- DT should fact check how this is captured

 In summary: conceptual messages are produced and consumed by the
defined roles. Conceptual messages can also passed forward (similar to
routing) by RATS roles (and potentially non-RATS roles), which a
different thing than producing and consuming. Additional text in Section
5 can address that issues  
 Thomas Hardjono (TH): Conveyance as a general term has to put into
relation to the procedures of producing and consuming conceptual
messages.  
 DT: next step is AD review after these edits?  
 RD: Yes, AD review and then IETF Last Call

**10:14 - 10:24 EAT** (draft-ietf-rats-eat)  
 (10 min) Laurence Lundblade  
 LL: Summary of changes between draft -013 and -014. Reorg. of claims
sections, addition of SBOM claims. Several sections moved to appendix
resulting in document core being reduced. Measurement results claim was
reworked. Base (example) profile introduced. UCCS definition removed and
replaced with CDDL socket.  
 HB: Request to correct text where SW manifest is listed as evidence in
the current EAT draft (it cannot be evidence)  
 LL: Relationship between evidence and attestation results has been
clarified in current test.   
 LL: more work in queue.Security considerations need work, please send
comments. Need to address comments on Intro and Abstract.
Clarifications, etc. still need to be addressed.   
 LL: Possible minor improvements: Nonces-- should EAT accomodate
timestamp-based freshness in the arch? Should we add a standard profile
for JSON, since we do for CBOR?  
 EV: What is the resolution of endorsement conveyance in EAT? e.g. sec
levels.  
 Giri Mandyam (GM): Endorsements as defined in the TCG may not be
applicable to EAT  
 KM: Chairs will be compiling a list of open issues that we can't get
concensus on, help close out this document.

**10:24 - 10:34 EAT Media Types** (draft-lundblade-rats-eat-media-type)
Adoption Call  
 (10 min) Thomas Fossati, Laurence Lundblade, Henk Birkholz  
 Thomas Fossati (TF): new media type created for each EAT bundle. 6 new
media types in total.  
 TF: Media type parameter also defined for profiles. Primarily for
API/middleware and application routing servers.  
 Giri Mandyam (GM): would it be better to disguise the attestation in a
more generic media type?  
 TF: Interesting idea. Need more deployment experiementation to figure
out when that might be the case.  
 GM: maybe consider for the security considerations  
 DT: TEEP has a dependency on this document. If this could be expidited,
that would be ideal. If this will take a long time, or not be adopted,
TEEP will need a different path.  
 NC: Need to confirm on mail list  
 NS: Need more reviewers, too

**10:34 - 10:44 CoRIM** (draft-birkholz-rats-corim) Adoption Call  
 (10 min) Thomas Fossati, Henk Birkholz, Yogesh Deshpande  
 TF: Requesting adoption. Endorsements and referece values were not
really in scope of original charter, but is not in scope of revised
charter.  
 TF: Ver. -03 published. Open source tooling available. Protocol
extensions and app. profiles (e.g. PSA endorsements) starting to appear.

 DT: Will not object to adoption for reference values, but not convinced
this is useful for endorsements. EAT format may be more appropriate for
endorsements.  
 HB: MS Azure team implementing DICE has provided positive feedback.  
 NCW: Request for MS to provide that feedback on the mailing list as a
review.

**10:44 - 10:59 Concise TA Stores**
(draft-wallace-rats-concise-ta-stores)  
 (15 min) Carl Wallace  
 Carl Wallace (CW): Command line tool included in the repo to create
structures as per the spec. Driving use case is to expand the inputs to
verifiers without expanding single trust verifiers. Decided to extend
CORIM for this specification, not a profile. Trust anchors are uniquely
identified and a purpose field defines required claims. Trust anchors
have 3 formats incl. .509 and raw key. Re-uses COSE envelope for
security. Use of this feature in verifiers will be left for a separate
document.  
 DT: Need for configuring trust anchors is more broad than attestation.
RATS may not be best WG. CW response: Wanted to extend CORIM, so chose
RATS WG.  
 KM: Is CoSWID being adopted? CW response: FIDO approach is to
constrained, so a different data format is necessary. KM follow-up: May
Center for Internet Security could conduct a survey on ID usage  
 HB: Regarding CoSWID, SPDX now has a pointer to it. It will be a part
of CoRIM. CW response: CoSWID is clearing final hurdles for
standardization.  
 RD: Will there be format agility. CW response: May add extensibility
points.   
 NCW: Can call for interest on mailing list. Will help to determine
whether RATS is best place for spec.

**10:59 : 11:09 EAT Collection Type** (draft-frost-rats-eat-collection) 

 (10 min) Simon Frost  
 Simon Frost (SF): Proposal for top-level extension to EAT object. May
not be a single signer.  
 SF: Each entry must have its own integrity defined. Draft -01 released,
with more on sec cons. Request for adoption.  
 TF: New media type will be required.  
 LL: EAT submods or EAT DEB cannot address what is being addressed by
collections. Nested tokens where one token is attesting to another is
not handled in EAT.  
 Nancy: Will solicit more reviews on the mailing list prior to adoption.

**11:09 - 12:00 Open Mic**  
 (51 min)  
 KM: Attestation Sets draft is targeting a new revision prior to IETF
115  
 DT: TEEP allows for negotiation of freshness mechanisms. Getting back
to Henk's suggestion of freshness registry, should identifiers be
defined by a RATS or TEEP. Proposal is for reference interaction models
is proposed. Could be also specified in EAT profile as opposed to
protocol handshake.   
 GM: 3 freshness mechanisms in EAT; would be concerned with registry
that extends this. Protocols that use CWT for more than just attestation
should be addressed if a freshness registry is used.  
 LL: Why are we negotiating freshness without cipher suites? DT
response: TEEP protocol actually does this.  
 DT: PSA Token profile already constrains nonce. This would be an
example of what can be included in registry.  
 HB: Interaction models are already providing a framework for freshness
mechanism negotiation.  
 HB: Still working on next draft of DAA spec. Near ready for WGLC.  
 NCW: recap of previous AI's. May have an interim meeting.