RATS Agenda Wed, Nov 8th

Room: Berlin 3/4

09:30 - 11:30 local time (CET)
Time zone: GMT+2

09:30 - 09:35 Agenda Bash & Logistics

(5 min) WG Chairs - Nancy Cam-Winget, Kathleen Moriarty, Ned Smith

09:40 - 09:55 CoRIM

(15 min) Yogesh Deshpande

CoRIM group meets every week in a (sort-of) design team meeting.

Hannes: the reason why introduce the new concept -- CoBOM, why not use
the existing SBOM artifacts.

Henk: using CBOR for CoBOM is for the decreasing the complexity and size
for the large amount softwares on variety hardwares. CoBOM is useful
when the supply chain information are very complex, as a contained for
manifest and reference to all of them within a structure.

Hannes: you use CBOR to compress all the SBoM information? Whis is the
reason to do this?

Henk: CBOR is not only for saving size, but also has other benefits. For
example, it allows the verifier to look into individual values of the
CBOR structure. This is not possible with JSON.

Kathleen: Would this fit more with SCITT? It seems to be pulling
together supply chain details, but I need to read the draft.

Yogesh: ?

Nancy: You need a better explanation of why the CoBOM is needed and why
it is in RATS and not in SCITT.

Yogesh: It is not a mandatory feature. The design team will work on

09:35 - 09:40 UCCS - WGLC

(5 min) Henk Birkholz

Laurence: EAT has been through IESG review and it will soon go to the
RFC Editor. I don't want to be delayed by UCCS.

Henk: Do you have a normative reference?

Laurence: No. We did this intentionally. The same for media type. I want
to be clear about my intention.

Ned: Does it make sense to re-enter WGLC?

Henk: I don't care. I don't think it is necessary.

Kathleen: I suggest an extension of the WGLC by 2 weeks.

Henk: Carsten be helping.

Thomas: Can we bundle this with the WGLC for EAT media types?

Ned+Nancy: It is not on the agenda.

Ned: Will discuss this during open mike time. (Note: the meeting ended
before this item could be considered, the follow up discussion will
occur on the RATS list )

09:55 - 10:05 Endorsements - Adoption Call

(10 min) Dave Thaler

Dave goes through his slides. He points out that there is currently an
open issue regarding a comment from Laurence about how key attestation
is verified. Currently, this is called "identity" and Laurence said that
this term is confusing.

Usama: I don't mind calling it an identity. In any case, the verifier
needs to have a public key as an endorsement. But agree that this will
not delay the WG adoptation.

Dave accepts text suggestions.

Nancy asked whether people had read the draft: 14 yes / 14 no

Nancy asked whether the draft should be adopted: 22 yes / 0 no

Chairs: A confirmation will follow on the mailing list.

10:05 - 10:10 Conceptual Message Wrapper - Adoption Call / WGLC

(5 min) Thomas Fossati

Hannes: this is a harmonized document for the message structure for
different protocols, so is useful. suggest new guys to review.

Nancy asked whether people had read the draft: 10 yes / 20 no

Nancy asked whether the draft should be adopted: 18 yes / 0 no

Chairs: A confirmation will follow on the mailing list. The WGLC will
not be considered until adoption is finalized.

10:10 - 10:15 Epoch Markers - Adoption Call

(5 min) Henk Birkholz

Henk goes through his slide deck.

Dave noted that the discussion at the last IETF meeting indicated that
this work should be done in the COSE working group. Have you asked the
COSE working group?

Henk: No, I had a conflict.

Hannes: Is the protocol specified somewhere for distributing the epoch
values, as explained in Appendix A of RFC 9334?

Henk: No, but it is easy to define. You could use any protocol that
defines EAT, such as TEEP.

Hannes: TEEP does not use epoch-based freshness.

Nancy: to help Henk reach out to COSE for review and assessment to adopt
at COSE.

Chairs: Offered to reach out to COSE chairs to facilitate determination
of which WG this belongs in.

10:15 - 10:20 Attestation Sets - Adoption Call

(5 min) Kathleen Moriarty

Kathleen goes through her slide deck.

Thomas: In the CC we have a governmance SIG and this high-level
aggregation work is highly relevant for their work. I will introduce you
to the chair of the group - he would be a good co-author. I don't
understand the distribution of the roles in the architecture and
therefore I cannot tell whether it is in scope of the group.

Thomas goes on in summarizing his understanding of the draft. Where
would you stick the claims you define? In something that is put into the
attestation result or into something that is produced by the relying

Henk: As a TCG chair hat on, what do you mean by "local attestation"?
Where does this term come from?

Kathleen: local vs. remote?

Henk: I am not in the TCG and when I consulted with the people in the
TCG the concept was discussed and it is still needed.

Kathleen: Local means "on the system itself".

Henk: We can discuss it on the list.

Nancy: Should we have a next step?

Kathleen: It would be good to know how many people have read the draft.
I believe there is a big need for this document.
The industry will keep moving.

Nancy asked whether people had read the draft: 10 yes / 18 no

Nancy asked whether the draft should be adopted: 8 yes / 5 no

Nancy: If you map it to the terminology, you might get a different

Kathleen: I will also reach out to the CC group.

10:20 - 10:35 X.509 Evidence

(15 min) Mike Ounsworth

Mike goes though his slides and reports from the work of the LAMPS
design team, which already produced draft-ietf-lamps-csr-attestation.
Design team consists of HSM vendors.

Is RATS the right group?

Is someone interested in joining the design team or the author list?

Henk: The FIPS claims are endorsements.

Mike: I can talk about evidence because I can do the test to demonstrate
the FIPS properties.
I agree that there is also an endorsement, which is outside the scope of
this docu

Henk: I would like to contribute

Monty: Very excited about this work. Will very much contribute.

Usama: You write that this for TEEs. HSMs are not TEEs.

Hannes clarifies that the use of the TEEP language.

Usama: I disagree with the TEEP terminology.

Dave: We did demos several years ago. It is great. I support this but
have not time to co-author. Our demo was the TEE use case. I think it is
applicable to TEEs.

Laurence: You are defining a few new claims. Have you looked at the DLO
claim in EAT.

Mike: This gets to the comment from Henk about endorsments vs. evidence.

Laurence: I see. This is more like a bootseed. Do we expand the CWT
registry to support other formats. How do we track the claims?

Mike: I don't care. This group of HSM vendors did not want to use
anything other than

Laurence: I think this is "claim jumping".

Brendan: You answered your question. I brought an ASN.1 SUIT manifest to

Mike: It is a time argument.

Nancy asked whether people had read the draft: 12 yes / 18 no

Nancy: I struggle whether is RATS or LAMPS

Mike: RATS defines the content of the evidence and LAMPS the CSR parts.

Dave: I agree

Do the participants believe the RATS WG should work on this draft: 20
yes / 0 no

Nancy: I would like to see more feedback on the list.

10:35 - 10:50 Formal specification of attestation in Confidential Computing

(15 min) Muhammad Usama Sardar

Usama went through his slide deck and points out that there have been
security problems with remote attestation in CC. Hence, it is important
to use formal methods to analyse the technology.

10:50 - 11:30 Open Mic

(40 min)

Chairs: Open Mic was cancelled due to lack of time.