Trustworthiness Claim enumeration for configuration, needs to be extended #17
Comments
|
Hi Yogesh,
Thanks very much for the proposal. What do you think about the following tweak?:
36: Elements of the configuration relevant to security are unavailable to the Verifier
Eric
From: Yogesh Deshpande ***@***.***>
Sent: Tuesday, January 24, 2023 5:16 AM
To: ietf-rats-wg/draft-ietf-rats-ar4si ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [ietf-rats-wg/draft-ietf-rats-ar4si] Trustworthiness Claim enumeration for configuration, needs to be extended (Issue #17)
As per the latest draft of AR4SI, specific Trustworthiness Claim for configuration is as under:
0: No assertion
1: Verifier cannot parse unexpected Evidence.
-1: Verifier malfunction
2: The configuration is a known and approved config.
3: The configuration includes or exposes no known vulnerabilities.
32: The configuration includes or exposes known vulnerabilities.
96: The configuration is unsupportable as it exposes unacceptable security vulnerabilities.
99: Cryptographic validation of the Evidence has failed.
However, there could be a use case where the Verifier is not aware of
a specific Attester Configuration. So it cannot say anything concrete about the
specific configuration.
Hence we propose, we add another enumeration example below:
36: The configuration is unknown to the Verifier
—
Reply to this email directly, view it on GitHub <#17> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADPW7IHMARDRK44CBHVND5TWT6TULANCNFSM6AAAAAAUE4OCOU> .
You are receiving this because you are subscribed to this thread. <https://github.com/notifications/beacon/ADPW7IHKOT2WOELX27MQVVTWT6TULA5CNFSM6AAAAAAUE4OCOWWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHFZKVOCI.gif> Message ID: ***@***.*** ***@***.***> >
|
|
@ericvoit Thanks for a quick reply. I am happy with your proposal. 36: Elements of the configuration relevant to security are unavailable to the Verifier is perfectly fine! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As per the latest draft of AR4SI, specific Trustworthiness Claim enumeration for configuration is as under:
0: No assertion
1: Verifier cannot parse unexpected Evidence.
-1: Verifier malfunction
2: The configuration is a known and approved config.
3: The configuration includes or exposes no known vulnerabilities.
32: The configuration includes or exposes known vulnerabilities.
96: The configuration is unsupportable as it exposes unacceptable security vulnerabilities.
99: Cryptographic validation of the Evidence has failed.
However, there could be a use case where the Verifier is not aware of
a specific Attester Configuration. So it cannot say anything concrete about the
specific configuration.
Hence we propose, we add another enumeration example below:
36: The configuration is unknown to the Verifier
The text was updated successfully, but these errors were encountered: