You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -619,7 +620,11 @@ This binding provides a proof of synchronization that MUST be included in all pr
619
620
This model provides proof that Evidence generation happened after the Handle generation phase.
620
621
The Verifier can always determine whether the received Evidence includes a fresh Handle, i.e., one corresponding to the current Epoch.
621
622
622
-
### Handle Lifecycle and Propagation Delays
623
+
### Handle Lifecycle and Propagation Delays {#handle-lifecycle-and-propagation-delays}
624
+
625
+
The term "uni-directional" refers to individual conveyance channels: one from the Handle Distributor to the Attester, and one from the Attester to the Verifier.
626
+
Together, they establish an attestation loop without requiring request/response exchanges.
627
+
This model does not assume that Verifiers broadcast Handles, as such a setup would require Verifiers to take on the Handle Distributor role and undermine the separation of duties between these roles.
623
628
624
629
The lifecycle of a handle is a critical aspect of ensuring the freshness and validity of attestation Evidence.
625
630
When a new handle is generated by the Handle Distributor, it effectively supersedes the previous handle.
@@ -643,8 +648,10 @@ To manage this complexity, it is essential to define a clear policy for handle v
643
648
Implementing these measures will help mitigate the risks associated with the handle lifecycle, particularly in environments where propagation delays are significant.
644
649
This careful management ensures that the integrity and trustworthiness of the attestation process are maintained.
645
650
646
-
While periodically pushing Evidence to the Verifier, the Attester only needs to generate and convey evidence generated from Claim values that have changed and new Event Log entries since the previous conveyance.
647
-
These updates reflecting the differences are called "delta" in the sequence diagram above.
651
+
While periodically pushing Evidence to the Verifier, the Attester only needs to generate and convey updates since the previous conveyance.
652
+
These updates, referred to as "delta" in the sequence diagrams, are not limited to net changes of Claim values.
653
+
They MUST include all state changes detected since the previous conveyance, even if values later revert to their prior state.
654
+
For example, if an Attester goes through a sleep or hibernation cycle and a Claim value changes and then reverts, both transitions MUST be reported to the Verifier as soon as possible after resuming operation.
648
655
649
656
Effectively, the Uni-Directional model allows for a series of Evidence to be pushed to multiple Verifiers simultaneously.
650
657
Methods to detect excessive time drift that would mandate a fresh Handle to be received by the Handle Distributor as well as timing of Handle distribution are out-of-scope of this document.
@@ -738,6 +745,9 @@ Handles provided by a specific subscribing Verifier MUST be used in Evidence gen
738
745
The streaming model without a Broker uses the same information elements as the Challenge/Response and the Uni-Directional model.
739
746
Methods to detect excessive time drift that would render Handles stale and mandate a fresh Handles to be conveyed via another subscribe operation are out-of-scope of this document.
740
747
748
+
If Evidence or delta Evidence repeatedly fails to verify, a Verifier may terminate the subscription.
749
+
The detailed mechanisms for unsubscribe and re-subscribe are protocol-specific and out of scope for this document; for example, subscription lifecycle management is defined in {{-rats-network-device-subscription}}.
750
+
741
751
### Streaming Remote Attestation with a Broker {#streaming-with-broker}
742
752
743
753
This model includes a Broker to facilitate the distribution of messages between RATS roles, such as Attesters and Verifiers.
@@ -881,6 +891,8 @@ Exactly as in the Challenge/Response and Uni-Directional interaction models, the
881
891
In the Publish-Subscribe model above, the Attester publishes Evidence to the topic "AttEv" (= Attestation Evidence) on the PubSub server, to which a Verifier subscribed before.
882
892
The PubSub server notifies Verifiers, accordingly, by forwarding the attestation Evidence.
883
893
Although the above diagram depicts only full attestation Evidence and Event Logs, later attestations may use "deltas' for Evidence and Event Logs.
894
+
The definition of delta Evidence is provided in {{handle-lifecycle-and-propagation-delays}}.
895
+
884
896
Verifiers appraise the Evidence and publish the Attestation Result to topic "AttRes" (= Attestation Result) on the PubSub server.
0 commit comments