You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-rats-reference-interaction-models.md
+9Lines changed: 9 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -615,11 +615,19 @@ One example of a specific handle representation is {{-epoch-markers}}.
615
615
616
616
In the Uni-Directional model, handles are composed of cryptographically signed trusted timestamps as shown in {{-TUDA}}, potentially including other qualifying data.
617
617
The Handles are created by an external trusted third party (TTP) -- the Handle Distributor -- which includes a trustworthy source of time, and takes on the role of a Time Stamping Authority (TSA, as initially defined in {{-TSA}}).
618
+
In some deployments, a Verifier may obtain a Handle from the Handle Distributor and forward it to an Attester.
619
+
While feasible if the Handle can be authenticated (e.g., an Epoch Marker with a verifiable timestamp), this indirection introduces additional latency for the Attester and can make freshness semantics harder to appraise.
620
+
Therefore, direct distribution of Handles from the Handle Distributor to Attesters is the recommended approach.
621
+
618
622
Timestamps created from local clocks (absolute clocks using a global timescale, as well as relative clocks, such as tick-counters) of Attesters and Verifiers MUST be cryptographically bound to fresh Handles received from the Handle Distributor.
619
623
This binding provides a proof of synchronization that MUST be included in all produced Evidence.
620
624
This model provides proof that Evidence generation happened after the Handle generation phase.
621
625
The Verifier can always determine whether the received Evidence includes a fresh Handle, i.e., one corresponding to the current Epoch.
622
626
627
+
The term "uni-directional" refers to the individual conveyance channels: one from the Handle Distributor to the Attester, and one from the Attester to the Verifier.
628
+
Together, they establish the attestation loop without requiring request/response exchanges.
629
+
This model does not assume that Verifiers broadcast Handles, as such a setup would require Verifiers to take on the Handle Distributor role and undermine the separation of duties between these roles.
630
+
623
631
### Handle Lifecycle and Propagation Delays
624
632
625
633
The lifecycle of a handle is a critical aspect of ensuring the freshness and validity of attestation Evidence.
@@ -631,6 +639,7 @@ To manage this complexity, it is essential to define a clear policy for handle v
631
639
632
640
* *Handle Expiry*:
633
641
Each handle should have a well-defined expiration time, after which it is considered invalid.
642
+
An Attester that is aware of the expiration time MUST NOT send Evidence with an expired handle.
634
643
This expiry must account for expected propagation delays and be clearly communicated to all entities in the attestation process.
0 commit comments