You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-rats-reference-interaction-models.md
+4-10Lines changed: 4 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,7 @@ ipr: trust200902
10
10
area: Security
11
11
kw: Internet-Draft
12
12
cat: info
13
+
submissionType: IETF
13
14
pi:
14
15
toc: yes
15
16
sortrefs: yes
@@ -50,7 +51,6 @@ normative:
50
51
RFC7049: CBOR
51
52
RFC7252: COAP
52
53
BCP205:
53
-
RFC8610: CDDL
54
54
RFC9334: RATS
55
55
RFC9683: RIV
56
56
I-D.ietf-rats-epoch-markers: epoch-markers
@@ -80,14 +80,6 @@ informative:
80
80
The Faulkner Journal: 25.2
81
81
DOI: 10.1353/fau.2010.0002
82
82
date: 2010
83
-
TNC:
84
-
title: TCG Trusted Network Communications TNC Architecture for Interoperability
85
-
author:
86
-
- ins: TCG
87
-
name: Trusted Computing Group
88
-
seriesinfo:
89
-
Specification: Version 2.0 Revision 13
90
-
date: 2017
91
83
MQTT:
92
84
title: Message Queuing Telemetry Transport (MQTT) Version 5.0 Committee Specification 02
93
85
author:
@@ -126,6 +118,7 @@ informative:
126
118
- ins: B. Lampson
127
119
name: Butler Lampson
128
120
date: 2006
121
+
I-D.ietf-rats-endorsements: rats-endorsements
129
122
...
130
123
131
124
--- abstract
@@ -167,7 +160,7 @@ A PKIX Certificate is an X.509v3 certificate as specified by {{-X509}}.
167
160
In the context of this document, the term "Remote" does not necessarily refer to a remote entity in the scope of network topologies or the Internet.
168
161
It rather refers to decoupled systems or entities that exchange the Conceptual Message type called Evidence {{-RATS}}.
169
162
This conveyance can also be "Local", if the Verifier role is part of the same entity as the Attester role, e.g., separate system components of the same Composite Device (a single RATS entity), or the Verifier and Relying Party roles are hosted by the same entity, for example in a cryptographic key Broker system.
170
-
If an entity takes on two or more different roles, the functions they provide typically reside in isolated environments that are components of the same entity. Examples of such isolated environments include a Trusted Execution Environment (TEE), Baseboard Management Controllers (BMCs), as well as other physical or logical protected/isolated/shielded Computing Environments (e.g., embedded Secure Elements (eSE) or Trusted Platform Modules (TPM)). It is useful but not necessary for readers of this document to be familiar with the Concept Data/Message flows as described in {{Section 3.1 of -RATS}} and the definition of Attestation in general as described in {{-RIV}}.
163
+
If an entity takes on two or more different roles, the functions they provide typically reside in isolated environments that are components of the same entity. Examples of such isolated environments include a Trusted Execution Environment (TEE), Baseboard Management Controllers (BMCs), as well as other physical or logical protected/isolated/shielded Computing Environments (e.g., embedded Secure Elements (eSE) or Trusted Platform Modules (TPM)). It is useful but not necessary for readers of this document to be familiar with the Concept Data/Message flows as described in {{Section 3.1 of -RATS}} and the definition of Attestation in general as described in {{-RIV}}. For the example of Evidence generation, it is also useful to be familiar the fact that Attesting Environment are layered (see {{turtles}} and Figure 1 in {{Section 2.1 of -rats-endorsements}}) and that the initial Attesting Environment ("layer 0") requires Endorsement from a trusted third party.
171
164
172
165
# Scope and Intent
173
166
@@ -697,6 +690,7 @@ Methods to detect excessive time drift that would render Handles stale and manda
697
690
This model includes a Broker to facilitate the distribution of messages between RATS roles, such as Attesters and Verifiers.
698
691
The Broker is a trusted third party and acts as an intermediary that ensures messages are securely and reliably conveyed between involved RATS roles.
699
692
The publish-subscribe messaging pattern is widely used for communication in different areas.
693
+
An example for a publish-subscribe model with a Broker is the Message Queuing Telemetry Transport {{MQTT}}.
700
694
Unlike the *Streaming Remote Attestation without a Broker* interaction model, Attesters are not required to be aware of corresponding Verifiers.
701
695
In scenarios with large numbers of Attesters and Verifiers, the publish-subscribe pattern may reduce interdependencies and improve scalability.
0 commit comments