You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-rats-reference-interaction-models.md
+6-11Lines changed: 6 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,7 @@ ipr: trust200902
10
10
area: Security
11
11
kw: Internet-Draft
12
12
cat: info
13
+
submissionType: IETF
13
14
pi:
14
15
toc: yes
15
16
sortrefs: yes
@@ -50,7 +51,6 @@ normative:
50
51
RFC7049: CBOR
51
52
RFC7252: COAP
52
53
BCP205:
53
-
RFC8610: CDDL
54
54
RFC9334: RATS
55
55
RFC9683: RIV
56
56
I-D.ietf-rats-epoch-markers: epoch-markers
@@ -81,14 +81,6 @@ informative:
81
81
The Faulkner Journal: 25.2
82
82
DOI: 10.1353/fau.2010.0002
83
83
date: 2010
84
-
TNC:
85
-
title: TCG Trusted Network Communications TNC Architecture for Interoperability
86
-
author:
87
-
- ins: TCG
88
-
name: Trusted Computing Group
89
-
seriesinfo:
90
-
Specification: Version 2.0 Revision 13
91
-
date: 2017
92
84
MQTT:
93
85
title: Message Queuing Telemetry Transport (MQTT) Version 5.0 Committee Specification 02
94
86
author:
@@ -127,6 +119,7 @@ informative:
127
119
- ins: B. Lampson
128
120
name: Butler Lampson
129
121
date: 2006
122
+
I-D.ietf-rats-endorsements: rats-endorsements
130
123
...
131
124
132
125
--- abstract
@@ -172,8 +165,9 @@ A PKIX Certificate is an X.509v3 certificate as specified by {{-X509}}.
172
165
"Remote Attestation"is a common expression often associated or connoted with certain properties.
173
166
In the context of this document, the term "Remote" does not necessarily refer to a remote entity in the scope of network topologies or the Internet.
174
167
It rather refers to decoupled systems or entities that exchange the Conceptual Message type called Evidence {{-RATS}}.
175
-
This conveyance can also be "Local", if the Verifier role is part of the same entity as the Attester role, e.g., separate system components of the same Composite Device (a single RATS entity), or the Verifier and Relying Party roles are hosted by the same entity, for example in a cryptographic key Broker system (see {{Section 6 of -RATS}} for more details.
176
-
If an entity takes on two or more different roles, the functions they provide typically reside in isolated environments that are components of the same entity. Examples of such isolated environments include a Trusted Execution Environment (TEE), Baseboard Management Controllers (BMCs), as well as other physical or logical protected/isolated/shielded Computing Environments (e.g., embedded Secure Elements (eSE) or Trusted Platform Modules (TPM)). It is useful but not necessary for readers of this document to be familiar with the Concept Data/Message flows as described in {{Section 3.1 of -RATS}} and the definition of Attestation in general as described in {{-RIV}}.
168
+
This conveyance can also be "Local", if the Verifier role is part of the same entity as the Attester role, e.g., separate system components of the same Composite Device (a single RATS entity), or the Verifier and Relying Party roles are hosted by the same entity, for example in a cryptographic key Broker system (see {{Section 6 of -RATS}} for more details).
169
+
If an entity takes on two or more different roles, the functions they provide typically reside in isolated environments that are components of the same entity.
170
+
Examples of such isolated environments include a Trusted Execution Environment (TEE), Baseboard Management Controllers (BMCs), as well as other physical or logical protected/isolated/shielded Computing Environments (e.g., embedded Secure Elements (eSE) or Trusted Platform Modules (TPM)).
177
171
178
172
# Scope and Intent
179
173
@@ -701,6 +695,7 @@ Methods to detect excessive time drift that would render Handles stale and manda
701
695
This model includes a Broker to facilitate the distribution of messages between RATS roles, such as Attesters and Verifiers.
702
696
The Broker is a trusted third party and acts as an intermediary that ensures messages are securely and reliably conveyed between involved RATS roles.
703
697
The publish-subscribe messaging pattern is widely used for communication in different areas.
698
+
An example for a publish-subscribe model with a Broker is the Message Queuing Telemetry Transport {{MQTT}}.
704
699
Unlike the *Streaming Remote Attestation without a Broker* interaction model, Attesters are not required to be aware of corresponding Verifiers.
705
700
In scenarios with large numbers of Attesters and Verifiers, the publish-subscribe pattern may reduce interdependencies and improve scalability.
0 commit comments