You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-rats-reference-interaction-models.md
+6-11Lines changed: 6 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,7 @@ ipr: trust200902
10
10
area: Security
11
11
kw: Internet-Draft
12
12
cat: info
13
+
submissionType: IETF
13
14
pi:
14
15
toc: yes
15
16
sortrefs: yes
@@ -50,7 +51,6 @@ normative:
50
51
RFC7049: CBOR
51
52
RFC7252: COAP
52
53
BCP205:
53
-
RFC8610: CDDL
54
54
RFC9334: RATS
55
55
RFC9683: RIV
56
56
I-D.ietf-rats-epoch-markers: epoch-markers
@@ -82,14 +82,6 @@ informative:
82
82
The Faulkner Journal: 25.2
83
83
DOI: 10.1353/fau.2010.0002
84
84
date: 2010
85
-
TNC:
86
-
title: TCG Trusted Network Communications TNC Architecture for Interoperability
87
-
author:
88
-
- ins: TCG
89
-
name: Trusted Computing Group
90
-
seriesinfo:
91
-
Specification: Version 2.0 Revision 13
92
-
date: 2017
93
85
MQTT:
94
86
title: Message Queuing Telemetry Transport (MQTT) Version 5.0 Committee Specification 02
95
87
author:
@@ -128,6 +120,7 @@ informative:
128
120
- ins: B. Lampson
129
121
name: Butler Lampson
130
122
date: 2006
123
+
I-D.ietf-rats-endorsements: rats-endorsements
131
124
...
132
125
133
126
--- abstract
@@ -173,8 +166,9 @@ A PKIX Certificate is an X.509v3 certificate as specified by {{-X509}}.
173
166
"Remote Attestation"is a common expression often associated or connoted with certain properties.
174
167
In the context of this document, the term "Remote" does not necessarily refer to a remote entity in the scope of network topologies or the Internet.
175
168
It rather refers to decoupled systems or entities that exchange the Conceptual Message type called Evidence {{-RATS}}.
176
-
This conveyance can also be "Local", if the Verifier role is part of the same entity as the Attester role, e.g., separate system components of the same Composite Device (a single RATS entity), or the Verifier and Relying Party roles are hosted by the same entity, for example in a cryptographic key Broker system (see {{Section 6 of -RATS}} for more details.
177
-
If an entity takes on two or more different roles, the functions they provide typically reside in isolated environments that are components of the same entity. Examples of such isolated environments include a Trusted Execution Environment (TEE), Baseboard Management Controllers (BMCs), as well as other physical or logical protected/isolated/shielded Computing Environments (e.g., embedded Secure Elements (eSE) or Trusted Platform Modules (TPM)). It is useful but not necessary for readers of this document to be familiar with the Concept Data/Message flows as described in {{Section 3.1 of -RATS}} and the definition of Attestation in general as described in {{-RIV}}.
169
+
This conveyance can also be "Local", if the Verifier role is part of the same entity as the Attester role, e.g., separate system components of the same Composite Device (a single RATS entity), or the Verifier and Relying Party roles are hosted by the same entity, for example in a cryptographic key Broker system (see {{Section 6 of -RATS}} for more details).
170
+
If an entity takes on two or more different roles, the functions they provide typically reside in isolated environments that are components of the same entity.
171
+
Examples of such isolated environments include a Trusted Execution Environment (TEE), Baseboard Management Controllers (BMCs), as well as other physical or logical protected/isolated/shielded Computing Environments (e.g., embedded Secure Elements (eSE) or Trusted Platform Modules (TPM)).
178
172
179
173
# Scope and Intent
180
174
@@ -702,6 +696,7 @@ Methods to detect excessive time drift that would render Handles stale and manda
702
696
This model includes a Broker to facilitate the distribution of messages between RATS roles, such as Attesters and Verifiers.
703
697
The Broker is a trusted third party and acts as an intermediary that ensures messages are securely and reliably conveyed between involved RATS roles.
704
698
The publish-subscribe messaging pattern is widely used for communication in different areas.
699
+
An example for a publish-subscribe model with a Broker is the Message Queuing Telemetry Transport {{MQTT}}.
705
700
Unlike the *Streaming Remote Attestation without a Broker* interaction model, Attesters are not required to be aware of corresponding Verifiers.
706
701
In scenarios with large numbers of Attesters and Verifiers, the publish-subscribe pattern may reduce interdependencies and improve scalability.
0 commit comments