From c6995ab6da318e3b4d267eeb488f34ac2c3c6832 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Tue, 14 May 2024 23:42:31 -0400 Subject: [PATCH 1/3] Debug update issues for KME and Henk's latest edits --- draft-moriarty-attestationsets.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-moriarty-attestationsets.md b/draft-moriarty-attestationsets.md index 47526d2..7ec1adb 100644 --- a/draft-moriarty-attestationsets.md +++ b/draft-moriarty-attestationsets.md @@ -3,7 +3,7 @@ v: 3 title: Scalable Remote Attestation for Systems, Containers, and Applications abbrev: SRASCA -docname: draft-moriarty-attestationsets-latest +docname: draft-moriarty-rats-posture-assessment-latest cat: std consensus: yes submissiontype: IETF @@ -19,8 +19,8 @@ venue: type: "Working Group" mail: "rats@ietf.org" arch: https://mailarchive.ietf.org/arch/browse/rats/ - github: aj-stein-nist/draft-moriarty-attestationsets - latest: https://aj-stein-nist.github.io/draft-moriarty-attestationsets/draft-moriarty-attestationsets.html + github: kme/draft-moriarty-attestationsets + latest: https://kme.github.io/draft-moriarty-attestationsets/draft-moriarty-attestationsets.html author: - name: Kathleen M. Moriarty From 29d4d1c38b3855d1e9c631d53ed0aa37a394cc9a Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Tue, 14 May 2024 23:57:04 -0400 Subject: [PATCH 2/3] Rename draft as intended, remove whitespace --- ...estationsets.md => draft-moriarty-rats-posture-assessment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename draft-moriarty-attestationsets.md => draft-moriarty-rats-posture-assessment.md (99%) diff --git a/draft-moriarty-attestationsets.md b/draft-moriarty-rats-posture-assessment.md similarity index 99% rename from draft-moriarty-attestationsets.md rename to draft-moriarty-rats-posture-assessment.md index 7ec1adb..9f8af06 100644 --- a/draft-moriarty-attestationsets.md +++ b/draft-moriarty-rats-posture-assessment.md @@ -78,7 +78,7 @@ This document describes a method to use existing attestation formats and protoco By way of example, the Center for Internet Security (CIS) hosts recommended configuration settings to secure operating systems, applications, and devices in CIS Benchmarks developed with industry experts. Attestations aligned to the CIS Benchmarks or other configuration guide such as a DISA STIG could be used to assert the configuration meets expectations. This has already been done for multiple platforms to demonstrate assurance for firmware according to NIST SP 800-193, Firmware Resiliency Guidelines [FIRMWARE]. In order to scale remote attestation, a single attestation for a set of benchmarks or policies being met with a link to the verification logs from the local assessments, is the evidence that may be sent to the verifier and then the relying party. -On traditional servers, assurance to NIST SP 800-193 is provable through attestation from a root of trust (RoT), using the Trusted Computing Group (TCG) Trusted Platform Module (TPM) chip and attestation formats. However, this remains local and one knows the policies and measurements have been met if other functions that rely on the assurance are running. +On traditional servers, assurance to NIST SP 800-193 is provable through attestation from a root of trust (RoT), using the Trusted Computing Group (TCG) Trusted Platform Module (TPM) chip and attestation formats. However, this remains local and one knows the policies and measurements have been met if other functions that rely on the assurance are running. At boot, policy and measurement expectations are verified against a set of "golden policies" from collected evidence and are verified to meet expected values. Device identity and measurements can also be attested at runtime. The attestations on evidence (e.g. hash of boot element) and verification of attestations are typically contained within a system and are limited to the control plane for management. From 791b76232a490ad3c027f2f94eebd9221f3a4fd7 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Wed, 15 May 2024 00:03:36 -0400 Subject: [PATCH 3/3] Update `latest` URL with new full I-D `docname` --- draft-moriarty-rats-posture-assessment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-moriarty-rats-posture-assessment.md b/draft-moriarty-rats-posture-assessment.md index 9f8af06..78e7f04 100644 --- a/draft-moriarty-rats-posture-assessment.md +++ b/draft-moriarty-rats-posture-assessment.md @@ -20,7 +20,7 @@ venue: mail: "rats@ietf.org" arch: https://mailarchive.ietf.org/arch/browse/rats/ github: kme/draft-moriarty-attestationsets - latest: https://kme.github.io/draft-moriarty-attestationsets/draft-moriarty-attestationsets.html + latest: https://kme.github.io/draft-moriarty-attestationsets/draft-moriarty-rats-posture-assessment.html author: - name: Kathleen M. Moriarty