Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates to Reference Value and Endorsed Values #170

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Updates to Reference Value and Endorsed Values #170

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions cddl/update-record.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
update-triple-record = [
&(subj: 0) => $subject-type-choice
& (mval: 1) => [+measurement-values-map] ; object of the update
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why call it mval if it means "object"?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because that is triple speak? If not, that's a good question.

? &(authorized-by: 2) => [ + $crypto-key-type-choice ]
&(action: 3) => $update-action-type-choice
]

$subject-type-choice /= [+environment-map] ; One or more environment that comprise the subject
$subject-type-choice /= [+stateful-environment-record] ; One or more stateful-environments that comprise the subject

$update-action-type-choice /= add ; The new triple causes a new revision identified by measurement-values-map , to be simply updated/added in Verifier
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The semantics are unclear. Does it mean if the sub statement (with authority authorized-by) matches a statement in the ACS, the object mval modifies the object statements for all the triples named in the sub statement?

Note: If the goal is to replace the triple that matched, including the parts used for matching, then the object seems insufficient (as it needs to replace the environment / stateful environment). Alternatively, a two-step approach could work, where an x-triple removes the triple to be updated and a new triple is added. Note, this operation should be done atomically since the matching condition in the x-triple represents the state / justification for adding the updated triple.
I'm generally concerned that applying an update will cause indeterminate behavior depending on the sequence in which these triples are applied because endorsement triples also depend on the ACS state. These triples might have to be re-processed in order to get the intended (correct) stateful outcome.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nedmsmith : The goal of $update-action-type-choice /= add is NOT to remove anything from the Verifier, but to increment.

However, as we are using a common update-triple for any Reference Value and Endorsed Value we have two options:

(a) Specify what is that is been updated by specifying the type - RefVal/EndVal/CondEnd pertaining to the Subject

(b) Rely on the Supply Chain to exactly issue the same triple (like RefVal Triple) OR an EndVal Triple with the new &(action: 3) => $update-action-type-choice and
indicate whether it is an ADD or a REPLACE

Choice:
Option-a: Verifier matches subj and based on the type attaches the new triple to the same subj

Option - b: is Neater but implies modifying every triple where we need an update, to set the action

I would request we focus on the intent of the action and then agree whether to go with option a or option b

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would request we focus on the intent of the action and then agree whether to go with option a or option b

Maybe this part of the discussion should happen in issue #171 since the conclusion would affect the PR definition.

$update-action-type-choice /= replaces ; The triple overwrites pre-existing reference-values/endorsements for the subject identified by $subject-type-choice
8 changes: 8 additions & 0 deletions cddl/x-triples-record.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
x-ref-endors-triple-record = [
&(subj: 0) => $subject-type-choice
& (mval: 1) => [+measurement-values-map]
&(reason: 2) => $reason-type-choice
]

$reason-type-choice /= obsolete
$reason-type-choice /= insecure
19 changes: 19 additions & 0 deletions draft-ietf-rats-corim.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1249,6 +1249,25 @@ applies to all measurements in the triple, including those in `measurement-value
{::include cddl/conditional-endorsement-triple-record.cddl}
~~~

#### Update Triple {#sec-update-triple-rec}
During supply chain lifecycle it is often necessary that the Verifier Reference-Values or Endorsed Values for a subject needs an update. The below semantics provides a generic mechanism to allow update to existing Reference-Values and Endorsed-Values.

The CDDL below, provides a schema that describes the update flow.

~~~ cddl
{::include cddl/update-record.cddl}
~~~

#### X-Triples {#sec-x-triple-rec}
For the Supply Chain Systems where only incremental updates are possible, it is essential that obsolete or security vulnerable Reference Values and/or Endorsed Values must be removed using x-ref-endor-triple-record.

The CCDL below, provides schema for remving Reference Values and/or Endorsed Values from a Verifier.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The CCDL below, provides schema for remving Reference Values and/or Endorsed Values from a Verifier.
The CCDL below, provides a schema for removing Reference Values and/or Endorsed Values from a Verifier.


~~~ cddl
{::include cddl/x-triples-record.cddl}
~~~


## Extensibility {#sec-extensibility}

The base CORIM schema is described using CDDL {{-cddl}} that can be extended
Expand Down