Quantize inputs with a session initialization phase. #307
Conversation
deeglaze
requested review from
henkbirkholz,
thomas-fossati,
yogeshbdeshpande and
nedmsmith
as code owners
deeglaze
force-pushed
the
quant
branch
2 times, most recently
from
1b28e20 to
31e0804
Compare
draft-ietf-rats-corim.md
Outdated
| During this setup phase, the Verifier populates its Appraisal Session with a consistent view of all its inputs to the Appraisal Procedure. | ||
| Inputs are various conceptual messages collected from Reference Value Providers, Endorsers, Verifier Owners, and Attesters. | ||
| Conceptual messages may include Attestation Evidence, CoMID tags {{sec-comid}}, CoSWID tags {{-coswid}}, CoBOM tags {{sec-cobom}}, and static cryptographic validation key material (including raw public keys, root certificates, intermediate CA certificate chains, and Concise Trust Anchor Stores (CoTS) {{-ta-store}}. | ||
| It is left to Verifier Policy to determine if input sources must use supply chain transparency constructs (see {{-scitt-arch}}) to track input provenance. |
There was a problem hiding this comment.
I expect the Policy to be under the complete control of the Verifier Owner.
However, auditability and traceability requirements may also be imposed by the external regulatory context.
There was a problem hiding this comment.
Verifier Policy can be to follow regulations or not. I didn't want to add speculation about this spec going to regulators as a framework.
There was a problem hiding this comment.
Understood. The thing is 9334's definition of policy is:
"A set of rules that a Verifier uses to evaluate the validity of information about an Attester."
which would make any regulatory aspects out of scope.
draft-ietf-rats-corim.md
Outdated
|
|
||
| The time at which the Verifier evaluates certificate- and tag-validity is an input. | ||
| Once the Appraisal Session inputs are collected, no more may be added to the Appraisal Session apart from one exception. | ||
| Certificate revocation status results may be collected during Phase 1, since there is no collective simultaneity of all responses. |
There was a problem hiding this comment.
OK, but this may or may not be an issue in practice. "Some" clock skew is typically taken into account when comparing time bounds during validation. I am not expecting Phase 0 and Phase 1 to be far apart enough to dwarf normal tolerances.
There was a problem hiding this comment.
Sounds like you're saying I should allow for the wall clock input to also be collected multiple times during Phase 1? I'm just trying to temper all sources of external influence on the hermeticity of an appraisal.
There was a problem hiding this comment.
I am just pointing out that creating an exception just for revocation checks to the general rule that "Phase 0 locks all inputs" is probably unnecessary. If we go without, the loss of functionality doesn't seem too big, given:
- Temporal distance between Phases 0 and 1 is likely to be (very) short, and
- Some clock skew tolerance will be in place anyway, making the boundaries between 0 and 1 even fuzzier.
There was a problem hiding this comment.
Moved the lock to be back at the end of Appraisal Context construction then.
draft-ietf-rats-corim.md
Outdated
|
|
||
| After context initialization, additional inputs are held back until appraisal processing has completed. | ||
| No inputs other than dynamically-fetched information about certificate revocation status (see {{RFC6960}}, and {{Section 4.2.1.13 of -pkix-cert}}) may be collected in Phase 1. |
There was a problem hiding this comment.
I thought the previous text was better / orthogonal to the suggested text.
| No inputs other than dynamically-fetched information about certificate revocation status (see {{RFC6960}}, and {{Section 4.2.1.13 of -pkix-cert}}) may be collected in Phase 1. | |
| After the Appraisal Context is initialized, appraisal processing is allowed to complete before new inputs are considered. |
I thought the previous text was better / orthogonal to the suggested text.
There was a problem hiding this comment.
The “allowed” worries me, since we don’t require monotonic matching conditions for profiles and mid-appraisal additions of tags can lead to inconsistent ACS results.
There was a problem hiding this comment.
Party pooper mode on. (For different reasons) I don't like either 🤣
There was a problem hiding this comment.
I've added a hermeticity subsection to describe this without any need for operational suggestions like having inputs be "held back".
draft-ietf-rats-corim.md
Outdated
|
|
||
| After context initialization, additional inputs are held back until appraisal processing has completed. | ||
| No inputs other than dynamically-fetched information about certificate revocation status (see {{RFC6960}}, and {{Section 4.2.1.13 of -pkix-cert}}) may be collected in Phase 1. |
There was a problem hiding this comment.
Party pooper mode on. (For different reasons) I don't like either 🤣
draft-ietf-rats-corim.md
Outdated
| The same Appraisal Context processed at any time MUST produce the same Attestation Results. | ||
|
|
||
| The reason to lock the inputs before Attestation Appraisal is to ensure consistent ACS construction when accounting for any profile-driven semantics. |
There was a problem hiding this comment.
Please help wordsmith this. There are obviously different levels of hermeticity and auditability that Verifier policy will impose. I don't want to require absolute determinism since that imposes a requirement on policy evaluation.
I don't like "same" since we're not prescribing any Attestation Result construction or representation, so there is no strong notion of sameness.
If we go with
| The same Appraisal Context processed at any time MUST produce the same Attestation Results. | |
| The reason to lock the inputs before Attestation Appraisal is to ensure consistent ACS construction when accounting for any profile-driven semantics. | |
| The reason to lock the inputs before Attestation Appraisal is for all Appraisal Procedure dependencies to be accounted for before interpreting them. | |
| Fully determined inputs SHOULD ensure consistent ACS construction when accounting for any profile-driven semantics. |
There was a problem hiding this comment.
I agree that the old L1906 is not 100% correct: it should probably have said instead:
The same Appraisal Context processed at any time MUST produce the same ACS.
I like the text you suggest. The only thing is we should state more strongly that what we are trying to achieve is deterministic ACS construction.
There was a problem hiding this comment.
Fully determined inputs SHOULD ensure consistent ACS construction when accounting for any profile-driven semantics.
| The same Appraisal Context processed at any time MUST produce the same Attestation Results. | |
| The reason to lock the inputs before Attestation Appraisal is to ensure consistent ACS construction when accounting for any profile-driven semantics. | |
| Given the same Appraisal Context, different Verifier appraisals MUST produce deterministic results. | |
| Verifier inputs are locked (see Phase 0) before Attestation Appraisal to ensure ACS construction is deterministic. |
Text above addresses the question of profile or policy inputs rendering non-deterministic ACS results.
draft-ietf-rats-corim.md
Outdated
| @@ -1464,6 +1463,10 @@ They are not required to use the same internal representation or evaluation orde | |||
|
|
|||
| The appraisal procedure is divided into several logical phases for clarity. | |||
|
|
|||
| + **Phase 0**: Session setup | |||
|
|
|||
| During Phase 0, the Verifier collects its set of inputs from external sources that will be used for the remainder of the Appraisal Procedure to ensure the Procedure is deterministic. | |||
There was a problem hiding this comment.
The deterministic nature is ensured by the consistency of the appraisal algorithm.
| During Phase 0, the Verifier collects its set of inputs from external sources that will be used for the remainder of the Appraisal Procedure to ensure the Procedure is deterministic. | |
| During Phase 0, the Verifier collects its set of inputs from external sources that will be used for the remainder of the Appraisal Procedure. |
There was a problem hiding this comment.
The appraisal algorithm is deterministic for the base CDDL, but profiles can define their own comparison algorithms that can be complex and have computational timeouts that lead to nondeterministic results (for example). Considering the SLSA level 4 language about hermeticity and reproducibility, we should have wording about best-effort reproducibility https://slsa.dev/spec/v0.1/requirements
If we consider a Verifier to be a "builder" of attestation results, then we can apply the same requirements whole sale.
There was a problem hiding this comment.
Hmm, even with profile-specific comparison algorithms (or other kinds of custom behaviour), successful ACS computation should be deterministic.
If computational timeouts, or other conditions that make the ACS "incomplete", happen, they must be made fully visible to the downstream appraisal policy.
There was a problem hiding this comment.
Suppose we have a profile that has unification variables that are allowed in conditions and in additions. The logic it employs for unification does not have principal types, so there are multiple incomparable correct solutions to a system of constraints. Which substitution it resolves on can be dependent on something nondeterministic like hash map iteration order. The resulting ACS is not consistently reproducible in this case, the way a compiler can choose which way it allocates registers or orders if/then/else basic blocks.
I'm not saying it's sensible, I'm saying it's not ruled out and it is very difficult to rule out. Thus a SHOULD be reproducible.
There was a problem hiding this comment.
Suppose we have a profile that has unification variables that are allowed in conditions and in additions. The logic it employs for unification does not have principal types, so there are multiple incomparable correct solutions to a system of constraints. Which substitution it resolves on can be dependent on something nondeterministic like hash map iteration order. The resulting ACS is not consistently reproducible in this case, the way a compiler can choose which way it allocates registers or orders if/then/else basic blocks.
This is an interesting observation. However, ...
I'm not saying it's sensible, I'm saying it's not ruled out and it is very difficult to rule out. Thus a SHOULD be reproducible.
... the conclusion I draw from this is that we should clearly say: "profiles MUST NOT introduce randomized behaviour."
IMO one core promise we make to downstream ACS consumers is that given the same input, a CoRIM appraiser always computes the same predictable output.
Any non-deterministic behaviour creates confusion at best, whilst in the worst case it can be used by an attacker to subvert the overall appraisal outcome.
There was a problem hiding this comment.
We've already said that certain decisions can be make by policy. Are those decisions made strictly after phase 4? If we can say phases 2, 3, and 4 must be deterministic without imposing policy burden by the way we define semantics, then I'd certainly like to make that declaration.
I don't think profiles would be introducing randomized behavior. Non-deterministic isn't necessarily random. You can have "the same" outcome by means of equivalence but not syntactic equality. When we're talking about ACS construction we're making representation choices that may be more conducive to equal outputs than something that uses, say, hash maps or algebraic constructions that represent "the same object" in multiple ways.
There was a problem hiding this comment.
We've already said that certain decisions can be make by policy. Are those decisions made strictly after phase 4?
yes
If we can say phases 2, 3, and 4 must be deterministic without imposing policy burden by the way we define semantics, then I'd certainly like to make that declaration.
👍
I don't think profiles would be introducing randomized behavior. Non-deterministic isn't necessarily random. You can have "the same" outcome by means of equivalence but not syntactic equality. When we're talking about ACS construction we're making representation choices that may be more conducive to equal outputs than something that uses, say, hash maps or algebraic constructions that represent "the same object" in multiple ways.
Got it. Then:
"profiles MUST NOT introduce non-deterministic behaviour."
There was a problem hiding this comment.
We've already said that certain decisions can be make by policy. Are those decisions made strictly after phase 4?
yes
Regardless of which phase is active, phase 0 is described as collecting all the inputs. This includes policies IMO. That is how we assert consistent behavior resulting in an ACS that is the same for different Verifiers.
There was a problem hiding this comment.
... the conclusion I draw from this is that we should clearly say: "profiles MUST NOT introduce randomized behaviour."
I agree. It also extends to policies. They can't introduce randomized behavior either. Otherwise, different Verifiers will get different ACS results.
draft-ietf-rats-corim.md
Outdated
| Selected CoRIMs are transformed into an internal representation (see {{sec-phase1-trans}}). | ||
| If CoBOMs are required by policy, the selected tags are considered *inactive*. | ||
| An *inactive* tag MUST NOT be used during the Appraisal Procedure. |
There was a problem hiding this comment.
I find this way of presenting activation/disactivation a bit puzzling.
I see the flow from undecided/unknown to either active or inactive.
It'd be probably easier to grok if we introduced an initial "unknown" state and describe the decision tree as:
flowchart TD
A[unknown] --> C{use_cobom}
C -->|true| D{is_listed}
C -->|false| E[active]
D -->|true| F[active]
D -->|false| G[inactive]
There was a problem hiding this comment.
A diagram like this would be helpful IMO.
There was a problem hiding this comment.
A diagram like this would be helpful IMO.
But maybe the diagram should be backed out of this PR until the tooling issues can be addressed. It's difficult to suggest changes when it doesn't build.
draft-ietf-rats-corim.md
Outdated
|
|
||
| This section is not applicable if the Verifier appraisal policy does not require CoBOMs. | ||
| This step can be skipped of all tags are implicitly active. |
There was a problem hiding this comment.
Doesn't read right to this non-native speeker. Did you mean s/of/if/? Or something else?
Regardless, I prefer it stupid and explicit, as it was before :-)
Unless you see a case that would not be covered using the old phrasing.
There was a problem hiding this comment.
Yes s/of/if/, typo.
draft-ietf-rats-corim.md
Outdated
| The same Appraisal Context processed at any time MUST produce the same Attestation Results. | ||
|
|
||
| The reason to lock the inputs before Attestation Appraisal is to ensure consistent ACS construction when accounting for any profile-driven semantics. |
There was a problem hiding this comment.
I agree that the old L1906 is not 100% correct: it should probably have said instead:
The same Appraisal Context processed at any time MUST produce the same ACS.
I like the text you suggest. The only thing is we should state more strongly that what we are trying to achieve is deterministic ACS construction.
draft-ietf-rats-corim.md
Outdated
| Selected CoRIMs are transformed into an internal representation (see {{sec-phase1-trans}}). | ||
| If CoBOMs are required by policy, the selected tags are considered *inactive*. | ||
| An *inactive* tag MUST NOT be used during the Appraisal Procedure. |
There was a problem hiding this comment.
A diagram like this would be helpful IMO.
draft-ietf-rats-corim.md
Outdated
|
|
||
| CoBOMs which are not within their validity period are discarded. | ||
|
|
||
| The Verifier processes all CoBOMs that are valid at the point in time of Evidence Appraisal and activates all tags referenced therein. | ||
| The Verifier processes all CoBOMs that are valid at the point in time of Evidence Appraisal. |
There was a problem hiding this comment.
Shouldn't this reflect the previous text for phase 1 where all inputs are resolved including coboms? This should be when activation happens so that the set of inputs is deterministically known before progressing to phase 2.
draft-ietf-rats-corim.md
Outdated
| The same Appraisal Context processed at any time MUST produce the same Attestation Results. | ||
|
|
||
| The reason to lock the inputs before Attestation Appraisal is to ensure consistent ACS construction when accounting for any profile-driven semantics. |
There was a problem hiding this comment.
Fully determined inputs SHOULD ensure consistent ACS construction when accounting for any profile-driven semantics.
| The same Appraisal Context processed at any time MUST produce the same Attestation Results. | |
| The reason to lock the inputs before Attestation Appraisal is to ensure consistent ACS construction when accounting for any profile-driven semantics. | |
| Given the same Appraisal Context, different Verifier appraisals MUST produce deterministic results. | |
| Verifier inputs are locked (see Phase 0) before Attestation Appraisal to ensure ACS construction is deterministic. |
Text above addresses the question of profile or policy inputs rendering non-deterministic ACS results.
draft-ietf-rats-corim.md
Outdated
| flowchart TD | ||
| A[unknown] --> C{use_cobom} | ||
| C -->|true| D{is_listed} | ||
| C -->|false| E[active] | ||
| D -->|true| F[active] | ||
| D -->|false| G[inactive] |
There was a problem hiding this comment.
It'd be nice, isn't it :-) but I don't think this will work as you expect.
- You need to tell the processor that it needs to dispatch the block to mermaid, i.e.:
| flowchart TD | |
| A[unknown] --> C{use_cobom} | |
| C -->|true| D{is_listed} | |
| C -->|false| E[active] | |
| D -->|true| F[active] | |
| D -->|false| G[inactive] | |
| ~~~mermaid | |
| flowchart TD | |
| A[unknown] --> C{use_cobom} | |
| C -->|true| D{is_listed} | |
| C -->|false| E[active] | |
| D -->|true| F[active] | |
| D -->|false| G[inactive] | |
| ~~~ |
mermaid-climust be installed both in your dev environment and the CI- Currently,
mmdcproduces SVG that doesn't makessvgcheckunhappy.
All that to say that diagramming in I-Ds is still mostly an (ASCII) art.
For more info see martinthomson/i-d-template#416
There was a problem hiding this comment.
The referenced issue does not appear to have solved the problem. Do you know if this change would work?
There was a problem hiding this comment.
I believe it wouldn't because of point 3 (i.e., mmdc not producing conformant SVG)
| ev : [ ev ] | ||
| evs : [ evs ] | ||
| ACS: ACS | ||
| extra: any |
There was a problem hiding this comment.
| extra: any | |
| ar : [ ar ] | |
| ARS: ARS |
These are defined by the internal representation but omitted from the appraisal context. Was this on purpose?
What is extra for? If it is extensibility, a future I-D can extend the model as needed and update the representation appropriately.
There was a problem hiding this comment.
Extra in actx is meant to capture implementation-specific details. I could leave it unsaid, but I don't want to make appraisal seem like it can only consider the spec's types.
There was a problem hiding this comment.
I don't think actx should contain ar or ARS since that's a phase after the ACS is fully constructed. actx should just be for processing determined-good inputs to a final ACS.
draft-ietf-rats-corim.md
Outdated
|
|
||
| Later stages will further select the CoRIMs appropriate to the Evidence Appraisal stage. | ||
| How the Verifier collects its inputs is out of scope of this document. | ||
| There will be some amount of CoRIMs and standalone tags available as inputs that make an `asession`: |
There was a problem hiding this comment.
Trying to define an internal representation for a wide variety of inputs, each having potentially vastly different representations invites unnecessary scrutiny to the internal representation. It seems sufficient to describe the session as the set of inputs (line 1770) collected within some window of time (line 1771). We don't want to try to define a session format for all these inputs IMHO and the current definition doesn't account for all these inputs.
There was a problem hiding this comment.
Okay, I'll remove the internal representation and leave the description to the prose of the Verifier Abstraction.
draft-ietf-rats-corim.md
Outdated
| These objects will be utilized in the Evidence Appraisal phase that follows. | ||
| The primary goal of this phase is to ensure that all necessary information is available for subsequent processing. | ||
| An Appraisal Session includes Verifier-specific session state as well as a collection of inputs to process. | ||
| Conceptual Messages are given explicit representation in the session. |
There was a problem hiding this comment.
This doesn't seem to be saying much. An explanation of each member of ir-appraisal-session would communicate that a session context includes an internal representation of the CMs. It likely would describe assumptions for how to populate it?
|
|
||
| Other selection criteria MAY be applied. | ||
| For example, if the Evidence format is known in advance, CoRIMs using a profile that is not understood by a Verifier can be readily discarded. | ||
| The exchange of a request for attestation appraisal for a response of Attestation Results corresponds to a single Attestation Session. |
There was a problem hiding this comment.
I'm not sure why we need to talk about Attestation Results as part of forming an appraisal context (and vetting its inputs).
There was a problem hiding this comment.
It's not. The results are produced at the end of a session. An Appraisal Context is only for getting to the end of constructing the ACS. It's a bit matryoshka doll-ish.
draft-ietf-rats-corim.md
Outdated
| During the initialization phase, the CoRIM Appraisal Context is loaded with various conceptual message inputs such as CoMID tags ({{sec-comid}}), CoSWID tags {{-coswid}}, CoBOM tags {{-cobom}}, and cryptographic validation key material (including raw public keys, root certificates, intermediate CA certificate chains), and Concise Trust Anchor Stores (CoTS) {{-ta-store}}. | ||
| These objects will be utilized in the Evidence Appraisal phase that follows. | ||
| The primary goal of this phase is to ensure that all necessary information is available for subsequent processing. | ||
| An Appraisal Session includes Verifier-specific session state as well as a collection of inputs to process. |
There was a problem hiding this comment.
| An Appraisal Session includes Verifier-specific session state as well as a collection of inputs to process. | |
| An Appraisal Session contains an Appraisal Context that contains validated inputs used by the Appraisal Procedure. |
|
I tried to build on local environment after installing mermaid-cli but still get errors. |
The text already refers to an appraisal session and an appraisal context, but they are not introduced as concepts the same way the ACS is. Add Context and Session as specific constructs that serve distinct purposes. I think the "CoRIMs are collected" text is a bit too vague, so I put all input fetching in phase 0. Validation and transformation is in phase 1. I found it weird that Evidence Collection was not part of input gathering, so I've moved it. This change clarifies the meaning of "active" and "inactive", and what "requires CoBOMs" means. It's just whether all available tags are included in the search space or only referenced ones are. A CoBOM is not a bundle of tags the way a CoRIM is. A CoBOM must reference tags that are already in the input set. It just flips them to being usable in the appraisal procedure. I did not provide CDDL for the session or context since I think that needs to be sequenced after PR#299. Signed-off-by: Dionna Glaze <[email protected]>
Also refer to CRL distribution points from RFC5280.
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Verifier Policy on its own doesn't apparently carry enough weight about its responsibilities, so I've added a note. Added Ned's Evidence Selection subsection. Added a new hermeticity subsection to describe why we freeze inputs before performing appraisal.
Includes a note about conditional endorsements needing fixed point computation since they're not ramified the way that evidence and reference values are.
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Minor editorial changes.
Co-authored-by: Yogesh Deshpande <[email protected]>
|
|
||
| ### Input Collection {#sec-phase1-collect} | ||
|
|
||
| The exchange of a request for attestation appraisal for a response of Attestation Results corresponds to a single Attestation Session. |
There was a problem hiding this comment.
| The exchange of a request for attestation appraisal for a response of Attestation Results corresponds to a single Attestation Session. | |
| A single attestation session is a period when attestation appraisal process is initiated upon Verifier receiving Evidence from Attester or Relying Party and generating the results of the Appraisal. |
Co-authored-by: Yogesh Deshpande <[email protected]>
|
|
||
| The selection process MUST yield at least one usable tag. | ||
| > The selection process MUST yield at least one usable conceptual message. |
There was a problem hiding this comment.
Need to discuss this..
Closes Issue #242
The text already refers to an appraisal session and an appraisal context, but they are not introduced as concepts the same way the ACS is. Add Context and Session as specific constructs that serve distinct purposes.
I think the "CoRIMs are collected" text is a bit too vague, so I put all input fetching in phase 0. Validation and transformation is in phase 1.
I found it weird that Evidence Collection was not part of input gathering, so I've moved it.
This change clarifies the meaning of "active" and "inactive", and what "requires CoBOMs" means. It's just whether all available tags are included in the search space or only referenced ones are. A CoBOM is not a bundle of tags the way a CoRIM is. A CoBOM must reference tags that are already in the input set. It just flips them to being usable in the appraisal procedure.
I did not provide CDDL for the session or context since I think that needs to be sequenced after PR#299.