Minor edits to Input Validation #355
Conversation
Signed-off-by: Steven Bellock <[email protected]>
steven-bellock
requested review from
henkbirkholz,
thomas-fossati,
yogeshbdeshpande and
nedmsmith
as code owners
draft-ietf-rats-corim.md
Outdated
|
|
||
| As a second example, in PSA {{-psa-token}} the verification public key is looked up in the appraisal context using the `ueid` claim found in the PSA claims-set. | ||
| If found, COSE Sign1 verification is performed accordingly. | ||
|
|
||
| Regardless of the specific integrity protection method used, the Evidence's integrity MUST be validated successfully. | ||
| Regardless of the specific integrity protection method used, the Evidence's integrity MUST be validated successfully else the Verifier MUST NOT proceed to the next stage. |
There was a problem hiding this comment.
Evidence that doesn’t pass signature verification should not be admitted as evidence, but it should be up to policy whether one piece of evidence should spoil the bunch, when it comes to composite attesters.
There was a problem hiding this comment.
Good point. I will reword that.
draft-ietf-rats-corim.md
Outdated
| @@ -1823,7 +1823,7 @@ Any CoRIM that has been secured by a cryptographic mechanism, such as a signatur | |||
| Other selection criteria MAY be applied. | |||
| For example, if the Evidence format is known in advance, CoRIMs using a profile that is not understood by a Verifier can be readily discarded. | |||
|
|
|||
| The selection process MUST yield at least one usable tag. | |||
| The selection process MUST yield at least one usable tag else the Verifier MUST NOT proceed to the next stage. | |||
There was a problem hiding this comment.
I think this requirement should be removed actually. There are cases where you verify evidence purely through policy and no corims. You just trivially go from phase 1 to phase 5
There was a problem hiding this comment.
and no corims.
Since this directive is in the CoRIM specification it's valid to assume there's always a CoRIM.
There was a problem hiding this comment.
For the theory of operation, I still don’t think halting is right. You can be prepared for corims and have none available while still wanting to advance in the appraisal pipeline
Signed-off-by: Steven Bellock <[email protected]>
Signed-off-by: Steven Bellock <[email protected]>
Co-authored-by: Andrew Draper <[email protected]>
Co-authored-by: Andrew Draper <[email protected]>
|
@nedmsmith & @andrew-draper : We were awaiting your review, we had this discussed during the CoRIM Meeting on 08th Jan 2025. |
No description provided.