Should RVPs be able to set RVs for Endorsements

[nedmsmith]

Normally, an RVP mints RVs that are applied to Evidence (only). The question is raised whether it is meaningful if an RVP could also mint RVs for Endorsements.

Note: It is possible for an Endorser to endorse another Endorser's Claims using conditional endorsements so long as the condition expressions are permitted to use possible state expressions.

The current spec is silent. That is to say, the cmtype of the condition ECT is not specified.

[deeglaze]

If cosigning endorsements is always an endorsement, can we say that a conditional endorsement can have optional additions, such that the meaning is just to add the CoRIM issuer's authority to the condition environment/measurement as an endorsement cmtype, or is that too punny?

[nedmsmith]

can we say that a conditional endorsement can have optional additions, such that the meaning is just to add the CoRIM issuer's authority

I believe all forms of endorsement triples allow this already. Even if the condition included authorized-by (used for matching). The addition wouldn't include the matched authority. Even if the addition included authorized-by, that would represent something else in the internal representation than authority.

[nedmsmith]

environment/measurement as an endorsement cmtype

Maybe I'm not following? The triple's predicate determines its cmtype. Otherwise, the cmtype is known to the Verifier as the various inputs are accepted and validated (phase 0 / 1), even if the inputs aren't expressed as CoMID triples. The output from processing an Endorsement triple is still an endorsement. This is true even when an endorsement condition searches over Evidence, corroborated RVs, or other Endorsements.

The question can be recast in terms for whether there is something like "corroboration" for Endorsements. Given the purpose of corroboration is to convert reference state into actual state, applying this to endorsements seems unnecessary since endorsements are defined to be actual state already.

The subtlety may be that for RVs, the totality of the inputs represents more Evidence states than are present in an ACS. While for Endorsement, the conditions describe a search space that is restricted to an Attester's actual states (even though the search may include corroborated RVs and other Endorsements).

I think this means that for RV processing, there's an outer loop of RVs (reference states) that is applied to an inner loop that iterates over the ACS entries.

[yogeshbdeshpande]

@nedmsmith : I am confused with the term in the original text of this Issue: I repeat below for seeking clarification, if I mis-understood??

Normally, an RVP mints RVs that are applied to Evidence (only). The question is raised whether it is meaningful if an RVP could also mint RVs for Endorsements.

As per RATS Architecture, RV's are items to be compared to Evidence Claims coming from the Attester.

Let us not conflate the term RV to mean measurements for Endorsements as there is no Attester Claims to Compare it to?

Are you referring Endorsements of the Supplied Endorsements? meaning chaining of Endorsements or Possible Multiple Signers of Same Endorsements? This is possible and we have mechanism in place to supply mutiple linked Endorsements.

Could you please shed more light on the intent of this issue?

[deeglaze]

There is a thin philosophical difference between reference value and endorsement that is tested in real deployments.
Say there's a PPID in a PCK cert for a TDX quote that a cloud provider signs a conditional endorsement for. If PPID == x, then CSP_ID = "Yours truly". This certificate is made available to the guest with a local metadata server. The guest then sends that cert with its own TDX quote as a CMW containing evidence and endorsement.

Now I come along and say the only CSP_ID value I want to trust is "My basement". That seems like a reference value for an endorsement. I fail to see the distinction.

[yogeshbdeshpande]

Please refer to section 8.3 of RFC 9334:

• Reference Values

Reference Values used in appraisal procedures come from a Reference Value Provider and are then used by the Verifier to compare to Evidence. Reference Values with matching Evidence produce acceptable Claims. Additionally, an appraisal policy may play a role in determining the acceptance of Claims.

[nedmsmith]

Reference Values used in appraisal procedures come from a Reference Value Provider and are then used by the Verifier to compare to Evidence.

RFC9334 didn't intend this statment to be exclusive of other possibilities. If your point is that since 9334 didn't specifically mention the other possiblities, that other possibilities are out of scope or somhow improper, that wasn't the original intention.

There is a thin philosophical difference between reference value and endorsement

The current spec text describes "corroboration" as between CM types for Evidence and Reference Values. It is silent on whether Reference Value could be used to corroborate Endorsement CM type.

It is clearly the intent of conditional endorsement to constrain a set of states (in the ACS) to a smaller set of states (possibly not already in the ACS). It may be a philisophical question as to whether this isn't also a form of "corroboration". But we haven't chosen to describe it that way. I don't know that it matters though.

The original question is whether the spec should describe "corroboration" as something that applies to Endorsement CM type ECTs in the ACS. A use case for this might be that a vendor wants to restrict the range of FIPS ratings to a smaller set than is possible. They might use a RV to restrict the FIPS list of published products that received some sort of FIPS rating.

[yogeshbdeshpande]

I agree that a Verifier may choose to do augmented Matching of Endorsement to fetch richer Endorsements, in its Data Base.

We should not stop this. However calling these Endorsements (used for search criterion ) as Reference Values is out of touch and out of context.

In the Verifier Internals we have Matching Condition which may keep changing as we iterate through from Ev-RV Pair to further up!

[nedmsmith]

In the Verifier Internals we have Matching Condition

I'm saying the only difference internally between an RV match on evidence and an RV match on endorsement is the type of ECT that's used. There's no technical reason why an RV match couldn't be applied to endorsement ECTs. Both Evidence and Endorsement ECTs are actual state.

[nedmsmith]

The current text says:

For each rv entry, the condition ECT is compared with an ACS ECT, where the ACS ECT cmtype contains evidence.

Revised text might say:
"For each rv entry, the condition ECT is compared with an ACS ECT, where the ACS ECT cmtype contains evidence or endorsement