RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 9334, "Remote ATtestation procedureS (RATS) Architecture", January 2023

Source of RFC: rats (sec)

Errata ID: 7314
Status: Reported
Type: Technical
Publication Format(s) : PDF

Reported By: Muhammad Usama Sardar
Date Reported: 2023-01-20

Throughout the document, when it says:

Several. Please see notes 

It should say:

Several. Please see notes 


There are various ambiguities in the RATS architecture. The text is not always clear about whether the discussion is about an entity or a role. For instance, in the example in §7.1, ``A'' and ``B'' are mentioned as Relying Party and Verifier, respectively, whereas these should be entities. Based on §7.1, as the Relying Party may need to have a built-in verifier for Verifier as well as Relying Party Owner, it is no longer a simple Relying Party role.

Some of the terms are not well-defined in the standard. For instance, \textit{environment} (§3.1) is neither defined nor referenced. Specifically, it is not compared and contrasted with \textit{entity} (§3) and \textit{sub-entity} (§3.3) as well as Claims. Similarly, the statement ``The Attester role is assigned to entities that create Evidence that is conveyed to a Verifier.'' (cf. §3) applies equally well to the Attesting Environment, so there is a need to compare and contrast Attester with Attesting Environment. Similarly, Reference Values are not precisely compared and contrasted with Endorsements.

The solutions presented in the standard are not always complete and precise. For example, in §11, if the Verifier's own Attestation Results are generated by the Verifier's Verifier, it leads to recursive problems. Similarly, the event defined in Table 1 as ``A Relying Party relays an Attestation Result to a Relying Party'' and represented as ``RR'' does not make sense in §A.2, where it is actually the Attester (not Relying Party) that relays the Attestation Result to the Relying Party in the Passport model. Moreover, some of the presented solutions do not precisely describe the \textit{clock}, for instance, in Appendix §A.2. In the context of CC, none of the commercially available TEEs currently provide a trusted clock, and thus the distinction with monotonically increasing counter should be explicit. Sometimes, no solution is presented at all, e.g., recursive problems mentioned in §

Report New Errata

Advanced Search