ietf-rats-wg · thomas-fossati · Feb 5, 2025 · Feb 3, 2025 · Feb 3, 2025 · Feb 3, 2025
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,3 +1,3 @@
 # Automatically generated CODEOWNERS
 # Regenerate with `make update-codeowners`
-draft-ietf-rats-ar4si.md [email protected] [email protected] [email protected] Thomas.Fossati@arm.com [email protected]
+draft-ietf-rats-ar4si.md [email protected] [email protected] [email protected] Thomas.Fossati@linaro.org [email protected]
diff --git a/.github/workflows/archive.yml b/.github/workflows/archive.yml
@@ -6,17 +6,28 @@ on:
   repository_dispatch:
     types: [archive]
   workflow_dispatch:
+    inputs:
+      archive_full:
+        description: 'Recreate the archive from scratch'
+        default: false
+        type: boolean
 
 jobs:
   build:
     name: "Archive Issues and Pull Requests"
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
     - name: "Checkout"
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
+
+    # Note: No caching for this build!
 
     - name: "Update Archive"
       uses: martinthomson/i-d-template@v1
+      env:
+        ARCHIVE_FULL: ${{ inputs.archive_full }}
       with:
         make: archive
         token: ${{ github.token }}
@@ -28,6 +39,6 @@ jobs:
         token: ${{ github.token }}
 
     - name: "Save Archive"
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         path: archive.json
diff --git a/.github/workflows/ghpages.yml b/.github/workflows/ghpages.yml
@@ -18,27 +18,27 @@ jobs:
   build:
     name: "Update Editor's Copy"
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
     - name: "Checkout"
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
-    - name: "Cache Setup"
-      id: cache-setup
-      run: |
-        mkdir -p "$HOME"/.cache/xml2rfc
-        echo "::set-output name=path::$HOME/.cache/xml2rfc"
-        date -u "+::set-output name=date::%FT%T"
+    - name: "Setup"
+      id: setup
+      run: date -u "+date=%FT%T" >>"$GITHUB_OUTPUT"
 
-    - name: "Cache References"
-      uses: actions/cache@v2
+    - name: "Caching"
+      uses: actions/cache@v4
       with:
         path: |
-          ${{ steps.cache-setup.outputs.path }}
+          .refcache
+          .venv
+          .gems
+          node_modules
           .targets.mk
-        key: refcache-${{ steps.cache-setup.outputs.date }}
-        restore-keys: |
-          refcache-${{ steps.cache-setup.outputs.date }}
-          refcache-
+        key: i-d-${{ steps.setup.outputs.date }}
+        restore-keys: i-d-
 
     - name: "Build Drafts"
       uses: martinthomson/i-d-template@v1
@@ -53,7 +53,7 @@ jobs:
         token: ${{ github.token }}
 
     - name: "Archive Built Drafts"
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         path: |
           draft-*.html

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -4,36 +4,40 @@ on:
   push:
     tags:
       - "draft-*"
+  workflow_dispatch:
+    inputs:
+      email:
+        description: "Submitter email"
+        default: ""
+        type: string
 
 jobs:
   build:
     name: "Publish New Draft Version"
     runs-on: ubuntu-latest
     steps:
     - name: "Checkout"
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     # See https://github.com/actions/checkout/issues/290
     - name: "Get Tag Annotations"
       run: git fetch -f origin ${{ github.ref }}:${{ github.ref }}
 
-    - name: "Cache Setup"
-      id: cache-setup
-      run: |
-        mkdir -p "$HOME"/.cache/xml2rfc
-        echo "::set-output name=path::$HOME/.cache/xml2rfc"
-        date -u "+::set-output name=date::%FT%T"
+    - name: "Setup"
+      id: setup
+      run: date -u "+date=%FT%T" >>"$GITHUB_OUTPUT"
 
-    - name: "Cache References"
-      uses: actions/cache@v2
+    - name: "Caching"
+      uses: actions/cache@v4
       with:
         path: |
-          ${{ steps.cache-setup.outputs.path }}
+          .refcache
+          .venv
+          .gems
+          node_modules
           .targets.mk
-        key: refcache-${{ steps.date.outputs.date }}
-        restore-keys: |
-          refcache-${{ steps.date.outputs.date }}
-          refcache-
+        key: i-d-${{ steps.setup.outputs.date }}
+        restore-keys: i-d-
 
     - name: "Build Drafts"
       uses: martinthomson/i-d-template@v1
@@ -44,8 +48,10 @@ jobs:
       uses: martinthomson/i-d-template@v1
       with:
         make: upload
+      env:
+        UPLOAD_EMAIL: ${{ inputs.email }}
 
     - name: "Archive Submitted Drafts"
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
-        path: "draft-*-[0-9][0-9].xml"
+        path: "versioned/draft-*-[0-9][0-9].*"
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
@@ -1,4 +1,4 @@
-name: "Update generated files"
+name: "Update Generated Files"
 # This rule is not run automatically.
 # It can be run manually to update all of the files that are part
 # of the template, specifically:
@@ -20,13 +20,13 @@ on: workflow_dispatch
 
 jobs:
   build:
-    name: "Update files"
+    name: "Update Files"
     runs-on: ubuntu-latest
     steps:
     - name: "Checkout"
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
-    - name: "Update generated files"
+    - name: "Update Generated Files"
       uses: martinthomson/i-d-template@v1
       with:
         make: update-files

diff --git a/.gitignore b/.gitignore
@@ -1,16 +1,23 @@
-*~
-/*-[0-9][0-9].xml
-archive.json
-draft-ietf-rats-ar4si.xml
 *.html
-lib
 *.pdf
 *.redxml
-.refcache
-report.xml
 *.swp
-.tags
-.targets.mk
 *.txt
 *.upload
-venv/
+*~
+.tags
+/*-[0-9][0-9].xml
+/.*.mk
+/.gems/
+/.refcache
+/.venv/
+/.vscode/
+/lib
+/node_modules/
+/versioned/
+Gemfile.lock
+archive.json
+draft-ietf-rats-ar4si.xml
+package-lock.json
+report.xml
+!requirements.txt
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -15,3 +15,19 @@ repository constitutes Contributions to the IETF Standards Process
 You agree to comply with all applicable IETF policies and procedures, including,
 BCP 78, 79, the TLP, and the TLP rules regarding code components (e.g. being
 subject to a Simplified BSD License) in Contributions.
+
+
+## Working Group Information
+
+Discussion of this work occurs on the [Remote ATtestation ProcedureS
+Working Group mailing list](mailto:[email protected])
+([archive](https://mailarchive.ietf.org/arch/browse/rats/),
+[subscribe](https://www.ietf.org/mailman/listinfo/rats)).
+In addition to contributions in GitHub, you are encouraged to participate in
+discussions there.
+
+**Note**: Some working groups adopt a policy whereby substantive discussion of
+technical issues needs to occur on the mailing list.
+
+You might also like to familiarize yourself with other
+[Working Group documents](https://datatracker.ietf.org/wg/rats/documents/).
diff --git a/Gemfile b/Gemfile
@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem 'json_pure'
+gem 'cddl', ['>=0.9.1', '!=0.10.5' ]
+gem 'cbor-diag', '=0.8.1'
+gem 'cddlc'
diff --git a/Makefile b/Makefile
@@ -4,8 +4,20 @@ include $(LIBDIR)/main.mk
 $(LIBDIR)/main.mk:
 ifneq (,$(shell grep "path *= *$(LIBDIR)" .gitmodules 2>/dev/null))
 	git submodule sync
-	git submodule update $(CLONE_ARGS) --init
+	git submodule update --init
 else
-	git clone -q --depth 10 $(CLONE_ARGS) \
-	    -b main https://github.com/martinthomson/i-d-template $(LIBDIR)
+ifneq (,$(wildcard $(ID_TEMPLATE_HOME)))
+	ln -s "$(ID_TEMPLATE_HOME)" $(LIBDIR)
+else
+	git clone -q --depth 10 -b main \
+	    https://github.com/martinthomson/i-d-template $(LIBDIR)
+endif
 endif
+
+CDDL := cddl/ar4si-autogen.cddl
+
+cddl/ar4si-autogen.cddl: ; $(MAKE) -C cddl
+
+$(drafts_txt):: $(CDDL)
+
+clean:: ; $(MAKE) -C cddl $@
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Attestation Results for Secure Interactions
 
-This is the working area for the IETF [RATS Working Group](https://datatracker.ietf.org/wg/rats/documents/) Internet-Draft, "Attestation Results for Secure Interactions".
+This is the working area for the IETF [RATS Working Group](https://datatracker.ietf.org/group/rats/documents/) Internet-Draft, "Attestation Results for Secure Interactions".
 
 * [Editor's Copy](https://ietf-rats-wg.github.io/draft-ietf-rats-ar4si/#go.draft-ietf-rats-ar4si.html)
 * [Datatracker Page](https://datatracker.ietf.org/doc/draft-ietf-rats-ar4si)

diff --git a/cddl/Makefile b/cddl/Makefile
@@ -0,0 +1,31 @@
+SHELL := /bin/bash
+
+.DEFAULT_GOAL := check
+
+FRAGMENTS += start.cddl
+FRAGMENTS += trustworthiness-vector.cddl 
+FRAGMENTS += trustworthiness-claim.cddl 
+FRAGMENTS += trust-tier.cddl 
+FRAGMENTS += verifier-id.cddl 
+FRAGMENTS += non-empty.cddl
+FRAGMENTS += jc.cddl
+
+CDDLC_FLAGS := -r -x -f -u -2t cddl
+
+ar4si-autogen.cddl: ; $(cddlc) $(CDDLC_FLAGS) $(FRAGMENTS) > $@
+
+CLEANFILES += ar4si-autogen.cddl
+
+.PHONY: clean
+clean: ; rm -f $(CLEANFILES)
+
+.PHONY: check-c
+check-c: ar4si-autogen.cddl; $(cddl) $< generate 10
+
+.PHONY: check-j
+check-j: ar4si-autogen.cddl; $(cddl) $< json-generate 10
+
+.PHONY: check
+check: check-c check-j
+
+include tools.mk
diff --git a/cddl/jc.cddl b/cddl/jc.cddl
@@ -0,0 +1,3 @@
+JSON-ONLY<J> = J .feature "json"
+CBOR-ONLY<C> = C .feature "cbor"
+JC<J,C> = JSON-ONLY<J> / CBOR-ONLY<C>
diff --git a/cddl/non-empty.cddl b/cddl/non-empty.cddl
@@ -0,0 +1 @@
+non-empty<M> = (M) .within ({ + any => any })
diff --git a/cddl/start.cddl b/cddl/start.cddl
@@ -0,0 +1 @@
+$.start.$ = trustworthiness-vector / trust-tier / verifier-id
diff --git a/cddl/tools.mk b/cddl/tools.mk
@@ -0,0 +1,11 @@
+cddl ?= $(shell command -v cddl)
+ifeq ($(strip $(cddl)),)
+$(error cddl not found. To install cddl: 'gem install cddl')
+endif
+
+cddlc ?= $(shell command -v cddlc)
+ifeq ($(strip $(cddlc)),)
+$(error cddlc not found. To install cddlc: 'gem install cddlc')
+endif
+
+
diff --git a/cddl/trust-tier.cddl b/cddl/trust-tier.cddl
@@ -0,0 +1,9 @@
+trust-tier-none-label = JC<"none", 0>
+trust-tier-affirming-label = JC<"affirming", 2>
+trust-tier-warning-label = JC<"warning", 32>
+trust-tier-contraindicated-label = JC<"contraindicated", 96>
+
+trust-tier /= trust-tier-none-label
+trust-tier /= trust-tier-affirming-label
+trust-tier /= trust-tier-warning-label
+trust-tier /= trust-tier-contraindicated-label
diff --git a/cddl/trustworthiness-claim.cddl b/cddl/trustworthiness-claim.cddl
@@ -0,0 +1 @@
+trustworthiness-claim = -128..127
diff --git a/cddl/trustworthiness-vector.cddl b/cddl/trustworthiness-vector.cddl
@@ -0,0 +1,19 @@
+trustworthiness-vector = non-empty<{
+  ? instance-identity-label => trustworthiness-claim
+  ? configuration-label => trustworthiness-claim
+  ? executables-label => trustworthiness-claim
+  ? file-system-label => trustworthiness-claim
+  ? hardware-label => trustworthiness-claim
+  ? runtime-opaque-label => trustworthiness-claim
+  ? storage-opaque-label => trustworthiness-claim
+  ? sourced-data-label => trustworthiness-claim
+}>
+
+instance-identity-label = JC<"instance-identity", 0>
+configuration-label = JC<"configuration", 1>
+executables-label = JC<"executables", 2>
+file-system-label = JC<"file-system", 3>
+hardware-label = JC<"hardware", 4>
+runtime-opaque-label = JC<"runtime-opaque", 5>
+storage-opaque-label = JC<"storage-opaque", 6>
+sourced-data-label = JC<"sourced-data", 7>
diff --git a/cddl/verifier-id.cddl b/cddl/verifier-id.cddl
@@ -0,0 +1,7 @@
+verifier-id = {
+  developer-label => text
+  build-label => text
+}
+
+developer-label = JC<"developer", 0>
+build-label = JC<"build", 1>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		$.start.$ = trustworthiness-vector / trust-tier / verifier-id