diff --git a/cddl/examples/comid-series.diag b/cddl/examples/comid-series.diag index 241612db..9718193c 100644 --- a/cddl/examples/comid-series.diag +++ b/cddl/examples/comid-series.diag @@ -24,13 +24,12 @@ [ { / *** measurement-map *** / / mval / 1 : / measurement-values-map / { - / ver / 0 : { - / version / 0 : "1.0.0", - / version-scheme / 1 : 16384 / semver / + / comid.flags / 3 : { + / configured / 0 : true } }, / authorized-by / 2 : [ - / tagged-pkix-base64-key-type / 554("base64_key_X") + / tagged-pkix-base64-key-type / 554("base64_key_ACME_signer") ] } ] @@ -40,16 +39,17 @@ [ { / *** ref-val measurement-map *** / / mval / 1 : / measurement-values-map / { - / digests / 2 : [[ - / hash-alg-id / 6, / sha-256-32 / - / hash-value / h'ABCDEF01' ]] + / ver / 0 : { + / version / 0 : "2.0.0" + }, + / comid.svn / 1 : 552(3) } } ], [ { / *** endv-measurement-map *** / / mval / 1 : / measurement-values-map / { - / name / 11: "CVE_ACME_777" + / name / 11: "-NO_CVE-" } } ] @@ -58,17 +58,36 @@ [ { / *** ref-val measurement-map *** / / mval / 1 : / measurement-values-map / { - / digests / 2 : [[ - / hash-alg-id / 6, / sha-256-32 / - / hash-value / h'BCDEF01A' ]] - + / ver / 0 : { + / version / 0 : "1.0.0" + }, + / comid.svn / 1 : 552(2) } } ], [ { / *** endv-measurement-map *** / / mval / 1 : / measurement-values-map / { - / name / 11: "CVE_ACME_555" + / name / 11: "CVE_WARNING" + } + } + ] + ], + [ / conditional-series-record #3 / + [ + { / *** ref-val measurement-map *** / + / mval / 1 : / measurement-values-map / { + / ver / 0 : { + / version / 0 : "1.0.0" + }, + / comid.svn / 1 : 552(1) + } + } + ], + [ + { / *** endv-measurement-map *** / + / mval / 1 : / measurement-values-map / { + / name / 11: "CVE_VULNERABLE" } } ] diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md index a119917c..c9ff2f8f 100644 --- a/draft-ietf-rats-corim.md +++ b/draft-ietf-rats-corim.md @@ -1171,7 +1171,9 @@ If the search criteria are satisfied, the `endorsements` entries are asserted wi #### Conditional Endorsement Series Triple {#sec-comid-triple-cond-series} -[^issue] https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/310 +The Conditional Endorsement Series Triple is used to assert endorsed values conditional on various sets of possible measurement values. +Each series entry describes a different possible set of values. +Series entries are ordered so that the set describing the most trustworthy state is evaluated first and least trustworthy state last. The Conditional Endorsement Series Triple has the following structure: @@ -1194,7 +1196,8 @@ The `conditional-series-record` has the following parameters: To process a `conditional-endorsement-series-record` the `conditions` are compared with existing Evidence, corroborated Evidence, and Endorsements. If the search criteria are satisfied, the `series` tuples are processed. -The `series` array contains a list of `conditional-series-record` entries. +The `series` array contains an ordered list of `conditional-series-record` entries. +Evaluation order begins at list position 0. For each `series` entry, if the `selection` criteria matches an entry found in the `condition` result, the `series` `addition` is combined with the `environment-map` from the `condition` result to form a new Endorsement entry. The new entry is added to the existing set of Endorsements.