DRAFT 10 of CoRIM spec defines measurement-values-map as follows which contains the element name. However, there is no section called "Comparison for name entries" due to which it's unclear whether name from CoRIM needs to be compared to equivalent evidence claim. At the same time, 9.4.6.1. Comparison of a single measurement-values-map codepoint states that The Verifier SHALL compare **each** condition ECT measurement-values-map value against the corresponding ACS entry value using the appropriate algorithm which would imply that name does need to be compared.
Can the spec be updated to clarify whether name needs to be compared and if it does need to be compared add a section called "Comparison for name entries" with the expected algorithm for comparison?
Lastly, if the name is not intended to be compared, and there is a measurement of type string (e.g., a device model), is the expectation that raw-value will be used in such a case?
measurement-values-map = non-empty<{
? &(version: 0) => version-map
? &(svn: 1) => svn-type-choice
? &(digests: 2) => digests-type
? &(flags: 3) => flags-map
? (
&(raw-value: 4) => $raw-value-type-choice,
? &(raw-value-mask-DEPRECATED: 5) => raw-value-mask-type
)
? &(mac-addr: 6) => mac-addr-type-choice
? &(ip-addr: 7) => ip-addr-type-choice
? &(serial-number: 8) => text
? &(ueid: 9) => ueid-type
? &(uuid: 10) => uuid-type
? &(name: 11) => text
? &(cryptokeys: 13) => [ + $crypto-key-type-choice ]
? &(integrity-registers: 14) => integrity-registers
? &(int-range: 15) => int-range-type-choice
* $$measurement-values-map-extension
}>
DRAFT 10 of CoRIM spec defines
measurement-values-mapas follows which contains the elementname. However, there is no section called "Comparison for name entries" due to which it's unclear whethernamefrom CoRIM needs to be compared to equivalent evidence claim. At the same time, 9.4.6.1. Comparison of a single measurement-values-map codepoint states thatThe Verifier SHALL compare **each** condition ECT measurement-values-map value against the corresponding ACS entry value using the appropriate algorithmwhich would imply thatnamedoes need to be compared.Can the spec be updated to clarify whether
nameneeds to be compared and if it does need to be compared add a section called "Comparison for name entries" with the expected algorithm for comparison?Lastly, if the
nameis not intended to be compared, and there is a measurement of type string (e.g., a device model), is the expectation that raw-value will be used in such a case?