Description:
CoSERV enables querying Reference Values for individual Target Environments but provides no mechanism for a Verifier to determine the complete set of Target Environments that an Attester should report in Evidence. This creates a security vulnerability where compromised Attesters can omit measurements from Target Environments in poor state.
Problem Statement:
- Per RFC 9334, an Attester contains multiple Target Environments
- A compromised Attester could selectively omit Target Environment claims
- Verifiers need authoritative information about expected Target Environment inventory
- CoSERV queries are environment-specific but don't address environment set completeness
Proposed Solution:
Add a new CoSERV query type for "Expected Target Environment Inventory" that returns the complete set of Target Environments that should be measured by a given Attester class/instance.
Implementation Considerations:
- Requires Attester identification scheme (proposed: vendor/model tuple)
- The minimum set of Target Environments that must be verified should be derived from the collection of all Target Environments present across all available CoRIMs for that Attester
Open Design Question: Should this be a new CoSERV query type or an extension to existing environment queries?
Description:
CoSERV enables querying Reference Values for individual Target Environments but provides no mechanism for a Verifier to determine the complete set of Target Environments that an Attester should report in Evidence. This creates a security vulnerability where compromised Attesters can omit measurements from Target Environments in poor state.
Problem Statement:
Proposed Solution:
Add a new CoSERV query type for "Expected Target Environment Inventory" that returns the complete set of Target Environments that should be measured by a given Attester class/instance.
Implementation Considerations:
Open Design Question: Should this be a new CoSERV query type or an extension to existing environment queries?