Hello Thomas, The CA/RA should have some prior trust relationship established with the verifier. In the passport model, a CA would have a list of an acceptable verifier and corresponding public keys. Regarding freshness issue, in my case, there would be a EDR client software that is responsible for collecting evidences from host endpoint attester, but I think this is general problem that could be improved. Any suggestions?
You're welcomed to propose issues and texts at https://github.com/liuchunchi/draft-liu-acme-rats! Best, Peter > -----Original Message----- > From: Thomas Fossati <[email protected]> > Sent: Friday, December 5, 2025 11:57 PM > To: [email protected] > Subject: [Acme] Questions about draft-liu-acme-rats-02 > > Hi draft-liu-acme-rats authors, > > I read -02, and have the following questions: > > 1. Why and how the CA/RA come to trust a verifier controlled by the attester > is > unclear to me. What prevents the attester and verifier from colluding? > > 2. Freshness appears to depend on the inclusion of the CA/RA-presented > nonce in the AR. However, it is unclear what would stop a malicious attester > from presenting old evidence to the verifier while still requesting that the > CA/RA nonce be used in the AR. > > cheers, thanks! > > _______________________________________________ > Acme mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
