Address feedback from Eliot Lear's review

[aj-stein-nist]

With his permission, I am reproducing @elear's email off-list with a review of the draft as presented at the IETF 120 RATS meeting to consider for

I've scanned the doc. I don't know a whole lot about EAT, so please keep that in mind.

To begin with, your intro largely motivates rats-eat and not the claims that you are defining. Also, I would expect that you focus on the claims themselves, and explain how each one is intended to be used, and in the case of PCR, what is expected to be returned. I am not sure that FMA is needed if that can be derived through the media type, if it is a URI. But LEM being either Log File or URI can lead to parsing confusion.

Are these claims in a separate claim set or combined with other claim sets? I'm also a little surprised that PCR and HSH havn't previously been defined. Do you know why that is? What hash is used for HSH? Is this meant to be a complex object that indicates the hash type?

I think I understand why FMA is needed when LEM is a file, but if it's a URI, then you get a media type. What happens when FMA and the media type conflict? I'm also a little nervous that there could be two formats for LEM.

In terms of the file itself, do we have any initial formats that we would expect? It all seems just a bit abstract. If I understand correctly, the draft is trying to link claims specified by CIS, DISA, and others. I think at least some informational references would be good.

And this brings me to my final point: I'd really like to see an example flow in terms of how this would work.

Again, I'm not an RATS/EAT expert. It may be the case that I am misunderstanding the architecture.