Re: [COSE] [Rats] Working Group Last Call for UCCF draft
Thomas Fossati <tho.ietf@gmail.com> Tue, 29 August 2023 17:13 UTC
Return-Path: <tho.ietf@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A3B8C14CEF9; Tue, 29 Aug 2023 10:13:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NfAMZZS_Ipkd; Tue, 29 Aug 2023 10:13:34 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8AD0C1524AA; Tue, 29 Aug 2023 10:13:34 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-522dd6b6438so6171535a12.0; Tue, 29 Aug 2023 10:13:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693329213; x=1693934013; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Np58vLPgHO0K6R4pXH9OfiBpkxE8kcvDoQ+i1JObCPc=; b=Fqv+PEteGKcpw5pHSFqyC3OohUZFAsIOh6b1gV+muYyX5tc5HuzfjTwbIdn+Bh6grq QD2WyNfGxAjeguBM5uAA4K/GOJr6i+EJL8wJ6w59VBDPXVCmb85BAFk0YX9eNWBuJ5TG 3jdK9o7lTReFUsOoHGWy2ZnZYae7ENEQ5yo2LWwJOs2FiHwr2VR7r4de21KapmX/igL0 GgxMKTvcxEqthd+aZviAN0zEdCrYq7Q4kSF5hug6XL54vHDdiaBuq5ZXYAZjBj1/IzGV +XtKKR0SAMlPLs6Qmt8IHKKoPrBZM6dY3HmoaIZ9kGBGQ85yH0y/UDCVcV19mTER0WBr 4meg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693329213; x=1693934013; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Np58vLPgHO0K6R4pXH9OfiBpkxE8kcvDoQ+i1JObCPc=; b=liIp1ZwiKTFPiD/S5bOuEwXOvutsn5KHmKDvOOzWrQKZ8EqGmo8+Z0GnP7ymebIJ5y sW/0BV0B/KSsWPuFfe21BRTfqot7JOV6pkuBeIMxbjjWLknwMtAYUyu06Pf73kCyzDWq RCVZgbukfTOF20/lrdyAn8W71BfrQXhaTbDcmtFMxaRh2EXG6TsIXL7VmfD5jFPy16yw UQF9Ao53aVfUZFBpBaTonXXAhtbzK+UaJ9I2BVqLwMAz2ia6WTKs7p2uFK5yKz58ERA7 L3vfReWN37XeSasZo24CNvHIuosQQ1AETmxuDcTXF4HhlkBuKEr8qkuzqTrgy2RupCR/ OyMg==
X-Gm-Message-State: AOJu0YzFHIqbO8hw1Z9NJLuXqUpIBzF/tPL0FtXltS3LdfqE5D92BFN+ akKP+itwpRVcxg/9a1QJP+eY9B92J+JksWXGGSjvlAvdfs/jhq9I
X-Google-Smtp-Source: AGHT+IGTnHx8hpizoOCxZh/GPzTl6m4dyjjoWImboYLJdo9cUkLX+kwlVa9qd8IPtRMu/alJ8S2ZReN8sTN3ulaYyUU=
X-Received: by 2002:a17:906:cc0e:b0:9a5:852f:10bd with SMTP id ml14-20020a170906cc0e00b009a5852f10bdmr7487394ejb.62.1693329212920; Tue, 29 Aug 2023 10:13:32 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbuEH7Kj821CZJxbbs_5WW+XhK3xzePmWXjc878k=r2Gs=nJA@mail.gmail.com>
In-Reply-To: <CAHbuEH7Kj821CZJxbbs_5WW+XhK3xzePmWXjc878k=r2Gs=nJA@mail.gmail.com>
From: Thomas Fossati <tho.ietf@gmail.com>
Date: Tue, 29 Aug 2023 19:13:21 +0200
Message-ID: <CAObGJnNCOGxZmWFHnM21jrDuXjWqm1rOcZUzMyJWQmFenuKSZA@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: rats <rats@ietf.org>, cose <cose@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/t3Ptju-sq3vtdIo0CEUu0J6h-4Y>
Subject: Re: [COSE] [Rats] Working Group Last Call for UCCF draft
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2023 17:13:38 -0000
Hi UCCS authors, It looks that the assumption is that since UCCS drops the COSE envelope there must be a semantically equivalent "secure channel" provided via a transport / object security primitive that replaces COSE's services. I'd like to point out another possible use of UCCS is to implement what EAT calls a "detached claims-set". We are experimenting with that for confidential compute workload attestation (see [1]). But the mechanism is generally applicable when stacking claims-sets in hierarchical attesters. For example, we use UCCS as a "sidecar token" that is coupled (using an EAT collection [2] rather than a DEB) to a "main," signed EAT that contains the UCCS's digest in one of its claims. Note that this is not in contradiction with EAT, in fact §4.2.18.2 of -21 has: [...] EAT, however, doesn't require use of a detached EAT bundle. Any other protocols may be used to convey detached claims sets and the EAT containing the corresponding detached digests. It looks like this case is not discussed in the current draft. So my question is: should it? Or should a different draft document such practice? I read §3 of UCCS: [...] As UCCS were initially created for use in RATS Secure Channels, the following section provides a discussion of their use in these channels. Where other environments are intended to be used to convey UCCS, similar considerations need to be documented before UCCS can be used. to support the latter, and that's OK, but then I reckon we should be a bit more precise in the scoping parts of the doc (abstract, intro, title) to be explicit about this "pre-existing secure channel" assumption. For example, this sentence in the abstract "[…] discusses conditions for its proper use" could be "discusses its use over pre-established secure channels". There are a few other places where this kind of surgery could be made as well. Other than that, I think the document is in very good shape and ready to ship. cheers, thanks [1] https://github.com/CCC-Attestation/attested-tls-poc/blob/main/doc/parsec-evidence-cca.md [2] https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/ On Sat, Aug 26, 2023 at 1:44 PM Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > Greetings! > > The working group last call for https://datatracker.ietf.org/doc/draft-ietf-rats-uccs/ > begins now and will run for 4 weeks per discussion at the IETF 117 meeting. Review requests are also requested from COSE working group members. Last call ends 9/23/2023. > > There are a few remaining questions that I need assistance from authors on prior to IETF last call. Could each author and others with knowledge of IPR please disclose any at this time as well. > > Thank you! > > -- > > Best regards, > Kathleen > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats -- Thomas
- [COSE] Working Group Last Call for UCCF draft Kathleen Moriarty
- Re: [COSE] Working Group Last Call for UCCF draft Carsten Bormann
- Re: [COSE] Working Group Last Call for UCCF draft Henk Birkholz
- Re: [COSE] [Rats] Working Group Last Call for UCC… Thomas Fossati
- Re: [COSE] [Rats] Working Group Last Call for UCC… Smith, Ned
- Re: [COSE] [Rats] Working Group Last Call for UCC… lgl island-resort.com
- [COSE] Missing CDDL in UCCS (was Re: [Rats] Worki… lgl island-resort.com
- Re: [COSE] [Rats] Working Group Last Call for UCC… Michael Richardson
- Re: [COSE] [Rats] Working Group Last Call for UCC… Thomas Fossati