Re: [Cwt-reg-review] Registration of Entity Attestation Token claims in the CWT registry

[Laurence Lundblade <lgl@island-resort.com>]

Hi Mike,

I’m not trying grab anything here that we should not have.

The early allocation process, according to RFC 7120, is handled by the WG chairs. It is my understanding is that the RATS chairs followed this process and that number 10-18, 20 have early assignment. That’s why they are in the draft without “TBD”. Maybe the process wasn’t completed or there is some other confusion. I did not interact with IANA myself (but I did read 7120).

I think this needs to be resolved between the RATS chairs, designated experts and IANA. I am happy to adjust the draft when this gets resolved.

LL



> On Jan 12, 2022, at 9:58 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> 
> Yours is not the first specification that’s tried to preallocate the rare single-byte claim numbers for claims not of general applicability.  At https://www.iana.org/assignments/cwt/cwt.xhtml <https://www.iana.org/assignments/cwt/cwt.xhtml>, you’ll note that most of the claims allocated by draft-ietf-ace-oauth-authz are in the double-byte space because they’re not applicable to a wide variety of applications.  They were originally requested to be in the single-byte range and the designated experts negotiated with the editors to move their requested assignments.
>  
> Jim Schaad was always a stickler about specifications using TBD in their registration requests instead of assumed numbers.  At most, he would tolerate “TBD (requested assignment NNN)”.  Of course, he was right.  It’s up to IANA and the designated experts to make the assignments, particular of scarce resources, not the spec authors.
>  
> Therefore, please revise your specification to remove the current numbers and replace them with “TBD”.  At that point, it would be fine to make an early registration request.  The experts and IANA could likely get you permanent numbers at that point, probably within a matter of weeks.
>  
> If you do not want to go the early allocation route, the other option is to use numbers in the “less than -65536” space, which are designated as “Reserved for Private Use”.  You can use numbers in that space however you want for as long as you want – including for facilitating interop testing until permanent numbers are assigned.
>  
> I’m sorry this appears to have come as a surprise.  The designated experts are trying to ensure that the CWT Claims numbers are efficiently allocated to do the most good for the most applications.  I hope you’ll take this request in that spirit and choose one of the paths outlined above to quickly resolve this issue.
>  
>                                                        Best wishes,
>                                                        -- Mike
>  
> From: Giridhar Mandyam <mandyam@qti.qualcomm.com> 
> Sent: Wednesday, January 12, 2022 9:05 PM
> To: Laurence Lundblade <lgl@island-resort.com>; Mike Jones <Michael.Jones@microsoft.com>; Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
> Cc: cwt-reg-review@ietf.org; Ned Smith <ned.smith@intel.com>; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>; Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>; rats-chairs <rats-chairs@ietf.org>
> Subject: [EXTERNAL] RE: Registration of Entity Attestation Token claims in the CWT registry
>  
> + @Jeremy O'Donoghue <mailto:jodonogh@qti.qualcomm.com>
>  
> Ned, RATS Chairs,
>  
> We were assured by the RATS Chairs when we highlighted these values in Rev. -09 that they would be signed off for the registry.  This is one of the reasons why we did not try to accelerate Last Call during the first half of last year.  There was clearly a disconnect.  Can you check into why this occurred?
>  
> Mike,
>  
> We just put out an FDO update on the assumption that these claim values are set (https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-20211214.html <https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-20211214.html>).  We are planning a 2nd interop event during the next couple of months and we may have to put that off now.  Is this issue intractable?  Can the claims not be assigned to EAT?
>  
> Jeremy can comment on any GlobalPlatform dependencies.
>  
> -Giri
>  
> From: Laurence Lundblade <lgl@island-resort.com <mailto:lgl@island-resort.com>> 
> Sent: Wednesday, January 12, 2022 8:18 PM
> To: Mike Jones <Michael.Jones@microsoft.com <mailto:Michael.Jones@microsoft.com>>
> Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com <mailto:mandyam@qti.qualcomm.com>>; cwt-reg-review@ietf.org <mailto:cwt-reg-review@ietf.org>; Smith, Ned <ned.smith@intel.com <mailto:ned.smith@intel.com>>; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>; Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com <mailto:kathleen.moriarty.ietf@gmail.com>>
> Subject: Re: Registration of Entity Attestation Token claims in the CWT registry
>  
> WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
> 
> A couple more comments. 
>  
> I know what you mean about taking the numbers <24. Not trying to be a hog or anything. It seems nobody, myself included, thought about it when this was done a year ago.
>  
> I know that Arm has SW that uses these assignments (ask Hannes and Thomas F). I think FIDO does too. I think there would be objections to a re assignment. 
>  
> LL
>  
>  
> 
> On Jan 12, 2022, at 7:52 PM, Laurence Lundblade <lgl@island-resort.com <mailto:lgl@island-resort.com>> wrote:
>  
> + RATS chairs
>  
> Hi Mike, 
>  
> The claims key numbers 10-18, 20 are early assignments by IANA. I didn’t handle the interaction with IANA, but I understand this to be true.  Changing them now would undermine some implementations that are using them.
>  
> LL
>  
>  
>  
> 
> On Jan 12, 2022, at 6:11 PM, Mike Jones <Michael.Jones@microsoft.com <mailto:Michael.Jones@microsoft.com>> wrote:
>  
> Please change the proposed CWT claim values for claims UEID through Submodules Section from 11 through 20 to 41 through 50 so that they are not using up most of the rare single-byte claim numbers.  Only claims that are of general applicability across multiple kinds of applications should be allocated in that space.
>  
> The one exception I would consider is the Location claim, which could be of general applicability.  If you believe that this location representation will be used by multiple kinds of applications, I would be willing to consider registering it in the single-byte claim space.
>  
>                                                        -- Mike
>  
> From: Cwt-reg-review <cwt-reg-review-bounces@ietf.org <mailto:cwt-reg-review-bounces@ietf.org>> On Behalf Of Giridhar Mandyam
> Sent: Saturday, October 16, 2021 4:11 PM
> To: cwt-reg-review@ietf.org <mailto:cwt-reg-review@ietf.org>
> Cc: Laurence Lundblade <lgl@island-resort.com <mailto:lgl@island-resort.com>>
> Subject: [Cwt-reg-review] Registration of Entity Attestation Token claims in the CWT registry
>  
> To the CWT claims registry designated experts:
>  
> I am contacting you on behalf of the editors of the Entity Attestation Token specification (latest draft available athttps://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10 <https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10>).  This is a standards-track document in the IETF Remote Attestation Procedures (RATS) Working Group.
>  
> Please note the requests for CWT registry of the claims outlined in https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10#section-7.3.1 <https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10#section-7.3.1>.  We would like these claim values reflected in the IANA CWT registry as soon as possible.  Would this be possible?
>  
> Please contact myself Giri Mandyam or Laurence Lundblade (cc’ed) for further information if required. 
>  
> Thanks
>  
> -Giri Mandyam