IETF Logo Mail Archive

Re: [Cwt-reg-review] Request to register set of claims for Arm CCA Attestation

Michael Jones <michael_b_jones@hotmail.com> Fri, 06 October 2023 21:59 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: cwt-reg-review@ietfa.amsl.com
Delivered-To: cwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E02AC151094; Fri, 6 Oct 2023 14:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SM7jtLyF47gC; Fri, 6 Oct 2023 14:59:30 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10olkn2070.outbound.protection.outlook.com [40.92.41.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A9BBC15107F; Fri, 6 Oct 2023 14:59:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dJMKG/XXnokyR8GBnFCdM8Lb0TzKoYKlRbuqPVio0VC8nUHQyHnB2PVDQWk2w6O4AaiFfJl7w095USA+ZrBPsHt71MX6UTdvaVYBYH5Wo5vSo+0hRUhz8U9wDCRu9phmugZLXlSi3AkCXNQEcBfGrdcvjqYboN1zd1+tdeVdYkkW+kU/PFkz6znTS+rjwYfhet4bKYAyDNffoUfJ08cQSrNwl7QnkR95dEgQuhNeCWNOHpNv1COCVwavgYlXAIcKCpgyhd7+ObGqSAmvLrBoRWM/v2nfcU3ni6nIMBbwtAS9+4QAOZeUji0cqhEpQSFf0Fw8YZCRWc45R3wESHi8rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W8UcNulJ+pLDlujVJnE9r9f6kvymUsKtoBBZz8xZ1TI=; b=LulpVgWNoQECkP7IWLYH7ftlOdrR5y8pceW7OI/s9nj/QngWBzLrDdT8KCNgtz9VUi9pBQ6sRV6piBI2SG8QwRwpdadCHTDgEmtprhtKW1s0sLEJ3CF/eNpA1qwyJDkzn/CI27vIWcVAqYGJRJk/GcCG5uESs5Sdkpqza/ZkSsPC2wQSlirOG7LUINFb37rGEdIkcCfovQuoS4sSDE28tSlh+PAIxpZhwfLByQEaeiLIsn/bNUpJxxmtiqfx6fijn0TsLtr/qjxN/NLupteMTHRRNyAP0Su/N0tsS4fwrG2Ard/ZmfASf+Dws8/BEP9ot2pb76wlYhqcciIRAqW9Ww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W8UcNulJ+pLDlujVJnE9r9f6kvymUsKtoBBZz8xZ1TI=; b=sTho/1yPSRncHHg9NBPpDbql9dnvR5XDCjS1n86E2qqahXYwt3lraa+39jmSeGDO5zNA951i4zJssBVBgC7OmWiAdVZqy7lHUWvIJ3peJ4WQCYE1IpAu2CvJDUq56WJNgSipXWfPrle124XHWNe73HLGDpDjvLJoWNT/SRY40CjsPOomA7ivSm1JeRx0qZgoWuaRJJmdSB5O2WI8B0rR/x3Z3QRV6+54FFgFDT5Bt8FmPkXGRSutjjBlPImYpli7iOExDTC52KSurJ+pMe/Zp5ceWD204T7VfMj34y/Ju+8CP47cinBxtQF+VNVPVVLpIcaC3/YMZdqOnvnP4LZ4ZQ==
Received: from MW4PR02MB7428.namprd02.prod.outlook.com (2603:10b6:303:71::5) by BY5PR02MB6753.namprd02.prod.outlook.com (2603:10b6:a03:209::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.38; Fri, 6 Oct 2023 21:59:28 +0000
Received: from MW4PR02MB7428.namprd02.prod.outlook.com ([fe80::36ca:d688:8cee:d6f7]) by MW4PR02MB7428.namprd02.prod.outlook.com ([fe80::36ca:d688:8cee:d6f7%6]) with mapi id 15.20.6813.017; Fri, 6 Oct 2023 21:59:28 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>
CC: Simon Frost <Simon.Frost@arm.com>, "cwt-reg-review@ietf.org" <cwt-reg-review@ietf.org>
Thread-Topic: Request to register set of claims for Arm CCA Attestation
Thread-Index: AdnLiOAOBY6j/ppeRoWVkIEY9M92CgqarrPQAKsiofA=
Date: Fri, 06 Oct 2023 21:59:28 +0000
Message-ID: <MW4PR02MB7428C6CD49A7E015718AF6B7B7C9A@MW4PR02MB7428.namprd02.prod.outlook.com>
References: <AS8PR08MB6677FAD036B479DCAE207AB5EF13A@AS8PR08MB6677.eurprd08.prod.outlook.com> <AS8PR08MB667798D65FDD3DCECD2F2464EFC4A@AS8PR08MB6677.eurprd08.prod.outlook.com>
In-Reply-To: <AS8PR08MB667798D65FDD3DCECD2F2464EFC4A@AS8PR08MB6677.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [S5yhwGzK6QdPXMHwE+zXNM/dCauwk+7eAKhdvmVwl6pCG55kG+kI/O1WQ5WL/RnS]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR02MB7428:EE_|BY5PR02MB6753:EE_
x-ms-office365-filtering-correlation-id: 0f8c3649-7cca-40e2-a270-08dbc6b78305
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jd+bgncE35MvPDWzsJxBkIndSJoQOFXJTle+zgfkp7OvD42lCwNcfzUzovJFevSmjXHcT8JoC9t5CNy9OfO84niop0xB6iL9xghPRG+VKyQjuiHkscGkMRINphHW/FVG14Daa7NYu/hqJvupCgzNtCNMW2MbvIevthE0C1qIrZ4F4jPacnqxEVWNl7LBRuCQqJBskFpf3HDiWSPzG4ie3a01781bM62ybt8gOsq5wdNUUhyAr7gQC0WqcBHGBH+K0J39N6qo8u8o7MxInaf9xCoFYOX4sQ+ElLHN7n6YT5mb1VbENTIAQH0Jpr4vvDCpb4ZVKpezRVxitTFBAzi3bsYHFWdKppJku3Pt+5Sj15T6Xb1F97zCTTM0fz9zfaMF3P6gfXkEaD+eiion7SZmJGrNWy8G57/8LI7CMmmROTY9FeW9pYKIA798oCHue9YvqjBqZ7BgQVVY/XXtV7JqWRONqEEQJCA+4iGnzLj0THucbS2ZbOztEWIImEcCCsUueSxVkuxszOH+s2YMMZprmvvaaldCZ2m7PruQpAd95YyQjRcm3H+W50S4874O3/Dx1gZ/z+VTBThmuSkHuNcDMalpCWo+mkv3qi4kG0IxWp2IrT0n4V7brhZ0ISUV/BE4
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: hogUt5lcjxFaeYJxCMepWOhFFvfizVsO2QZ/qGXV30JVRKe7q4NMQOegMfS6K7nrM7wTwBCui42f4odiAsdViK3nV4pGwZlBHiTXcLE3z62CMiZc6rfA9447DOO6CsqjZC0CSGPd3DWdt+dZxOdesLoIk4j2Vtqshw0KV91uD3evl6Wr7IE6WIBv4LnZqNmxLlI4v78L+YfGi5a26REGrsx6YfEZ4CAdxyLhodh7nY4nLalmX1NdNSs2Rc67CXW0NJE1v9gifJWWo4NoSH7skYOy2quVfk1pMMojpN011N+sxXEEysAtmSJuYWMZBmk96Wd4FOgWteC+08ZMEGXERrNxVSgv831SxvQIInSdP7jvEOs/hN+Qn57m9TWlOe8ffd20uOKxgTuqCjHNkl5STxFj4WcUagCvlVSGxlnl1e9FDxNRZlMO0PszUXwxe8VAf8Ap8zO+JVPyVPByNx07vIrEO9kgEEtJ5gbsQJP+9T0jUNOOFl/l50CJISTZ+a15j3+xdQOg8KZ9kX8vScJI+c24Aq0j0OVNcY32QKDKYPEGFiHYMwPLG1YCwmMQ7DU0tk+hl6y9gBUbFnHilpisNt+7n2L4z00FrKAVTFgn2ZhDWfyz8/5uM0qqOA38EgJHxxxOC3tZJVVqU6vmxUAl3FgxaUOtDQC7mVGU608S9SRlkEiwfVyoWJiKw6qMTitdqaW333ZrNXx7tlmy2aFAtFTkNgfgP5E+wxV98AUU6jRUGAEkTVacd+R1xuYZhth9w6pRG+/wf1tCgw6ZonvFHLMLgapodJbQEloCSCTU5B+O02F3S/SBNND2JKLeOCUdqkI3Ax+49Tm/jqfxE3tH0GImVDHK3PtCg5zg64FpEJUl0uuoJedUhasCgdsj7wnPDmHq7PnOvn9wCI+gxUjoGBEHDYR/XsOuxbfrLwqkYMAfgpUAbj4njPWbrpgCTaH8/fpUwlcfa/CNYWi8NrzqIU6llibwf8XWg3FNHFRDkAKpBAl+Dz5QPUkzmJsYFGSyhe2aOV8FFBQsfQll/3B1Qzi15nIurwQ6+GM8O2B5OLUz9x0MccGvpN3mlih9rcMCp9cMAtU5zRU3xy/3TWGH+m7ZsC2mE42ZRMzQosnZ0MwAnTirb5U1ivOJyc7JidDW7zW8ypxyE96V79K7x+RtezlJAlzl6kC9YotcnOnQyIxuqCh85tuslvtjuo4rUNpTF4ecx+MIz0Txtg7t7t/Id3QnylUC7D7uLPuCXFbEKuJGjs8zFt+/BKov02tmxb+XYINK9PHeKEcFr2MXve8kFq9bP7o9kYWK3tiPSI118wI=
Content-Type: multipart/alternative; boundary="_000_MW4PR02MB7428C6CD49A7E015718AF6B7B7C9AMW4PR02MB7428namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR02MB7428.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f8c3649-7cca-40e2-a270-08dbc6b78305
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2023 21:59:28.2437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR02MB6753
Archived-At: <https://mailarchive.ietf.org/arch/msg/cwt-reg-review/LzX_7z1C-H1JOBlxHQNgzJi_vIA>
Subject: Re: [Cwt-reg-review] Request to register set of claims for Arm CCA Attestation
X-BeenThere: cwt-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CWT Registry Review <cwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cwt-reg-review/>
List-Post: <mailto:cwt-reg-review@ietf.org>
List-Help: <mailto:cwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2023 21:59:34 -0000

IESG members, I replied to the request in the original thread, requesting, among other things, an IANA Considerations section.  If any IESG members would like to be added to the thread, I'd be glad to do so.

                                                       -- Mike

From: Cwt-reg-review <cwt-reg-review-bounces@ietf.org> On Behalf Of Simon Frost
Sent: Tuesday, October 3, 2023 5:22 AM
To: cwt-reg-review@ietf.org
Cc: iesg@ietf.org
Subject: Re: [Cwt-reg-review] Request to register set of claims for Arm CCA Attestation

Greetings,

I have not had any response to the submission below. Copying in  iesg@ietf.org<mailto:iesg@ietf.org> as recommended in RFC 8392.

Best Regards
Simon

From: Simon Frost
Sent: Thursday, August 10, 2023 2:01 PM
To: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>
Subject: Request to register set of claims for Arm CCA Attestation

Dear CWT claims registry experts,

Please find below a submission to register a set of claims for the CWT registry. I hope that I have followed the instructions & template from RFC8392 satisfactorily, please let me know if any updates or clarifications are required.

The background to this request is that the Arm Confidential Compute Architecture supports the creation of attestation tokens. The construction of these tokens uses CWT construction and follows the IETF EAT draft (https://datatracker.ietf.org/doc/draft-ietf-rats-eat/) for attestation tokens. The work extends the set of claims previously registered as psa_* and claims requested for registration as part of EAT standardization. This request adds additional claims specific to the CCA attestation target. The reference implementation of Arm CCA attestation only produces a CBOR encoded token and as such there are not matched requests in the JWT registry.

I have specified the Change Controller for all of these claims as being the support.developer.arm.com website rather than an individual email address as that should be more resilient. The DEN0137 specification document, being common to all these requests, contains information on how to provide feedback using that site.

1. Platform Config Claim
Note: The Arm CCA Platform Attestation token reuses Claim Keys already in the CWT IANA registry in the PSA range (currently 2394 - 2400). This claim is logically grouped with those other platform claims and hence requests a consecutive value.
Claim Name: psa-platform-config
Claim Description: encoding of the implementation options of the hardware platform
JWT Claim Name: N/A
Claim Key: (requested value) 2401
Claim Value Type(s): byte string
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.2.5


2. CCA Platform Token
Note: There are a group of related claims use in Arm CCA Attestation. This claim forms the base of a new consecutive range for those claim keys. The choice for the base of this range was intended to keep away from other related sets previously registered (and key value starts at 0xACCA). Further claims for future developments of the architecture would be requested consecutive to this range.
Claim Name: cca-platform-token
Claim Description: byte string encoding of the Arm CCA platform token
JWT Claim Name: N/A
Claim Key: (requested value) 44234
Claim Value Type(s): byte string
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3

3. CCA Realm Personalisation Value
Note that 'Realm' is the name used for a Confidential VM executing within an Arm CCA system
Claim Name: cca-realm-personalization-value
Claim Description: data personalization value provided at Realm creation time
JWT Claim Name: N/A
Claim Key: (requested value) 44235
Claim Value Type(s): byte string
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.2


4. CCA Realm Hash Algorithm
Claim Name: cca-realm-hash-algo-id
Claim Description: identity of the hash algm used for values in the CCA Realm attestation token
JWT Claim Name: N/A
Claim Key: (requested value) 44236
Claim Value Type(s): text
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.5


5. CCA Realm Public Key
Claim Name: cca-realm-public-key
Claim Description: identity of the key used to sign the CCA Realm attestation token
JWT Claim Name: N/A
Claim Key: (requested value) 44237
Claim Value Type(s): byte string
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.6

6. CCA Realm Initial Measurement
Claim Name: cca-realm-initial-measurement
Claim Description: measurment of the Realm at activation
JWT Claim Name: N/A
Claim Key: (requested value) 44238
Claim Value Type(s): byte string
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.3

7. CCA Realm Extensible Measurements
Claim Name: cca-realm-extensible-measurements
Claim Description: extensible measurement set for Realm values
JWT Claim Name: N/A
Claim Key: (requested value) 44239
Claim Value Type(s): array
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.4

8. CCA Realm Public Key Hash Algorithm ID
Claim Name: cca-realm-public-key-hash-algo-id
Claim Description: algorithm used to calculate hash of key from cca-realm-public-key
JWT Claim Name: N/A
Claim Key: (requested value) 44240
Claim Value Type(s): array
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.7


9. CCA Realm Delegated Token
Claim Name: cca-realm-delegated-token
Claim Description: byte string encoding of the Arm CCA delegated model Realm attestation token
JWT Claim Name: N/A
Claim Key: (requested value) 44241
Claim Value Type(s): array
Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/>
Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3





Best Regards
Simon

Simon Frost
Senior Principal Systems Solution Architect, ATG, Arm
Mob: +44 7855 265691

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email