Re: [Cwt-reg-review] Request to register set of claims for Arm CCA Attestation
Michael Jones <michael_b_jones@hotmail.com> Fri, 06 October 2023 21:59 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: cwt-reg-review@ietfa.amsl.com
Delivered-To: cwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E02AC151094; Fri, 6 Oct 2023 14:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SM7jtLyF47gC; Fri, 6 Oct 2023 14:59:30 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10olkn2070.outbound.protection.outlook.com [40.92.41.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A9BBC15107F; Fri, 6 Oct 2023 14:59:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dJMKG/XXnokyR8GBnFCdM8Lb0TzKoYKlRbuqPVio0VC8nUHQyHnB2PVDQWk2w6O4AaiFfJl7w095USA+ZrBPsHt71MX6UTdvaVYBYH5Wo5vSo+0hRUhz8U9wDCRu9phmugZLXlSi3AkCXNQEcBfGrdcvjqYboN1zd1+tdeVdYkkW+kU/PFkz6znTS+rjwYfhet4bKYAyDNffoUfJ08cQSrNwl7QnkR95dEgQuhNeCWNOHpNv1COCVwavgYlXAIcKCpgyhd7+ObGqSAmvLrBoRWM/v2nfcU3ni6nIMBbwtAS9+4QAOZeUji0cqhEpQSFf0Fw8YZCRWc45R3wESHi8rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W8UcNulJ+pLDlujVJnE9r9f6kvymUsKtoBBZz8xZ1TI=; b=LulpVgWNoQECkP7IWLYH7ftlOdrR5y8pceW7OI/s9nj/QngWBzLrDdT8KCNgtz9VUi9pBQ6sRV6piBI2SG8QwRwpdadCHTDgEmtprhtKW1s0sLEJ3CF/eNpA1qwyJDkzn/CI27vIWcVAqYGJRJk/GcCG5uESs5Sdkpqza/ZkSsPC2wQSlirOG7LUINFb37rGEdIkcCfovQuoS4sSDE28tSlh+PAIxpZhwfLByQEaeiLIsn/bNUpJxxmtiqfx6fijn0TsLtr/qjxN/NLupteMTHRRNyAP0Su/N0tsS4fwrG2Ard/ZmfASf+Dws8/BEP9ot2pb76wlYhqcciIRAqW9Ww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W8UcNulJ+pLDlujVJnE9r9f6kvymUsKtoBBZz8xZ1TI=; b=sTho/1yPSRncHHg9NBPpDbql9dnvR5XDCjS1n86E2qqahXYwt3lraa+39jmSeGDO5zNA951i4zJssBVBgC7OmWiAdVZqy7lHUWvIJ3peJ4WQCYE1IpAu2CvJDUq56WJNgSipXWfPrle124XHWNe73HLGDpDjvLJoWNT/SRY40CjsPOomA7ivSm1JeRx0qZgoWuaRJJmdSB5O2WI8B0rR/x3Z3QRV6+54FFgFDT5Bt8FmPkXGRSutjjBlPImYpli7iOExDTC52KSurJ+pMe/Zp5ceWD204T7VfMj34y/Ju+8CP47cinBxtQF+VNVPVVLpIcaC3/YMZdqOnvnP4LZ4ZQ==
Received: from MW4PR02MB7428.namprd02.prod.outlook.com (2603:10b6:303:71::5) by BY5PR02MB6753.namprd02.prod.outlook.com (2603:10b6:a03:209::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.38; Fri, 6 Oct 2023 21:59:28 +0000
Received: from MW4PR02MB7428.namprd02.prod.outlook.com ([fe80::36ca:d688:8cee:d6f7]) by MW4PR02MB7428.namprd02.prod.outlook.com ([fe80::36ca:d688:8cee:d6f7%6]) with mapi id 15.20.6813.017; Fri, 6 Oct 2023 21:59:28 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>
CC: Simon Frost <Simon.Frost@arm.com>, "cwt-reg-review@ietf.org" <cwt-reg-review@ietf.org>
Thread-Topic: Request to register set of claims for Arm CCA Attestation
Thread-Index: AdnLiOAOBY6j/ppeRoWVkIEY9M92CgqarrPQAKsiofA=
Date: Fri, 06 Oct 2023 21:59:28 +0000
Message-ID: <MW4PR02MB7428C6CD49A7E015718AF6B7B7C9A@MW4PR02MB7428.namprd02.prod.outlook.com>
References: <AS8PR08MB6677FAD036B479DCAE207AB5EF13A@AS8PR08MB6677.eurprd08.prod.outlook.com> <AS8PR08MB667798D65FDD3DCECD2F2464EFC4A@AS8PR08MB6677.eurprd08.prod.outlook.com>
In-Reply-To: <AS8PR08MB667798D65FDD3DCECD2F2464EFC4A@AS8PR08MB6677.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [S5yhwGzK6QdPXMHwE+zXNM/dCauwk+7eAKhdvmVwl6pCG55kG+kI/O1WQ5WL/RnS]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR02MB7428:EE_|BY5PR02MB6753:EE_
x-ms-office365-filtering-correlation-id: 0f8c3649-7cca-40e2-a270-08dbc6b78305
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jd+bgncE35MvPDWzsJxBkIndSJoQOFXJTle+zgfkp7OvD42lCwNcfzUzovJFevSmjXHcT8JoC9t5CNy9OfO84niop0xB6iL9xghPRG+VKyQjuiHkscGkMRINphHW/FVG14Daa7NYu/hqJvupCgzNtCNMW2MbvIevthE0C1qIrZ4F4jPacnqxEVWNl7LBRuCQqJBskFpf3HDiWSPzG4ie3a01781bM62ybt8gOsq5wdNUUhyAr7gQC0WqcBHGBH+K0J39N6qo8u8o7MxInaf9xCoFYOX4sQ+ElLHN7n6YT5mb1VbENTIAQH0Jpr4vvDCpb4ZVKpezRVxitTFBAzi3bsYHFWdKppJku3Pt+5Sj15T6Xb1F97zCTTM0fz9zfaMF3P6gfXkEaD+eiion7SZmJGrNWy8G57/8LI7CMmmROTY9FeW9pYKIA798oCHue9YvqjBqZ7BgQVVY/XXtV7JqWRONqEEQJCA+4iGnzLj0THucbS2ZbOztEWIImEcCCsUueSxVkuxszOH+s2YMMZprmvvaaldCZ2m7PruQpAd95YyQjRcm3H+W50S4874O3/Dx1gZ/z+VTBThmuSkHuNcDMalpCWo+mkv3qi4kG0IxWp2IrT0n4V7brhZ0ISUV/BE4
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: hogUt5lcjxFaeYJxCMepWOhFFvfizVsO2QZ/qGXV30JVRKe7q4NMQOegMfS6K7nrM7wTwBCui42f4odiAsdViK3nV4pGwZlBHiTXcLE3z62CMiZc6rfA9447DOO6CsqjZC0CSGPd3DWdt+dZxOdesLoIk4j2Vtqshw0KV91uD3evl6Wr7IE6WIBv4LnZqNmxLlI4v78L+YfGi5a26REGrsx6YfEZ4CAdxyLhodh7nY4nLalmX1NdNSs2Rc67CXW0NJE1v9gifJWWo4NoSH7skYOy2quVfk1pMMojpN011N+sxXEEysAtmSJuYWMZBmk96Wd4FOgWteC+08ZMEGXERrNxVSgv831SxvQIInSdP7jvEOs/hN+Qn57m9TWlOe8ffd20uOKxgTuqCjHNkl5STxFj4WcUagCvlVSGxlnl1e9FDxNRZlMO0PszUXwxe8VAf8Ap8zO+JVPyVPByNx07vIrEO9kgEEtJ5gbsQJP+9T0jUNOOFl/l50CJISTZ+a15j3+xdQOg8KZ9kX8vScJI+c24Aq0j0OVNcY32QKDKYPEGFiHYMwPLG1YCwmMQ7DU0tk+hl6y9gBUbFnHilpisNt+7n2L4z00FrKAVTFgn2ZhDWfyz8/5uM0qqOA38EgJHxxxOC3tZJVVqU6vmxUAl3FgxaUOtDQC7mVGU608S9SRlkEiwfVyoWJiKw6qMTitdqaW333ZrNXx7tlmy2aFAtFTkNgfgP5E+wxV98AUU6jRUGAEkTVacd+R1xuYZhth9w6pRG+/wf1tCgw6ZonvFHLMLgapodJbQEloCSCTU5B+O02F3S/SBNND2JKLeOCUdqkI3Ax+49Tm/jqfxE3tH0GImVDHK3PtCg5zg64FpEJUl0uuoJedUhasCgdsj7wnPDmHq7PnOvn9wCI+gxUjoGBEHDYR/XsOuxbfrLwqkYMAfgpUAbj4njPWbrpgCTaH8/fpUwlcfa/CNYWi8NrzqIU6llibwf8XWg3FNHFRDkAKpBAl+Dz5QPUkzmJsYFGSyhe2aOV8FFBQsfQll/3B1Qzi15nIurwQ6+GM8O2B5OLUz9x0MccGvpN3mlih9rcMCp9cMAtU5zRU3xy/3TWGH+m7ZsC2mE42ZRMzQosnZ0MwAnTirb5U1ivOJyc7JidDW7zW8ypxyE96V79K7x+RtezlJAlzl6kC9YotcnOnQyIxuqCh85tuslvtjuo4rUNpTF4ecx+MIz0Txtg7t7t/Id3QnylUC7D7uLPuCXFbEKuJGjs8zFt+/BKov02tmxb+XYINK9PHeKEcFr2MXve8kFq9bP7o9kYWK3tiPSI118wI=
Content-Type: multipart/alternative; boundary="_000_MW4PR02MB7428C6CD49A7E015718AF6B7B7C9AMW4PR02MB7428namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR02MB7428.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f8c3649-7cca-40e2-a270-08dbc6b78305
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2023 21:59:28.2437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR02MB6753
Archived-At: <https://mailarchive.ietf.org/arch/msg/cwt-reg-review/LzX_7z1C-H1JOBlxHQNgzJi_vIA>
Subject: Re: [Cwt-reg-review] Request to register set of claims for Arm CCA Attestation
X-BeenThere: cwt-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CWT Registry Review <cwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cwt-reg-review/>
List-Post: <mailto:cwt-reg-review@ietf.org>
List-Help: <mailto:cwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2023 21:59:34 -0000
IESG members, I replied to the request in the original thread, requesting, among other things, an IANA Considerations section. If any IESG members would like to be added to the thread, I'd be glad to do so. -- Mike From: Cwt-reg-review <cwt-reg-review-bounces@ietf.org> On Behalf Of Simon Frost Sent: Tuesday, October 3, 2023 5:22 AM To: cwt-reg-review@ietf.org Cc: iesg@ietf.org Subject: Re: [Cwt-reg-review] Request to register set of claims for Arm CCA Attestation Greetings, I have not had any response to the submission below. Copying in iesg@ietf.org<mailto:iesg@ietf.org> as recommended in RFC 8392. Best Regards Simon From: Simon Frost Sent: Thursday, August 10, 2023 2:01 PM To: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org> Subject: Request to register set of claims for Arm CCA Attestation Dear CWT claims registry experts, Please find below a submission to register a set of claims for the CWT registry. I hope that I have followed the instructions & template from RFC8392 satisfactorily, please let me know if any updates or clarifications are required. The background to this request is that the Arm Confidential Compute Architecture supports the creation of attestation tokens. The construction of these tokens uses CWT construction and follows the IETF EAT draft (https://datatracker.ietf.org/doc/draft-ietf-rats-eat/) for attestation tokens. The work extends the set of claims previously registered as psa_* and claims requested for registration as part of EAT standardization. This request adds additional claims specific to the CCA attestation target. The reference implementation of Arm CCA attestation only produces a CBOR encoded token and as such there are not matched requests in the JWT registry. I have specified the Change Controller for all of these claims as being the support.developer.arm.com website rather than an individual email address as that should be more resilient. The DEN0137 specification document, being common to all these requests, contains information on how to provide feedback using that site. 1. Platform Config Claim Note: The Arm CCA Platform Attestation token reuses Claim Keys already in the CWT IANA registry in the PSA range (currently 2394 - 2400). This claim is logically grouped with those other platform claims and hence requests a consecutive value. Claim Name: psa-platform-config Claim Description: encoding of the implementation options of the hardware platform JWT Claim Name: N/A Claim Key: (requested value) 2401 Claim Value Type(s): byte string Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.2.5 2. CCA Platform Token Note: There are a group of related claims use in Arm CCA Attestation. This claim forms the base of a new consecutive range for those claim keys. The choice for the base of this range was intended to keep away from other related sets previously registered (and key value starts at 0xACCA). Further claims for future developments of the architecture would be requested consecutive to this range. Claim Name: cca-platform-token Claim Description: byte string encoding of the Arm CCA platform token JWT Claim Name: N/A Claim Key: (requested value) 44234 Claim Value Type(s): byte string Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3 3. CCA Realm Personalisation Value Note that 'Realm' is the name used for a Confidential VM executing within an Arm CCA system Claim Name: cca-realm-personalization-value Claim Description: data personalization value provided at Realm creation time JWT Claim Name: N/A Claim Key: (requested value) 44235 Claim Value Type(s): byte string Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.2 4. CCA Realm Hash Algorithm Claim Name: cca-realm-hash-algo-id Claim Description: identity of the hash algm used for values in the CCA Realm attestation token JWT Claim Name: N/A Claim Key: (requested value) 44236 Claim Value Type(s): text Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.5 5. CCA Realm Public Key Claim Name: cca-realm-public-key Claim Description: identity of the key used to sign the CCA Realm attestation token JWT Claim Name: N/A Claim Key: (requested value) 44237 Claim Value Type(s): byte string Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.6 6. CCA Realm Initial Measurement Claim Name: cca-realm-initial-measurement Claim Description: measurment of the Realm at activation JWT Claim Name: N/A Claim Key: (requested value) 44238 Claim Value Type(s): byte string Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.3 7. CCA Realm Extensible Measurements Claim Name: cca-realm-extensible-measurements Claim Description: extensible measurement set for Realm values JWT Claim Name: N/A Claim Key: (requested value) 44239 Claim Value Type(s): array Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.4 8. CCA Realm Public Key Hash Algorithm ID Claim Name: cca-realm-public-key-hash-algo-id Claim Description: algorithm used to calculate hash of key from cca-realm-public-key JWT Claim Name: N/A Claim Key: (requested value) 44240 Claim Value Type(s): array Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3.1.7 9. CCA Realm Delegated Token Claim Name: cca-realm-delegated-token Claim Description: byte string encoding of the Arm CCA delegated model Realm attestation token JWT Claim Name: N/A Claim Key: (requested value) 44241 Claim Value Type(s): array Change Controller: https://support.developer.arm.com<https://support.developer.arm.com/> Specification Document: https://developer.arm.com/documentation/den0137/latest Section A7.2.3 Best Regards Simon Simon Frost Senior Principal Systems Solution Architect, ATG, Arm Mob: +44 7855 265691 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Cwt-reg-review] Request to register set of claim… Simon Frost
- Re: [Cwt-reg-review] Request to register set of c… Simon Frost
- Re: [Cwt-reg-review] Request to register set of c… Lars Eggert
- Re: [Cwt-reg-review] Request to register set of c… Lars Eggert
- Re: [Cwt-reg-review] Request to register set of c… Michael Jones
- Re: [Cwt-reg-review] Request to register set of c… Michael Jones
- Re: [Cwt-reg-review] Request to register set of c… Simon Frost