Re: [Cwt-reg-review] [EXTERNAL] [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

[Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>]

As a RATS chair, I approve the request.

Thank you all for your work to make the early allocation happen.

Best regards,
Kathleen 

Sent from my mobile device

> On Jan 13, 2022, at 8:00 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> 
> Thanks for writing, Amanda.
> 
> We are definitely *not* using the values currently in the document, as they fail the registration criteria.  As one of the designated experts, I will be proposing conforming values today or tomorrow.  The criteria that the current values fail are at https://datatracker.ietf.org/doc/html/rfc8392#section-9.1, specifically:
> 
>   Criteria that should be applied by the Designated Experts includes
>   ...  Registrations for the limited set
>   of values between -256 and 255 and strings of length 1 are to be
>   restricted to claims with general applicability.
> 
>                Best wishes,
>                -- Mike
> 
> -----Original Message-----
> From: Amanda Baber via RT <iana-prot-param@iana.org> 
> Sent: Thursday, January 13, 2022 4:55 PM
> To: rdd@cert.org
> Cc: rats-chairs@ietf.org; Ned Smith <ned.smith@intel.com>; ncamwing@cisco.com; Mike Jones <Michael.Jones@microsoft.com>; mandyam@qti.qualcomm.com; lgl@island-resort.com; kathleen.moriarty.ietf@gmail.com; jodonogh@qti.qualcomm.com; iana@iana.org; cwt-reg-review@ietf.org
> Subject: [EXTERNAL] [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)
> 
> Hi Roman, all,
> 
> For our records, can one of the RATS chairs confirm this request?
> 
> I understand that for the CWT registrations, we'll be using the numeric values requested in the document:
> 
> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-9.3.1
> 
> thanks,
> 
> Amanda Baber
> IANA Operations Manager
> 
>> On Thu Jan 13 21:00:35 2022, rdd@cert.org wrote:
>> Hi!
>> 
>> 
>> 
>> Officially pulling everything together in one place for an early 
>> registration request.
>> 
>> 
>> 
>> ==[ Request to IANA ]==
>> 
>> Per step #5 of Section 3.1 of RFC 7120, the RATS WG would like select 
>> pre-registration actions for
>> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11 described 
>> in the "Pre-Registration actions" section below.
>> 
>> 
>> 
>> Mike: Thanks so much for your help here.  Consider this an approval 
>> for early allocation.
>> 
>> 
>> 
>> ==[ WG Coordination ]==
>> 
>> Step #4 (AD Approval) Implicit in this note
>> 
>> 
>> 
>> Step #3 (Discussion on the WG mailing list) 
>> https://mailarchive.ietf.org/arch/msg/rats/FwCqNrYjbiTd0nGZ0Wg9RQ2uU8o
>> /
>> 
>> 
>> 
>> ==[ Pre-Registration actions ]==
>> 
>> 
>> 
>> See Section 9.3.1 of https://datatracker.ietf.org/doc/html/draft-ietf-
>> rats-eat-11#section-9.3.1
>> 
>> 
>> 
>> Thanks,
>> 
>> Roman
>> 
>> 
>> From: Mike Jones <Michael.Jones@microsoft.com>
>> Sent: Thursday, January 13, 2022 2:57 PM
>> To: Roman Danyliw <rdd@cert.org>; Giridhar Mandyam 
>> <mandyam@qti.qualcomm.com>; Laurence Lundblade <lgl@island-resort.com>
>> Cc: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>; cwt-reg- 
>> review@ietf.org; Ned Smith <ned.smith@intel.com>; Nancy Cam-Winget
>> (ncamwing) <ncamwing@cisco.com>; Kathleen Moriarty 
>> <kathleen.moriarty.ietf@gmail.com>; rats-chairs <rats-chairs@ietf.org>
>> Subject: Re: Registration of Entity Attestation Token claims in the 
>> CWT registry
>> 
>> Roman, once you let the designated experts know that you approve of 
>> requesting early allocation per RFC 7120, then I’d be glad to consider 
>> this thread to be the request for early registration and proceed to do 
>> so.
>> 
>> Giri, Lawrence, etc., the registration procedures for CWT claims are 
>> defined at https://datatracker.ietf.org/doc/html/rfc8392#section-9.1.
>> In particular, the following sections are particularly relevant to the 
>> current discussion:
>> 
>> Criteria that should be applied by the Designated Experts includes 
>> determining whether the proposed registration duplicates existing 
>> functionality, whether it is likely to be of general applicability or 
>> whether it is useful only for a single application, and whether the 
>> registration description is clear.  Registrations for the limited set 
>> of values between -256 and 255 and strings of length 1 are to be 
>> restricted to claims with general applicability.
>> 
>> IANA must only accept registry updates from the Designated Experts and 
>> should direct all requests for registration to the review mailing 
>> list.
>> 
>> So whether early or not, the claims being proposed for registration 
>> that are not of general applicability are ineligible for registration 
>> in the range -256 to 255.  Also, any IANA registrations of CWT claims 
>> necessarily involve designated expert review.
>> 
>> I’m trying to help you as a designated expert to get to stable 
>> registrations soon.  Once Roman has approved the request for early 
>> registration, I’d be glad to work with IANA to do early registration 
>> of code points that meet the registration criteria above.
>> 
>> Best wishes,
>> -- Mike
>> 
>> From: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
>> Sent: Thursday, January 13, 2022 8:38 AM
>> To: Giridhar Mandyam
>> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; Mike 
>> Jones 
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>;
>> Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
>> resort.com>>
>> Cc: Jeremy O'Donoghue
>> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>; cwt- 
>> reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith 
>> <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-Winget
>> (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Kathleen 
>> Moriarty 
>> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
>> com>>; rats-chairs 
>> <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>; Roman Danyliw 
>> <rdd@cert.org<mailto:rdd@cert.org>>
>> Subject: Re: Registration of Entity Attestation Token claims in the 
>> CWT registry
>> 
>> Hi all!
>> 
>> I wanted to acknowledge that I got this note, but I am not up-to-speed 
>> on the issue and need to catch-up before providing a meaningful 
>> response.  A search of my mailbox also found this related thread which 
>> I attached.
>> 
>> Roman
>> 
>> From: Giridhar Mandyam
>> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
>> Sent: Thursday, January 13, 2022 10:35 AM
>> To: Mike Jones
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>;
>> Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
>> resort.com>>; Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
>> Cc: Jeremy O'Donoghue
>> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>; cwt- 
>> reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith 
>> <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-Winget
>> (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Kathleen 
>> Moriarty 
>> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
>> com>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>
>> Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation Token 
>> claims in the CWT registry
>> 
>> + Roman D.
>> 
>> I would like to escalate this to the AD.  Note that the EAT editors 
>> acted in good faith in the expectation that the RATS  chairs would 
>> address early allocation, and we were assured last March that there 
>> was no issues with the requested values.  As a result, we put off Last 
>> Call for the draft and went forward with guidance to other SDO’s (e.g.
>> FIDO Alliance, GlobalPlatform) that these claim values were stable.
>> 
>> Now for the first time we are finding out that (a) the values called 
>> out in the spec are not acceptable as per expert review criteria, and
>> (b) the RATS chairs never initiated the process of pre-registration in 
>> the first place.
>> 
>> My request to the AD is simple:  allow for pre-registration of the 
>> values as called out in the current EAT draft.  If this is not 
>> possible (and it looks likely that it is not), then my additional 
>> request is that the AD directly manage shepherding of this spec to 
>> Last Call and RFC as I believe communication between the EAT editors 
>> and the RATS Chairs has broken down and the RATS Chairs are not 
>> driving consensus decisions from the Working Group with respect to 
>> this spec.
>> 
>> -Giri
>> 
>> From: Mike Jones
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
>> Sent: Thursday, January 13, 2022 2:39 AM
>> To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
>> resort.com>>
>> Cc: Giridhar Mandyam
>> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; Jeremy 
>> O'Donoghue 
>> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>; cwt- 
>> reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith 
>> <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-Winget
>> (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Kathleen 
>> Moriarty 
>> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
>> com>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>
>> Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation Token 
>> claims in the CWT registry
>> 
>> 
>> WARNING: This email originated from outside of Qualcomm. Please be 
>> wary of any links or attachments, and do not enable macros.
>> Early allocation did not occur.  If it had, the numbers would be 
>> assigned in https://www.iana.org/assignments/cwt/cwt.xhtml.  (For an 
>> example of early allocation listings, see claims 38, 39, and 40.) 
>> Early registration, like normal registration, involves review by the 
>> designated experts, which also didn’t occur, because as far as I can 
>> tell, it wasn’t asked for.
>> 
>> I’m trying to help you get to stable assignments as soon as possible.
>> I know the value of having those.
>> 
>> Again, if you want stable assignments before upcoming interop events, 
>> I’d suggest making an early registration request by sending the 
>> registration request to cwt-reg-review@ietf.org<mailto:cwt-reg-
>> review@ietf.org>.  It would be cleaner to do so by first changing the 
>> assignments in your IANA Considerations section to “TBD”, but you 
>> could also do so based on the current draft (realizing that the 
>> proposed assignments in the draft might not be the ones assigned by 
>> the designated experts and IANA).
>> 
>> You could have stable assignments within a few weeks if you choose to 
>> request them soon.
>> 
>> Best wishes,
>> -- Mike
>> 
>> From: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
>> resort.com>>
>> Sent: Wednesday, January 12, 2022 10:31 PM
>> To: Mike Jones
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
>> Cc: Giridhar Mandyam
>> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; Jeremy 
>> O'Donoghue 
>> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>; cwt- 
>> reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith 
>> <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-Winget
>> (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Kathleen 
>> Moriarty 
>> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
>> com>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>
>> Subject: [EXTERNAL] Re: Registration of Entity Attestation Token 
>> claims in the CWT registry
>> 
>> Hi Mike,
>> 
>> I’m not trying grab anything here that we should not have.
>> 
>> The early allocation process, according to RFC 7120, is handled by the 
>> WG chairs. It is my understanding is that the RATS chairs followed 
>> this process and that number 10-18, 20 have early assignment. That’s 
>> why they are in the draft without “TBD”. Maybe the process wasn’t 
>> completed or there is some other confusion. I did not interact with 
>> IANA myself (but I did read 7120).
>> 
>> I think this needs to be resolved between the RATS chairs, designated 
>> experts and IANA. I am happy to adjust the draft when this gets 
>> resolved.
>> 
>> LL
>> 
>> 
>> 
>> On Jan 12, 2022, at 9:58 PM, Mike Jones 
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
>> wrote:
>> 
>> Yours is not the first specification that’s tried to preallocate the 
>> rare single-byte claim numbers for claims not of general 
>> applicability.  At https://www.iana.org/assignments/cwt/cwt.xhtml,
>> you’ll note that most of the claims allocated by draft-ietf-ace-oauth- 
>> authz are in the double-byte space because they’re not applicable to a 
>> wide variety of applications.  They were originally requested to be in 
>> the single-byte range and the designated experts negotiated with the 
>> editors to move their requested assignments.
>> 
>> Jim Schaad was always a stickler about specifications using TBD in 
>> their registration requests instead of assumed numbers.  At most, he 
>> would tolerate “TBD (requested assignment NNN)”.  Of course, he was 
>> right.  It’s up to IANA and the designated experts to make the 
>> assignments, particular of scarce resources, not the spec authors.
>> 
>> Therefore, please revise your specification to remove the current 
>> numbers and replace them with “TBD”.  At that point, it would be fine 
>> to make an early registration request.  The experts and IANA could 
>> likely get you permanent numbers at that point, probably within a 
>> matter of weeks.
>> 
>> If you do not want to go the early allocation route, the other option 
>> is to use numbers in the “less than -65536” space, which are 
>> designated as “Reserved for Private Use”.  You can use numbers in that 
>> space however you want for as long as you want – including for 
>> facilitating interop testing until permanent numbers are assigned.
>> 
>> I’m sorry this appears to have come as a surprise.  The designated 
>> experts are trying to ensure that the CWT Claims numbers are 
>> efficiently allocated to do the most good for the most applications.
>> I hope you’ll take this request in that spirit and choose one of the 
>> paths outlined above to quickly resolve this issue.
>> 
>> Best wishes,
>> -- Mike
>> 
>> From: Giridhar Mandyam
>> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
>> Sent: Wednesday, January 12, 2022 9:05 PM
>> To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
>> resort.com>>; Mike Jones
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>;
>> Jeremy O'Donoghue
>> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>
>> Cc: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith 
>> <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-Winget
>> (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Kathleen 
>> Moriarty 
>> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
>> com>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>
>> Subject: [EXTERNAL] RE: Registration of Entity Attestation Token 
>> claims in the CWT registry
>> 
>> + @Jeremy O'Donoghue<mailto:jodonogh@qti.qualcomm.com>
>> 
>> Ned, RATS Chairs,
>> 
>> We were assured by the RATS Chairs when we highlighted these values in 
>> Rev. -09 that they would be signed off for the registry.  This is one 
>> of the reasons why we did not try to accelerate Last Call during the 
>> first half of last year.  There was clearly a disconnect.  Can you 
>> check into why this occurred?
>> 
>> Mike,
>> 
>> We just put out an FDO update on the assumption that these claim 
>> values are set (https://fidoalliance.org/specs/FDO/FIDO-Device-
>> Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-
>> 20211214.html).  We are planning a 2nd interop event during the next 
>> couple of months and we may have to put that off now.  Is this issue 
>> intractable?  Can the claims not be assigned to EAT?
>> 
>> Jeremy can comment on any GlobalPlatform dependencies.
>> 
>> -Giri
>> 
>> From: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
>> resort.com>>
>> Sent: Wednesday, January 12, 2022 8:18 PM
>> To: Mike Jones
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
>> Cc: Giridhar Mandyam
>> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; cwt-reg- 
>> review@ietf.org<mailto:cwt-reg-review@ietf.org>; Smith, Ned 
>> <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-Winget
>> (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Kathleen 
>> Moriarty 
>> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
>> com>>
>> Subject: Re: Registration of Entity Attestation Token claims in the 
>> CWT registry
>> 
>> WARNING: This email originated from outside of Qualcomm. Please be 
>> wary of any links or attachments, and do not enable macros.
>> A couple more comments.
>> 
>> I know what you mean about taking the numbers <24. Not trying to be a 
>> hog or anything. It seems nobody, myself included, thought about it 
>> when this was done a year ago.
>> 
>> I know that Arm has SW that uses these assignments (ask Hannes and 
>> Thomas F). I think FIDO does too. I think there would be objections to 
>> a re assignment.
>> 
>> LL
>> 
>> 
>> On Jan 12, 2022, at 7:52 PM, Laurence Lundblade <lgl@island- 
>> resort.com<mailto:lgl@island-resort.com>> wrote:
>> 
>> + RATS chairs
>> 
>> Hi Mike,
>> 
>> The claims key numbers 10-18, 20 are early assignments by IANA. I 
>> didn’t handle the interaction with IANA, but I understand this to be 
>> true.  Changing them now would undermine some implementations that are 
>> using them.
>> 
>> LL
>> 
>> 
>> 
>> On Jan 12, 2022, at 6:11 PM, Mike Jones 
>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
>> wrote:
>> 
>> Please change the proposed CWT claim values for claims UEID through 
>> Submodules Section from 11 through 20 to 41 through 50 so that they 
>> are not using up most of the rare single-byte claim numbers.  Only 
>> claims that are of general applicability across multiple kinds of 
>> applications should be allocated in that space.
>> 
>> The one exception I would consider is the Location claim, which could 
>> be of general applicability.  If you believe that this location 
>> representation will be used by multiple kinds of applications, I would 
>> be willing to consider registering it in the single-byte claim space.
>> 
>> -- Mike
>> 
>> From: Cwt-reg-review <cwt-reg-review-bounces@ietf.org<mailto:cwt-reg-
>> review-bounces@ietf.org>> On Behalf Of Giridhar Mandyam
>> Sent: Saturday, October 16, 2021 4:11 PM
>> To: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>
>> Cc: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
>> resort.com>>
>> Subject: [Cwt-reg-review] Registration of Entity Attestation Token 
>> claims in the CWT registry
>> 
>> To the CWT claims registry designated experts:
>> 
>> I am contacting you on behalf of the editors of the Entity Attestation 
>> Token specification (latest draft available 
>> athttps://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10).  This 
>> is a standards-track document in the IETF Remote Attestation 
>> Procedures (RATS) Working Group.
>> 
>> Please note the requests for CWT registry of the claims outlined in
>> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10#section-
>> 7.3.1.  We would like these claim values reflected in the IANA CWT 
>> registry as soon as possible.  Would this be possible?
>> 
>> Please contact myself Giri Mandyam or Laurence Lundblade (cc’ed) for 
>> further information if required.
>> 
>> Thanks
>> 
>> -Giri Mandyam
>> 
>