Re: [Cwt-reg-review] [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

Roman Danyliw <rdd@cert.org> Tue, 25 January 2022 13:45 UTC

Return-Path: <rdd@cert.org>
X-Original-To: cwt-reg-review@ietfa.amsl.com
Delivered-To: cwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 468DD3A1236; Tue, 25 Jan 2022 05:45:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLdKj_I384gW; Tue, 25 Jan 2022 05:45:50 -0800 (PST)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0129.outbound.protection.office365.us [23.103.208.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4BA83A1223; Tue, 25 Jan 2022 05:45:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=iynIVQ6GC4Oksg4XHbmKXIX6j8B0FBzh57cqo87+aLnQBjgTZXX5X+zYG7VutOTvlY5UnGKol/Lq6c0iYKB1VPQFEU8BoT0pd5Lj+eniSn0QBUi4iv3sJQMhjdPLuHYvoLeDMXzTjA6RcjcMlMvPITfQQrAmqifN9rgsvI/4iJnTWXImBYVbsCsGF4DMki6w5c5XY0tFVzdMbdpe6dmPJSCk7d0/D6/kA8kyi+cm0vfCU+V/2/pK4cd88jjhSKjkQSm+0j9tyaXRaC86Xy2Tr54N38A9chZEfcGIvmoZLWxfiXUUIq/Bk9P3msjUVgIbPrxC6jG0+K0pgTnpODGv9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eEJmtUlr+Rh3g34xFMZGn/B42tI1YXkR/asHSPgNDKY=; b=vwge+ZFOCCmGBozUtLOiit6wpNmQjCr17RF6Fe9sQIU1Yl5/l2Xjc01D9tDQ7yjQmRaMfox9IpaXrVP2XtavifSVRpOnuVMezH5MrAaMMVZKNMQmG0HIxu7Dyi9ovIzj71RdAcVTySYBWYk9ap/dHdgqjWU8Gsi3E5DV1ndqH/zRytmujs2lo5feW9PwmCJRic03hgZUG3jVOmQHK2Nzevecf+r8Is2XbFDrqcZu6jUne0C6lEbM4PTLzlWsBUGRQZZ9LqhmC1ogXvej09qFkkkLUT34+TijasH7rujuhTA2vDfzKEV6R3kUtfHN9rnX/PLLEwmlsjaDadBuvki0FA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eEJmtUlr+Rh3g34xFMZGn/B42tI1YXkR/asHSPgNDKY=; b=Is/mCtH7my10IY7chiUIvEyJOu51oeZ2ET7JqWEHdFaIDlQdNVTKWjWdkDxi1ONXy9XXCpnY9c5KvlZOSeu9HTSMWhxocIXLIHcg9rddg/t7YK4VLtb9QkFmsRQbftDybJftymrtKwCKZ9ylAs5O0rlK6xGhCmABSCT93YOXYQI=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1656.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:17e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.10; Tue, 25 Jan 2022 13:45:47 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::45f0:b470:9c74:ef6e]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::45f0:b470:9c74:ef6e%3]) with mapi id 15.20.4909.019; Tue, 25 Jan 2022 13:45:46 +0000
From: Roman Danyliw <rdd@cert.org>
To: "iana-prot-param@iana.org" <iana-prot-param@iana.org>
CC: "rats-chairs@ietf.org" <rats-chairs@ietf.org>, "ned.smith@intel.com" <ned.smith@intel.com>, "ncamwing@cisco.com" <ncamwing@cisco.com>, "michael.jones@microsoft.com" <michael.jones@microsoft.com>, "mandyam@qti.qualcomm.com" <mandyam@qti.qualcomm.com>, "lgl@island-resort.com" <lgl@island-resort.com>, "kathleen.moriarty.ietf@gmail.com" <kathleen.moriarty.ietf@gmail.com>, "jodonogh@qti.qualcomm.com" <jodonogh@qti.qualcomm.com>, "iana@iana.org" <iana@iana.org>, "cwt-reg-review@ietf.org" <cwt-reg-review@ietf.org>, Roman Danyliw <rdd@cert.org>
Thread-Topic: [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)
Thread-Index: AdgI+1ENC4E7qTCYSuKxED22Q7j04gAW8KFFAADSwcACDGtMTwAZbVPg
Date: Tue, 25 Jan 2022 13:45:46 +0000
Message-ID: <BN2P110MB1107D5D046E92F3918312BBEDC5F9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <RT-Ticket-1222304@icann.org> <SA2PR00MB100283777A6B0E44EDC5A734F5549@SA2PR00MB1002.namprd00.prod.outlook.com> <rt-4.4.3-12750-1642132893-1016.1222304-37-0@icann.org> <rt-4.4.3-22493-1642172244-670.1222304-37-0@icann.org> <BN2P110MB11071368803E6A49F60AC297DC549@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <rt-4.4.3-22499-1642173879-736.1222304-37-0@icann.org> <rt-4.4.3-17746-1643074603-1297.1222304-37-0@icann.org>
In-Reply-To: <rt-4.4.3-17746-1643074603-1297.1222304-37-0@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 375a4666-c3c5-449c-931a-08d9e008fd9d
x-ms-traffictypediagnostic: BN2P110MB1656:EE_
x-microsoft-antispam-prvs: <BN2P110MB16563518E6E6B7C9E605FCFDDC5F9@BN2P110MB1656.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:514;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RShnezzOwBppjAmy60lKA3Bf8SlFGNnfR9CEhTluuX+goMQHh/G4wtZz4xjO0QvQe17Z1kxPnGxtJJl1g7f66gRtP/exy4Wci0D96W95ADCqDeV3U6JhGryk13o0hwjIuwmEETF4OQrivJZo+hWRlOaZqJo/Z0Tr52KCxMwQjhXVOznLW7aSOgLZtxmdQ5u5SGv/BuoXjUi5KxY+E5B0NW7PmEtefe2BOr08R5hksKEg4+r3AVGC3kS7tVU1bjI+5UBTmhq+OHyTbhghrC/Ki8Pi0ZWJemF+F654Rfwq38DyUDt914xHCWkdqnxtBuC6MvHDanxdtFpRw+PrGazJ7e3/kJPdxEpivDddUrypcGi19tKbxd6rJ+836kA22Js+3QR9kPKzprOyZaOabG8+j9ODub8Hsea/wHqcs/pMhgA2vwQhbvmZp9l1vZU3niEvtw3JpV3/538hJU9jR/KiZ62MG+dfEoPoTh7uS8rtalBJOWvYClMR9eyG9NlTuzTMgj5aozr/HIQnJWmDWRzyVUqglrsV0R7x9ZyeSVHfDsUtXLmRFMQrOLKdlhshBOkb7ook2R9WeOz36wz+uJxLpvRS817o/vvB7aLC+9jrFLIy5v5R9eF5mGYJIDpdihq61dbkQOSj/CzjZsGoXDIE0YCQh9zhAGfTevEd7i2jlUF+PScrwpL5D1AB6Okl/XteQUx+Ki5Rf4t4oxsjtWdrWw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(55016003)(83380400001)(30864003)(52536014)(26005)(8936002)(7696005)(8676002)(86362001)(966005)(186003)(54906003)(6506007)(53546011)(66946007)(38070700005)(66476007)(82960400001)(71200400001)(45080400002)(33656002)(498600001)(9686003)(6916009)(38100700002)(4326008)(107886003)(2906002)(64756008)(66556008)(66446008)(5660300002)(7416002)(76116006)(122000001)(559001)(579004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vR+23IfjxTmMleKFSs6v8cduFMZWNByz/A8C+WCtDo2pI24qea/pFlJkZfUWPH9ja+GBSssA5phmfq+bpSlSYFiLVQ6/m2PjMGREf7yLVIMEclt/pwXjV2fKpw58gKWVMXQSll2RC8lhz2Rg8jOjRg==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 375a4666-c3c5-449c-931a-08d9e008fd9d
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2022 13:45:46.6927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1656
Archived-At: <https://mailarchive.ietf.org/arch/msg/cwt-reg-review/QQKRfsiX3XQEzXvR-EwNnDx-8GA>
Subject: Re: [Cwt-reg-review] [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)
X-BeenThere: cwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CWT Registry Review <cwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cwt-reg-review/>
List-Post: <mailto:cwt-reg-review@ietf.org>
List-Help: <mailto:cwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2022 13:45:55 -0000

Yes, please. After review, the WG can live with these allocations despite them not being the original plan.

Thanks for double checking.

Roman

> -----Original Message-----
> From: Amanda Baber via RT <iana-prot-param@iana.org>
> Sent: Monday, January 24, 2022 8:37 PM
> To: Roman Danyliw <rdd@cert.org>
> Cc: rats-chairs@ietf.org; ned.smith@intel.com; ncamwing@cisco.com;
> michael.jones@microsoft.com; mandyam@qti.qualcomm.com; lgl@island-
> resort.com; kathleen.moriarty.ietf@gmail.com; jodonogh@qti.qualcomm.com;
> iana@iana.org; cwt-reg-review@ietf.org
> Subject: [IANA #1222304] Early allocation for Entity Attestation Token claims in
> the CWT registry (was Re: Registration of Entity Attestation Token claims in the
> CWT registry)
> 
> Hi Roman,
> 
> Should we go ahead with the values proposed by Mike?
> 
> thanks,
> Amanda
> 
> On Fri Jan 14 15:24:39 2022, rdd@cert.org wrote:
> > Hi Amanda!
> >
> > Could we please have another day before making this allocation plan
> > the way ahead.  I'd like to give the document authors who best
> > understand the potentially consequences of these identifiers a chance
> > to look at them.  Until I think a day or two ago there was the
> > expectation in the WG that these would all be one-byte identifiers
> > with those specific numeric code points (which have been communicated
> > to outside SDOs).  Mike has talked us through it but we need a chance
> > to internalize it.
> >
> > Roman
> >
> > > -----Original Message-----
> > > From: Amanda Baber via RT <iana-prot-param@iana.org>
> > > Sent: Friday, January 14, 2022 9:57 AM
> > > To: Roman Danyliw <rdd@cert.org>
> > > Cc: rats-chairs@ietf.org; ned.smith@intel.com; ncamwing@cisco.com;
> > > michael.jones@microsoft.com; mandyam@qti.qualcomm.com; lgl@island-
> > > resort.com; kathleen.moriarty.ietf@gmail.com;
> > > jodonogh@qti.qualcomm.com; iana@iana.org; cwt-reg-review@ietf.org
> > > Subject: [IANA #1222304] Early allocation for Entity Attestation
> > > Token claims in the CWT registry (was Re: Registration of Entity
> > > Attestation Token claims in the CWT registry)
> > >
> > > Hi Roman,
> > >
> > > Can you confirm that we can move ahead with the values listed below?
> > >
> > > thanks,
> > > Amanda
> > >
> > > On Fri Jan 14 04:01:33 2022, Michael.Jones@microsoft.com wrote:
> > > > As a designated expert for the CWT Claims registry, I approve of
> > > > the early registration of the CWT Claims defined in
> > > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-
> > > > 11#section-
> > > > 9.3.1 with the following assignments.  The registrations should
> > > > occur on Friday, February 4, 2022 (after the three-week review
> > > > period specified by RFC 8392).
> > > >
> > > > o  Claim Name: Nonce
> > > > o  Claim Description: Nonce
> > > > o  JWT Claim Name: "nonce" (already registered for JWT) o  Claim
> > > > Key:
> > > > 10 o  Claim Value Type(s): byte string o  Change Controller: IESG
> > > > o Specification Document(s): [OpenIDConnectCore], *this document*
> > > >
> > > > o  Claim Name: UEID
> > > > o  Claim Description: The Universal Entity ID o  JWT Claim Name:
> > > > "ueid"
> > > > o  CWT Claim Key: 256
> > > > o  Claim Value Type(s): byte string o  Change Controller: IESG o
> > > > Specification Document(s): *this document*
> > > >
> > > > o  Claim Name: OEMID
> > > > o  Claim Description: IEEE-based OEM ID o  JWT Claim Name: "oemid"
> > > > o  Claim Key: 257
> > > > o  Claim Value Type(s): byte string o  Change Controller: IESG o
> > > > Specification Document(s): *this document*
> > > >
> > > > o  Claim Name: Security Level
> > > > o  Claim Description: Characterization of the security of an
> > > > Attester or submodule o  JWT Claim Name: "seclevel"
> > > > o  Claim Key: 258
> > > > o  Claim Value Type(s): integer
> > > > o  Change Controller: IESG
> > > > o  Specification Document(s): *this document*
> > > >
> > > > o  Claim Name: Secure Boot
> > > > o  Claim Description: Indicate whether the boot was secure o  JWT
> > > > Claim Name: "secboot"
> > > > o  Claim Key: 259
> > > > o  Claim Value Type(s): Boolean
> > > > o  Change Controller: IESG
> > > > o  Specification Document(s): *this document*
> > > >
> > > > o  Claim Name: Debug Status
> > > > o  Claim Description: Indicate status of debug facilities o  JWT
> > > > Claim
> > > > Name: "dbgstat"
> > > > o  Claim Key: 260
> > > > o  Claim Value Type(s): integer
> > > > o  Change Controller: IESG
> > > > o  Specification Document(s): *this document*
> > > >
> > > > o  Claim Name: Location
> > > > o  Claim Description: The geographic location o  JWT Claim Name:
> > > > "location"
> > > > o  Claim Key: 261
> > > > o  Claim Value Type(s): map
> > > > o  Change Controller: IESG
> > > > o  Specification Document(s): *this document*
> > > >
> > > > o  Claim Name: Profile
> > > > o  Claim Description: Indicates the EAT profile followed o  JWT
> > > > Claim
> > > > Name: "eat_profile"
> > > > o  Claim Key: 262
> > > > o  Claim Value Type(s): map
> > > > o  Change Controller: IESG
> > > > o  Specification Document(s): *this document*
> > > >
> > > > o  Claim Name: Submodules Section
> > > > o  Claim Description: The section containing submodules (not
> > > > actually a claim) o  JWT Claim Name: "submods"
> > > > o  Claim Key: 263
> > > > o  Claim Value Type(s): map
> > > > o  Change Controller: IESG
> > > > o  Specification Document(s): *this document*
> > > >
> > > > Per Roman's note, I believe that chair approval of the act of
> > > > early registration is also needed to proceed.  These registrations
> > > > should hopefully satisfy the need for early assignments for
> > > > interop testing desired by the requestors of the registration.
> > > >
> > > > Best wishes,
> > > > -- Mike
> > > >
> > > > -----Original Message-----
> > > >  From: Mike Jones
> > > > Sent: Thursday, January 13, 2022 5:00 PM
> > > > To: 'iana-prot-param@iana.org' <iana-prot-param@iana.org>;
> > > > rdd@cert.org
> > > > Cc: rats-chairs@ietf.org; Ned Smith <ned.smith@intel.com>;
> > > > ncamwing@cisco.com; mandyam@qti.qualcomm.com; lgl@island-
> > > resort.com;
> > > > kathleen.moriarty.ietf@gmail.com; jodonogh@qti.qualcomm.com;
> > > > iana@iana.org; cwt-reg-review@ietf.org
> > > > Subject: RE: [IANA #1222304] Early allocation for Entity
> > > > Attestation Token claims in the CWT registry (was Re: Registration
> > > > of Entity Attestation Token claims in the CWT registry)
> > > >
> > > > Thanks for writing, Amanda.
> > > >
> > > > We are definitely *not* using the values currently in the
> > > > document, as they fail the registration criteria.  As one of the
> > > > designated experts, I will be proposing conforming values today or
> > > > tomorrow.
> > > > The
> > > > criteria that the current values fail are at
> > > > https://datatracker.ietf.org/doc/html/rfc8392#section-9.1,
> > > > specifically:
> > > >
> > > > Criteria that should be applied by the Designated Experts includes
> > > > ...
> > > > Registrations for the limited set of values between -256 and 255
> > > > and strings of length 1 are to be restricted to claims with
> > > > general applicability.
> > > >
> > > > Best wishes,
> > > > -- Mike
> > > >
> > > > -----Original Message-----
> > > > From: Amanda Baber via RT <iana-prot-param@iana.org>
> > > > Sent: Thursday, January 13, 2022 4:55 PM
> > > > To: rdd@cert.org
> > > > Cc: rats-chairs@ietf.org; Ned Smith <ned.smith@intel.com>;
> > > > ncamwing@cisco.com; Mike Jones <Michael.Jones@microsoft.com>;
> > > > mandyam@qti.qualcomm.com; lgl@island-resort.com;
> > > > kathleen.moriarty.ietf@gmail.com; jodonogh@qti.qualcomm.com;
> > > > iana@iana.org; cwt-reg-review@ietf.org
> > > > Subject: [EXTERNAL] [IANA #1222304] Early allocation for Entity
> > > > Attestation Token claims in the CWT registry (was Re: Registration
> > > > of Entity Attestation Token claims in the CWT registry)
> > > >
> > > > Hi Roman, all,
> > > >
> > > > For our records, can one of the RATS chairs confirm this request?
> > > >
> > > > I understand that for the CWT registrations, we'll be using the
> > > > numeric values requested in the document:
> > > >
> > > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-
> > > > 11#section-
> > > > 9.3.1
> > > >
> > > > thanks,
> > > >
> > > > Amanda Baber
> > > > IANA Operations Manager
> > > >
> > > > On Thu Jan 13 21:00:35 2022, rdd@cert.org wrote:
> > > > > Hi!
> > > > >
> > > > >
> > > > >
> > > > > Officially pulling everything together in one place for an early
> > > > > registration request.
> > > > >
> > > > >
> > > > >
> > > > > == [ Request to IANA ]==
> > > > >
> > > > > Per step #5 of Section 3.1 of RFC 7120, the RATS WG would like
> > > > > select pre-registration actions for
> > > > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11
> > > > > described
> > > > > in the "Pre-Registration actions" section below.
> > > > >
> > > > >
> > > > >
> > > > > Mike: Thanks so much for your help here.  Consider this an
> > > > > approval for early allocation.
> > > > >
> > > > >
> > > > >
> > > > > == [ WG Coordination ]==
> > > > >
> > > > > Step #4 (AD Approval) Implicit in this note
> > > > >
> > > > >
> > > > >
> > > > > Step #3 (Discussion on the WG mailing list)
> > > > > https://mailarchive.ietf.org/arch/msg/rats/FwCqNrYjbiTd0nGZ0Wg9R
> > > > > Q2uU
> > > > > 8o
> > > > > /
> > > > >
> > > > >
> > > > >
> > > > > == [ Pre-Registration actions ]==
> > > > >
> > > > >
> > > > >
> > > > > See Section 9.3.1 of
> > > > > https://datatracker.ietf.org/doc/html/draft-
> > > > > ietf-
> > > > > rats-eat-11#section-9.3.1
> > > > >
> > > > >
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Roman
> > > > >
> > > > >
> > > > > From: Mike Jones <Michael.Jones@microsoft.com>
> > > > > Sent: Thursday, January 13, 2022 2:57 PM
> > > > >  To: Roman Danyliw <rdd@cert.org>; Giridhar Mandyam
> > > > > <mandyam@qti.qualcomm.com>; Laurence Lundblade <lgl@island-
> > > > > resort.com>
> > > > >  Cc: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>; cwt-reg-
> > > > > review@ietf.org; Ned Smith <ned.smith@intel.com>; Nancy Cam-
> > > > > Winget
> > > > >  (ncamwing) <ncamwing@cisco.com>; Kathleen Moriarty
> > > > > <kathleen.moriarty.ietf@gmail.com>; rats-chairs <rats-
> > > > > chairs@ietf.org>
> > > > >  Subject: Re: Registration of Entity Attestation Token claims in
> > > > > the CWT registry
> > > > >
> > > > > Roman, once you let the designated experts know that you approve
> > > > > of requesting early allocation per RFC 7120, then I’d be glad to
> > > > > consider this thread to be the request for early registration
> > > > > and proceed to do so.
> > > > >
> > > > > Giri, Lawrence, etc., the registration procedures for CWT claims
> > > > > are defined at
> > > > > https://datatracker.ietf.org/doc/html/rfc8392#section-
> > > > > 9.1.
> > > > > In particular, the following sections are particularly relevant
> > > > > to the current discussion:
> > > > >
> > > > > Criteria that should be applied by the Designated Experts
> > > > > includes determining whether the proposed registration
> > > > > duplicates existing functionality, whether it is likely to be of
> > > > > general applicability or whether it is useful only for a single
> > > > > application, and whether the registration description is clear.
> > > > > Registrations for the limited set of values between -256 and 255
> > > > > and strings of length
> > > > > 1
> > > > > are to be restricted to claims with general applicability.
> > > > >
> > > > > IANA must only accept registry updates from the Designated
> > > > > Experts and should direct all requests for registration to the
> > > > > review mailing list.
> > > > >
> > > > > So whether early or not, the claims being proposed for
> > > > > registration that are not of general applicability are
> > > > > ineligible for registration in the range -256 to 255.  Also, any
> > > > > IANA registrations of CWT claims necessarily involve designated
> > > > > expert review.
> > > > >
> > > > > I’m trying to help you as a designated expert to get to stable
> > > > > registrations soon.  Once Roman has approved the request for
> > > > > early registration, I’d be glad to work with IANA to do early
> > > > > registration of code points that meet the registration criteria
> > > > > above.
> > > > >
> > > > > Best wishes,
> > > > > -- Mike
> > > > >
> > > > > From: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
> > > > > Sent: Thursday, January 13, 2022 8:38 AM
> > > > > To: Giridhar Mandyam
> > > > >
> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > > Mike
> > > > > Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >; Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > > resort.com>>
> > > > > Cc: Jeremy O'Donoghue
> > > > >
> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > > cwt-
> > > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > > Winget
> > > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > > Kathleen  Moriarty
> > > > >
> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > > com>> ; rats-chairs
> > > > > <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>; Roman
> > > > > Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
> > > > > Subject: Re: Registration of Entity Attestation Token claims in
> > > > > the CWT registry
> > > > >
> > > > > Hi all!
> > > > >
> > > > > I wanted to acknowledge that I got this note, but I am not
> > > > > up-to- speed on the issue and need to catch-up before providing
> > > > > a meaningful response.  A search of my mailbox also found this
> > > > > related thread which I attached.
> > > > >
> > > > > Roman
> > > > >
> > > > > From: Giridhar Mandyam
> > > > >
> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
> > > > > Sent: Thursday, January 13, 2022 10:35 AM
> > > > > To: Mike Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >; Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > > resort.com>>; Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
> > > > > Cc: Jeremy O'Donoghue
> > > > >
> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > > cwt-
> > > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > > Winget
> > > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > > Kathleen  Moriarty
> > > > >
> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > > com>> chairs@ietf.org>>
> > > > > Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation
> > > > > Token claims in the CWT registry
> > > > >
> > > > > + Roman D.
> > > > >
> > > > > I would like to escalate this to the AD.  Note that the EAT
> > > > > editors acted in good faith in the expectation that the RATS
> > > > > chairs would address early allocation, and we were assured last
> > > > > March that there was no issues with the requested values.  As a
> > > > > result, we put off Last Call for the draft and went forward with
> > > > > guidance to other SDO’s (e.g.
> > > > > FIDO Alliance, GlobalPlatform) that these claim values were
> > > > > stable.
> > > > >
> > > > > Now for the first time we are finding out that (a) the values
> > > > > called out in the spec are not acceptable as per expert review
> > > > > criteria, and
> > > > > (b) the RATS chairs never initiated the process of pre-
> > > > > registration in the first place.
> > > > >
> > > > > My request to the AD is simple:  allow for pre-registration of
> > > > > the values as called out in the current EAT draft.  If this is
> > > > > not possible (and it looks likely that it is not), then my
> > > > > additional request is that the AD directly manage shepherding of
> > > > > this spec to Last Call and RFC as I believe communication
> > > > > between the EAT editors and the RATS Chairs has broken down and
> > > > > the RATS Chairs are not driving consensus decisions from the
> > > > > Working Group with respect to this spec.
> > > > >
> > > > > -Giri
> > > > >
> > > > > From: Mike Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >
> > > > > Sent: Thursday, January 13, 2022 2:39 AM
> > > > > To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > > resort.com>>
> > > > > Cc: Giridhar Mandyam
> > > > >
> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > > Jeremy
> > > > > O'Donoghue
> > > > >
> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > > cwt-
> > > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > > Winget
> > > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > > Kathleen  Moriarty
> > > > >
> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > > com>> chairs@ietf.org>>
> > > > > Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation
> > > > > Token claims in the CWT registry
> > > > >
> > > > >
> > > > > WARNING: This email originated from outside of Qualcomm. Please
> > > > > be wary of any links or attachments, and do not enable macros.
> > > > > Early allocation did not occur.  If it had, the numbers would be
> > > > > assigned in https://www.iana.org/assignments/cwt/cwt.xhtml.
> > > > > (For an example of early allocation listings, see claims 38, 39,
> > > > > and 40.) Early registration, like normal registration, involves
> > > > > review by the designated experts, which also didn’t occur,
> > > > > because as far as I can tell, it wasn’t asked for.
> > > > >
> > > > > I’m trying to help you get to stable assignments as soon as
> > > > > possible.
> > > > > I know the value of having those.
> > > > >
> > > > > Again, if you want stable assignments before upcoming interop
> > > > > events, I’d suggest making an early registration request by
> > > > > sending the registration request to
> > > > > cwt-reg-review@ietf.org<mailto:cwt-
> > > > > reg-
> > > > > review@ietf.org>.  It would be cleaner to do so by first
> > > > > changing the assignments in your IANA Considerations section to
> > > > > “TBD”, but you could also do so based on the current draft
> > > > > (realizing that the proposed assignments in the draft might not
> > > > > be the ones assigned by the designated experts and IANA).
> > > > >
> > > > > You could have stable assignments within a few weeks if you
> > > > > choose to request them soon.
> > > > >
> > > > > Best wishes,
> > > > > -- Mike
> > > > >
> > > > > From: Laurence Lundblade <lgl@island-
> > > > > resort.com<mailto:lgl@island-
> > > > > resort.com>>
> > > > > Sent: Wednesday, January 12, 2022 10:31 PM
> > > > > To: Mike Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >
> > > > > Cc: Giridhar Mandyam
> > > > >
> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > > Jeremy
> > > > > O'Donoghue
> > > > >
> <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > > cwt-
> > > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > > Winget
> > > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > > Kathleen  Moriarty
> > > > >
> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > > com>> chairs@ietf.org>>
> > > > > Subject: [EXTERNAL] Re: Registration of Entity Attestation Token
> > > > > claims in the CWT registry
> > > > >
> > > > > Hi Mike,
> > > > >
> > > > > I’m not trying grab anything here that we should not have.
> > > > >
> > > > > The early allocation process, according to RFC 7120, is handled
> > > > > by the WG chairs. It is my understanding is that the RATS chairs
> > > > > followed this process and that number 10-18, 20 have early
> > > > > assignment. That’s why they are in the draft without “TBD”.
> > > > > Maybe the process wasn’t completed or there is some other
> > > > > confusion. I did not interact with IANA myself (but I did read
> > > > > 7120).
> > > > >
> > > > > I think this needs to be resolved between the RATS chairs,
> > > > > designated experts and IANA. I am happy to adjust the draft when
> > > > > this gets resolved.
> > > > >
> > > > > LL
> > > > >
> > > > >
> > > > >
> > > > > On Jan 12, 2022, at 9:58 PM, Mike Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >
> > > > > wrote:
> > > > >
> > > > > Yours is not the first specification that’s tried to preallocate
> > > > > the rare single-byte claim numbers for claims not of general
> > > > > applicability.  At
> > > > > https://www.iana.org/assignments/cwt/cwt.xhtml,
> > > > > you’ll note that most of the claims allocated by draft-ietf-ace-
> > > > > oauth-
> > > > > authz are in the double-byte space because they’re not
> > > > > applicable to a wide variety of applications.  They were
> > > > > originally requested to be in the single-byte range and the
> > > > > designated experts negotiated with the editors to move their
> > > > > requested assignments.
> > > > >
> > > > > Jim Schaad was always a stickler about specifications using TBD
> > > > > in their registration requests instead of assumed numbers.  At
> > > > > most, he would tolerate “TBD (requested assignment NNN)”.  Of
> > > > > course, he was right.  It’s up to IANA and the designated
> > > > > experts to make the assignments, particular of scarce resources,
> > > > > not the spec authors.
> > > > >
> > > > > Therefore, please revise your specification to remove the
> > > > > current numbers and replace them with “TBD”.  At that point, it
> > > > > would be fine to make an early registration request.  The
> > > > > experts and IANA could likely get you permanent numbers at that
> > > > > point, probably within a matter of weeks.
> > > > >
> > > > > If you do not want to go the early allocation route, the other
> > > > > option is to use numbers in the “less than -65536” space, which
> > > > > are designated as “Reserved for Private Use”.  You can use
> > > > > numbers in that space however you want for as long as you want –
> > > > > including for facilitating interop testing until permanent
> > > > > numbers are assigned.
> > > > >
> > > > > I’m sorry this appears to have come as a surprise.  The
> > > > > designated experts are trying to ensure that the CWT Claims
> > > > > numbers are efficiently allocated to do the most good for the
> > > > > most applications.
> > > > > I hope you’ll take this request in that spirit and choose one of
> > > > > the paths outlined above to quickly resolve this issue.
> > > > >
> > > > > Best wishes,
> > > > > -- Mike
> > > > >
> > > > > From: Giridhar Mandyam
> > > > >
> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
> > > > > Sent: Wednesday, January 12, 2022 9:05 PM
> > > > > To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > > resort.com>>; Mike Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >;
> > > > > Jeremy O'Donoghue
> > > > > <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>
> > > > >  Cc: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>;
> > > > > Ned Smith <ned.smith@intel.com<mailto:ned.smith@intel.com>>;
> > > > > Nancy Cam-Winget
> > > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > > Kathleen  Moriarty
> > > > >
> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > > com>> chairs@ietf.org>>
> > > > > Subject: [EXTERNAL] RE: Registration of Entity Attestation Token
> > > > > claims in the CWT registry
> > > > >
> > > > > + @Jeremy O'Donoghue<mailto:jodonogh@qti.qualcomm.com>
> > > > >
> > > > > Ned, RATS Chairs,
> > > > >
> > > > > We were assured by the RATS Chairs when we highlighted these
> > > > > values in Rev. -09 that they would be signed off for the
> > > > > registry.  This is one of the reasons why we did not try to
> > > > > accelerate Last Call during the first half of last year.  There
> > > > > was clearly a disconnect.
> > > > > Can
> > > > > you check into why this occurred?
> > > > >
> > > > > Mike,
> > > > >
> > > > > We just put out an FDO update on the assumption that these claim
> > > > > values are set (https://fidoalliance.org/specs/FDO/FIDO-Device-
> > > > > Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-
> > > > > 20211214.html).  We are planning a 2nd interop event during the
> > > > > next couple of months and we may have to put that off now.  Is
> > > > > this issue intractable?  Can the claims not be assigned to EAT?
> > > > >
> > > > > Jeremy can comment on any GlobalPlatform dependencies.
> > > > >
> > > > > -Giri
> > > > >
> > > > > From: Laurence Lundblade <lgl@island-
> > > > > resort.com<mailto:lgl@island-
> > > > > resort.com>>
> > > > > Sent: Wednesday, January 12, 2022 8:18 PM
> > > > > To: Mike Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >
> > > > > Cc: Giridhar Mandyam
> > > > >
> <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > > cwt-
> > > > > reg-
> > > > >  review@ietf.org<mailto:cwt-reg-review@ietf.org>; Smith, Ned
> > > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > > Winget
> > > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > > Kathleen  Moriarty
> > > > >
> <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > > com>>
> > > > > Subject: Re: Registration of Entity Attestation Token claims in
> > > > > the CWT registry
> > > > >
> > > > > WARNING: This email originated from outside of Qualcomm. Please
> > > > > be wary of any links or attachments, and do not enable macros.
> > > > > A couple more comments.
> > > > >
> > > > > I know what you mean about taking the numbers <24. Not trying to
> > > > > be a hog or anything. It seems nobody, myself included, thought
> > > > > about it when this was done a year ago.
> > > > >
> > > > > I know that Arm has SW that uses these assignments (ask Hannes
> > > > > and Thomas F). I think FIDO does too. I think there would be
> > > > > objections to a re assignment.
> > > > >
> > > > > LL
> > > > >
> > > > >
> > > > > On Jan 12, 2022, at 7:52 PM, Laurence Lundblade <lgl@island-
> > > > > resort.com<mailto:lgl@island-resort.com>> wrote:
> > > > >
> > > > > + RATS chairs
> > > > >
> > > > > Hi Mike,
> > > > >
> > > > > The claims key numbers 10-18, 20 are early assignments by IANA.
> > > > > I didn’t handle the interaction with IANA, but I understand this
> > > > > to be true.  Changing them now would undermine some
> > > > > implementations that are using them.
> > > > >
> > > > > LL
> > > > >
> > > > >
> > > > >
> > > > > On Jan 12, 2022, at 6:11 PM, Mike Jones
> > > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>
> > > > > >
> > > > > wrote:
> > > > >
> > > > > Please change the proposed CWT claim values for claims UEID
> > > > > through Submodules Section from 11 through 20 to 41 through 50
> > > > > so that they are not using up most of the rare single-byte claim
> > > > > numbers.
> > > > > Only
> > > > > claims that are of general applicability across multiple kinds
> > > > > of applications should be allocated in that space.
> > > > >
> > > > > The one exception I would consider is the Location claim, which
> > > > > could be of general applicability.  If you believe that this
> > > > > location representation will be used by multiple kinds of
> > > > > applications, I would be willing to consider registering it in
> > > > > the single-byte claim space.
> > > > >
> > > > > -- Mike
> > > > >
> > > > > From: Cwt-reg-review
> > > > > <cwt-reg-review-bounces@ietf.org<mailto:cwt-reg-
> > > > > review-bounces@ietf.org>> On Behalf Of Giridhar Mandyam
> > > > > Sent: Saturday, October 16, 2021 4:11 PM
> > > > > To: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>
> > > > > Cc: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > > resort.com>>
> > > > >  Subject: [Cwt-reg-review] Registration of Entity Attestation
> > > > > Token claims in the CWT registry
> > > > >
> > > > > To the CWT claims registry designated experts:
> > > > >
> > > > > I am contacting you on behalf of the editors of the Entity
> > > > > Attestation Token specification (latest draft available
> > > > > athttps://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10).
> > > > > This
> > > > > is a standards-track document in the IETF Remote Attestation
> > > > > Procedures (RATS) Working Group.
> > > > >
> > > > > Please note the requests for CWT registry of the claims outlined
> > > > > in
> > > > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-
> > > > > 10#section
> > > > > -  7.3.1.  We would like these claim values reflected in the
> > > > > IANA CWT registry as soon as possible.  Would this be possible?
> > > > >
> > > > > Please contact myself Giri Mandyam or Laurence Lundblade (cc’ed)
> > > > > for further information if required.
> > > > >
> > > > > Thanks
> > > > >
> > > > > -Giri Mandyam
> > > > >
> > > >
> >