Re: [Cwt-reg-review] [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

["Smith, Ned" <ned.smith@intel.com>]

This is the non-controversial list that was approved by the WG consensus:
nonce-label = 10
ueid-label = 256
oemid-label = 258
secure-boot-label = 262
debug-status-label = 263
location-label = 264
profile-label = 265
submods-label = 266

This is the list that was added more recently.
sueids-label = 257
hardware-model-label = 259
hardware-version-label = 260

-Ned


________________________________________
From: Mike Jones <Michael.Jones@microsoft.com>
Sent: Friday, February 11, 2022 7:25 PM
To: Laurence Lundblade; Giridhar Mandyam
Cc: iana-prot-param@iana.org; rdd@cert.org; rats-chairs@ietf.org; Smith, Ned; ncamwing@cisco.com; kathleen.moriarty.ietf@gmail.com; Jeremy O'Donoghue; iana@iana.org; cwt-reg-review@ietf.org
Subject: Re: [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

This is close.  Please update the PR per my comment at https://github.com/ietf-rats-wg/eat/pull/152/files#r805110271, merge it, publish the resulting Internet Draft, and send a request for early registration based on that draft.

Please be clear in your request which of the claims you’re requesting to register and which you aren’t.  I agree that any claims whose definitions are still potentially subject to change should not be included in the early registration request.

                                                       -- Mike

From: Laurence Lundblade <lgl@island-resort.com>
Sent: Friday, February 11, 2022 10:37 AM
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>
Cc: Mike Jones <Michael.Jones@microsoft.com>; iana-prot-param@iana.org; rdd@cert.org; rats-chairs@ietf.org; Ned Smith <ned.smith@intel.com>; ncamwing@cisco.com; kathleen.moriarty.ietf@gmail.com; Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>; iana@iana.org; cwt-reg-review@ietf.org
Subject: Re: [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

Hey there,

Giri and I didn’t sync up on this, so there’s a little disconnect here. Also, I think it’s the WG chairs job to close this out officially.

I believe this here is the consensus of the WG (but the chairs need to make that call officially)

nonce-label = 10
ueid-label = 256
sueids-label = 257
oemid-label = 258
hardware-model-label = 259
hardware-version-label = 260
(security-level removed from pre-allocation and will be TBD261)
secure-boot-label = 262
debug-status-label = 263
location-label = 264
profile-label = 265
submods-label = 266

This PR<https://github.com/ietf-rats-wg/eat/pull/152/files> has the change, the examples, the CDDL, except I haven’t made security-level TBD yet.

LL



On Feb 11, 2022, at 8:07 AM, Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>> wrote:

Hi Mike,

During our discussions within the Working Group on the proposed early assignment, it was decided that the definition of security level is not sufficiently defined to warrant early assignment.  Before I put out a new draft with the proposed values below, I wanted to check with you to see if the values below would change if security level was withdrawn.

Thanks,

-Giri

-----Original Message-----
From: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
Sent: Thursday, January 13, 2022 8:01 PM
To: iana-prot-param@iana.org<mailto:iana-prot-param@iana.org>; rdd@cert.org<mailto:rdd@cert.org>
Cc: rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>; Ned Smith <ned.smith@intel.com<mailto:ned.smith@intel.com>>; ncamwing@cisco.com<mailto:ncamwing@cisco.com>; Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; lgl@island-resort.com<mailto:lgl@island-resort.com>; kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.com>; Jeremy O'Donoghue <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>; iana@iana.org<mailto:iana@iana.org>; cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>
Subject: RE: [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

As a designated expert for the CWT Claims registry, I approve of the early registration of the CWT Claims defined in https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-9.3.1 with the following assignments.  The registrations should occur on Friday, February 4, 2022 (after the three-week review period specified by RFC 8392).

  o  Claim Name: Nonce
  o  Claim Description: Nonce
  o  JWT Claim Name: "nonce" (already registered for JWT)
  o  Claim Key: 10
  o  Claim Value Type(s): byte string
  o  Change Controller: IESG
  o  Specification Document(s): [OpenIDConnectCore], *this document*

  o  Claim Name: UEID
  o  Claim Description: The Universal Entity ID
  o  JWT Claim Name: "ueid"
  o  CWT Claim Key: 256
  o  Claim Value Type(s): byte string
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

  o  Claim Name: OEMID
  o  Claim Description: IEEE-based OEM ID
  o  JWT Claim Name: "oemid"
  o  Claim Key: 257
  o  Claim Value Type(s): byte string
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

  o  Claim Name: Security Level
  o  Claim Description: Characterization of the security of an Attester or submodule
  o  JWT Claim Name: "seclevel"
  o  Claim Key: 258
  o  Claim Value Type(s): integer
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

  o  Claim Name: Secure Boot
  o  Claim Description: Indicate whether the boot was secure
  o  JWT Claim Name: "secboot"
  o  Claim Key: 259
  o  Claim Value Type(s): Boolean
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

  o  Claim Name: Debug Status
  o  Claim Description: Indicate status of debug facilities
  o  JWT Claim Name: "dbgstat"
  o  Claim Key: 260
  o  Claim Value Type(s): integer
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

  o  Claim Name: Location
  o  Claim Description: The geographic location
  o  JWT Claim Name: "location"
  o  Claim Key: 261
  o  Claim Value Type(s): map
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

  o  Claim Name: Profile
  o  Claim Description: Indicates the EAT profile followed
  o  JWT Claim Name: "eat_profile"
  o  Claim Key: 262
  o  Claim Value Type(s): map
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

  o  Claim Name: Submodules Section
  o  Claim Description: The section containing submodules (not actually a claim)
  o  JWT Claim Name: "submods"
  o  Claim Key: 263
  o  Claim Value Type(s): map
  o  Change Controller: IESG
  o  Specification Document(s): *this document*

Per Roman's note, I believe that chair approval of the act of early registration is also needed to proceed.  These registrations should hopefully satisfy the need for early assignments for interop testing desired by the requestors of the registration.

                               Best wishes,
                               -- Mike

-----Original Message-----
From: Mike Jones
Sent: Thursday, January 13, 2022 5:00 PM
To: 'iana-prot-param@iana.org<mailto:iana-prot-param@iana.org>' <iana-prot-param@iana.org<mailto:iana-prot-param@iana.org>>; rdd@cert.org<mailto:rdd@cert.org>
Cc: rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>; Ned Smith <ned.smith@intel.com<mailto:ned.smith@intel.com>>; ncamwing@cisco.com<mailto:ncamwing@cisco.com>; mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>; lgl@island-resort.com<mailto:lgl@island-resort.com>; kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.com>; jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>; iana@iana.org<mailto:iana@iana.org>; cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>
Subject: RE: [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

Thanks for writing, Amanda.

We are definitely *not* using the values currently in the document, as they fail the registration criteria.  As one of the designated experts, I will be proposing conforming values today or tomorrow.  The criteria that the current values fail are at https://datatracker.ietf.org/doc/html/rfc8392#section-9.1, specifically:

  Criteria that should be applied by the Designated Experts includes
  ...  Registrations for the limited set
  of values between -256 and 255 and strings of length 1 are to be
  restricted to claims with general applicability.

                               Best wishes,
                               -- Mike

-----Original Message-----
From: Amanda Baber via RT <iana-prot-param@iana.org<mailto:iana-prot-param@iana.org>>
Sent: Thursday, January 13, 2022 4:55 PM
To: rdd@cert.org<mailto:rdd@cert.org>
Cc: rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>; Ned Smith <ned.smith@intel.com<mailto:ned.smith@intel.com>>; ncamwing@cisco.com<mailto:ncamwing@cisco.com>; Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>; mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>; lgl@island-resort.com<mailto:lgl@island-resort.com>; kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.com>; jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>; iana@iana.org<mailto:iana@iana.org>; cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>
Subject: [EXTERNAL] [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

Hi Roman, all,

For our records, can one of the RATS chairs confirm this request?

I understand that for the CWT registrations, we'll be using the numeric values requested in the document:

https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-9.3.1

thanks,

Amanda Baber
IANA Operations Manager

On Thu Jan 13 21:00:35 2022, rdd@cert.org<mailto:rdd@cert.org> wrote:

Hi!



Officially pulling everything together in one place for an early
registration request.



==[ Request to IANA ]==

Per step #5 of Section 3.1 of RFC 7120, the RATS WG would like select
pre-registration actions for
https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11 described
in the "Pre-Registration actions" section below.



Mike: Thanks so much for your help here.  Consider this an approval
for early allocation.



==[ WG Coordination ]==

Step #4 (AD Approval) Implicit in this note



Step #3 (Discussion on the WG mailing list)
https://mailarchive.ietf.org/arch/msg/rats/FwCqNrYjbiTd0nGZ0Wg9RQ2uU8o
/



==[ Pre-Registration actions ]==



See Section 9.3.1 of https://datatracker.ietf.org/doc/html/draft-ietf-
rats-eat-11#section-9.3.1



Thanks,

Roman


From: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
Sent: Thursday, January 13, 2022 2:57 PM
To: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>; Giridhar Mandyam
<mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Cc: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>; cwt-reg-
review@ietf.org<mailto:review@ietf.org>; Ned Smith <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-Winget
(ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; Kathleen Moriarty
<kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.com>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>
Subject: Re: Registration of Entity Attestation Token claims in the
CWT registry

Roman, once you let the designated experts know that you approve of
requesting early allocation per RFC 7120, then I’d be glad to consider
this thread to be the request for early registration and proceed to do
so.

Giri, Lawrence, etc., the registration procedures for CWT claims are
defined at https://datatracker.ietf.org/doc/html/rfc8392#section-9.1.
In particular, the following sections are particularly relevant to the
current discussion:

Criteria that should be applied by the Designated Experts includes
determining whether the proposed registration duplicates existing
functionality, whether it is likely to be of general applicability or
whether it is useful only for a single application, and whether the
registration description is clear.  Registrations for the limited set
of values between -256 and 255 and strings of length 1 are to be
restricted to claims with general applicability.

IANA must only accept registry updates from the Designated Experts and
should direct all requests for registration to the review mailing
list.

So whether early or not, the claims being proposed for registration
that are not of general applicability are ineligible for registration
in the range -256 to 255.  Also, any IANA registrations of CWT claims
necessarily involve designated expert review.

I’m trying to help you as a designated expert to get to stable
registrations soon.  Once Roman has approved the request for early
registration, I’d be glad to work with IANA to do early registration
of code points that meet the registration criteria above.

Best wishes,
-- Mike

From: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org<mailto:rdd@cert.org%3cmailto:rdd@cert.org>>>
Sent: Thursday, January 13, 2022 8:38 AM
To: Giridhar Mandyam
<mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com%3cmailto:mandyam@qti.qualcomm.com>>>; Mike
Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>;
Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
resort.com<mailto:lgl@island-resort.com%3cmailto:lgl@island-%0bresort.com>>>
Cc: Jeremy O'Donoghue
<jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com%3cmailto:jodonogh@qti.qualcomm.com>>>; cwt-
reg-review@ietf.org<mailto:cwt-reg-review@ietf.org<mailto:reg-review@ietf.org%3cmailto:cwt-reg-review@ietf.org>>; Ned Smith
<ned.smith@intel.com<mailto:ned.smith@intel.com<mailto:ned.smith@intel.com%3cmailto:ned.smith@intel.com>>>; Nancy Cam-Winget
(ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com<mailto:ncamwing@cisco.com%3cmailto:ncamwing@cisco.com>>>; Kathleen
Moriarty
<kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
com<mailto:kathleen.moriarty.ietf@gmail.com%3cmailto:kathleen.moriarty.ietf@gmail.%0bcom>>>; rats-chairs
<rats-chairs@ietf.org<mailto:rats-chairs@ietf.org<mailto:rats-chairs@ietf.org%3cmailto:rats-chairs@ietf.org>>>; Roman Danyliw
<rdd@cert.org<mailto:rdd@cert.org<mailto:rdd@cert.org%3cmailto:rdd@cert.org>>>
Subject: Re: Registration of Entity Attestation Token claims in the
CWT registry

Hi all!

I wanted to acknowledge that I got this note, but I am not up-to-speed
on the issue and need to catch-up before providing a meaningful
response.  A search of my mailbox also found this related thread which
I attached.

Roman

From: Giridhar Mandyam
<mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com%3cmailto:mandyam@qti.qualcomm.com>>>
Sent: Thursday, January 13, 2022 10:35 AM
To: Mike Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>;
Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
resort.com<mailto:lgl@island-resort.com%3cmailto:lgl@island-%0bresort.com>>>; Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org<mailto:rdd@cert.org%3cmailto:rdd@cert.org>>>
Cc: Jeremy O'Donoghue
<jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com%3cmailto:jodonogh@qti.qualcomm.com>>>; cwt-
reg-review@ietf.org<mailto:cwt-reg-review@ietf.org<mailto:reg-review@ietf.org%3cmailto:cwt-reg-review@ietf.org>>; Ned Smith
<ned.smith@intel.com<mailto:ned.smith@intel.com<mailto:ned.smith@intel.com%3cmailto:ned.smith@intel.com>>>; Nancy Cam-Winget
(ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com<mailto:ncamwing@cisco.com%3cmailto:ncamwing@cisco.com>>>; Kathleen
Moriarty
<kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
com<mailto:kathleen.moriarty.ietf@gmail.com%3cmailto:kathleen.moriarty.ietf@gmail.%0bcom>>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org<mailto:rats-chairs@ietf.org%3cmailto:rats-chairs@ietf.org>>>
Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation Token
claims in the CWT registry

+ Roman D.

I would like to escalate this to the AD.  Note that the EAT editors
acted in good faith in the expectation that the RATS  chairs would
address early allocation, and we were assured last March that there
was no issues with the requested values.  As a result, we put off Last
Call for the draft and went forward with guidance to other SDO’s (e.g.
FIDO Alliance, GlobalPlatform) that these claim values were stable.

Now for the first time we are finding out that (a) the values called
out in the spec are not acceptable as per expert review criteria, and
(b) the RATS chairs never initiated the process of pre-registration in
the first place.

My request to the AD is simple:  allow for pre-registration of the
values as called out in the current EAT draft.  If this is not
possible (and it looks likely that it is not), then my additional
request is that the AD directly manage shepherding of this spec to
Last Call and RFC as I believe communication between the EAT editors
and the RATS Chairs has broken down and the RATS Chairs are not
driving consensus decisions from the Working Group with respect to
this spec.

-Giri

From: Mike Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>
Sent: Thursday, January 13, 2022 2:39 AM
To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
resort.com<mailto:lgl@island-resort.com%3cmailto:lgl@island-%0bresort.com>>>
Cc: Giridhar Mandyam
<mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com%3cmailto:mandyam@qti.qualcomm.com>>>; Jeremy
O'Donoghue
<jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com%3cmailto:jodonogh@qti.qualcomm.com>>>; cwt-
reg-review@ietf.org<mailto:cwt-reg-review@ietf.org<mailto:reg-review@ietf.org%3cmailto:cwt-reg-review@ietf.org>>; Ned Smith
<ned.smith@intel.com<mailto:ned.smith@intel.com<mailto:ned.smith@intel.com%3cmailto:ned.smith@intel.com>>>; Nancy Cam-Winget
(ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com<mailto:ncamwing@cisco.com%3cmailto:ncamwing@cisco.com>>>; Kathleen
Moriarty
<kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
com<mailto:kathleen.moriarty.ietf@gmail.com%3cmailto:kathleen.moriarty.ietf@gmail.%0bcom>>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org<mailto:rats-chairs@ietf.org%3cmailto:rats-chairs@ietf.org>>>
Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation Token
claims in the CWT registry


WARNING: This email originated from outside of Qualcomm. Please be
wary of any links or attachments, and do not enable macros.
Early allocation did not occur.  If it had, the numbers would be
assigned in https://www.iana.org/assignments/cwt/cwt.xhtml.  (For an
example of early allocation listings, see claims 38, 39, and 40.)
Early registration, like normal registration, involves review by the
designated experts, which also didn’t occur, because as far as I can
tell, it wasn’t asked for.

I’m trying to help you get to stable assignments as soon as possible.
I know the value of having those.

Again, if you want stable assignments before upcoming interop events,
I’d suggest making an early registration request by sending the
registration request to cwt-reg-review@ietf.org<mailto:cwt-reg-<mailto:cwt-reg-review@ietf.org%3cmailto:cwt-reg->
review@ietf.org<mailto:review@ietf.org>>.  It would be cleaner to do so by first changing the
assignments in your IANA Considerations section to “TBD”, but you
could also do so based on the current draft (realizing that the
proposed assignments in the draft might not be the ones assigned by
the designated experts and IANA).

You could have stable assignments within a few weeks if you choose to
request them soon.

Best wishes,
-- Mike

From: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
resort.com<mailto:lgl@island-resort.com%3cmailto:lgl@island-%0bresort.com>>>
Sent: Wednesday, January 12, 2022 10:31 PM
To: Mike Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>
Cc: Giridhar Mandyam
<mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com%3cmailto:mandyam@qti.qualcomm.com>>>; Jeremy
O'Donoghue
<jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com%3cmailto:jodonogh@qti.qualcomm.com>>>; cwt-
reg-review@ietf.org<mailto:cwt-reg-review@ietf.org<mailto:reg-review@ietf.org%3cmailto:cwt-reg-review@ietf.org>>; Ned Smith
<ned.smith@intel.com<mailto:ned.smith@intel.com<mailto:ned.smith@intel.com%3cmailto:ned.smith@intel.com>>>; Nancy Cam-Winget
(ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com<mailto:ncamwing@cisco.com%3cmailto:ncamwing@cisco.com>>>; Kathleen
Moriarty
<kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
com<mailto:kathleen.moriarty.ietf@gmail.com%3cmailto:kathleen.moriarty.ietf@gmail.%0bcom>>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org<mailto:rats-chairs@ietf.org%3cmailto:rats-chairs@ietf.org>>>
Subject: [EXTERNAL] Re: Registration of Entity Attestation Token
claims in the CWT registry

Hi Mike,

I’m not trying grab anything here that we should not have.

The early allocation process, according to RFC 7120, is handled by the
WG chairs. It is my understanding is that the RATS chairs followed
this process and that number 10-18, 20 have early assignment. That’s
why they are in the draft without “TBD”. Maybe the process wasn’t
completed or there is some other confusion. I did not interact with
IANA myself (but I did read 7120).

I think this needs to be resolved between the RATS chairs, designated
experts and IANA. I am happy to adjust the draft when this gets
resolved.

LL



On Jan 12, 2022, at 9:58 PM, Mike Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>
wrote:

Yours is not the first specification that’s tried to preallocate the
rare single-byte claim numbers for claims not of general
applicability.  At https://www.iana.org/assignments/cwt/cwt.xhtml,
you’ll note that most of the claims allocated by draft-ietf-ace-oauth-
authz are in the double-byte space because they’re not applicable to a
wide variety of applications.  They were originally requested to be in
the single-byte range and the designated experts negotiated with the
editors to move their requested assignments.

Jim Schaad was always a stickler about specifications using TBD in
their registration requests instead of assumed numbers.  At most, he
would tolerate “TBD (requested assignment NNN)”.  Of course, he was
right.  It’s up to IANA and the designated experts to make the
assignments, particular of scarce resources, not the spec authors.

Therefore, please revise your specification to remove the current
numbers and replace them with “TBD”.  At that point, it would be fine
to make an early registration request.  The experts and IANA could
likely get you permanent numbers at that point, probably within a
matter of weeks.

If you do not want to go the early allocation route, the other option
is to use numbers in the “less than -65536” space, which are
designated as “Reserved for Private Use”.  You can use numbers in that
space however you want for as long as you want – including for
facilitating interop testing until permanent numbers are assigned.

I’m sorry this appears to have come as a surprise.  The designated
experts are trying to ensure that the CWT Claims numbers are
efficiently allocated to do the most good for the most applications.
I hope you’ll take this request in that spirit and choose one of the
paths outlined above to quickly resolve this issue.

Best wishes,
-- Mike

From: Giridhar Mandyam
<mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com%3cmailto:mandyam@qti.qualcomm.com>>>
Sent: Wednesday, January 12, 2022 9:05 PM
To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
resort.com<mailto:lgl@island-resort.com%3cmailto:lgl@island-%0bresort.com>>>; Mike Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>;
Jeremy O'Donoghue
<jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com%3cmailto:jodonogh@qti.qualcomm.com>>>
Cc: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org%3cmailto:cwt-reg-review@ietf.org>>; Ned Smith
<ned.smith@intel.com<mailto:ned.smith@intel.com<mailto:ned.smith@intel.com%3cmailto:ned.smith@intel.com>>>; Nancy Cam-Winget
(ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com<mailto:ncamwing@cisco.com%3cmailto:ncamwing@cisco.com>>>; Kathleen
Moriarty
<kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
com<mailto:kathleen.moriarty.ietf@gmail.com%3cmailto:kathleen.moriarty.ietf@gmail.%0bcom>>>; rats-chairs <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org<mailto:rats-chairs@ietf.org%3cmailto:rats-chairs@ietf.org>>>
Subject: [EXTERNAL] RE: Registration of Entity Attestation Token
claims in the CWT registry

+ @Jeremy O'Donoghue<mailto:jodonogh@qti.qualcomm.com>

Ned, RATS Chairs,

We were assured by the RATS Chairs when we highlighted these values in
Rev. -09 that they would be signed off for the registry.  This is one
of the reasons why we did not try to accelerate Last Call during the
first half of last year.  There was clearly a disconnect.  Can you
check into why this occurred?

Mike,

We just put out an FDO update on the assumption that these claim
values are set (https://fidoalliance.org/specs/FDO/FIDO-Device-
Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-
20211214.html).  We are planning a 2nd interop event during the next
couple of months and we may have to put that off now.  Is this issue
intractable?  Can the claims not be assigned to EAT?

Jeremy can comment on any GlobalPlatform dependencies.

-Giri

From: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
resort.com<mailto:lgl@island-resort.com%3cmailto:lgl@island-%0bresort.com>>>
Sent: Wednesday, January 12, 2022 8:18 PM
To: Mike Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>
Cc: Giridhar Mandyam
<mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com%3cmailto:mandyam@qti.qualcomm.com>>>; cwt-reg-
review@ietf.org<mailto:cwt-reg-review@ietf.org<mailto:review@ietf.org%3cmailto:cwt-reg-review@ietf.org>>; Smith, Ned
<ned.smith@intel.com<mailto:ned.smith@intel.com<mailto:ned.smith@intel.com%3cmailto:ned.smith@intel.com>>>; Nancy Cam-Winget
(ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com<mailto:ncamwing@cisco.com%3cmailto:ncamwing@cisco.com>>>; Kathleen
Moriarty
<kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
com<mailto:kathleen.moriarty.ietf@gmail.com%3cmailto:kathleen.moriarty.ietf@gmail.%0bcom>>>
Subject: Re: Registration of Entity Attestation Token claims in the
CWT registry

WARNING: This email originated from outside of Qualcomm. Please be
wary of any links or attachments, and do not enable macros.
A couple more comments.

I know what you mean about taking the numbers <24. Not trying to be a
hog or anything. It seems nobody, myself included, thought about it
when this was done a year ago.

I know that Arm has SW that uses these assignments (ask Hannes and
Thomas F). I think FIDO does too. I think there would be objections to
a re assignment.

LL


On Jan 12, 2022, at 7:52 PM, Laurence Lundblade <lgl@island-
resort.com<mailto:lgl@island-resort.com<mailto:lgl@island-%20%0bresort.com%3cmailto:lgl@island-resort.com>>> wrote:

+ RATS chairs

Hi Mike,

The claims key numbers 10-18, 20 are early assignments by IANA. I
didn’t handle the interaction with IANA, but I understand this to be
true.  Changing them now would undermine some implementations that are
using them.

LL



On Jan 12, 2022, at 6:11 PM, Mike Jones
<Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com%3cmailto:Michael.Jones@microsoft.com>>>
wrote:

Please change the proposed CWT claim values for claims UEID through
Submodules Section from 11 through 20 to 41 through 50 so that they
are not using up most of the rare single-byte claim numbers.  Only
claims that are of general applicability across multiple kinds of
applications should be allocated in that space.

The one exception I would consider is the Location claim, which could
be of general applicability.  If you believe that this location
representation will be used by multiple kinds of applications, I would
be willing to consider registering it in the single-byte claim space.

-- Mike

From: Cwt-reg-review <cwt-reg-review-bounces@ietf.org<mailto:cwt-reg-
review-bounces@ietf.org<mailto:cwt-reg-review-bounces@ietf.org%3cmailto:cwt-reg-%0breview-bounces@ietf.org>>> On Behalf Of Giridhar Mandyam
Sent: Saturday, October 16, 2021 4:11 PM
To: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org%3cmailto:cwt-reg-review@ietf.org>>
Cc: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
resort.com<mailto:lgl@island-resort.com%3cmailto:lgl@island-%0bresort.com>>>
Subject: [Cwt-reg-review] Registration of Entity Attestation Token
claims in the CWT registry

To the CWT claims registry designated experts:

I am contacting you on behalf of the editors of the Entity Attestation
Token specification (latest draft available
athttps://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10).  This
is a standards-track document in the IETF Remote Attestation
Procedures (RATS) Working Group.

Please note the requests for CWT registry of the claims outlined in
https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10#section-
7.3.1.  We would like these claim values reflected in the IANA CWT
registry as soon as possible.  Would this be possible?

Please contact myself Giri Mandyam or Laurence Lundblade (cc’ed) for
further information if required.

Thanks

-Giri Mandyam