[Cwt-reg-review] [IANA #1222304] Early allocation for Entity Attestation Token claims in the CWT registry (was Re: Registration of Entity Attestation Token claims in the CWT registry)

[Amanda Baber via RT <iana-prot-param@iana.org>]

Hi Roman,

Should we go ahead with the values proposed by Mike?

thanks,
Amanda

On Fri Jan 14 15:24:39 2022, rdd@cert.org wrote:
> Hi Amanda!
> 
> Could we please have another day before making this allocation plan
> the way ahead.  I'd like to give the document authors who best
> understand the potentially consequences of these identifiers a chance
> to look at them.  Until I think a day or two ago there was the
> expectation in the WG that these would all be one-byte identifiers
> with those specific numeric code points (which have been communicated
> to outside SDOs).  Mike has talked us through it but we need a chance
> to internalize it.
> 
> Roman
> 
> > -----Original Message-----
> > From: Amanda Baber via RT <iana-prot-param@iana.org>
> > Sent: Friday, January 14, 2022 9:57 AM
> > To: Roman Danyliw <rdd@cert.org>
> > Cc: rats-chairs@ietf.org; ned.smith@intel.com; ncamwing@cisco.com;
> > michael.jones@microsoft.com; mandyam@qti.qualcomm.com; lgl@island-
> > resort.com; kathleen.moriarty.ietf@gmail.com;
> > jodonogh@qti.qualcomm.com;
> > iana@iana.org; cwt-reg-review@ietf.org
> > Subject: [IANA #1222304] Early allocation for Entity Attestation
> > Token claims in
> > the CWT registry (was Re: Registration of Entity Attestation Token
> > claims in the
> > CWT registry)
> >
> > Hi Roman,
> >
> > Can you confirm that we can move ahead with the values listed below?
> >
> > thanks,
> > Amanda
> >
> > On Fri Jan 14 04:01:33 2022, Michael.Jones@microsoft.com wrote:
> > > As a designated expert for the CWT Claims registry, I approve of
> > > the
> > > early registration of the CWT Claims defined in
> > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-
> > > 11#section-
> > > 9.3.1 with the following assignments.  The registrations should
> > > occur
> > > on Friday, February 4, 2022 (after the three-week review period
> > > specified by RFC 8392).
> > >
> > > o  Claim Name: Nonce
> > > o  Claim Description: Nonce
> > > o  JWT Claim Name: "nonce" (already registered for JWT) o  Claim
> > > Key:
> > > 10 o  Claim Value Type(s): byte string o  Change Controller: IESG o
> > > Specification Document(s): [OpenIDConnectCore], *this document*
> > >
> > > o  Claim Name: UEID
> > > o  Claim Description: The Universal Entity ID o  JWT Claim Name:
> > > "ueid"
> > > o  CWT Claim Key: 256
> > > o  Claim Value Type(s): byte string
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > o  Claim Name: OEMID
> > > o  Claim Description: IEEE-based OEM ID o  JWT Claim Name: "oemid"
> > > o  Claim Key: 257
> > > o  Claim Value Type(s): byte string
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > o  Claim Name: Security Level
> > > o  Claim Description: Characterization of the security of an
> > > Attester
> > > or submodule o  JWT Claim Name: "seclevel"
> > > o  Claim Key: 258
> > > o  Claim Value Type(s): integer
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > o  Claim Name: Secure Boot
> > > o  Claim Description: Indicate whether the boot was secure o  JWT
> > > Claim Name: "secboot"
> > > o  Claim Key: 259
> > > o  Claim Value Type(s): Boolean
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > o  Claim Name: Debug Status
> > > o  Claim Description: Indicate status of debug facilities o  JWT
> > > Claim
> > > Name: "dbgstat"
> > > o  Claim Key: 260
> > > o  Claim Value Type(s): integer
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > o  Claim Name: Location
> > > o  Claim Description: The geographic location o  JWT Claim Name:
> > > "location"
> > > o  Claim Key: 261
> > > o  Claim Value Type(s): map
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > o  Claim Name: Profile
> > > o  Claim Description: Indicates the EAT profile followed o  JWT
> > > Claim
> > > Name: "eat_profile"
> > > o  Claim Key: 262
> > > o  Claim Value Type(s): map
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > o  Claim Name: Submodules Section
> > > o  Claim Description: The section containing submodules (not
> > > actually
> > > a claim) o  JWT Claim Name: "submods"
> > > o  Claim Key: 263
> > > o  Claim Value Type(s): map
> > > o  Change Controller: IESG
> > > o  Specification Document(s): *this document*
> > >
> > > Per Roman's note, I believe that chair approval of the act of early
> > > registration is also needed to proceed.  These registrations should
> > > hopefully satisfy the need for early assignments for interop
> > > testing
> > > desired by the requestors of the registration.
> > >
> > > Best wishes,
> > > -- Mike
> > >
> > > -----Original Message-----
> > >  From: Mike Jones
> > > Sent: Thursday, January 13, 2022 5:00 PM
> > > To: 'iana-prot-param@iana.org' <iana-prot-param@iana.org>;
> > > rdd@cert.org
> > > Cc: rats-chairs@ietf.org; Ned Smith <ned.smith@intel.com>;
> > > ncamwing@cisco.com; mandyam@qti.qualcomm.com; lgl@island-
> > resort.com;
> > > kathleen.moriarty.ietf@gmail.com; jodonogh@qti.qualcomm.com;
> > > iana@iana.org; cwt-reg-review@ietf.org
> > > Subject: RE: [IANA #1222304] Early allocation for Entity
> > > Attestation
> > > Token claims in the CWT registry (was Re: Registration of Entity
> > > Attestation Token claims in the CWT registry)
> > >
> > > Thanks for writing, Amanda.
> > >
> > > We are definitely *not* using the values currently in the document,
> > > as
> > > they fail the registration criteria.  As one of the designated
> > > experts, I will be proposing conforming values today or tomorrow.
> > > The
> > > criteria that the current values fail are at
> > > https://datatracker.ietf.org/doc/html/rfc8392#section-9.1,
> > > specifically:
> > >
> > > Criteria that should be applied by the Designated Experts includes
> > > ...
> > > Registrations for the limited set of values between -256 and 255
> > > and
> > > strings of length 1 are to be restricted to claims with general
> > > applicability.
> > >
> > > Best wishes,
> > > -- Mike
> > >
> > > -----Original Message-----
> > > From: Amanda Baber via RT <iana-prot-param@iana.org>
> > > Sent: Thursday, January 13, 2022 4:55 PM
> > > To: rdd@cert.org
> > > Cc: rats-chairs@ietf.org; Ned Smith <ned.smith@intel.com>;
> > > ncamwing@cisco.com; Mike Jones <Michael.Jones@microsoft.com>;
> > > mandyam@qti.qualcomm.com; lgl@island-resort.com;
> > > kathleen.moriarty.ietf@gmail.com; jodonogh@qti.qualcomm.com;
> > > iana@iana.org; cwt-reg-review@ietf.org
> > > Subject: [EXTERNAL] [IANA #1222304] Early allocation for Entity
> > > Attestation Token claims in the CWT registry (was Re: Registration
> > > of
> > > Entity Attestation Token claims in the CWT registry)
> > >
> > > Hi Roman, all,
> > >
> > > For our records, can one of the RATS chairs confirm this request?
> > >
> > > I understand that for the CWT registrations, we'll be using the
> > > numeric values requested in the document:
> > >
> > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-
> > > 11#section-
> > > 9.3.1
> > >
> > > thanks,
> > >
> > > Amanda Baber
> > > IANA Operations Manager
> > >
> > > On Thu Jan 13 21:00:35 2022, rdd@cert.org wrote:
> > > > Hi!
> > > >
> > > >
> > > >
> > > > Officially pulling everything together in one place for an early
> > > > registration request.
> > > >
> > > >
> > > >
> > > > == [ Request to IANA ]==
> > > >
> > > > Per step #5 of Section 3.1 of RFC 7120, the RATS WG would like
> > > > select pre-registration actions for
> > > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11
> > > > described
> > > > in the "Pre-Registration actions" section below.
> > > >
> > > >
> > > >
> > > > Mike: Thanks so much for your help here.  Consider this an
> > > > approval
> > > > for early allocation.
> > > >
> > > >
> > > >
> > > > == [ WG Coordination ]==
> > > >
> > > > Step #4 (AD Approval) Implicit in this note
> > > >
> > > >
> > > >
> > > > Step #3 (Discussion on the WG mailing list)
> > > > https://mailarchive.ietf.org/arch/msg/rats/FwCqNrYjbiTd0nGZ0Wg9RQ2uU
> > > > 8o
> > > > /
> > > >
> > > >
> > > >
> > > > == [ Pre-Registration actions ]==
> > > >
> > > >
> > > >
> > > > See Section 9.3.1 of https://datatracker.ietf.org/doc/html/draft-
> > > > ietf-
> > > > rats-eat-11#section-9.3.1
> > > >
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > Roman
> > > >
> > > >
> > > > From: Mike Jones <Michael.Jones@microsoft.com>
> > > > Sent: Thursday, January 13, 2022 2:57 PM
> > > >  To: Roman Danyliw <rdd@cert.org>; Giridhar Mandyam
> > > > <mandyam@qti.qualcomm.com>; Laurence Lundblade <lgl@island-
> > > > resort.com>
> > > >  Cc: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>; cwt-reg-
> > > > review@ietf.org; Ned Smith <ned.smith@intel.com>; Nancy Cam-
> > > > Winget
> > > >  (ncamwing) <ncamwing@cisco.com>; Kathleen Moriarty
> > > > <kathleen.moriarty.ietf@gmail.com>; rats-chairs <rats-
> > > > chairs@ietf.org>
> > > >  Subject: Re: Registration of Entity Attestation Token claims in
> > > > the
> > > > CWT registry
> > > >
> > > > Roman, once you let the designated experts know that you approve
> > > > of
> > > > requesting early allocation per RFC 7120, then I’d be glad to
> > > > consider this thread to be the request for early registration and
> > > > proceed to do so.
> > > >
> > > > Giri, Lawrence, etc., the registration procedures for CWT claims
> > > > are
> > > > defined at https://datatracker.ietf.org/doc/html/rfc8392#section-
> > > > 9.1.
> > > > In particular, the following sections are particularly relevant
> > > > to
> > > > the current discussion:
> > > >
> > > > Criteria that should be applied by the Designated Experts
> > > > includes
> > > > determining whether the proposed registration duplicates existing
> > > > functionality, whether it is likely to be of general
> > > > applicability
> > > > or whether it is useful only for a single application, and
> > > > whether
> > > > the registration description is clear.  Registrations for the
> > > > limited set of values between -256 and 255 and strings of length
> > > > 1
> > > > are to be restricted to claims with general applicability.
> > > >
> > > > IANA must only accept registry updates from the Designated
> > > > Experts
> > > > and should direct all requests for registration to the review
> > > > mailing list.
> > > >
> > > > So whether early or not, the claims being proposed for
> > > > registration
> > > > that are not of general applicability are ineligible for
> > > > registration in the range -256 to 255.  Also, any IANA
> > > > registrations
> > > > of CWT claims necessarily involve designated expert review.
> > > >
> > > > I’m trying to help you as a designated expert to get to stable
> > > > registrations soon.  Once Roman has approved the request for
> > > > early
> > > > registration, I’d be glad to work with IANA to do early
> > > > registration
> > > > of code points that meet the registration criteria above.
> > > >
> > > > Best wishes,
> > > > -- Mike
> > > >
> > > > From: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
> > > > Sent: Thursday, January 13, 2022 8:38 AM
> > > > To: Giridhar Mandyam
> > > >  <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > Mike
> > > > Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>;
> > > > Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > resort.com>>
> > > > Cc: Jeremy O'Donoghue
> > > >  <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > cwt-
> > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > Winget
> > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > Kathleen  Moriarty
> > > > <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > com>> ; rats-chairs
> > > > <rats-chairs@ietf.org<mailto:rats-chairs@ietf.org>>; Roman
> > > > Danyliw
> > > > <rdd@cert.org<mailto:rdd@cert.org>>
> > > > Subject: Re: Registration of Entity Attestation Token claims in
> > > > the
> > > > CWT registry
> > > >
> > > > Hi all!
> > > >
> > > > I wanted to acknowledge that I got this note, but I am not up-to-
> > > > speed on the issue and need to catch-up before providing a
> > > > meaningful response.  A search of my mailbox also found this
> > > > related
> > > > thread which I attached.
> > > >
> > > > Roman
> > > >
> > > > From: Giridhar Mandyam
> > > > <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
> > > > Sent: Thursday, January 13, 2022 10:35 AM
> > > > To: Mike Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>;
> > > > Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > resort.com>>; Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
> > > > Cc: Jeremy O'Donoghue
> > > >  <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > cwt-
> > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > Winget
> > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > Kathleen  Moriarty
> > > > <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > com>> chairs@ietf.org>>
> > > > Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation
> > > > Token
> > > > claims in the CWT registry
> > > >
> > > > + Roman D.
> > > >
> > > > I would like to escalate this to the AD.  Note that the EAT
> > > > editors
> > > > acted in good faith in the expectation that the RATS  chairs
> > > > would
> > > > address early allocation, and we were assured last March that
> > > > there
> > > > was no issues with the requested values.  As a result, we put off
> > > > Last Call for the draft and went forward with guidance to other
> > > > SDO’s (e.g.
> > > > FIDO Alliance, GlobalPlatform) that these claim values were
> > > > stable.
> > > >
> > > > Now for the first time we are finding out that (a) the values
> > > > called
> > > > out in the spec are not acceptable as per expert review criteria,
> > > > and
> > > > (b) the RATS chairs never initiated the process of pre-
> > > > registration
> > > > in the first place.
> > > >
> > > > My request to the AD is simple:  allow for pre-registration of
> > > > the
> > > > values as called out in the current EAT draft.  If this is not
> > > > possible (and it looks likely that it is not), then my additional
> > > > request is that the AD directly manage shepherding of this spec
> > > > to
> > > > Last Call and RFC as I believe communication between the EAT
> > > > editors
> > > > and the RATS Chairs has broken down and the RATS Chairs are not
> > > > driving consensus decisions from the Working Group with respect
> > > > to
> > > > this spec.
> > > >
> > > > -Giri
> > > >
> > > > From: Mike Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
> > > > Sent: Thursday, January 13, 2022 2:39 AM
> > > > To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > resort.com>>
> > > > Cc: Giridhar Mandyam
> > > >  <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > Jeremy
> > > > O'Donoghue
> > > > <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > cwt-
> > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > Winget
> > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > Kathleen  Moriarty
> > > > <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > com>> chairs@ietf.org>>
> > > > Subject: RE: [EXTERNAL] Re: Registration of Entity Attestation
> > > > Token
> > > > claims in the CWT registry
> > > >
> > > >
> > > > WARNING: This email originated from outside of Qualcomm. Please
> > > > be
> > > > wary of any links or attachments, and do not enable macros.
> > > > Early allocation did not occur.  If it had, the numbers would be
> > > > assigned in https://www.iana.org/assignments/cwt/cwt.xhtml.  (For
> > > > an
> > > > example of early allocation listings, see claims 38, 39, and 40.)
> > > > Early registration, like normal registration, involves review by
> > > > the
> > > > designated experts, which also didn’t occur, because as far as I
> > > > can
> > > > tell, it wasn’t asked for.
> > > >
> > > > I’m trying to help you get to stable assignments as soon as
> > > > possible.
> > > > I know the value of having those.
> > > >
> > > > Again, if you want stable assignments before upcoming interop
> > > > events, I’d suggest making an early registration request by
> > > > sending
> > > > the registration request to cwt-reg-review@ietf.org<mailto:cwt-
> > > > reg-
> > > > review@ietf.org>.  It would be cleaner to do so by first changing
> > > > the assignments in your IANA Considerations section to “TBD”, but
> > > > you could also do so based on the current draft (realizing that
> > > > the
> > > > proposed assignments in the draft might not be the ones assigned
> > > > by
> > > > the designated experts and IANA).
> > > >
> > > > You could have stable assignments within a few weeks if you
> > > > choose
> > > > to request them soon.
> > > >
> > > > Best wishes,
> > > > -- Mike
> > > >
> > > > From: Laurence Lundblade <lgl@island-
> > > > resort.com<mailto:lgl@island-
> > > > resort.com>>
> > > > Sent: Wednesday, January 12, 2022 10:31 PM
> > > > To: Mike Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
> > > > Cc: Giridhar Mandyam
> > > >  <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > Jeremy
> > > > O'Donoghue
> > > > <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>;
> > cwt-
> > > > reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned Smith
> > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > Winget
> > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > Kathleen  Moriarty
> > > > <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > com>> chairs@ietf.org>>
> > > > Subject: [EXTERNAL] Re: Registration of Entity Attestation Token
> > > > claims in the CWT registry
> > > >
> > > > Hi Mike,
> > > >
> > > > I’m not trying grab anything here that we should not have.
> > > >
> > > > The early allocation process, according to RFC 7120, is handled
> > > > by
> > > > the WG chairs. It is my understanding is that the RATS chairs
> > > > followed this process and that number 10-18, 20 have early
> > > > assignment. That’s why they are in the draft without “TBD”. Maybe
> > > > the process wasn’t completed or there is some other confusion. I
> > > > did
> > > > not interact with IANA myself (but I did read 7120).
> > > >
> > > > I think this needs to be resolved between the RATS chairs,
> > > > designated experts and IANA. I am happy to adjust the draft when
> > > > this gets resolved.
> > > >
> > > > LL
> > > >
> > > >
> > > >
> > > > On Jan 12, 2022, at 9:58 PM, Mike Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
> > > > wrote:
> > > >
> > > > Yours is not the first specification that’s tried to preallocate
> > > > the
> > > > rare single-byte claim numbers for claims not of general
> > > > applicability.  At
> > > > https://www.iana.org/assignments/cwt/cwt.xhtml,
> > > > you’ll note that most of the claims allocated by draft-ietf-ace-
> > > > oauth-
> > > > authz are in the double-byte space because they’re not applicable
> > > > to
> > > > a wide variety of applications.  They were originally requested
> > > > to
> > > > be in the single-byte range and the designated experts negotiated
> > > > with the editors to move their requested assignments.
> > > >
> > > > Jim Schaad was always a stickler about specifications using TBD
> > > > in
> > > > their registration requests instead of assumed numbers.  At most,
> > > > he
> > > > would tolerate “TBD (requested assignment NNN)”.  Of course, he
> > > > was
> > > > right.  It’s up to IANA and the designated experts to make the
> > > > assignments, particular of scarce resources, not the spec
> > > > authors.
> > > >
> > > > Therefore, please revise your specification to remove the current
> > > > numbers and replace them with “TBD”.  At that point, it would be
> > > > fine to make an early registration request.  The experts and IANA
> > > > could likely get you permanent numbers at that point, probably
> > > > within a matter of weeks.
> > > >
> > > > If you do not want to go the early allocation route, the other
> > > > option is to use numbers in the “less than -65536” space, which
> > > > are
> > > > designated as “Reserved for Private Use”.  You can use numbers in
> > > > that space however you want for as long as you want – including
> > > > for
> > > > facilitating interop testing until permanent numbers are
> > > > assigned.
> > > >
> > > > I’m sorry this appears to have come as a surprise.  The
> > > > designated
> > > > experts are trying to ensure that the CWT Claims numbers are
> > > > efficiently allocated to do the most good for the most
> > > > applications.
> > > > I hope you’ll take this request in that spirit and choose one of
> > > > the
> > > > paths outlined above to quickly resolve this issue.
> > > >
> > > > Best wishes,
> > > > -- Mike
> > > >
> > > > From: Giridhar Mandyam
> > > > <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
> > > > Sent: Wednesday, January 12, 2022 9:05 PM
> > > > To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > resort.com>>; Mike Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>;
> > > > Jeremy O'Donoghue
> > > > <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>
> > > >  Cc: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>; Ned
> > > > Smith <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy
> > > > Cam-Winget
> > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > Kathleen  Moriarty
> > > > <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > com>> ; rats-chairs <rats-chairs@ietf.org<mailto:rats-
> > > > com>> chairs@ietf.org>>
> > > > Subject: [EXTERNAL] RE: Registration of Entity Attestation Token
> > > > claims in the CWT registry
> > > >
> > > > + @Jeremy O'Donoghue<mailto:jodonogh@qti.qualcomm.com>
> > > >
> > > > Ned, RATS Chairs,
> > > >
> > > > We were assured by the RATS Chairs when we highlighted these
> > > > values
> > > > in Rev. -09 that they would be signed off for the registry.  This
> > > > is
> > > > one of the reasons why we did not try to accelerate Last Call
> > > > during
> > > > the first half of last year.  There was clearly a disconnect.
> > > > Can
> > > > you check into why this occurred?
> > > >
> > > > Mike,
> > > >
> > > > We just put out an FDO update on the assumption that these claim
> > > > values are set (https://fidoalliance.org/specs/FDO/FIDO-Device-
> > > > Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-
> > > > 20211214.html).  We are planning a 2nd interop event during the
> > > > next
> > > > couple of months and we may have to put that off now.  Is this
> > > > issue
> > > > intractable?  Can the claims not be assigned to EAT?
> > > >
> > > > Jeremy can comment on any GlobalPlatform dependencies.
> > > >
> > > > -Giri
> > > >
> > > > From: Laurence Lundblade <lgl@island-
> > > > resort.com<mailto:lgl@island-
> > > > resort.com>>
> > > > Sent: Wednesday, January 12, 2022 8:18 PM
> > > > To: Mike Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
> > > > Cc: Giridhar Mandyam
> > > >  <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>;
> > cwt-
> > > > reg-
> > > >  review@ietf.org<mailto:cwt-reg-review@ietf.org>; Smith, Ned
> > > > <ned.smith@intel.com<mailto:ned.smith@intel.com>>; Nancy Cam-
> > > > Winget
> > > >  (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>;
> > > > Kathleen  Moriarty
> > > > <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.
> > > > com>>
> > > > Subject: Re: Registration of Entity Attestation Token claims in
> > > > the
> > > > CWT registry
> > > >
> > > > WARNING: This email originated from outside of Qualcomm. Please
> > > > be
> > > > wary of any links or attachments, and do not enable macros.
> > > > A couple more comments.
> > > >
> > > > I know what you mean about taking the numbers <24. Not trying to
> > > > be
> > > > a hog or anything. It seems nobody, myself included, thought
> > > > about
> > > > it when this was done a year ago.
> > > >
> > > > I know that Arm has SW that uses these assignments (ask Hannes
> > > > and
> > > > Thomas F). I think FIDO does too. I think there would be
> > > > objections
> > > > to a re assignment.
> > > >
> > > > LL
> > > >
> > > >
> > > > On Jan 12, 2022, at 7:52 PM, Laurence Lundblade <lgl@island-
> > > > resort.com<mailto:lgl@island-resort.com>> wrote:
> > > >
> > > > + RATS chairs
> > > >
> > > > Hi Mike,
> > > >
> > > > The claims key numbers 10-18, 20 are early assignments by IANA. I
> > > > didn’t handle the interaction with IANA, but I understand this to
> > > > be
> > > > true.  Changing them now would undermine some implementations
> > > > that
> > > > are using them.
> > > >
> > > > LL
> > > >
> > > >
> > > >
> > > > On Jan 12, 2022, at 6:11 PM, Mike Jones
> > > > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
> > > > wrote:
> > > >
> > > > Please change the proposed CWT claim values for claims UEID
> > > > through
> > > > Submodules Section from 11 through 20 to 41 through 50 so that
> > > > they
> > > > are not using up most of the rare single-byte claim numbers.
> > > > Only
> > > > claims that are of general applicability across multiple kinds of
> > > > applications should be allocated in that space.
> > > >
> > > > The one exception I would consider is the Location claim, which
> > > > could be of general applicability.  If you believe that this
> > > > location representation will be used by multiple kinds of
> > > > applications, I would be willing to consider registering it in
> > > > the
> > > > single-byte claim space.
> > > >
> > > > -- Mike
> > > >
> > > > From: Cwt-reg-review
> > > > <cwt-reg-review-bounces@ietf.org<mailto:cwt-reg-
> > > > review-bounces@ietf.org>> On Behalf Of Giridhar Mandyam
> > > > Sent: Saturday, October 16, 2021 4:11 PM
> > > > To: cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org>
> > > > Cc: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-
> > > > resort.com>>
> > > >  Subject: [Cwt-reg-review] Registration of Entity Attestation
> > > > Token
> > > > claims in the CWT registry
> > > >
> > > > To the CWT claims registry designated experts:
> > > >
> > > > I am contacting you on behalf of the editors of the Entity
> > > > Attestation Token specification (latest draft available
> > > > athttps://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-10).
> > > > This
> > > > is a standards-track document in the IETF Remote Attestation
> > > > Procedures (RATS) Working Group.
> > > >
> > > > Please note the requests for CWT registry of the claims outlined
> > > > in
> > > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-
> > > > 10#section
> > > > -  7.3.1.  We would like these claim values reflected in the IANA
> > > > CWT registry as soon as possible.  Would this be possible?
> > > >
> > > > Please contact myself Giri Mandyam or Laurence Lundblade (cc’ed)
> > > > for
> > > > further information if required.
> > > >
> > > > Thanks
> > > >
> > > > -Giri Mandyam
> > > >
> > >
>