Re: [Iot-directorate] [Rats] Iotdir last call review of draft-ietf-rats-eat-13
Eliot Lear <lear@lear.ch> Sun, 05 June 2022 15:26 UTC
Return-Path: <lear@lear.ch>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B621FC14F734; Sun, 5 Jun 2022 08:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.775
X-Spam-Level:
X-Spam-Status: No, score=-7.775 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lear.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TVkHMwTlna20; Sun, 5 Jun 2022 08:26:02 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 904F4C14F72C; Sun, 5 Jun 2022 08:25:57 -0700 (PDT)
Received: from [192.168.0.227] (77-58-144-232.dclient.hispeed.ch [77.58.144.232]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 255FPpAK806217 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Sun, 5 Jun 2022 17:25:52 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1654442752; bh=UmnigTg91g0nRb1Vv5+G9GXmi3jEFqzvJ68DxsJt4dc=; h=Date:To:Cc:References:From:Subject:In-Reply-To:From; b=E+ImnaqA2b4A9etNnsQDds/fL6B7DeLkbmX7ghd4yCzGoaiNm9jEjbi5N/d+e3G+Y xMciG+8PXWa2P9IFOBz1L6tJpkkjWlXOBJn8fyYayFa3Vbiu9ee/wtQDvQxggxBKfs t/J1QZfcGHRmaAZHpjC9xcyzCXkrL043QbqJbOAs=
Message-ID: <0bd8b6d4-803e-5883-236e-e7dd9d352840@lear.ch>
Date: Sun, 05 Jun 2022 17:25:51 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Thomas Fossati <tho.ietf@gmail.com>
Cc: IETF IoT Directorate <iot-directorate@ietf.org>, draft-ietf-rats-eat.all@ietf.org, last-call@ietf.org, rats <rats@ietf.org>
References: <165443386776.35361.12898474920348394274@ietfa.amsl.com> <CAObGJnNp3haHUUcTi0XcGxDJq1Dy+t=i1bkAn8miYRA29M8ydQ@mail.gmail.com>
From: Eliot Lear <lear@lear.ch>
In-Reply-To: <CAObGJnNp3haHUUcTi0XcGxDJq1Dy+t=i1bkAn8miYRA29M8ydQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------U2h16EZAHxb8Mqcwtg4UXAAh"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/0dKHw5bwglu2YayVkrFK5rjZW8I>
Subject: Re: [Iot-directorate] [Rats] Iotdir last call review of draft-ietf-rats-eat-13
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2022 15:26:06 -0000
Hi Thomas On 05.06.22 16:21, Thomas Fossati wrote: > Hi Eliot, thanks very much for the review. > > One quick comment on this point: > > On Sun, Jun 5, 2022 at 1:57 PM Eliot Lear via Datatracker > <noreply@ietf.org> wrote: >> The most major problem with the document is this: >> >> 7. Profiles >> >> This EAT specification does not gaurantee that implementations of it >> will interoperate. The variability in this specification is >> necessary to accommodate the widely varying use cases. An EAT >> profile narrows the specification for a specific use case. An ideal >> EAT profile will guarantee interoperability. >> >> This is quite counter-cultural to the IETF. You start with the >> smallest set of functionality and then expand outward to cover >> different use cases that make use of different extensions. I'm >> not saying that profiles would not be necessary, but that some >> additional thought be given to extension mechanisms. > Maybe what is not immediately clear is that EAT is not a complete > protocol but a framework. What is provided is a specification of a token. That's how I reviewed it. > > The EAT framework provides: > * A type system -- the base claims-set & a few aggregation types; > * Security envelopes based on COSE, JOSE; > * CBOR and JSON serialisations; > * A number of pre-defined semantics (the defined "claims") that one > can readily reuse. All good. In fact, that's so well stated that perhaps you should say it in the draft just so. > > So, a mechanism to identify specific kinds of EAT-based PDUs needs to > be there from the onset, otherwise one wouldn't know how to > instantiate the framework for their use case. And that's precisely > the role of the profiles. I'd suggest that Section 7 is still problematic as specified. Let's start with Section 7.2.1: > The profile should indicate whether the token format should be CBOR, > JSON, both or even some other encoding. If some other encoding, a > specification for how the CDDL described here is serialized in that > encoding is necessary. > > This should be addressed for the top-level token and for any nested > tokens. For example, a profile might require all nested tokens to be > of the same encoding of the top level token. Can you give an example of when this would not be entirely clear from context? Consider this: YANG serializes into XML and JSON. but we do not specify different YANG modules for the two serializations. You can express the serialization of the CDDL for different formats (as you do), but that's different from profiling. > > For an example of a profiled EAT that builds on the EAT framework to > create (demonstrably) interoperable attestation evidence see the PSA > token [1]. > > [1]https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html Yes, this feels like a classic profile. >> This statement in particular is quite disturbing. >> >> In some cases CDDL may be created that replaces CDDL in this or other >> document to express some profile requirements. >> >> Not only is this counter-cultural, but it would require an Updates: >> header on any such profile, and would further just be plain out >> confusing. > I don't think the "Updates" would be required: the CDDL defines a type > constraint that is applicable to the specific profile, it doesn't > modify the base type. But that is precisely what the text I quoted states. > > See for example the way PSA restricts the nonce claim [2]. > > https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html#section-3.1.1 As an aside, I think I should congratulate you for actually generating compliant SVG graphics! Coming more to the point, why is it the working group could not settle on many of the contents inside that profile document? This profile seems like an out for the working group not having resolved some differences. Are there those who want nonce values other than 32, 48, or 64 bytes? If so, what brings about the difference and can it be resolved? Also, some of the contents of the profile you refer to demonstrate the peril: a nonce can be presented in three different ways. Why? Why does it matter that you not use an array when conveying a single nonce? All that does is add additional branches. Worse, if parsing has to occur based on multiple profiles, as will happen, the amount of code needed to do this is likely to balloon. Eliot > >> In short, the profile mechanism is harmful to the very concept of >> interoperability. > On the contrary, without profiles it would be probably impossible to > interoperate. > > Cheers, thanks,
- [Iot-directorate] Iotdir last call review of draf… Eliot Lear via Datatracker
- Re: [Iot-directorate] [Rats] Iotdir last call rev… Eliot Lear
- Re: [Iot-directorate] Iotdir last call review of … Thomas Fossati
- Re: [Iot-directorate] [Rats] Iotdir last call rev… Eliot Lear
- Re: [Iot-directorate] Iotdir last call review of … Eliot Lear
- Re: [Iot-directorate] [Rats] Iotdir last call rev… Thomas Fossati
- [Iot-directorate] EAT profiles (was Re: Iotdir la… Laurence Lundblade
- Re: [Iot-directorate] [Last-Call] EAT profiles (w… Carsten Bormann
- Re: [Iot-directorate] EAT profiles (was Re: Iotdi… Toerless Eckert
- Re: [Iot-directorate] EAT profiles (was Re: Iotdi… Eliot Lear
- Re: [Iot-directorate] [Last-Call] EAT profiles (w… Laurence Lundblade
- [Iot-directorate] Segmented strings (Re: [Rats] [… Carsten Bormann
- Re: [Iot-directorate] [Rats] EAT profiles (was Re… Anders Rundgren
- Re: [Iot-directorate] Segmented strings (Re: [Rat… Laurence Lundblade
- Re: [Iot-directorate] [Rats] Segmented strings (R… Eliot Lear
- Re: [Iot-directorate] Segmented strings (Re: [Rat… Carsten Bormann
- Re: [Iot-directorate] Segmented strings (Re: [Rat… Laurence Lundblade
- Re: [Iot-directorate] [Last-Call] Segmented strin… Martin J. Dürst
- Re: [Iot-directorate] [Last-Call] Segmented strin… Jeremy O'Donoghue
- Re: [Iot-directorate] [Last-Call] Segmented strin… Carsten Bormann
- Re: [Iot-directorate] [Cbor] [Last-Call] Segmente… Henk Birkholz
- Re: [Iot-directorate] [Last-Call] Segmented strin… Laurence Lundblade
- Re: [Iot-directorate] [Rats] [Last-Call] Segmente… Anders Rundgren
- Re: [Iot-directorate] [Rats] [Last-Call] Segmente… Thomas Fossati