IETF Logo Mail Archive

Re: [Iot-directorate] EAT profiles (was Re: Iotdir last call review of draft-ietf-rats-eat-13)

Eliot Lear <lear@lear.ch> Wed, 08 June 2022 05:14 UTC

Return-Path: <lear@lear.ch>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C86AC15D87C; Tue, 7 Jun 2022 22:14:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.773
X-Spam-Level:
X-Spam-Status: No, score=-2.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.876, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lear.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AqtvnSj-0xNe; Tue, 7 Jun 2022 22:14:34 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 409F9C15D87A; Tue, 7 Jun 2022 22:14:30 -0700 (PDT)
Received: from [IPV6:2001:420:c0c0:1004::339] ([IPv6:2001:420:c0c0:1004:0:0:0:339]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 2585EIL01060763 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 8 Jun 2022 07:14:19 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1654665261; bh=sEE5ra8PzCQ8JWGHGDApNZXQMB966RVXDVn58TyUJXs=; h=Date:To:Cc:References:From:Subject:In-Reply-To:From; b=rGfyiSpEVYjawGLSMBWmLIIB96oQLi6SVNXIl032eec1My+cp9l8aupEY0V4WSvfL WiCf9u6yC6dh0+kxWO1uOp9K8phBr3Ucudkj02NUiOzVSiiXqxo8I3tzUKwjisL1BP QLrXFpfDqgoYTA+JhAuzwFo3u5NXweHBqAc8YRl4=
Message-ID: <dcba2edb-2069-22c6-1e33-87bc7b41d08e@lear.ch>
Date: Wed, 08 Jun 2022 07:14:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Laurence Lundblade <lgl@island-resort.com>, Eliot Lear <lear@cisco.com>
Cc: iot-directorate@ietf.org, draft-ietf-rats-eat.all@ietf.org, last-call@ietf.org, rats@ietf.org
References: <165443386776.35361.12898474920348394274@ietfa.amsl.com> <E267AEDE-D1DB-415B-B28F-DD78A517D27A@island-resort.com>
From: Eliot Lear <lear@lear.ch>
In-Reply-To: <E267AEDE-D1DB-415B-B28F-DD78A517D27A@island-resort.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------TRAqkDrg7pu4pq0fXBq5bnnf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/tMTNwtoJrfIgtkKPjGtSPfI2yaM>
Subject: Re: [Iot-directorate] EAT profiles (was Re: Iotdir last call review of draft-ietf-rats-eat-13)
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2022 05:14:38 -0000

Hi Laurence,

Every point you made below is something that could have been addressed, 
if necessary, using the MUSTs and SHOULDs Toerless discussed.  As I 
wrote earlier, the most absurd case of this is whether a nonce is an 
array or a single object.  You have several easy choices to avoid that: 
either say that it can be both, or simply require an array.  Thomas and 
I have gone back and forth about the length of the nonce.  Was there any 
discussion or objection to simply limiting the size of the nonce, as 
described in the PSA profile?

Carsten covered 7.2.2 and 7.2.3.  7.2.4 doesn't give me warm fuzzies 
because it's not even clear what you mean in this case. For key 
identification, it would have been better to read, “When using JWS, do 
the following.”  Otherwise, Section 6 reads as under-specified, meaning 
that different profiles can implement the same identification method and 
not be interoperable.

At the end of the day, if you still need a profile, hopefully it would 
be a LOT smaller, and a lot better structured as Toerless mentioned.  To 
me, a WG should argue over every last aspect that could be profiled, 
where a profile is the absolutely last option.

Eliot


On 08.06.22 01:26, Laurence Lundblade wrote:
> (sending again with corrections and because it doesn’t seem to have 
> posted to the archive)
>
> Hi Elliot,
>
> To me EAT inherits extant interoperability issues in CBOR, COSE and 
> CWT. Or perhaps we say EAT is a framework like CBOR, COSE and CWT. 
> With profiles, EAT takes the issue head-on and does something about it.
>
> Yes, I sometimes think “I” in IETF is for interoperability and is 
> fundamental to the IETF culture. I’ve been arguing lately to limit the 
> number of forms of EAT for this reason. I am a bit surprised that 
> CBOR, COSE and CWT don’t deal with the issue more directly. I really 
> do believe in interoperability — and this belief led me to write much 
> of the profiles section (kind of wondering what people would say).
>
> Here’s some of the issues:
>
>     CBOR — RFC 8949 clearly allows for both indefinite and definite
>     encoding. If one implementation chooses one and another the other,
>     there will not be interoperability.
>
>     COSE — No algorithms are mandated, not even for a receiver. No
>     full key identification scheme is mandated (CMS at least had this).
>
>     CWT — There are no required claims to send or to be able to receive.
>
>     CBOR/JSON/… — This is somewhat new particularly with CDDL now
>     useful to specify multiple encodings. RFC 8428 has this issue.
>
>
> To me this flexibility and consequently these interoperability issues 
> are built in to the frame up and approach not only for EAT, but also 
> for CBOR, COSE and CWT. I don’t think we want to change that approach. 
> For example, we want the CBOR encoding flexibility and we want the 
> COSE algorithm and key identification flexibility in specifications at 
> this level.
>
> I can see adding some more wording to EAT that gives the background 
> I’ve given above in the profiles section. I can’t see changing the 
> approach to start mandating algorithms and encodings. Maybe there’s 
> something else to do?
>
> Also, I don’t think PSA token gives tight interoperability. It doesn’t 
> say which algorithms to use or how key identification works. Maybe 
> that is OK. Maybe it is not.
>
> FIDO is a protocol that I know gives complete interoperability. For 
> example in FIDO you MUST implement all of a set of crypto algorithms 
> on the server side; the client side gets to  choose.
>
> One more comment below.
>
> LL
>
>
>
>> On Jun 5, 2022, at 5:57 AM, Eliot Lear via Datatracker 
>> <noreply@ietf.org> wrote:
>>
>> Major:
>>
>> The most major problem with the document is this:
>>
>> 7.  Profiles
>>
>>   This EAT specification does not gaurantee that implementations of it
>>   will interoperate.  The variability in this specification is
>>   necessary to accommodate the widely varying use cases.  An EAT
>>   profile narrows the specification for a specific use case.  An ideal
>>   EAT profile will guarantee interoperability.
>>
>> This is quite counter-cultural to the IETF.  You start with the
>> smallest set of functionality and then expand outward to cover
>> different use cases that make use of different extensions.  I'm
>> not saying that profiles would not be necessary, but that some
>> additional thought be given to extension mechanisms.
>>
>> This statement in particular is quite disturbing.
>>
>>   In some cases CDDL may be created that replaces CDDL in this or other
>>   document to express some profile requirements.
>
> CoSWID is doing this with COSE.
>
>>
>> Not only is this counter-cultural, but it would require an Updates:
>> header on any such profile, and would further just be plain out
>> confusing.
>>
>> In short, the profile mechanism is harmful to the very concept of
>> interoperability.
>
>

v2.23.0 | Report a Bug | By Email