Re: [Rats] Call for adoption (after draft rename) for Yang module draft

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 13 November 2019 11:24 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19D6812003F for <rats@ietfa.amsl.com>; Wed, 13 Nov 2019 03:24:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mkent6bIJ8Ew for <rats@ietfa.amsl.com>; Wed, 13 Nov 2019 03:24:16 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 131C1120013 for <rats@ietf.org>; Wed, 13 Nov 2019 03:24:15 -0800 (PST)
Received: from [192.168.41.2] (unknown [58.212.133.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by tuna.sandelman.ca (Postfix) with ESMTPSA id AB7A53897A for <rats@ietf.org>; Wed, 13 Nov 2019 06:21:08 -0500 (EST)
To: rats@ietf.org
References: <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <ba12a686-1b34-21a3-388c-bbe01c01a408@sandelman.ca> <4A83CDF5-D29F-4279-8B03-E9D23299EB53@island-resort.com> <0C6940B0-E93F-4274-9D00-DEC4119B8F69@island-resort.com> <85c7c287-48e3-83e7-900e-8e50ce43eba3@sandelman.ca> <147FEACA-56F0-43A0-8F25-639D0613E4BD@island-resort.com> <22fd43c8-7d6e-2dd8-c29a-aa86ee894ff6@sandelman.ca> <20191113111416.22xikah475zyxdro@anna.jacobs.jacobs-university.de>
From: Michael Richardson <mcr+ietf@sandelman.ca>
Message-ID: <cee8db30-f4ff-619b-da6a-82ec368077c9@sandelman.ca>
Date: Wed, 13 Nov 2019 19:24:10 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20191113111416.22xikah475zyxdro@anna.jacobs.jacobs-university.de>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/-S27Z01E7Jc4C6X5VtNqX7aDyNY>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 11:24:18 -0000


On 2019-11-13 7:14 p.m., Schönwälder, Jürgen wrote:
> On Wed, Nov 13, 2019 at 07:04:40PM +0800, Michael Richardson wrote:
>>
>> On 2019-11-13 1:56 a.m., Laurence Lundblade wrote:
>>> Got that one totally wrong. I even knew everything you describe about YANG.
>>>
>>> I still think it is better if we just stick to EAT / CWT / JWT claims described with CDDL as the way we define claims in RATS, except for a few TPM-specific claims. 
>> Nothing I've said is opposed to that.
>> I rather agree.  I don't think that EAT is complex enough to require a
>> definition in YANG.
>>
>> But, that also has nothing to do with whether we'd need a YANG signing
>> standard if we defined them in YANG.
>> We wouldn't, because we'd be signing JSON, CBOR (or XML if someone
>> insisted) using JSOE and COSE.
>>
> I am still confused but so far for me it may make sense to have the
> following:
>
> - A YANG defined transport for "tokens" which likely treats tokens as
>   opaque objects.

okay, and we need this in the same document (the same model?) as the TPM
stuff?

I think that the process works okay for TPM, because we don't really
expect the system that hosts the RESTCONF interface to actually use the
RESTCONF interface to talk to the TPM.  We are just providing a gateway
to it.