IETF Logo Mail Archive

Re: [Rats] Where does a EAT end? - consensus?

"Smith, Ned" <ned.smith@intel.com> Fri, 03 June 2022 18:38 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC958C14CF09 for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 11:38:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.847
X-Spam-Level:
X-Spam-Status: No, score=-2.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwVD8QvhdWhz for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 11:38:51 -0700 (PDT)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A05C5C14F725 for <rats@ietf.org>; Fri, 3 Jun 2022 11:38:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654281531; x=1685817531; h=from:to:subject:date:message-id:mime-version; bh=NeijUxZfafQvVH8AVFDTjbMkPRVbn1PlW0jcnHDCSAk=; b=ey57XN2TEaOWaQ86UTODux7jwIf1XTguTzugWX0Nj0epG4Ms/hD84Cvc 5U8YqK5tH+fLBJFrrGI2g4s8CneYKe0w0BTXs/5FQlfqjA69Koh2q0gKT rJGoMxApn+T8yKD622e7WLPY7S7pWxp57NnNqnx1X8QzVU1F0sOn0fWY0 /vJNGht24DWZeF+1BhLIUN9oY2F+3ixxsw9M0YeOGttU0OakNmAMRHG5c 3Zr6/Y7kecgMZ/jgfkEJn8mM8o0+ABfSiNcKuKPjk+gjpAopjHMNS1IuE Nc2jUG0f8D5ybPthKMfxxHpbKeDeidw3dMeNAUpL3ie55KdTk1qqK31vb w==;
X-IronPort-AV: E=McAfee;i="6400,9594,10367"; a="339372665"
X-IronPort-AV: E=Sophos;i="5.91,275,1647327600"; d="scan'208,217";a="339372665"
Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2022 11:38:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,275,1647327600"; d="scan'208,217";a="607548835"
Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by orsmga008.jf.intel.com with ESMTP; 03 Jun 2022 11:38:48 -0700
Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Fri, 3 Jun 2022 11:38:48 -0700
Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Fri, 3 Jun 2022 11:38:48 -0700
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.169) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Fri, 3 Jun 2022 11:38:47 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nZlmPclPujj6r5g1BE5k6aZKjnLqqyMw4er70ugI7pf11vyyb2aP2f2CYwGUXPCXjeXnFW/jTIBKJQYIvsLhLoiAhfdKhrJiAFzqAtobFpIYmHie60aB1bP1vmoLu8I0J1LYH2jNY2Umg+XHcaA8o8qjnl6g22+pYgSDDMjOpnT4ATq14+OdNd5wNWQFpBld/Dw3iDn1xz+DbUxqdXDrLdqglbDjcHYK9ozr9RbhSAZlpsw3e5gHepM2DSBk/IdyZa5a7En3gIn419Jcz8TMAWuaS7wWzn3F3rUE5rhVqEexyKIFVBYqGvcXILkdSqtC08RFeXRUdgwDB3QQw/Jz5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NeijUxZfafQvVH8AVFDTjbMkPRVbn1PlW0jcnHDCSAk=; b=RhSbFFLwIuZvvwExHWw6OtJnorey/UYURUZSAPG/rVOef4gstSsotTW5bgp6bLK4sld2Uh9jLH4PQtOaJ/D+fa4lRbEAurlP35SBy2waazXA9DjP2RggpuGGePH+pfAR9LkF9ZBsjKeYnGJgxPpWB+2ni59ZDje8K+Qksxp/gzSWqdSspdOL1+FoX7RZ0/3n8FFSGSzvbyhpHi+KHOfy4j8C6Tq8eUabE4bQ0ni9lsXfIFezaia7QUfMUevZy36CHKzBYL14b/hiAe8AvCTQfG1IgrG+RqHbrBsCv/wz2qMJTcF7xiBGQkjANQBk+tidgGBTcPy+HXej/aVQLLZx0Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by CO1PR11MB5187.namprd11.prod.outlook.com (2603:10b6:303:94::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12; Fri, 3 Jun 2022 18:38:45 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5dfe:31c7:a62a:d8b8]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5dfe:31c7:a62a:d8b8%3]) with mapi id 15.20.5314.013; Fri, 3 Jun 2022 18:38:44 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Where does a EAT end? - consensus?
Thread-Index: AQHYd3knnYHsQr2qSkK10xVBLJ/Leg==
Date: Fri, 03 Jun 2022 18:38:44 +0000
Message-ID: <5CCD6415-B43B-4BB5-BD05-E7A2B7839B3A@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.61.22050700
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f6212411-c584-48bc-f014-08da45904a3c
x-ms-traffictypediagnostic: CO1PR11MB5187:EE_
x-microsoft-antispam-prvs: <CO1PR11MB5187C88766C46A06E5F90D3EE5A19@CO1PR11MB5187.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DfZwmKA+MkgZDcI8N8jPSpSzJZbOo0UOgaZljn/TG374XKxzyZPu8LdwmTEXVhS3tRmd5LRg+SZdiAnvBTL2K5aNhzgrs0gOYiyqrY7qjGa9h9ibR2xWGjVf80LP+8Tf6o/wee4nF0HMluwVHhWG/qgTPSXCQIyhIJcnV4sY8rLnbK/cK1kHD47cO6FHJ9Ae08aW7F+9RE6MZaTUkXlqBl9+hRyqyUH0cpNG4hFGmanqWvvliqPTrUPILWenF6chKUIVMKve2ZH3bi53I1y06i8FR1XnkaBm2sBZ7jutsBRQ9+i6XJGKGbNUe63Fw9cOJ8s7wJQQK8birETJFQcyUoeFBTT1xKRKQ8a9PopZGB5S1SYN1117BtgxGwKP4P0DPo95S9cugxZFIAoHaG51PU+o7/iZpXB39/H0kNQa3124WSjybwaF68JZXcGzlpiMvKXksDxRaO/yA60L6yKgQggIcStrdZLOalgaRIPH9UrL4fLhzfC+OWWslTgPKxfor50ADT9aM5BoJJgcP4zTSn/pK6/cP28ZI8u6zJVWjgQq55EUYYcPNk9TI6ftEf4tY9NA70P3k7EhGzTNHxZoA/PmVLIQWN3+gIL0wEgd4GZ2gv/khqiwimsscnrPtgpGMu23DQWW+bO76vpdvJJFpjDGr1IFFAQ8ipVWsAnoBQS/xRP1AhukiPYgaUB0pTXRkF/HlbruB/O2CaFobV55UdmSOlQK9Fmg1MX6H/AJfj3SvRB7A2JiEAZakoCFmp27RCZrsHK16CrX9mjGU1p5VWIQFSVqKyzUeCUx7eOYk8sLR048ANHe9uP1eNjoDpqaJjtPlmexJAdDevmMA0IjQEz2pS1Xe0099DNqqJm28+w=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(71200400001)(66476007)(36756003)(2906002)(166002)(82960400001)(122000001)(38070700005)(38100700002)(6486002)(64756008)(66946007)(8676002)(66446008)(66556008)(76116006)(53546011)(508600001)(966005)(6506007)(110136005)(5660300002)(26005)(316002)(33656002)(83380400001)(86362001)(6512007)(8936002)(186003)(2616005)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Wpk1FbDv7fFGyBx4uxxx8RAdAHvo9eN3/To5OpaJfH58mAaKfifds0xBJ/UFW07K5Kiz0lF12I0TWXfiKC+BknMQkeP/bq8P/wKTU1vAI6rH1++0QrrrI6TLuNyJvcljZ5VBLB9k7Y0gEBu0K6plAH4esqL0CGn2Uz9pNPV/0DR/ykKtftpKA0Fnn9vTWJC0NKbSBIHE+Fjged/1ZefIEGN1XEwqndFGRZaEa+pEcFfhoI3M6Rw6wVj6sThFiKTlrEMRlE2c7u5fgmQerUyRTvQxn3cgqFQN9nQqZlG3p/JQkEx4T387TMKkjLop8gim9nMw1d60VPBX+TxrXVHwFwvBoQOBLMjk4d2U3i1uSfk0DoQZ7zxr2XijI55Jy7sqOXgDQoU/2B7Z1vN/uZbaspsxB3GTt2H1aoRxF79EL8g4hh0AY5yWwijFEsmJ4kgInv7Ei18JuB2cGqmFHpzQM3BUl9415cBZV8Me+zerx0xzJk1PumSLEPvzAV5THmFv5WajScu4XVVFJIHbGMJeSDo7mJhfDS1sMMX62e13pgMWrdzL7W//jISKXQAxmcVCApSeozabmjrDRO+yE5eEye2XU4KVRE9x29GwBPY/qZfDdnsVGIUUFKGA426+JlFfQPIAEvyRB/zZ8lDYpUbtYFKpRHfRTxnzba3Xc9+Gdt2vTI9ABoN8JFlUyeHKKJe/U+InOS0g89fmy7NDA0tTHey/Q1dIPRBd0CVCLHqmC4qM1C4GXr4vwlqwqWQ0Az1wFVjocCbKWAopktHvIUoX/XcY6gamVsx0Up/G31BTGWjCTD+dzLuGLMQUx3NpJ/kjI8Py6RD2aHPXbjETwi5NLOJj94WEDxZMeHktMZ6hqoXPGXANvRYsy7eI9sdlNmUa0q1LKz34BZeKvAnCwxtjtpsWqBcaTok5Kd3A9V0e4GvQZOlF0CB+urwTb94ZGt8hP1PaXj9MUGW5UQimoKkiolM6t3RyWmSbpLtDGFBshEcaFqsk3svKAJ3f40FVBXXnpHl3MNvkXyfMlF3C4QFPtp0ua2AzTgbARM7qb86HC6ddssdxiWWWV2XG9nB1HDUt8GKvLxQaPmnS9mHQpCG8oKqLkXlL19KGoYeWy1U7H8tU+5udfbIBNvBl7F8jk96bctv2SPHdlEkZFos3zqotHqYXCrEVq4iM16CT9d84KA1aZhX8Mp7wgDeHBDaGuoaQGIv1K/MIfwYxWGIPu13tuIBs/F8Zk2PeDOoMzQ9Yen8JnGp+G8bKqjSeRS0duhXzD7jpCRNFRZD0nPHclADQsAkBpvbYjxca67UGi8qxQdh6VcEr2RKcfigGd9krTQyni1Z/rW5LmV3Cz4q619BBSrbbPap3ZIERV2JVvVoE30oj/RjluGjuAHh2S2TCRSYuEN/d8YanXEVg4G4WeVgqjaSuvnZl2An83MitOICiFaADtEXs86a0rFUL8hjHyfQ/TQ6r8EOL8mF9hfo+OpufJV5nx2CeQI45EwmFLaPfhAu+0BC3DfuM7ScGv+2HZmcje2mV/hOdwgm5wHw2LbHgg4TuO5ttkpCsOkmJ2XLejctdufcScz/DJM4yklr+Am8WpFalr5G+B35tkOWdJZqVKJ8a6/UZVsRP+xchSWZyD7hfSHjiDIuiVo/F+omdgMs51f/cPE+yGRD1xCdM1WkGFkmqcYm2fGfzgMSWUTeeT5bVIu59BI8KKMi84aws/18+jKKK5vu8dHYOxgOSG/hLAwNulggQHq100Z7ZHw2O0CA=
Content-Type: multipart/alternative; boundary="_000_5CCD6415B43B4BB5BD05E7A2B7839B3Aintelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f6212411-c584-48bc-f014-08da45904a3c
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2022 18:38:44.9305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: w5/zcPGba5AxxnHyBdelSatCaNkqTa5bF0ivu4jsdDToLFIxuBtD2ZLv+ds/o8g1fF6vgA33lG9c1MTtWQiYUg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5187
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/3-9mf693E6sLRVwr2X99tWf8kEs>
Subject: Re: [Rats] Where does a EAT end? - consensus?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2022 18:38:55 -0000

To summarize, it appears the way to address the issue of a potential for non-interoperability of “top-level” statements in the EAT draft is to acknowledge that this potential exists, and that it can be accommodated in a variety of ways that don’t need to be discussed within the EAT draft.

Does anyone disagree that this addresses the issue?

-Ned

From: RATS <rats-bounces@ietf.org> on behalf of Giridhar Mandyam <mandyam@qti.qualcomm.com>
Date: Thursday, June 2, 2022 at 1:40 PM
To: Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

> Not sure I follow: profiles are type constraints that apply to *existing* top-level EAT types.  They can't be used to extend the number and shape of base EAT types.

I was commenting on interop, not on extension of top-level EAT types.  I don’t think we need to provide a mechanism to extend the base EAT types within the EAT specification itself.  I’ve already mentioned with the example of JWT’s that the underlying specifications such as JS allow for that today.

If someone has identified a new field that must be added at the top-level of an EAT, they are welcome to come up with their own specification, as described in https://github.com/ietf-rats-wg/eat/pull/194.  I personally don’t think we should call it an EAT at that point, but that is a minor point.

-Giri

From: Thomas Fossati <Thomas.Fossati@arm.com>
Sent: Thursday, June 2, 2022 1:30 PM
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>; rats@ietf.org
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)


WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
> Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>> wrote:
> > > I think the underlying data structures make it extensible,
> > > independent of the CDDL notation.  However if an implementor
> > > chooses to extend EAT without an accompanying standard as a
> > > result, then interoperability may not be assured.  Therefore it is
> > > in an implementor’s interest to define a standard if they are
> > > seeking interop.
>
> > The core difference is the extensibility story for the claims-set is
> > governed by the CWT Claims registry, whilst the EAT type system has
> > no such mechanism (yet).
>
> I don’t agree:  the profile definition addresses interop – see
> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat#section-7.
> Up to this point, no-one has objected to the way profiles are defined
> in the specification, nor the lack of a registry.

Not sure I follow: profiles are type constraints that apply to
*existing* top-level EAT types.  They can't be used to extend the number
and shape of base EAT types.

FWIW, I'm a big fan of profiles.





IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email