IETF Logo Mail Archive

Re: [Rats] Review of draft-ietf-rats-eat-01

Laurence Lundblade <lgl@island-resort.com> Tue, 16 July 2019 04:04 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3442D12006A for <rats@ietfa.amsl.com>; Mon, 15 Jul 2019 21:04:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L82ofxiYNBAI for <rats@ietfa.amsl.com>; Mon, 15 Jul 2019 21:04:14 -0700 (PDT)
Received: from p3plsmtpa07-07.prod.phx3.secureserver.net (p3plsmtpa07-07.prod.phx3.secureserver.net [173.201.192.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8455F12004F for <rats@ietf.org>; Mon, 15 Jul 2019 21:04:14 -0700 (PDT)
Received: from [192.168.0.107] ([67.237.247.208]) by :SMTPAUTH: with ESMTPSA id nEhIhTNfN0qbenEhJhi4Uo; Mon, 15 Jul 2019 21:04:14 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <5CBB3ED3-0CD6-443D-B80F-EE426F7905C3@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5DE41109-140D-4ED4-AB5B-1CDAD7E402DE"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Mon, 15 Jul 2019 21:04:12 -0700
In-Reply-To: <D95268DC.E2D3B%carl@redhoundsoftware.com>
Cc: "rats@ietf.org" <rats@ietf.org>
To: Carl Wallace <carl@redhoundsoftware.com>
References: <D95268DC.E2D3B%carl@redhoundsoftware.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfN9TKUb+xRGgdd/SsB6QFU3MrrC0ZfrYspUre5hWO36KvAuZUMuuM4LowhqBwnezh5wvNHhBHLK6zKYBRqtskMGAqwWMVaNvRQV97edzwXVAE8J67ERL 5dy73Fj+jt4hhG6MwMFfOlL2wrgSkdHElycYqESUqNEcVGihW7Wo24pq9nTm6NoyASBoZrEhE9iySq1/xni8gEWlF5AR0eCYuYo=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6G1VDsxhpNNNKHmsXJha1QcyiR4>
Subject: Re: [Rats] Review of draft-ietf-rats-eat-01
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 04:04:17 -0000

Hi Carl. Thanks for the comments!

My comments below...

> On Jul 15, 2019, at 2:31 PM, Carl Wallace <carl@redhoundsoftware.com> wrote:
> 
> In section 1.2, it seems odd that the definition of the term "entity" is
> limited to things that implement this draft. The last sentence of this
> section and the definition of "The Entity" in section 1.3 bear this out.
> Generally, 'entity' is used pretty loosely throughout the draft.

Please file a GitHub issue here <https://github.com/ietf-rats-wg/eat/issues>. 

> 
> In section 1.2, why state "the attestation should be cryptographically
> verifiable by the EAT consumer"? Is the intent that some EAT consumers
> won't recognize the root of trust or that some EATs need not be
> cryptographically verifiable at all? If the former, maybe change from
> should to MUST and add qualifying words about root of trust for relying
> parties. 

Please file a GitHub issue here <https://github.com/ietf-rats-wg/eat/issues>. 


> 
> Section 1.4.2 claims to not standardize the "end-end process of
> establishing signing attestation key material in the entity, signing the
> EAT, and verifying it". However, the election of COSE, for example, does
> standardize signing and verifying (see section 4.4 of RFC 8152). Also, the
> language here needs to reflect expansion to include JWT.

COSE, EAT and CWT do not mandate support for specific algorithms to the degree the interop is guaranteed. For example an entity could implement ECDSA and the relying party could implement the Edwards Curves. This is the intent of this sentence. 

I believe it is up to profile documents to lock this down for guaranteed interop


> Section 2 feels incomplete without a definition of claim (as in JWT and
> CWT, which include similar definitions as here plus claim) and attestation
> (given definition of Attestation Key Material). CWT Claims Set should
> probably be renamed Claims Set given expansion to include JWT.

Since an EAT is just a CWT or JWT now, I was thinking the definition from CWT and JWT just carries over. 

> 
> In 3.1, suggest re-phrasing "sent to the entity by any protocol" to
> something simpler like "provided to entity”.

OK. 

> 
> Should 3.11 be 'nested EATs' or 'aggregated EATs'. In other words, are
> these really nested (like signed then encrypted or signed then
> countersigned) or are they aggregated into an array then signed? Should
> these be wrapped as a bstr (at least for CBOR)?

They really are nested. It says:

   The contents of the "eat" claim must be a fully signed, optionally
   encrypted, EAT token.

The nesting is really powerful as it allows multiple subsystems to make EAT tokens (a modern cell phone has lots of CPUs, often well isolated from each other) and for them to be combined and bound to each other.

My thought is that they do not need bstr wrapping. It’s only inputs to hash functions that need that because of the way CBOR decoders work.

If you still think it needs bstr wrapping, please file a GitHub issue.


> 
> In 4.4.1, suggest table presentation a la COSE spec.

That is CDDL. It should not be a table.

But latitude and such should have an “=“. I’ve filed an issue for that. 


> 
> In 4.4.2, are nested EATs allowed to make different encoding choices?

Yes


> 
> Throughout the draft, should and must are used in many places where SHOULD
> or MUST is probably applicable. Examples include:
> 
> 	- In section 3.1, the should should be SHOULD
> 	- In section 3.6, the must instances in bullets 3 and 4 could be MUSTs
> 	- In section 3.11, the must should be MUST
> 	- In section 4.3.2, the must instances in bullets 3 and 4 should be MUSTs
> 	- In section 4.4.2, the must in the last sentence of the second paragraph
> should be a MUST (and it may be helpful to enumerate 'all' here)
> 	- Throughout 4.4.2, there are several instances of 'the server must'.
> These must instances should probably be MUSTs and 'the server' should
> probably the 'the relying party'.
> 	- In 5.1, the should should be SHOULD

You must use the word should and should use the word must as many times as possible in a sentence. :-)

I’ve heard different philosophies on this and tended to the more mellow ones that imply. I’ve filed an
Issue to resolve this.

> 
> 	
> The draft should probably include claims related to key attestation (I
> think this was mentioned on the list as something that would be added).

Issue filed a long while ago.


> 
> Typos
> - In the intro change "very small IoT device" to "very small IoT devices”

That is from the -00 draft. It is not in the -01 draft. 

> - In section 3 fix formatting of bullets

The CDDL section header was wrong in 3.3. Is that what you meant?

LL




> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email