IETF Logo Mail Archive

Re: [Rats] EAT Review Comments

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Fri, 10 December 2021 07:45 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A25753A0943 for <rats@ietfa.amsl.com>; Thu, 9 Dec 2021 23:45:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.751
X-Spam-Level:
X-Spam-Status: No, score=-3.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.852, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QgWLhr38UyUI for <rats@ietfa.amsl.com>; Thu, 9 Dec 2021 23:44:56 -0800 (PST)
Received: from mail-edgeS23.fraunhofer.de (mail-edges23.fraunhofer.de [153.97.7.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 870903A0954 for <rats@ietf.org>; Thu, 9 Dec 2021 23:44:52 -0800 (PST)
IronPort-SDR: DuDakiB9L1YGwm6HIZTskbhWOqqNIs54/CfkWphr4wonn2mz7N8fhGnKd1pEqy8yAnvyw8ANfx pZPB275Lx5qQ==
X-IPAS-Result: A2HgAAB2BLNh/x0BYJlQChwBAQEBAQEHAQESAQEEBAEBQIFIBAEBCwGBUSYGKH+BQoRIg0gBAYU5hQ6CVC4DgROaBIFCgREDGDYGCwEBAQEBAQEBAQgBKgsMBAEBAwSEfwKDIAElNwYOAQIEAQEBAQMCAwEBAQEFAQEGAQEBAQEBBQQCAoEYhS85DYNTTTsBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEFAkFHDDEBAQEBAgEBARARDwEFCAEBLAIJAQsECQIRAQMBAQECAiYCAicLFwYIBgEMAQUCAQEQDoJPAYJlAw4gAQEOlhyPNgGBOgKKH3qBMYEBgggBAQYEBIJSgjkYW4FaAwYJAYEGKgGDDYccgw17FxAQgVVEJm8nDAOBBm1KNz6CYwEBgSsBBwsBAwRGgmyCZZFrEVQPBiYEJgUHBA02DwEEHg0sKA4HBwErCQoGARgBFQwIBRERERgDkU6aMJFkeDMHgg6BNYE1BguQE4ZahlkGFC2Db0OLPIYYNYM7jVGWKx+gdy6EWQIEAgQFAg4BAQaBd4EPcE0kT4JpURkPjiAMFoEEAQIGgkOFFIVLczgCBgEKAQEDCY4sLYIXAQE
IronPort-PHdr: A9a23:itFMLBc0OXWcOMUFO0SWQX+QlGM/vYqcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX92az8XgcABziMwpyKOnvXILf3KyK
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,194,1635199200"; d="scan'208";a="34110599"
Received: from mail-mtaka29.fraunhofer.de ([153.96.1.29]) by mail-edgeS23.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Dec 2021 08:44:48 +0100
IronPort-SDR: SWg8YiCQzx3J++f060hUWRbTAdmvFz79VkSPWoiwnaU2e7KAYKub1q6YezGhoOse42qsBc1/MV gpT7ev8CiOI4I/xyNtqeK9NSYdioaV858mDWYXEL48IrPSQWpuk2nYSb68vGwloyYbNn7r0ZUi u3LLL9/pod8FS0uwiviOxaIDOvX8H0C9Qd7SngNx73s1Xq+nRwTkysFHXvqPdxdXyUF/AHaokN n4jZfqPHbAb+yxNWQoUbBkXyiH1IpR2az97rs6rJmWExPXM5LYTGcTQOXDwTWnkJU3cghETx0Y QqtLyZKhTW1eFR80J4mdCTQf
X-IPAS-Result: A0CyAAAJBLNhjH+zYZlQChwBAQEBAQEHAQESAQEEBAEBQAmBPwQBAQsBgVEmBih/WSZDhEeDSAEBhTmFDl6Bdi4DOAFamgSBQoERA1QLAQMBAQEBAQgBKgsMBAEBhQYCgx0CJjcGDgECBAEBAQEDAgMBAQEBBQEBBQEBAQIBAQUEFAEBAQENIWoGXgZogU+BYRMLNA2GQgEBAQECAQEBEBEPAQUIAQEUGAIJAQsECQIRAQMBAQECAiYCAicLBxAGCAYBDAEFAgEBEA6CTwGCZQMOIAEBDpYbjzYBgToCih96gTGBAYIIAQEGBASCUoI5GFuBWgMGCQGBBioBgw2HHIMNexcggVVEJm8nDAOBBm1KNz6CYwEBgSsBBwsBAwRGgmyCZZFrEVQPBiYEJgUHBA02DwEEHg0sKA4HBwErCQoGARgBFQwIBRERERgDkU6aMJFkeDMHgg6BNYE1BguQE4ZahlkGFC2Db0OLPIYYNYM7jVGWKx+gdy6EWQIEAgQFAg4BAQaBd4EOcE0kT4JpTgECAQINAQICAwECAQIJAQECjh0MDQmBBAECBoJDhRSFS0IxOAIGAQoBAQMJjiwtghcBAQ
IronPort-PHdr: A9a23:Y7VxYxMXXVaPINMosmsl6ncLWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ 1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9G skKVFJs83yhd0ZPH8OrfFzO5HOo5CMUGhLxOBAzKummcrM=
IronPort-Data: A9a23:51xF16BhJQoDXRVW/0nlw5YqxClBgxIJ4kV8jS/XYbTApDwj1jJSn WBMXmHUbP3cNjT3Kdsjady1808D6peDztIxOVdlrnsFo1CmBibm6XR1Cm+qYkt+++WaFBoPA /02M4KGcYZoJpPljk/F3oLJ9BGQ7onVAOqsYAL4EnopH1Y9En9w0U4Ld9MR2+aEv/DpW2thh vuv+6UzCHf9s9KjGjtJg04rgEoHUMXa4Fv0jHRnDRx4lAO2e00uMX4qDfrZw00U4mVjNrXSq +7rlNlV945ClvsnIovNfr3TKiXmTlNOVOSDoiI+ZkSsvvRNjiZs4vwlDvMBUxpS22ibp9Fe7 +hCu7XlHG/FPoWU8AgcewJdDzk4ML1N+PnJO3Git8yUwUDcNXfhqxlsJBhrZstJpaAuXjAIr KZHQNwORkjra+aewL+9Sa9mh94gLM7vLqsEu20mwyvQEPAmRp7OWePG6Le02R9u1pEVQqiAD yYfQWVSNA7wXkQRAGksIo0imr+63X6vMDIN/Tp5ooJtujOKl1wguFT3C/LPc8CRbcRYgkjeo XjJl0z9DRUyNcebwDyJt2ihnejVgWXwX4d6PJ2x8Phnmxuv3WcTDxMbU1q0ifCjjwi1XNc3F qAP0nNz9u1jqwnyEYi4Bkfn5mCB+BVaVcBZDus67w+A0OzY7m51G1ToUBZLNux8qvU/WAZ30 w/UjevoKhtSv7O8HCf1GqivkRu+Pi0cLGknbCACTBcY79SLnG3Vpk6SJjqEOPPv5uAZCQ0c0 BjX9XJv1u57YdojhvnqpAivbyeE/MCRJjPZ8Dk7SUqJw2tEiGONPtHzrAmEqK8ffcPAFAbHo n1CkI6Q9ukTC5GKmiGXBukAdF1I2xpnGGGN6bKMN8N6n9hIx5JFVdsJiN2ZDBw0WvvogRezP CfuVfp5vfe/xkeCY65teJ6WAM8316XmHtmNfqmKNYsWPcQvLFfdrXsGiausM4bFzhdEfUYXZ szzTCpQJSxKWcyLMRLpFrxCjOR1rszA7T6KHMigp/hY7VZuTCTMEu5eYArmghER4K6ZvB7e8 9tEf8WN0Q5UUPD4bTLR/JIBRW3m3lBkba0aX/d/K77SSiI7STpJNhMk6e95E2CTt/gPx7igE 7DUchMw9WcTclWbc1jXMS46N+u0NXu9xFpiVRER0Z+T8yBLSe6SAG03LfPbpJErq75uy+BaV f4Ad5nSC/hDUG2YqS8ccd/ztoV/chSsiw+UeSaoOWBtc5llTg3P29nlYgq2qHhQVHXq75Nmr u3yzB7fTLoCWx9mUpTcZsWv+FXt73ITr+R/AhnTKd5JdUSwq4VncnSjjvI+L8wWBw/Ewz+Wi 1SfDRsC/LafuI4pttfTjL2Cr4CnHvE4EkcDRzvX6rO/NC/7+Gu/wNYcAbjSIm2HDDv5ofzwa /9UwvfwNOw8sGxL64csQax2ya8e5sf0o+EIxApTHELNMwahBIRmLyTUxsJIrKBMmuRUtAbqC EKC/t5WZeeANM//SgVDPw85dqKOxfoU3DfI5OkzIEL06TUx8LfeCRdeOByFiSp8KrppMdp5k Ll755NMs1Sy2kgwL9KLriFI7GDQfHYOZKMq68MBC4jxhwt3l1xPPc7GBint7M3dYtlAKBJxc GbJ3++T2PEFmRuHKiBsU2bIm+Ebi44HpRZKy1EPPRKFl4Od1PMw2RRQ9xUxTxhUl0kWjbgsZ zIzb0Ald7+T+zpIhdRYWzz+EQ92AhDEqFf6zEEElTGEQkSlPoAXwLbR5QpQEJglzl9h
IronPort-HdrOrdr: A9a23:HoAjzqzk7ALdeNT0ak8BKrPxSeskLtp133Aq2lEZdPUzSL36qy nOppkmPHDP6Ar5NEtPpTnEAsi9qBDnmaKdg7NhX4tKNTOO0ADDEGgh1/qG/9SKIULDH4BmpM Ndm/8UMqyIMXFKyeTBzE2RFMsh39md7LrtpeDQyR5WPHtXQpAlzT1UTi6dD01oRBJbH94YE4 eR/cBKvienYjA2acu8b0N1JNTrlpnorr6jSQMaDxQn7AWIkHeG6LvmHwPd4wwfXT1C2rsutU fElhH0/b/LiYDG9jbsk03ow9B/hcbowNpGCMuQzucULyjhkUKUf4RuVbGYsD1wm/2r5ExCqq iwnz4Qe+ZIxzf7YmS2hRf2wQHv3CwA63r+xUSZhnWmm8bwQ3YAB9BcgJ8xSGqn12MQ+PNH/O Zw03mHu4F2ChzH9R6Nn+QgLysa8XZc9kBS99Iusw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,194,1635199200"; d="scan'208";a="6893766"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA29.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Dec 2021 08:44:45 +0100
Received: from XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Fri, 10 Dec 2021 08:44:45 +0100
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (104.47.5.56) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Fri, 10 Dec 2021 08:44:45 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YacjbarZJsatpWcKOFAPvrNSe1HWIUX89nfNgrd8QYacY978AN4EOBtso5sBtcba5FMNL1siI622MuJSoWm+7y11BNUCOQVMR+tEI+3rZDyykpqbw0qiU82L2mMyjoB5GWACF0qqVkuZrj/DVdxsj8rxEVKpLlxC5YaLsIwlECSzqbmg2FY78f9U/VhvFwTMfvFx72pjw8yoURJAI2kSQZa5AoqhOJ+shZ2Zd0K3h7M418yN+xfRv5xJ3rwaPbr3utz9PLgAHnoPX3Vzj/uth+6VlUh6flHvF5RGvhs7NkW3itd8NOuW/xJyo8stWFGHJZTSfbzfpqgbTLdPN3UIlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m2KuyBSiF8ScMdLi2cKnGQ7MEMbYpWbzCWsjti922Ag=; b=QDLJHBPPvEHERA57Owd+GYL1DOmKmzPzMtyhYbKlqWcpxiKBzyzNzFT+YfeiAjsv2qb1m9nkoXn5VvRDTATONERMDI3nPDnqq7/MSDVbSJCj/oK06sF9otdV6WKf8aky+VeYdKWsDdN82PazbMpZ1n69PkvNKwvPPzmFznWaZmwWr82xnEzWi0U4/8sI1Z3rnsGupxmShlOGpwcfWfFkUsv00vBLeRUmlN8IcTdJzCTrmxSdaGFLQ3GD6Ynh0pufE/4tkvsW/lvBdPwcfVPOoIcVzuDitePOqw+sw4ec9oOmR/ubaWQlcqSklu5jgk0YcS0rDdIT9KaR829X9tM71g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m2KuyBSiF8ScMdLi2cKnGQ7MEMbYpWbzCWsjti922Ag=; b=Qn1G+YUs3z2Cq9T0tEU0di9wz043XTOEQ0i+unaMPmxIBCbFb2lW23T+c/3FzCw7YRzngnxbT+hAIYfDr8Esao2sNtV5kVT2vH5LRWUC54Vg6SjXd/bvePtn5Q3P+iNt8CjSeqTcAvz6xCxt+sOukOdjAm1Vb30I6VrzUDjIOxY=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9) by DU2P194MB1551.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:23a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.14; Fri, 10 Dec 2021 07:44:43 +0000
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::fd02:7dff:f815:47b6]) by DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::fd02:7dff:f815:47b6%5]) with mapi id 15.20.4778.014; Fri, 10 Dec 2021 07:44:43 +0000
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <7e8275a1-10ce-bff8-9252-8c0d32d3e395@sit.fraunhofer.de>
Date: Fri, 10 Dec 2021 08:44:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: FR0P281CA0075.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1e::10) To DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: bf1cb84f-9e80-408a-1d10-08d9bbb0edcb
X-MS-TrafficTypeDiagnostic: DU2P194MB1551:EE_
X-Microsoft-Antispam-PRVS: <DU2P194MB155141B11DA40062C5AE3C66A8719@DU2P194MB1551.EURP194.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: EsgY07EXFKyxzVQEBM6q6IDR2APXpHV7/frIoxLy/XAQK9USR5aeLGeRM9u1Fr/xwgr8reTBiK6FZg24pbRojyblO1YEsLO1kZK1FhGAQzlYV5o2J1OZO1FR2xzyd/6+VyFQQzMFQvhOHQD/WkH9OfuORTw8v0W3drP4yiJjXUA/thrZ8YzMEimSETt5jn5Xx/OMTdRFbEaC8v8ouogtVQ/LmonQ7GCxiK9xRW9b2Zy9qRBbmSRg1ztJL6GtT7t7jxzXlicY2xrMoK2epiza/QmDEeTxb25H8+1sQpyKSWI9fn37x5Z3MJxsPcIdDFtJJeEtAUj4IjL4kWpwUqX4psqH05Bmd+bo5YS8D2TOxaXSPoreCmLlCxmrjFp67BRdOsPLTHkKycHjodd1BT8HAcNBSfI4JVNYXtnoW+D94JA1FGOqivzIsXKHoFZCaeooV3fXrJHfZCEu37gNd/uNjy3cNUDIGxbPypfG3hvSXjW0RO0+IOxmzYrOnvzF4Gl8zeIEdxsyVfP6VENZrguigIg7SShkQFxEROS1dowpsxjvIdUVei52gVdHrLB42KgvUQKknMrb83Y7qvYHHi7DZfpyPqPd+1aFmwTksE8UzfZwJmTjYs1p9Ul5ydcqZO7XRTnwHB1HmOm++SGwKHkifPeFRNR77KzriH4NBnxOq/cH2VVn2W5QoGtiubmkhtStS9xWiK6hTEnkeDqWV6D9UOnKl6aGE5hEnfDNz5b/ULQjOdPf8gCtFNKPlMjZB9YJD84T+QvHvR49xzhRBgDlbEiXIKU69kULYTy9fhIenUyQVrmQaTs08TWlvmM6jk4AnlkdCKvB9nuuZefKJmm2Vw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2P194MB1709.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(82960400001)(6506007)(5660300002)(2906002)(30864003)(66476007)(38350700002)(44832011)(86362001)(2616005)(83380400001)(110136005)(316002)(508600001)(26005)(31696002)(53546011)(6512007)(6486002)(4326008)(966005)(66946007)(186003)(38100700002)(52116002)(31686004)(8936002)(8676002)(66556008)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 7EC/7sfYyVFCrzdbfr16y408e4fePR/hrVdJFCS2kSWCkdPoXvq+Sf7eYCGUcICgEdSjGfRlM59BkuE8NKjqaKezFqetecuHezxO7Yu01M8gX6e84nDTV3qe9RtAk6YECcgOu9yDWyAOkgpufhq3b2OrGsaGFr6LR67N1xWnrIqK+Fl/yB2m/bRV7LHtJFZ/iGPMK1NNxYL7Dzr2YruS0kcwk0uB+PybUSZYjJkrHRu5+Pl6vVhBTwq07WbVk5hgSTNeuH8Ugs0IN3c74v3rWkA08tT4wbQ4XHe1uRJ5vgmYsm8DpjcI6J2Ff8Vodhv98ZwoUZUV3Sn46CA5S7hLhbhL0z8VOyMiw0xy4+M3p09yCV6V7YleNZSYQR6qqCTU+5N6DK4wKysU4obz/AYnESnTY0SbRWrKKeqCwmqShYBaT4xe/BhGeZmEbqxcLNn9ZZYJEKYQI6EMPtKAFELQCqnK3qNaiRBju0giJXf5EOga0JfG4deS9uteTMkUBfNMz3bGKGFcUT+ZH1XPBgaEQnZL5mK+w17BJApJXDUzo25qGZflHwJfZVEb/pNxN6unfbMPWcNyZOa47AICmE7XjA2YCvHgvv8fQiwCLFkSNk9daErQ2B0i9j7LeSjktJZ+qD8DsZ/HZW6IBd7+nMrvnygSvy254F5r1fOPKJ3ITxOd/iPIMMKCQfUsGm7nJVoE2yemnOtMgB5OaNlOKipEOYt7XfPnHtebOJm5PgSgRK1HrZrjl9zu0QJp5ooc1XUdeCByZY6HnXGEpAkSD2Xd3+0wkiL93Ycfjlg6J9eMkKY6F2iINMn0dkumF08HQWJw5EFsvg8YDlJzEwdyqfQQKE99xl7eOSYTYB17WuQNj1lLaKw6SHpnjM7ayFCB7W4L0XMOQfAEF4A2f91htl1Nrw2+dIWb+j7upNMuIrVj4oocJeOQa8jTqaYheKMp7EtnZs+PRYAf/cNFtb4sa6COg034Twu2vVaY7siILsfHLuRjNSExW/3A7f1fEgoPKj94bxYPWO2AVSlDLnv9evBhKkbFWGFAux9y+AGH3fFfg6XwFnLyIuTVIkdwi/wx97/39qNAtb7jvHkGVFi4r9TQIVPfIq5+JuwPpKfQQd13G1SUV3zK7ElKoQAfcP3E+FRSBxGzikKUo6lB+icvF7zS+U6fqD3uO9Ms8E4xHpkjP9TNi9sZPq75R8rlFhmrd2UVdgjweniRK73JyWP3gKpiSnq7A3KUXl9LEhxhV3ItaaSQ8SauYd6IqFIrYlwzvHfughJxnR/IUBLU90797GBKwJUS/X8ks6lZ6Mnpx1dK/Y1tLLYQnEQPeUhdh0UEGuo6dDCsgavsOFlidlOJKP/7M3HcNQZxOEUUFnI8Krdy1WdWPVf9h494uRIsQSAyWN5ccnLBEcP6vgqDSEZDpUoCge+Z9SxcUXqPJ1VWL3L2An16APGP4uEr3l/NeO9/Ggx8OQnAlUXPPVkQPerCJxXu0tczazTF2jmeTOSVmY+XdJWvwf7UVZn5i+EBP8yb6DpOO+AksB4690+0ZOwofUBehUlMn1G026GGdCZeCW++yevJpUX7PaQaYxsDybk7MM2vCQ8vqFIzFDMW9k5OT5TVKHwuA8FEDlKqjqYE6IhAl1ay9h1aV1rkowqj6fOdMEiVipcPFSYM9QtnJAL/Mc30Ug==
X-MS-Exchange-CrossTenant-Network-Message-Id: bf1cb84f-9e80-408a-1d10-08d9bbb0edcb
X-MS-Exchange-CrossTenant-AuthSource: DU2P194MB1709.EURP194.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2021 07:44:42.9617 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: +UxKlSy6CkUcWurkZxeuoBQ+ljnPOZoYw0w0QF3KVA71Z2xTGF6G7Tl4TheoRi6LQzHO2oIFPCnCbnboECnTu8yIm18ULZld5pQsc3MHOrE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2P194MB1551
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6K4lKExYXiunLYUe8MPgOTysGUI>
Subject: Re: [Rats] EAT Review Comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2021 07:45:04 -0000

Hi Hannes & Laurence,
hi list,

a few essential comments in-line.


Viele Grüße,

Henk

On 09.12.21 11:45, Hannes Tschofenig wrote:
> Hi Laurence,
> 
> Thanks for your quick response.
> 
> A few responses below:
> 
> -----Original Message-----
> From: Laurence Lundblade <lgl@island-resort.com>
> Sent: Tuesday, December 7, 2021 10:52 PM
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> Cc: rats@ietf.org
> Subject: Re: [Rats] EAT Review Comments
> 
> First of all, I really appreciate the thorough reading. This is probably the first deep substantive set of comments ever made on EAT.
> 
> 
>> On Dec 7, 2021, at 3:49 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>>
>> Hi all,
>>
>> As promised, here are some high-level review comments, which are most important to us:
>>
>> - The document would benefit from a normative language. Think in the following way: What does a party creating a claim and a party verifying the claim have to do in order to ensure interoperability. Use SHOULDs and MAYs when you can give the reader a decision path.

As long as additional normative statements are in support of 
deterministic and interoperable evidence generation and appraisal I am 
all for that. I would like to carefully highlight that phrasing such 
statements is a delicate procedure will cost additional time to get 
aligned as WG consensus. In general, I see the necessity and in favor of 
reviewing proposal for these.

>>
>> - Don't put comments into the CDDL since the same text is already in the draft. You are essentially putting the text in the document twice. This will reduce the size of the document.

Yes. Self-descriptive CDDL + English text for human readers outside the 
CDDL elaborating on type semantics is the right direction.

>>
>> - Normative vs. informative references: If you need to read a specification as a developer in order to implement a listed claim then this reference is normative. For example, the location claim cannot be implemented without having to open the W3C geolocation API. Hence, that reference becomes normative.
>>
>> - Aim for consistent use of terminology. An example is the use of "entity", "entity/device", "device/entity", "entity/client device", "device entity", "entity or submod", "entity (typically a device)". In Section 1.4 you seem to suggest that "entity" is the right term. But throughout the text you mix the terms. The  EAT draft should adopt the terminology established in the architecture doc, which would be "attester" rather than "entity". Section 2 should import the vocabulary from the architecture document **by reference** and establish the aliasing "attester" = "entity" (and maybe = "device") by saying something along these lines: "attester and entity are used interchangeably in this document”.
> 
> Agree about most of the above and will work through it.

It would be nice to have a review'able track of issues for each type of 
inconsistency here. But speaking from experience that is the way how 
Laurence works on the document for quite some while now (kudos), so I am 
not worried by that, actually, still I felt the need to highlight that.

> 
>>
>> - The spec is long and there is a lot of feature creep. This makes it appear very complex. I believe there are two reasons for this, namely (a) there is suddenly a lot of architectural discussion in this document. This is unnecessary given that there is a separate architecture document. There is no need to repeat the content here as well. Do you expect a reader to go through the architecture document before reading this document?
> 
> OK. I will work to remove some of this.
> 
> A few hints and examples of what to remove would be helpful.
> 
> I already made one pass at removing text from EAT that was covered in RATS architecture.  (EAT -01 actually predates RATS architecture, so there was lots of stuff to remove).
> 
> [Hannes] I can go through the document again and focus on identifying on what could be simplified.

Thanks Hannes. I'll review your input and cross-check the proposals.

> 
> 
>> (b) There are claims in this specification that may sound good but I wonder whether they are ready for prime time already. This document does not need to collect all claims that relate to attestation. Most likely there is not much experience implementing some of these claims either, which reduces the quality of the specification. Sometimes less is just more.

Personally, I was under the impression that the content of -08 was 
already good enough.

My biggest point of concern is the scope creep into JWT.

EAT was intended to be a CWT (more on that detail below). The 
implementation complexity of including JWT now is kind of mind-boggling. 
I have been for a while and will continue to be in strong support of 
moving JSON encoding related normative text out of the EAT core doucment 
to supplemental EAT document.

Fundamentally, I am still opposed to EAT being a CWT. It allows to 
include any kind of CWT claims from an increasingly growing CWT Claims 
registry. I am allowed to include a nonce and a cnonce Claim 
simultaneous due to that. Or simply mix an exi Claim in. How shall an 
implementation act on that? That is a valid EAT composition. Is "ignore 
what you do not understand" the strategy here? That is not a really 
useful approach, if your goal is to establish an interoperable way to 
assert trustworthiness. I'd very much prefer a better scoped usage 
scenario for EAT for RATS by making an EAT something more specialized 
than a CWT (on the CBOR tag level). Maybe someone can explain to my why 
this is not an implementer's nightmare as I might miss something obvious 
here.

> 
> Definitely agree that less can be more.
> 
> Top of my list of claims to remove are uptime and boot seed.
> 
> The other claims have a strong purpose in my mind. They are necessary to describe the device and the attestation results.
> 
> - Maybe the DLOA’s claim could be removed, but I think it is important for RP’s to be able to know about certification status in attestation results.
> 
> - The description of SW manifests and measurements is a bit difficult, but I’ve tried make use of the best things out there and be flexible / pluggable since it is a moving target.
> 
> - The set of UEID/SUEID, HW OEM ID, HW Class and HW Version is what is necessary to identify HW.
> 
> There is similar reasoning for the other claims.
> 
> Which claims would you remove?
> 
> [Hannes] I don't know the history of the DLOA and the SW manifests claim but I wonder whether people will use them in the near future.

As rule of a thumb, I'd simple prune anything that was added after -08. 
Maybe we should go from that demarcation line, enumerate the Claim names 
of everything that was added after and then see, if there are candidates 
in that list that the WG is interested in keeping.

I am not saying to abandon the "pruned" Claims, but to put them into the 
next document. All implementation that I know of are based on -08. I 
don't want to sound over-confident here... maybe it's -09 effectively... 
my point is: divide an conquer.

> 
>>
>> - Unprotected CWT Claims Sets (UCCS): I see UCCS as an architectural aspect. Normally, the implications for the EAT spec should be quite small. The purpose of the EAT spec is to define claims that go into a CWT. EAT does not mandate a specific way to protect the claims (digital signature, MAC, encryption, etc.) then UCCS has not much implication besides a short mention in the security consideration section. Given that UCCS is a separate working group document we would remove Section 4 along with any reference to UJCS.
> 
> There’s strong logic here:
> — RATS architecture explicitly calls out composite attestation — A submodule can be a nested EAT to implement composite attestation — A nested EAT can be a CWT, UCCS  or DEB — The CDDL that specifies a nested EAT submodule thus must mention UCCS
> 
> So a UCCS is a claim that goes into a CWT. I think UCCS, particularly CDDL for UCCS, must be included because of this.
> 
> [Hannes] I wonder whether everything in the RATS architecture should be covered in the EAT specification for several reasons:
> - First, the EAT spec becomes complex and harder to read.
> - Second, the RATS architecture enumerates everything that came into someone's mind or, as we later learned, can be patented.
> - Given the status of the industry with attestation I believe it will take a while to even get the basic functionality deployed. For more complex use cases it can easily take several years.
>

Yes. This. I am in strong support (+1) of moving UCCS implications 
solely into the Security Consideration Section.

> 
> 
> We decided a long time ago that EAT would support JSON in a normative way. The logic continues:

I am not so sure how the group consensus really looks like here. Maybe 
this calls for a dedicated question to the list. Again, I am not talking 
about abandoning the whole JSON nested in CBOR nested in JSON idea. I 
just think as part of the EAT core document it is adding an 
insurmountable amount of complexity that could severely hamper adoption 
in the end.

> — An EAT can be a JWT
> — EAT specifies claims that go into a JWT (and a CWT) — A submodule can be an  nested EAT — A submodule can then be a JWT in a CWT or a CWT in a JWT
> 
> If we stay with the idea that EAT has normative support for JSON, then I believe the above logic holds and specification of the above is necessary.
> 
> I don’t think we realized the implications of EAT formally supporting JSON/JWT in a normative way a few years back. I certainly didn’t. Trying to write and validate the CDDL for both JSON and CBOR, JWT and CWT brought it to light. Maybe it’s too much? What do people think about completely removing normative JSON support from EAT?
> 
> [Hannes] JSON may be something that is support from the verifier to the relying party because those are probably HTTP-based API. I am wondering whether it would make sense to just have a CBOR-based encoding for the attester-produced EAT tokens. Then, the JSON-based functionality could be published in a companion document, if needed.

+1 for companion document, +1 for if needed.

> 
> Now on to UJCS. The decision on it can be separate from the above logical conclusion, partly because JWT has the (awkward) null algorithm mode.
> 
> My main logic about UJCS is:
> — JSON is far more popular than CBOR
> — If there is reason to specify UCCS, then there is more reason to specify UJCS — This also lines up with EAT being used for attestation results, which are likely to be JSON.
> 
> Maybe UJCS can be removed from EAT, but it seems like it should then exist somewhere else.
> 
> There is still a logic and power in bringing all this highly related stuff (CWT, JWT, UCCS and UJCS) together especially when you try to write CDDL for it where individual claims can be JSON or CBOR and individual tokens can be JSON or CBOR. This goes back to composite devices described in RATS architecture.
> 
> [Hannes] IMHO the UCCS functionality should be described in the UCCS draft. I doubt that JSON makes a sense for the community proposing it. I got the impression that this is something from the Smart Card/Secure Elements community and those would hopefully use CBOR rather than JSON.

+1

> 
> 
> Ciao
> Hannes
> 
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.39.1 | Report a Bug | By Email | System Status