IETF Logo Mail Archive

Re: [Rats] What's to EAT? - terminology clarification

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Mon, 18 November 2019 05:44 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B72A212085E for <rats@ietfa.amsl.com>; Sun, 17 Nov 2019 21:44:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3etuOkPT72k for <rats@ietfa.amsl.com>; Sun, 17 Nov 2019 21:44:05 -0800 (PST)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 834B7120152 for <rats@ietf.org>; Sun, 17 Nov 2019 21:44:04 -0800 (PST)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id xAI5i0aL031070 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Mon, 18 Nov 2019 06:44:01 +0100
Received: from [31.133.159.37] (31.133.159.37) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Mon, 18 Nov 2019 06:43:55 +0100
To: Laurence Lundblade <lgl@island-resort.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
References: <229E0A72-4B44-4C9A-AD0A-142A13020C9A@intel.com> <MWHPR21MB0784058F591C52EEB31E0736A3770@MWHPR21MB0784.namprd21.prod.outlook.com> <4F586E15-9CF7-4824-87F2-8E2C20D1AF1D@intel.com> <MWHPR21MB078439E9EB07E3BB72E15137A3760@MWHPR21MB0784.namprd21.prod.outlook.com> <71173EC8-A167-47B9-B0F1-05759D59890B@akamai.com> <20191113071244.onqdgo2roqt7efb6@anna.jacobs.jacobs-university.de> <B555FC8E-FF3B-468A-B3DF-9F10DD6FBBF6@island-resort.com> <20191114141138.dipzizem6a6wh6cr@anna.jacobs.jacobs-university.de> <24439.1574051408@dooku.sandelman.ca> <8C37D486-D4CD-414D-962B-31993C5991B6@island-resort.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <bf4623d6-1916-1b98-2906-1cd7705febef@sit.fraunhofer.de>
Date: Mon, 18 Nov 2019 06:43:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <8C37D486-D4CD-414D-962B-31993C5991B6@island-resort.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [31.133.159.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/7_c6WLI1KupEnsag40OayIiI92E>
Subject: Re: [Rats] What's to EAT? - terminology clarification
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 05:44:08 -0000

I think the question was: what value does it add?

At the moment you cannot utilize it, and the structure is a bit... loose.

The latter can be remediated by creating a "how to create CDDL IM 
subsections" in a core document and tighten that a bit - so I see no 
real problem there (if it is about IM, I seem to have misunderstood the 
"CDDL is solely used fo DM now" quote).

The former is the thing Michael is inquiring about, I think. It reads as 
a DM and then it provides the "TLA"s for JWT and lables for cbor as tstr 
longer that 3 characters (which is a bit unusual). Therefore it cannot 
be mechanically serialized at the moment, I think. I am willing to chime 
in here, but I might also circling back to the latter item above. Maybe 
both the former and the latter items are more connected than is obvious 
and that is still unclear?

Viele Grüße,

Henk

On 18.11.19 06:31, Laurence Lundblade wrote:
> Seems to me that the CDDL in the EAT draft is working well to define claims that are mechanically serialized into JSON or CBOR and added to JWT and CWT.
> 
> Isn’t that the end of the story? Is there a problem with the EAT doc?
> 
> LL
> 
> 
>> On Nov 18, 2019, at 12:30 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>>
>>
>> If we are going to use JWT/CWT for the security of EATs, then I am skeptical
>> that CDDL (or any other Data Modeling language) brings anything to the table.
>>
>> What we need are clear semantic descriptions of claims.
>> Often we will need some anciliary data associated with the claim, and
>> sometimes that data will be more complex than a single binary blob.  In those
>> cases, a bit of CDDL will benefit us.
>>
>> I don't think that a YANG model will help us at all for this.
>>
>> -- 
>> ]               Never tell me the odds!                 | ipv6 mesh networks [
>> ]   Michael Richardson, Sandelman Software Works        | network architect  [
>> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>> 	
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email