IETF Logo Mail Archive

Re: [Rats] Call for adoption (after draft rename) for Yang module draft

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 14 November 2019 16:02 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17F5120A05 for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 08:02:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=YPTVSFTB; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=Xbovg7ky
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MNJjiNCOBTkx for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 08:02:13 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A325120951 for <rats@ietf.org>; Thu, 14 Nov 2019 08:02:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8718; q=dns/txt; s=iport; t=1573747331; x=1574956931; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=rYB4W3MpgFlLoh9a7vW/lsDgc2PoKyrnkbQ9YKgrbOQ=; b=YPTVSFTBxY19PYT/jJbJoMXeNAnjXFsAwAx1cyDGNDwMWSdh4QtZV3Fa f+Wj8fOKHFva8J0ayZZIyhFJgS4D1w/Kq2kNHfx9w5okkIFfwgbt/PORs c9prBYFbxJPtIsmh5y69aX6EwHaCRjBHA/CT4g4q3mHAOz+3XF2VALAts Q=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:Se+GCBQtBU7jURfi7G8SFtBXn9psv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESUDdfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOiEkG8VefFRk5Hq8d0NSHZW2ag==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AGAABpec1d/5tdJa1lGQEBAQEBAQEBAQEBAQEBAQEBEQEBAQEBAQEBAQEBgWoEAQEBAQELAYFKUAVsKy0gBAsqCoQfg0YDhFqGGIJemACBLoEkA1QCBwEBAQkDAQEYCwoCAQGEQAKCICQ0CQ4CAwsBAQQBAQECAQUEbYU3DIVRAQEBAQIBAQEQCwYdAQEsCwEECwIBBgIYDR0CAgIlCyUCBAENBQgGFIMBgXlNAw4RDwECDJZhkGMCgTiIYHWBMoJ+AQEFhREYghAHAwaBNgGBUopCGIFAP4ERRoJMPoJiAQGBYxWCeTKCLI9ZOZ0ibgqCKoNMgjSPZ5oEjkeaBAIEAgQFAg4BAQWBUjmBWHAVO4JsUBEUgjeOYwwXg1CFFIU/dIEoj2EBgQ4BAQ
X-IronPort-AV: E=Sophos;i="5.68,304,1569283200"; d="p7s'?scan'208";a="665666638"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Nov 2019 16:02:05 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id xAEG25rB022751 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 14 Nov 2019 16:02:05 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Nov 2019 10:02:04 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Nov 2019 10:02:03 -0600
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 14 Nov 2019 11:02:03 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c4tf9uaHbkyJtBfBgaTgb26s0QZHfBRqDda/cJjnRfWz2DBd0+298F2vBa6hGi/U3JXaUuec8oKgOLsIRdfzdGHc6z7IR9QgEeUUlZ8sx5qqGNH6hgtnXTT9TmiP8i+GxGKk2+j7Nrdku2UbB5Mi3H87JwUNvaYfo1VjvQsilU4nyRIZtn78YGvZcZVa3FkUdn3XjHU/Q6QdKfF940pd//kzdSDBdPyemzvPSTxQi52PclWdpTQ+FTOhveRBzmMhKtP1/AOM0LDVIiExbbNnekLM8NagSErL4yksPUINeA9mMOHPl4eV/LjCsgLq08Z4YtxA3HdMjb6D84JYRbSuJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LKaf2+D4/XVEDELYlIx+qMbJ+urSF3L5ErbN3jzFecM=; b=TroavO4P4EbO+czz52W3D/fc88+AodqDXB4kjggsw2l6t563sgpziG7uloj7su0FKMVl/C9BARqHW147Vii9TXw1tFhHxLgPhVjFscafVw3hCAGdmEJM2ErK5jMVL70CYmGu0sd+L7UH8dUReYZHnVIOPdihAPgSEGu3xPI7/VKxexCUso97nSP7Jl+mnvbsYcKjFkkrCwSxC/eYH5+t+1ES+OXYy67MBmR2Y/46j452Gd/ALX/bOpReGRsSC14lsOlrMZjNokCTCobhc8NhMqY3GCVVW+igDMcp0njlks2Z+t2Dc5JbO4lAjk0V5l1w6wW2D1Zf96/fksQN8ElGvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LKaf2+D4/XVEDELYlIx+qMbJ+urSF3L5ErbN3jzFecM=; b=Xbovg7kyOAfOSoWDOZtm/pvERZZfprpXzo8yN+3nFscXs8oK6TZOXe9NIhWq5c910ZM0pXjan4TxYNi6WE5Doz5KQ5emWBORzloQcZlOv8JmIe/H8iPqwC3UNdVrj8YD5wPxCOOapISKV46UcJ7iumq6JdHHFWH2HprMzzMdrmU=
Received: from DM6PR11MB4154.namprd11.prod.outlook.com (20.176.126.215) by DM6PR11MB4266.namprd11.prod.outlook.com (52.132.249.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.25; Thu, 14 Nov 2019 16:02:02 +0000
Received: from DM6PR11MB4154.namprd11.prod.outlook.com ([fe80::64fd:c810:5c47:243f]) by DM6PR11MB4154.namprd11.prod.outlook.com ([fe80::64fd:c810:5c47:243f%3]) with mapi id 15.20.2430.028; Thu, 14 Nov 2019 16:02:02 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>, Laurence Lundblade <lgl@island-resort.com>
CC: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, "Smith, Ned" <ned.smith@intel.com>, Dave Thaler <dthaler@microsoft.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for adoption (after draft rename) for Yang module draft
Thread-Index: AQHVmvyW8/lytau3hU+AhCwtIdg/0aeKzjHA
Date: Thu, 14 Nov 2019 16:02:02 +0000
Message-ID: <DM6PR11MB4154A67956517DF2D9D305ADA1710@DM6PR11MB4154.namprd11.prod.outlook.com>
References: <8B173958-FC2A-4D1D-A81C-F324AB632CD7@cisco.com> <147F9159-6055-4E55-ABDC-43DFE3498BF1@island-resort.com> <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <HE1PR0702MB375366C5F7FE5C497C35D73B8F740@HE1PR0702MB3753.eurprd07.prod.outlook.com> <7106C9D3-8ED1-419E-81F8-4CDA799BEDAE@intel.com> <MWHPR21MB07844F61BEFAE03F9E7DD290A3770@MWHPR21MB0784.namprd21.prod.outlook.com> <6E7D64B4-2049-4D0A-ADC5-CA3F0647779B@island-resort.com> <20191114140600.itrr5mjiysgutsj5@anna.jacobs.jacobs-university.de> <59707a99-8cec-2005-b1ee-72f171234cbe@sit.fraunhofer.de>
In-Reply-To: <59707a99-8cec-2005-b1ee-72f171234cbe@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.91]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a8ed95f8-9a2d-4763-8a0c-08d7691bfcdc
x-ms-traffictypediagnostic: DM6PR11MB4266:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB4266291B825261CB6CF8CFF4A1710@DM6PR11MB4266.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5516;
x-forefront-prvs: 02213C82F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(376002)(136003)(396003)(366004)(189003)(199004)(2906002)(6306002)(256004)(33656002)(71190400001)(229853002)(52536014)(71200400001)(66066001)(81166006)(66946007)(66616009)(81156014)(64756008)(5660300002)(66446008)(76116006)(8936002)(8676002)(66574012)(7736002)(305945005)(74316002)(6436002)(186003)(55016002)(99286004)(7696005)(76176011)(26005)(486006)(6246003)(66556008)(66476007)(4326008)(478600001)(110136005)(316002)(54906003)(9686003)(14454004)(3846002)(25786009)(86362001)(102836004)(966005)(476003)(6506007)(11346002)(446003)(53546011)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB4266; H:DM6PR11MB4154.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: doKxsDab4cO+Q6DvskwwzoKdX9aIEFANt7Qzm5JX2Y7MX0MKs95GDrxN/l5zHzmlT0R3gC9zDYXCVeyCV3+T0G8Wp73SUOvOYE974on9gThc6mrflSj6tJ8uMe4cW01+VqjVZWcFDhTzXYe+EidL++C22I4aKYmQMrKZXl4ENJphQLr9YvbSo/elreBXdCjv5R/JIeRDS4vOEewuqZFwp2maqkbj3UR2B+VnuijSm+nfE0cPXqtscQajUKsO/ZQKI4wj0bydynTnwzt2BeGdOfTG28ABqeYroTxfW5XOgkwvDsmouHcVtaFhvC0hmUn++GQdKaM0FA9I0iVaI5x26fdMJG2ETV9XrW4L6u1CMa7aISm7QC8nfLitB0rMTkgCRKdn2YlslSNYgmYhGKMmjWKMAiO2B/0/Qb2vlQd/uV2rHkntASN7affk7fKQT4aR
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_002B_01D59ADA.EF7507B0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a8ed95f8-9a2d-4763-8a0c-08d7691bfcdc
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2019 16:02:02.2110 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BXJPb54x0x2SUp38RBXEK1PVXKZtfgJYSdPEMYhG9DEYjmBC6XJ0DqHc5L37nJ8m
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4266
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.24, xch-aln-014.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/7nqdJnFWh1ZE7fJNPrDE67Bo6jo>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 16:02:17 -0000

Hi Jürgen,
Hi Henk,

What routers need is exactly what you said.  
 - currently: the retrieval of TPM originated/signed quotes.   
 - in the future: the retrieval EAT Tokens

Knowing when to retrieve these items is a function of the value of specific claims inside those structures.  For example, I might want to use RFC-8641 to make a YANG Subscription to a router so that I will be pushed the latest TPM quote when a specific PCR changes.  For this to work in the router world, we must have the structures of Quotes/Tokens exposed by a YANG model.

Eric

> Hi Jürgen,
> 
> I think this is very useful input.
> 
> On the list, Laurence and I already started to discuss Claims for "YANG
> modeled data" and Claims for "TPM modled data" (referred to as tpm tokens
> recently).
> 
> The remaining questions are about: What do you think is the upcoming/TBD
> impact on the current YANG module for challenge-response RATS?
> 
> Leveraging YANG modeled data comes up again and again. Maybe there is
> good approach here.
> 
> The TPM Interface based YANG Module does not simply convey native TPM
> structure, but decomposes them down the values that are useful and
> common on the management plane because the building blocks themselves
> have well defined semantics (always ensuring canonical re-composition).
> 
> Viele Grüße,
> 
> Henk
> 
> On 14.11.19 15:06, Schönwälder, Jürgen wrote:
> > On Wed, Nov 13, 2019 at 10:07:02AM -0800, Laurence Lundblade wrote:
> >>
> >> I see EAT as applicable to all these worlds, where the YANG module is just
> for the smallish router world. So I mostly agree with Dave about proportions,
> however this is the IETF where YANG modules are created.  (Maybe I should
> go join the W3C world and work on attestations APIs for browsers after RATS
> is done).
> >>
> >
> > If EAT is the common format for "token", then it does not make sense
> > to me to define a YANG version of it. It may make sense to carry EAT
> > token over protocols such as NETCONF or RESTCONF and to have a YANG
> > module defining this may make sense for the networking device world.
> > This is then a definition of an interaction protocol, but not the
> > token format itself.
> >
> > If EAT is the common format for "token", then it may make sense to be
> > able to include "claims" that are YANG defined data. That may be an
> > extension of the core EAT definition (but EAT would have to allow for
> > such an extension to work). There is a lot of formally defined data in
> > YANG modules that would be convenient to reuse as claims in a
> > networking world.
> >
> > /js
> >
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email