[Rats] Mixed format token collections (was Re: New RATS)
Laurence Lundblade <lgl@island-resort.com> Fri, 03 June 2022 18:39 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47767C14CF09 for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 11:39:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.928
X-Spam-Level:
X-Spam-Status: No, score=-1.928 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eG662CYtW2xU for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 11:39:06 -0700 (PDT)
Received: from p3plsmtpa09-08.prod.phx3.secureserver.net (p3plsmtpa09-08.prod.phx3.secureserver.net [173.201.193.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAE9DC14CF0B for <rats@ietf.org>; Fri, 3 Jun 2022 11:39:05 -0700 (PDT)
Received: from [192.168.1.4] ([75.80.148.139]) by :SMTPAUTH: with ESMTPA id xCCPniEPX8t7XxCCPnVPT4; Fri, 03 Jun 2022 11:39:05 -0700
X-CMAE-Analysis: v=2.4 cv=fI/8YbWe c=1 sm=1 tr=0 ts=629a5549 a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=7CQSdrXTAAAA:8 a=48vgC7mUAAAA:8 a=NEAV23lmAAAA:8 a=2PxD8ErUFtqj5-X_gywA:9 a=QEXdDO2ut3YA:10 a=Bm7m_ieZZK86NGDJ:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <51B31989-C674-4FBD-A147-514BE17E8E3E@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5E239B05-D349-484C-9B05-DE51D983D6A2"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Fri, 03 Jun 2022 11:39:04 -0700
In-Reply-To: <AS8PR08MB6392C7D0CC195B30CBC789CBEFDD9@AS8PR08MB6392.eurprd08.prod.outlook.com>
Cc: "rats@ietf.org" <rats@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
To: Simon Frost <Simon.Frost@arm.com>
References: <AS8PR08MB6392C7D0CC195B30CBC789CBEFDD9@AS8PR08MB6392.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-CMAE-Envelope: MS4xfAwl7EZUZR45NxxQSzwcmmoVtrdZ1H8mxoeOi0NOPoggqfA8+qRt5OQloXu7iXz838fKf/qEvW6kfOikmfZM8EOPOK3oBWFvOtWnSVclh4oHxJU7/5Hu JFoQzsfFJDmFg7oQmaG0aGriEDvHshH5wQ2EbuMDvkm24/e6+AoKv69xmCfcZLByickDrvgbNVDyyvIJiJSZCBP5UtNGkKG6STSolCQKeOtd9op8ug0NLS87 KZ0m6xQYEhG97eNYhxGtig==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/8ZDn0gVWWrvDez4EvNquRXWmN-8>
Subject: [Rats] Mixed format token collections (was Re: New RATS)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2022 18:39:10 -0000
EAT takes the view that tokens can be either JSON or CBOR, that any attester can use either format and that composite devices might be made up of sub modules that use either. Therefore in any composition scenario mixed format tokens must be accommodated.
In EAT the top-level token must be either CBOR or JSON, but a nested token doesn’t have to be the same format as the top-level. The CDDL in EAT works and the examples of the various combinations do validate using the “cddl” tool.
EAT collections don’t support mixed devices. It’s hard to tell right now if this will be a problem. Most folks are oriented around CBOR tokens, but JSON is very widely used.
A remedy to this would be to defined EAT collections as a collection of Nested-Tokens. Nested-Token is defined in EAT as the thing holds a nested token. The nested token can be either CBOR or JSON. It also accommodates the discovery of whether it is unsigned (e.g., UCCS), signed (e.g. CWT), or a detached bundle (e.g. DEB). On the CBOR side it does this with tags. On the JSON side there is a type string.
I think the format neutral CDDL in collection would probably be this:
Collection = {
? eat-collection-identifier,
2* Nested-Token
}
Personally, I think this should be addressed in EAT collections. If it is not addressed it should be called out that it is not addressed. If it is not addressed there is a risk it will have to be addressed by a separate standard in the future.
LL
(CDDL seems reasonably complete when you define a protocol that is always serialized fully in JSON or fully in CBOR, but it is messy when defining a protocol that nests JSON in CBOR and vice versa.
Most of the CDDL in EAT can be serialized as either JSON or CBOR, but in the case of the top-level and token nesting it wasn’t possible, so there’s specific CDDL for JSON and for CBOR for those. The problem is the .feature control used for the JC<> is subject to the greedy matching of a PEG and will always go JSON when the structure represented is the same in CBOR and JSON.
There’s some more details to what the EAT CDDL did to handle all this that I’m not mentioning here).
> On May 30, 2022, at 4:33 AM, Simon Frost <Simon.Frost@arm.com> wrote:
>
> FYI. I’ve just submitted a new draft for a proposed extension to the top level object in EAT.
>
> There’s a full justification in the doc, but as a quick summary, there are difficulties in creating a top level ‘envelope’ object for a multi-token system while remaining compatible with EAT. Given the recent move to fix the list of top level objects but embrace extensions, this approach seems to be an appropriate proposal.
>
> See: https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/ <https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/> & https://github.com/SimonFrost-Arm/draft-frost-rats-eat-collection <https://github.com/SimonFrost-Arm/draft-frost-rats-eat-collection>
>
> Thanks
> Simon
>
> Simon Frost
> Senior Principal Systems Solution Architect, ATG, Arm
> Mob: +44 7855 265691
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________
> RATS mailing list
> RATS@ietf.org <mailto:RATS@ietf.org>
> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>
- [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Carl Wallace
- Re: [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Smith, Ned
- Re: [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Laurence Lundblade
- Re: [Rats] New RATS Henk Birkholz
- Re: [Rats] New RATS Smith, Ned
- Re: [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Thomas Fossati
- [Rats] Collection binding (was Re: New RATS) Laurence Lundblade
- [Rats] Mixed format token collections (was Re: Ne… Laurence Lundblade
- Re: [Rats] Collection binding (was Re: New RATS) Simon Frost
- Re: [Rats] Mixed format token collections (was Re… Simon Frost
- Re: [Rats] Mixed format token collections (was Re… Laurence Lundblade
- Re: [Rats] Collection binding (was Re: New RATS) Laurence Lundblade