[Rats] A few more comments on UCCS
Laurence Lundblade <lgl@island-resort.com> Thu, 04 June 2020 19:21 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67B5B3A0EE4 for <rats@ietfa.amsl.com>; Thu, 4 Jun 2020 12:21:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V5ifTCTTs4LL for <rats@ietfa.amsl.com>; Thu, 4 Jun 2020 12:21:22 -0700 (PDT)
Received: from p3plsmtpa06-06.prod.phx3.secureserver.net (p3plsmtpa06-06.prod.phx3.secureserver.net [173.201.192.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6176F3A0DD8 for <rats@ietf.org>; Thu, 4 Jun 2020 12:21:22 -0700 (PDT)
Received: from [192.168.1.78] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id gvQXjM4t74ZBJgvQXjdpUS; Thu, 04 Jun 2020 12:21:22 -0700
X-CMAE-Analysis: v=2.3 cv=cICeTWWN c=1 sm=1 tr=0 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=exi46fGUdMMp4p3NMQ0A:9 a=QEXdDO2ut3YA:10 a=lnv5G72teNOAoiqU1U4A:9 a=UsD1P9Y7objpqcCt:21 a=_W_S_7VecoQA:10
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_051646EE-5FA1-46E6-B5E9-CAAF0900A404"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <E2B31A71-A336-44B4-961F-F4BA374C97F3@island-resort.com>
Date: Thu, 04 Jun 2020 12:21:21 -0700
To: rats@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfDxevF2/WyTr1i5WDYJY+75naQILzdBsJDx3u9IY/Y005pn5x9pEC8XGXQf0carKiBYKOuZ58jIQ8jtZaCKiFcRKoOXBg4QcQvRpB2FmI6SX+PaYAZ+Z WK105Gbq9wTwa4D3vIWpuicbpw/b0mz7F25MdCSZL7b+akbFAI/KciOH
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/8vNWM7VRWEszS8NeyAdoPG9DqhE>
Subject: [Rats] A few more comments on UCCS
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2020 19:21:23 -0000
Consider retitle 3.2 to Confidentiality (privacy these days is more about PII and non-tracking) Please add text like this on converting UCCS to CWT and back again. Note that the UCCS tag is NOT to be used on the map that contains the claims in an actual CWT. A UCCS is distinct from a CWT. The correct way to convert a UCCS to a CWT is to remove the UCCS tag (if it has one), then sign or encrypt it with COSE and add the CWT tag if necessary. To convert a CWT to a UCCS, remove the COSE protection, then add the UCCS tag if necessary. I think section 2 could be more direct in stating that a reason to use UCCS is because the characteristics of COSE / CWT don’t match the use case. For example, it is not possible to use a TPM to sign a CWT, but it is possible to use to sign a UCCS. LL
- [Rats] A few more comments on UCCS Laurence Lundblade