Re: [Rats] EAT Profiles
Michael Richardson <mcr+ietf@sandelman.ca> Fri, 16 September 2022 11:45 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24A9AC1522D6 for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 04:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6QxiuJRvikXx for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 04:45:00 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0F97C1522D3 for <rats@ietf.org>; Fri, 16 Sep 2022 04:44:59 -0700 (PDT)
Received: from dooku.sandelman.ca (safest-wave.imp.fu-berlin.de [160.45.38.252]) by relay.sandelman.ca (Postfix) with ESMTPS id C44FD1F480; Fri, 16 Sep 2022 11:44:57 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 6445F1A024D; Fri, 16 Sep 2022 13:44:27 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>
In-reply-to: <DB9PR08MB6524C8E33A05AE90F63BAE689C469@DB9PR08MB6524.eurprd08.prod.outlook.com>
References: <71934.1663019954@dooku> <DB9PR08MB6524C8E33A05AE90F63BAE689C469@DB9PR08MB6524.eurprd08.prod.outlook.com>
Comments: In-reply-to Thomas Fossati <Thomas.Fossati@arm.com> message dated "Wed, 14 Sep 2022 16:29:45 -0000."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Fri, 16 Sep 2022 13:44:27 +0200
Message-ID: <240513.1663328667@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/BTMIKLQtSUoHXkx6RYLCVOclOac>
Subject: Re: [Rats] EAT Profiles
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 11:45:01 -0000
Thomas Fossati <Thomas.Fossati@arm.com> wrote: > Thanks. This sounds like a useful exercise. Could you please have a > look at the PSA draft from this angle too? We have tried hard to make > the document a blueprint of a EAT profile definition that others could > follow. It'd be good to have confirmation that we are on the right > track. Hi, Looking at section 4.5. I'm surprised at how little you write compared to TEEP (that's good, I think) You are just declaring the profile claim value. Again, I really think a URL is wrong in a constrained environment. >> First, this really feels wrong to use a string here for a constrained >> object. My first suggestion is that it be FCFS registry. > This is a choice TEEP made (and, BTW, PSA too [1]) For a more compact > representation one could use a RFC9090 OID instead, there is no need > for a registry. In fact, choosing URI / OID as the underlying type was > a conscious choice to avoid IANA round-tripping. I think that's a wrong optimization. A FCFS Registry is an email to IANA, and take as little as one business day if time zones line up for you. An OID could be much bigger than a 2-byte CBOR integer. >> I really don't like the EAT has not made a clear judgement on these >> things already. I'd really really like EAT to be far more >> opinionated. > I think that's what the "The Constrained Device Standard Profile" [2] > is intended for? One should use it as baseline, make a few custom > choices, define the claims set, and give it a new name. Ah, this seems new to me. Why didn't TEEP use it? It looks identical to me. Are each of these SHOULDs, or MUSTs? If they are SHOULDs, then what are the exceptional case? > [2] > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat#section-6.3 >> This totally surprises me. Are you saying that it's okay for TEEP >> evidence to have *NO CLAIMS*? Surely that can't be right. If there >> was anything I expected to see in a profile it would be a list of >> required claims. > Agree, this is quite surprising. In contrast, a good chunk of the PSA > document (all of Section 4 [3]) deals with the definition of the claims > set. >> > Refined Claim Definition: None. >> >> This is part of what worries me. There should never be any semantics >> changes between profiles for claims. > I don't know what is meant by "Refined Claim Definition". It doesn't > look like something required by EAT. Maybe it's old. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Laurence Lundblade
- Re: [Rats] EAT Profiles Laurence Lundblade
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Laurence Lundblade
- [Rats] EAT Claim Constraining (was Re: EAT Profil… Laurence Lundblade
- [Rats] Why variability is needed (Re: EAT Profile… Laurence Lundblade
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] Why variability is needed (Re: EAT Pro… Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Henk Birkholz
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Carl Wallace
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Henk Birkholz
- Re: [Rats] EAT Profiles Carl Wallace
- Re: [Rats] Why variability is needed (Re: EAT Pro… Smith, Ned
- Re: [Rats] EAT Profiles Thomas Fossati
- [Rats] Profile identifier (was Re: EAT Profiles) Laurence Lundblade
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] Profile identifier (was Re: EAT Profil… Russ Housley
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] Profile identifier (was Re: EAT Profil… Laurence Lundblade
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] EAT Profiles Dave Thaler