IETF Logo Mail Archive

Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Mon, 02 May 2022 16:08 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F870C159A2C; Mon, 2 May 2022 09:08:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.756
X-Spam-Level:
X-Spam-Status: No, score=-3.756 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.857, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ej5tD18r0g3w; Mon, 2 May 2022 09:08:29 -0700 (PDT)
Received: from mail-edgeDD24.fraunhofer.de (mail-edgeDD24.fraunhofer.de [192.102.167.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3C0EC15E406; Mon, 2 May 2022 09:08:26 -0700 (PDT)
IronPort-SDR: wsTLN2XH1GMgVPSltgAt6I5gHDz1MVBfA9wAndS8/yfGMq7FWn0uWKxrKGcYQ5GsPoeBN6vEIT lojcoC8scjWg==
X-IPAS-Result: A2EPBQCrAXBi/xmkZsBQCoEJg0sofoFUhE+OCYMCA4ETmiOCUQMYMwkLAQEBAQEBAQEBBwEBLA0JBAEBAwSEewKFNyY4EwECBAEBAQEDAgMBAQEBBQEBBgEBAQEBAQYEAgKBGIUvDAEHJQ2DU007AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBQJBRwwyAQEBAwEBIQ8BBQgBASwMDwkCEgYCAiYCAicLFw4GAQwGAgEBgnkBgmMDQJF+mxd6gTGBAYIIAQEGBASFDRhcgVwDBgkBgQYsgxOHL4QbFyCBVUSBFScPgj03PoJjAQECgTGEA4JllEAcVFwELyICIDs2TgtkEQmRfRQdEq14NAeCEoE8gTsGDJ4gBhQug3SSYzaRR5ZhIKMEg04CBAIEBQIOCIF4gX9NJE+CaVEZD4hKg0eDNQEIgkOFFIVMcwIBOAIGAQoBAQMJjGQBAQ
IronPort-PHdr: A9a23:9SwrZB/2f2zvWf9uWC3oyV9kXcBvk7n3PwtA7J0hhvoOd6m45J3tM QTZ4ukll17GW4jXqpcmw+rbuqztQyoMtJCGtn1RfJlFTRRQj8IQkkQpC9KEDkuuKvnsYmQ6E c1OWUUj8Wu8NB1OGdq4aUfbv3uy6jAfAFPzOFkdGw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,192,1647298800"; d="scan'208";a="51451117"
Received: from mail-mtaf25.fraunhofer.de ([192.102.164.25]) by mail-edgeDD24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 May 2022 18:08:16 +0200
IronPort-SDR: FIdLZk/SN92b4z1Zsa2jzMjEb35X0Y6pBmclwJMKbIVkB71bT5fmDvEqQ37HXuAXDBJ8eOKVJV fZQP9YU22VTLQrBDlhYwpzUbNlIszLUMU=
X-IPAS-Result: A0DiDQBIAXBi/z6wYZlQCoEJCYMYKigHd1gnVYROg00BAYUxhQlegiQDOAFamiOCUQNUCwEDAQEBAQEHAQEsDQkEAQGFAgKFNAImOBMBAgQBAQEBAwIDAQEBAQUBAQUBAQECAQEGBIEJJwZeBmiBT4FhEwsHAQclDYZDAQEBAwEBEBEPAQUIAQEUGAwPCQISBgICJgICJwsHEA4GAQwGAgEBHoJbAYJjAzABAQ6Rfo83AYE+AoofeoExgQGCCAEBBgQEhQ0YXIFcAwYJAYEGLIMThy+EGxcggVVEgRUnD4I9Nz6CYwEBAoExhAOCZZRAHFRcBC8iAiA7Nk4LZBEJkX0UHRKteDQHghKBPIE7BgyeIAYULoN0kmM2kUeWYSCjBINOAgQCBAUCDgEBBoF4JYFZTSRPgmlOAQIBAg0BAgIDAQIBAgkBAQKIR4NHgzUBCIJDhRSFTHMCATgCBgEKAQEDCYxkAQE
IronPort-PHdr: A9a23:mPljPhIoicJMEt0Qh9mcuWkyDhhOgF28FgIW659yjbVIf+zj+pn5J 0XQ6L1ri0OBRoTU7f9Iyo+0+6DtUGAN+9CN5XYFdpEfWxoMk85DmQsmDYaMAlH6K/i/aSs8E YxCWVZp8mv9P1JSHZPlZkGUrGe78DgSHRvyL0x5K7edJw==
IronPort-Data: A9a23:f+aZIq5xEJwqWlg6M8UAEgxRtNbHchMFZxGqfqrLsTDasY5as4F+v moZDG7QM/eCY2Chcot+Ydm08EMHvsDXz4BgHQVqqSEwZn8b8sCt6fZ1gavT04N+CuWZESqLO u1HMoGowPgcFySa+1HxWlTYhSEUOZugH9IQM8aZfHEoLeNYYH1500g7xrZj2tcAbeWRWmthh /ui+6UzB3f4g1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJM53yZWKEpfNatI88thW5 wr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkSvqkAqm8A87ko0HKYyUGdTjjSto8pSw tFrjJ++EgwoF4SZzYzxUzEAe81/FbZD5KeBLGi0sYqd1UTbdXvrzfh0Sk07VWEa0r8qWicfq rpBd25LMErra+GemNpXTsFsi8IgasPqJoAfvXVy5SrYEbAoW5neRaXN69JCmjs97ixLNa+BP ZVBM2Y/MHwsZTVNEEgcUrgHgdyHvVfGWRwCkQKE4pI4tj27IAtZleKF3MDuUtCQTMtJ21qDr WLB8Wn/Ax5fLtWD0n+M82m3w/PIni79cIMfCLP+8eRl6HWJz3AIIBwbSVX9puO24nNSQPoGd hdRq3Vr9PdssRLxCMf4GRb+rmSNoxgcXNRdCas25Wlh15bp3upQPUBcJhYpVTDsnJVeqeUC2 gDbktX3KyZotbHJG3uR+q3N8mGpODRTI3ULeCkESgUI+Z/vrdhr3B7IS99iFo+zj8H0QG2hn WrV8XJm37hD39QW06ib/Ezch2z+rJb+TjkzulfdUFWj414rf4WifYGptQPW4K8YfoaUR1WMp lYenM2a4LxcBJ2BjnXSEv4MAPen/f+YNj3bj1N1WZUsrmz/93mmdIFWwTd/OEYwbpdaI2C0O heLtFoItpFJPXasYatmWK6LCpwnnfr6CNDodvHIdd4QMJJ/Qw+w+n08b0Cn2W2wwlMnlrsyO MvAfMuhUSQaBKBgwGbkTusRy+VwlDs72XuVSIDwz1Kpy7ODYn6SR7ofdleDN7hr4KSBqQTT0 tBeK8rTl0QBCrKjOHGP/N5BN00OIFg6GYvy955deNmFL1c0A2omEfLQne4sdtA3hahTjeuUr HixVlUDkgim2CaCeFrPMy89Le21G4h663l9MzYlIFCo3HYue8Cj4f5HJZcweLAm8s1lzOJ1F qVUJZ/fX64XEjmXqS4AaZTdrZB5cEj5jwy5OSf4MiM0eIRtRlCU99LpFuc1GPLi0sZqWRMCn oCd
IronPort-HdrOrdr: A9a23:nqz5LquB3B/tEVwsCDyHLzPA7skCxIMji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJhBo7G90dq7MBXhHPlOkPUs1NaZLXTbUQ6TQr2KgrGSpgEIdxeOjdK1kJ 0QCZSWa+eAfGSS7/yKgjVQeuxIqLLskNHKuQ6d9QYUcegDUdAf0+4TMHf9LqQZfng+OXN0Lu v52iIRzADQBkj/I/7LTUXsGIP41qj2vaOjRSRDKw8s6QGIgz/twLnmEyKA1hNbdz9U278t/U XMjgS8v8yYwryG4y6Z81WWw4VdmdPnxNcGLMuQivINIjGprgqzfoxuV5CLoThw+IiUmRoXue iJhy1lE9V46nvXcG3wiRzx2zP42DJrz3P501eXjVbqvMS8bjMnDMhqg55fb3LimgAdleA59J gO83OStpJRAx+FtCPh5+LQXxUvrUawqWpKq59ks1VvFa8lLJNBp40W+01YVL0aGjjh1YwhGO 5ySOnB+fd/azqhHjHkl1gq5ObpcmU4Hx+ATERHkNeSySJqkHdwyFZd7NADn00H6Ik2R/B/lq r525xT5fJzp/ItHOBA7L9re7rzNoWNe2OCDIuqGyWmKEldUEi976Ie490OlZaXkdIzvdwPca /6ISBlXF4JCjLT4PK1re92GzD2MSyAtGfWu4ljD6YQgMyJeFOsC1zEdGwT
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,192,1647298800"; d="scan'208";a="172702484"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaF25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 May 2022 18:08:14 +0200
Received: from XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Mon, 2 May 2022 18:08:14 +0200
Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.170) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22 via Frontend Transport; Mon, 2 May 2022 18:08:14 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W4Oc3TnY6m1WoidUvIHFRZBIQLzIkKmwkF1pDRW+zlJVHjBK8TzKOzYhp12ikvttI38lnTMQcoYbp1w8B/iHM712jDZjDN8FoJ+O7McAfCm0JHCuyEp1w5YfFo7ZYO3xQNsasnk5uzMD+GduKAFFLYbyaa7aLHsoQjJcgacJDJKU85+RTutjfnd2iiPXJi5VKPWNCbABmZDXyjdH2zoQYyvXbPLdLe/1I1qvWmpAI3UCoR7tzt3DszvwUhwpMF+chRp4n3Tkzi5JJGbExqzf5Nm6nmI112PsyD/OWrIh2z0GIDvvSiEu+qKzVATJUJXSVVSdYfgQ7zr8n3TZi0wzVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OomMYknR6KLrFSwPOSV6CnuXyPXClPH5YreadvX+iwM=; b=isE6A5zZGhh9kpFafIkxidEW5T/yrI5VTNeXaQjRuMin1rGeazE8iP5HTsAaJdF7CNYXaZm+juUaDv0rMi1u2WGVYNhqUw+J8WWBNzlYE2ddqAYGdfE77YqfI0CEqMGFZ4NlplZxH/sitv7amVR2Vp/nLJDds+AQ78FJ9dQ6jSMBOHtNKVdzaxz5QBwrb4eVsoVjY/0Od09qZsnye2dGY/ttVMYbsAmOhufymMAIU5ASPvUjddD/P/kA7QjGrwF+fdeYFXkJC6zMxfL5Ucs78pNgz0EP7GfoH6gl7yfkLgFFIQb86lsqahAEnl0oUC3umDlqpfi3s97fB8eJP+j2LQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OomMYknR6KLrFSwPOSV6CnuXyPXClPH5YreadvX+iwM=; b=G1jxc3g+NZAJR0GsIkh/gNEimGIdJY3gZlQx/YOpvG80gF6F5Y2KwuTY3KKcPYC2SeCdomGmFeI/7alZb9TSxKhd2F7V+WrnlemO+2HdAUqT0v5gFsy9lDulbIVkAC3q9+LXKUq/IaMzu6WnrIfTCdGijM6LHfKxgGwjJDWw/YA=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13) by BE1P281MB1924.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:36::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.6; Mon, 2 May 2022 16:08:13 +0000
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::da:ad1c:9684:48f7]) by FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::da:ad1c:9684:48f7%8]) with mapi id 15.20.5206.024; Mon, 2 May 2022 16:08:13 +0000
Message-ID: <1ceca3f1-43cb-b8ff-b068-a2f84ae652dc@sit.fraunhofer.de>
Date: Mon, 02 May 2022 18:08:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: en-US
To: "Smith, Ned" <ned.smith@intel.com>, "draft-tschofenig-rats-aiss-token@ietf.org" <draft-tschofenig-rats-aiss-token@ietf.org>, "rats@ietf.org" <rats@ietf.org>
References: <82f684aa-4f01-a473-c648-f3c7ff534cf8@sit.fraunhofer.de> <BBD088D6-08E8-46C1-BE68-C34933E6AAA5@intel.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <BBD088D6-08E8-46C1-BE68-C34933E6AAA5@intel.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: FR0P281CA0075.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1e::10) To FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e03cd0b3-04e0-4c77-9587-08da2c55f5b0
X-MS-TrafficTypeDiagnostic: BE1P281MB1924:EE_
X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr
X-Microsoft-Antispam-PRVS: <BE1P281MB192489A16FBD418C8AF49435A8C19@BE1P281MB1924.DEUP281.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kyEryDrz6NDmaUxKad8eEXlcusjYeLMMIVK7+ODg0QIPYH6iWdloh+noEK1s4GGYKPjmWgysiyD6Phs4vzVEfYhanTXSoxUO/FNiUtmcczEcU1LPLhIztRhJ/yUb55gJ+Llu/haXO3tPUdFt64HzjyJQMLP73J9HgGbQObA7ZRkJ7dfYwkJki07cxrSGMRnkVQox1g7UW/zYlC5ShMrEayrkYawMM5UVkA7iwK38w1SeDSXaBrUSI0xNK5kaHFADsMELLEllPqKFVCE6SagpIn/axrpovVptnIN9+LOpP6nwQlSkPaaXDS5/W4bO+VgAnVR1VdgYsBwaKPKxNvmJovKSjw+O1v4ghbkhsij5HLjSBpNmqEL6GJGKV/qmNdqtm7rr4gXP04vfTE+wNqAt5fCRnRhDw8FQvW/RKEC76z2i8YWn97Wx4zie+ubDs+jiUKDa39VVYsRV7i1/OM0HZB+2Q0Mr7OGjukbTEhk06EMxH8fIMOSwdpj/yQwUqwSQ8L5vdvJIuctZuWxBxJzbFzwMLrnrAw8BIXDHL2UJATUbWWpsdzk8hubRnYPizivuDbEt0g03aTRT3Xg7CVOd1wCGwRGOgNacryIzdgtwYg10keOSHiZuj+U/IJmGrCPQdoJRLZzOeBc2lagMUgCLFWYZfX3CkVuyguwU/x7PoY6PBh/VNrEXjwlr6ebPkkZNfARFrCmBiBlN+5A0J1JvvhlcW9Lj3Sji2s3GlS7SlminG5KdJrRay/xUSrrtB3O7gHmwQvj9kYcLkJx4ZuEBH3wC6482oB3Dglpc/KUDAiqAf3MSlsC0S3rnwHMbIyKb2GSLRZrUnnozLxSkpesDfiIeyLoN9VBShI/4bERbIHA=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(86362001)(83380400001)(508600001)(31696002)(6486002)(66946007)(66476007)(966005)(6512007)(2616005)(66556008)(53546011)(82960400001)(8676002)(38100700002)(186003)(2906002)(52116002)(5660300002)(110136005)(44832011)(31686004)(8936002)(6506007)(316002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: XZ/cM84etYsYT6xf8dRy7hh3b58j15VYyk8Da/WDuaVaiDhxaRY3rT1PV5gpi6n3gWzEOd0qkyZKYMR0ViWY1HkAtOvEhmGSyOl9v3EXa/SMtpzxrEAWLrs7rqCZt6Hs5bVi646Vz9IAF2E0mAGrBCj1Y3JIU6haBXwqJbiuYgX8HQUPE/PhvVfKrOKZcQdadfINfJhmImDAIhR5z/T3aLRuTbzi9q1kTUajfIkke36YSqEdT7Amm01uck2CfdQcf9mtj3EkFxAY1DjZpcMhZfYKUR3rcK74Ce8ec2igUkTJfMByW//gZILjkq2+f2L1qz7YWE8PgEITnrOPIncFfAMmfpTmp2XiaD55WsiHTLOcjXAhyB9LMptE2MUCVGpLsqJOU9R0Y0k3XioXuJLBI1HpDNV9xxLYodzbcrEJ4IvDfi3p2iTaFYGQYJlYQvJrrEXfm8SDL8e5WqpjARo5gdrXsaAWPgeeB+/4loYYAm/3n+4SAMI7s8eS/SZ7Jxca97fjJBfZQOoSW+utqiUeMGSOO9Q0Ig/iyMpZZESPX4RBOcPaWA8IZFVQ9WFDd914sJZPUMTash4jN7i6vVtaKug7XR8OvNPyMGw6nu0IZrbvpND3+1+MCBaWSW1y66Y5Gbc3GmZFAqlu7usIN4vuFcOw3j01FU9mAq8TLD82XVkmd3oRWcII0LB2hc2WXZddd261/NED57Ef1RZGtJbSE+HJGfKmKLOkFIlDGAe8VOtfgXRDrt/5h5gKIn+4MmKfd6HyGtFDRhe7vZiafiYE2bmuFhy/XaTrcScEDqvHMjaI/P2bLNw2QuayN7YPBpRRMVrOi7NW02irPL6VQmhMZS1g8cqI8y+r4Kb64yhuzQCo3e5rP7z5H49nMXyxh3BQ3CBJpZl0aD/40B8KD2CHMtsjsAk5PxJ1/mkFxPagO3mqbpudo4qa6SnLGCss7oUSWI4K0KOQI0wrkGTRrUziQJ77kTDAPErOKQMfD54yktKWVbO7YQIvOj+OUyexG6/8FUyrZlcQ+rvMSVxDCIeu8LJxd00xmq8jNyfhn9cEP0w8A6gYxvbWybqv80DX4WMlFJ/Wc3rUL514xQdFELCgQoGYoTVlMIAYzoK8YfuaDLsTEE5PNtwNCm9XW2aUAebzyyzSJFAvll+obOORXPV/kQh+iRUyXIVGOTuR7f1z3IEjMNxnX8efHhuYqhVJPz/rDSSiLLxSIiOfPUnqx8iYwYHI8Ba7tAUY/77iRK0roCFd7j6YCCOKkbkCyJCsSOGgq+gtBF10GqlXU0CVdlGegUjeozyz7emvQeS5Na5hVnZIdbFMB4zrMVLE63hEYKZSHnbELEI6J0qcxZ//le7Nz3lGMozTCDgnvnPgK5iXFl5PoMT3ph+AGuHQBQG8nJTozSsXhMr7L6EG7LiDdjUeicgE9elH8IkelxJ8iKrhyPuYfy7+M1nQqj1s+PBGK0EjoBLYe+SaM06lXQKoKJDMOIjG+AwoL5udthMix0u2B5z88Hu6mp9cE/fQz4H+0cPNCtJxQl9uZ0M1/J+3jVeAYKJGCrbbgYgl7jGW4eERAzrJKECFf1Dt4Y3Q22EL9+elKFKdQwW+o/XELKcCN0Y6JL64AHFU8UKKKX0l7TPdWkSqk2kgEbFDluMRwcs+xpZLBmUklbS+P9mqKg6oBN1dQsjhAmbsxbRcQAhP0kGV2uy/249UZE+6ul4/pYI58rgdMThnTQZHlNOVaima2G+JmrMuTgMNEONc2xJmZZYfR3x7iMmQ6nWjsojxSpDwQBRpIMo79qXn
X-MS-Exchange-AntiSpam-MessageData-1: 5kyGAIlIjvia9z6AlmCja+VbAUWRU3rEhIDMRB8ozXrfYjqw1Hn+YD2V
X-MS-Exchange-CrossTenant-Network-Message-Id: e03cd0b3-04e0-4c77-9587-08da2c55f5b0
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 May 2022 16:08:13.3272 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: gwpTA+VBewrr4kijXoo8GfstcHGd3WLlY5OuLJ+T3F8zCUx0leMTQP0bTk7KI7c4wP2Ebeh9y3Egqh9WMpT6bnGfmoLxkoboX8iH5GeC+AI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE1P281MB1924
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/BXwkk4rUSFU3KF6A8cVCNQdhcFc>
Subject: Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2022 16:08:32 -0000

Hi Ned,

that is a perfectly valid point of view. And that's why I think that has 
to be spelled out: what's it gonna be? It can't be all of the things. 
Let's say in the end, a media-type/content-type comes along and intends 
to tell you what it is is in order to help the corresponding RATS role 
to identify the content to be consumed. You can't simply say "RATS". You 
must point out a conceptual message type.

Hence, I can follow Ned's line of thought that an AISS token also could 
look like an Endorsement. So which RATS conceptual message is it 
intended to be?

Viele Grüße,

Henk

On 29.04.22 19:41, Smith, Ned wrote:
> I read parts of it differently as the focus of the claims is on the RoT which in one instance (section 3.3) described as a RoT that can be 'immutable' and goes on to say that RoT details are from a manufacturer. I interpret this to mean the aiss claims are Endorsements provided by Endorsers.
> 
> -Ned
> 
> On 4/29/22, 12:38 AM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org on behalf of henk.birkholz@sit.fraunhofer.de> wrote:
> 
>      Hi authors,
> 
>      considering this is a -00 it was a quick an comprehensive read. I am
>      aware that in this state the document is basically a list of Claim
>      definitions and corresponding CDDL.
> 
>      A few questions and comments:
> 
>      1.) It seems that an AISS is Evidence as it is consumed by a Verifier
>      and reference values and policies are used to appraise it:
> 
>      > https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-7
> 
>      As "Verification" is a bit of an ambiguous term nowadays, I'd recommend
>      to rename Section 7 to "AISS Token Appraisal". Also, I would clearly
>      state that an AISS token is Evidence early on.
> 
>      2.) The colloquial term "verification service" is used in:
> 
>      > https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.3
> 
>      which currently only implies that that is a Verifier conducting AISS
>      token Evidence appraisal, I think. Just defining what a verification
>      service is (see 1.) would help as there are other colloquial terms that
>      mean the same thing, such as attestation service (which also are ambiguous).
> 
>      3.) Are the reports mentioned in:
> 
>      > https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.4
> 
>      self-assertions or Evidence or something else? Are they produced by a
>      RoT or a higher Attesting Environment? Are these states Claims that can
>      be collected from Target Environments that are "the silicon" or are they
>      derived in a different manner?
> 
>      4.) I am wondering which Attesting Environment is supposed to produce
>      the AISS token Evidence. In your definition of a RoT (Which I'll come to
>      in the next item) it is highlighted that a boot loader can be a RoT,
>      which would imply in that example that the bootloader is the first
>      Attesting Environment in layered attestation.
> 
>      Is the first Attesting Environment always the producer of an AISS token
>      or can later Attesting Environment also do that? I am asking because, if
>      you look at the scenario from a certain angle, it seems as if the
>      Attestation Environment (bootloader) would collect claims from Target
>      Environments that would be the parts of the Silicon. Is that correct?
> 
>      5.) What's the intended output of an AISS token appraisal? Theft and
>      Overouse seem to be two characteristics as stated in:
> 
>      > https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.6
> 
>      Are there others? I assume that determining certain Attestation Results
>      is the whole point of producing AISS tokens in the first place. Defining
>      those categories of outcomes seem to be in-scope?
> 
>      6.) In March Kathleen advised the RATS WG to include an explicit
>      definition of Root of Trust in the RATS architecture. AFAIK, that is
>      that only remaining open issue with the document. Maybe we can
>      collaborate on that definition as you started one here and I don't think
>      it's an awful definition? :o) That would be cool and hopefully move the
>      RATS architecture, which seems to be stuck for quite a while now and
>      that issue might have been the reason.
> 
>      7.) I like how most of your Claims used/defined are matching the layout
>      of CoRIM :-) (obviously) and thanks for naming it AISS and not AISST and
>      therefore avoid calling them AISST tokens later :-)
> 
>      Viele Grüße,
> 
>      Henk
> 
>      _______________________________________________
>      RATS mailing list
>      RATS@ietf.org
>      https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email