IETF Logo Mail Archive

Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Sun, 01 May 2022 13:30 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FE41C14F745; Sun, 1 May 2022 06:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.753
X-Spam-Level:
X-Spam-Status: No, score=-3.753 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ebx-sbUKmx3d; Sun, 1 May 2022 06:30:51 -0700 (PDT)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C44EDC14F744; Sun, 1 May 2022 06:30:48 -0700 (PDT)
IronPort-SDR: YWpNRyguhjFUdl3iq4x7jjUmPOvMl/sMXvQ6c0s2T2cqwclOuslb2nLtNpt8LPbYB0lCeRAUbw Y3tproyl8MmKY+s6Bz/wvvb7j/yYCZErXBV4Tlih3r6TyB2n5iaVC4j8ivNMcVc2us2ALhDRcx 8Mfs+Kd/wekgY94xW2mL35WWnXIuF0Q2ia+v5lJGay6dVjUla5HzeATNr4BhDNDvPM98oxGaaF 4DAsqXXAnCdBh1VHo9evoJ1fbzoad5V/QjEj98WxxZOEpc1qbPNdDqiZ3k0r5aGwVmbf1WH6af pxw=
X-IPAS-Result: A2EUBQCCim5i/xwBYJlagQmDSyh+gVSET44JgwIDgROaI4JRAxgzCQsBAQEBAQEBAQEHAQEsDQkEAQEDBIR7AoUzJjgTAQIEAQEBAQMCAwEBAQEFAQEGAQEBAQEBBgQCAoEYhS85DYNTTTsBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEFAkFHDDEBAQEBAgEBASEPAQUIAQEsBAcBBAsJAg4EBgICJgICJwsXDgYNAQUCAQGCeQGCYwMNM5F9mxd6gTGBAYIIAQEGBASFDRhcgVwDBgkBgQYsgxOLShcggVVEgRUnD4I9Nz6CYwEBAoU0gmWUeQocGTsPTQRRAiA7Nj8PC0IzG5FrMS2sYXw0B4ISgTyBOwYMniAGFC6DdIw6hik2kUeWYaMkg04CBAIEBQIOCIF4gX9NJE+CaVEZD49GAQiCQ4UUhUxzAgE4AgYBCgEBAwmMZwEB
IronPort-PHdr: A9a23:CFwHWx/dz2KmMP9uWC3oyV9kXcBvk7n3PwtA7J0hhvoOd6m45J3tM QTZ4ukll17GW4jXqpcmw+rbuqztQyoMtJCGtn1RfJlFTRRQj8IQkkQpC9KEDkuuKvnsYmQ6E c1OWUUj8Wu8NB1OGdq4aUfbv3uy6jAfAFPzOFkdGw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,190,1647298800"; d="scan'208";a="41629848"
Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 May 2022 15:30:43 +0200
IronPort-SDR: Hxyoi1RTLdIHXDHGbwI/Jv7gSjpUr66xoVaq9Sonhl0TfuSU2mSysJrOoBn4R+dmvpF5n1eRmX pVlimIfIFgy6XDIp2M74SKI1sthW/P3EU8YldSwbZq34wq3a3Y6SUu67LrlHpS8QdG5pnV6NFV Q2/VXYqTVXhUtJIQ/1LHl6I0aID3qsZo3qbA3XD6muYv15IzPxvWYvMlYthiCr5OA5L2IC2L7M 6Er5G+nq9uloiHhFxWDUxFGiuDgeONOM0kS65lTA8lUeCaPH0mJcaSsdEoDzfxZ49rCW7hyqJQ jBctCtrVOv3RA7/Y1GGcbPRz
X-IPAS-Result: A0C5DQCCim5i/z6wYZlagQkJgxgqKAd3WCdVhE6DTQEBhTGFCV0BgiQDOAFamiOCUQNUCwEDAQEBAQEHAQEsDQkEAQGFAgKFMAImOBMBAgQBAQEBAwIDAQEBAQUBAQUBAQECAQEGBIEJJwZeBmiBT4FhEws0DYZCAQEBAQIBAQEQEQ8BBQgBARQYBAcBBAsJAg4EBgICJgICJwsHEA4GDQEFAgEBHoJbAYJjAw0jAQEOkX2PNwGBPgKKH3qBMYEBgggBAQYEBIUNGFyBXAMGCQGBBiyDE4tKFyCBVUSBFScPgj03PoJjAQEChTSCZZR5ChwZOw9NBFECIDs2Pw8LQjMbkWsxLaxhfDQHghKBPIE7BgyeIAYULoN0jDqGKTaRR5ZhoySDTgIEAgQFAg4BAQaBeCWBWU0kT4JpTgECAQINAQICAwECAQIJAQECj0MBCIJDhRSFTHMCATgCBgEKAQEDCYxnAQE
IronPort-PHdr: A9a23:HCUhnRcxWu4vfjHTC/P/trttlGM/vYqcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX92az8XgcABziMwpyKOnvXILf3KyK
IronPort-Data: A9a23:/sg48aDM/gqcBRVW/63jw5YqxClBgxIJ4kV8jS/XYbTApDMq1jwBy GUbW2jUO/zZY2Txe95xaoqy8kpV7JPTzN8yOVdlrnsFo1CmBibm6XR1Cm+qYkt+++WaFBoPA /02M4KGcYZoJpPljk/F3oLJ9BGQ7onVAOulYAL4EnopH1U8FX940UsLd9MR2+aEv/DpW2thh vuv+6UzCHf9s9KjGjtJg04rgEoHUMXa4Fv0jHRnDRx4lAO2e00uMX4qDfrZw00U4mVjNrXSq +7rlNlV945ClvsnIovNfr3TKiXmTlNOVOSDoiI+ZkSsvvRNjjYC0/cJa9EQU0p8pGyVh+JLz 8hyjrXlHG/FPoWU8AgcewJdDzk4ML1N+PnJO3Git8yUwUDcNXfhqxlsJBhrZstJpaAuXj8Iq 6ZwxDMlNnhvg8q2zbS4DONtnMcjK835FJgepjdu1zjEC/YhT53ZBanHjTNd9Gdg2JoVRa2CD yYfQTU+fhrmRxQXBno4LrQ8utioiFf8XzIN/Tp5ooJyuQA/1jdZ1LfpGNvOftWMSYBPk12fv H6A9GP8ajkWLtWR1X+Z6XmsgeHCmyL0HZgbCKb9//9xmxiPwW8eDjUXWEe15/6jhSaWQdtDM GQV9zYg668o+ySWosLVBkDj5S/b+0dDBZ8OSask7UeGjKTO6hufBm8KQyQHZNFOWNIKeAHGH 2Shx7vBbQGDepXOIZ5E3rvL/z60JwYPKmoOOX0NQQcfuoaxu4AvyBzVR8tlEKm7g8ezFTypm 2KGqy03hrMyi88X1vznrA6d3G/2/sDEHlwv+wHafmO59QcnNoSrUIyf7wSJ5/h3KovEHEKKu 2IJmpTF4e1XVcONmSWBTf8jBras4/rZYjTQjUQ2QMs69ijr9WSqYIZQ5z9zPgFlP59cKzPuZ UbSvyJX5YNSZSf7M/UoPtjpU8lzlPruD9XoUPzQf+FiWJkpeV/V5jxqaG6Rw3vpzhomn5Y/D pHHI8yiOnAXVPZ8xz2sSuZBirImy3xsxW7XQpynnR2r3aDEPyyOTKsddlaeZeB/4rmNvQPV9 NhSLY2GxkwHAuH5ZyDW968VLEwLdCRqW8qp9pYPLuPTcBB7HGwBCuPKxe9zcYJSmakIxPzD+ WuwWxMFxVej12fLLx6GNiJqZL/1Bswt9C9geH1zeA/3hT19O8Cx6eEUMZUtdKQh9OttwOQyQ /RcI5eMBfFGSzLm/TUBbMCh/dI4K0nx3VqDb3i/fTwyX598XAiVqNXqSQ3iqXsVBS2tuMpi/ rCt22s3m3bYq9iO0SoOVM+S8g==
IronPort-HdrOrdr: A9a23:KEQdcK4mQH2PcYJWDwPXwXqBI+orL9Y04lQ7vn2ZFiY7TiXIra yTdaoguCMc6AxxZJkh8erwQJVoMkmsk6KdhrNhQotKPTOWxFdASbsN0WKM+UyEJ8STzJ8m6U 4kSdkCNDSSNykLsS+Z2njbLz9I+rDum8rJ9ITjJjVWPHpXgslbnnZE422gYypLrWd9dOME/d anl656T23KQwVoUi33PAhPY8Hz4/nw0L72ax8PABAqrCGIkDOT8bb/VzyVxA0XXT9jyaortT GtqX212oyT99WAjjPM3W7a6Jpb3PPn19t4HcSJzuwYMC/lhAqEbJloH+XqhkF4nMifrHIR1P XcqRYpOMp+r1vXY2GOuBPony3tyiwn5XPOwUKRxVHjvcv6bjQnDNcpv/MSTjLpr24b+P1s2q NC2GyU87JREBP7hSz4o+PFUhl7/3DE10YKoKo2tThyQIEeYLheocg050VOCqoNGyr89cQODP RuJNu03ocWTXqqK1Ti+kV/yt2lWXo+Wj2cRFIZh8CT2z9K2Fhk0kojwtAFlHtozuNyd3B93Z WGDk1UrsANcidPBpgNQdvpAPHHRVAleCi8cF57ej/cZeU603Gkke+B3Fx63pDsRHUy9upBpH 3waiIqiYcMQTOaNSSv5uwDzvmfehT0YdzSovsuk6SR/IeMAobWDQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,190,1647298800"; d="scan'208";a="88623034"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 May 2022 15:30:40 +0200
Received: from XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Sun, 1 May 2022 15:30:40 +0200
Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.176) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22 via Frontend Transport; Sun, 1 May 2022 15:30:40 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B5IHsJWJ4E0kIMXGMPo+YOO5Iv00wvuBMeRYmVusaUKIqXXFd7zhReO4veHYyoJ2h1bxJp4myRkt5+dI3Fwgy2+VKBZAsTk++7l5obJVgL5Is/KM9i7R5V0Ag4kSp8ypcOoXbd75O6gp55FcQX06XRxUSRc09CETo6TALCL/UUW6/C70bL5DSGEjAjwqxzr0rO5ltsK3hLf/TIYRau6lJvk6HOIGxQmu/9q34/dwyaQsvCXYu1jCcQoRDYfZSZd3fqCk/A5Csy7GkN87AylOir+fDQFBcMqh8F2Yy8afeHd2nkNieiGeuHpvUnmleEVwHCaSueHDmNqZp3VGG4FnXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RWWwdWOFP17Yxn5KwBWlToGifjPmB2va5oLHvxxtjuo=; b=Zsl9Tm60Pj1zzQpZBY4SW7glcmKpPfIW17P5CRd1+d1wAIKsF2perw7zmu4vJnsNFqq96JFM6CpMHXf5i3sGGb4Jysn5PKww3cY3Wt9Yx9nKtWHldkDwyHOWWiN54mR1144hOG/X3+Kk2pdY9OROmPr+joyT9d5cT45B3iGbcP8fymd68geNmVI72+DkzrmXBWHmwvHjCCfrkIgRiL5uDuCxgwYC0DEmBdOoujdNCYM6kFyzjJiUtfe1hMtIpfMnzHVzDd80hNxPim8yaLSlNCaymnCCMW0w2Xi4lwKuAkJrafPnJZEnWavNZLtC0eCJD3qJsR76PkeK5Ii9RTSQ/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RWWwdWOFP17Yxn5KwBWlToGifjPmB2va5oLHvxxtjuo=; b=OYtOxooldH3xSOej4Uo0BewDQtQJ7Gd1wFB3iqvSU+Cf3l8D+MgLP70jSQqbxB8+EkFRXUHy/FlbYohQpP2beK4Z2F8imgJhbNFlfTwH0MjNOcvsCF5h24NWpb6kAh4FZr4KuKtRxR1nAfkyR6mAl+lpzlAGoxtfuM5h/KbL9ds=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13) by FRYP281MB0390.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.14; Sun, 1 May 2022 13:30:39 +0000
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::da:ad1c:9684:48f7]) by FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::da:ad1c:9684:48f7%8]) with mapi id 15.20.5206.014; Sun, 1 May 2022 13:30:33 +0000
Message-ID: <55f5055e-a579-c478-4b07-06b30cf8c433@sit.fraunhofer.de>
Date: Sun, 01 May 2022 15:30:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: Laurence Lundblade <lgl@island-resort.com>
CC: draft-tschofenig-rats-aiss-token@ietf.org, "rats@ietf.org" <rats@ietf.org>
References: <82f684aa-4f01-a473-c648-f3c7ff534cf8@sit.fraunhofer.de> <CE8AEDD2-3CC6-467E-90CD-A0B52D95D6F4@island-resort.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <CE8AEDD2-3CC6-467E-90CD-A0B52D95D6F4@island-resort.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AS9PR06CA0060.eurprd06.prod.outlook.com (2603:10a6:20b:463::26) To FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b0277357-3cf8-4d72-1bba-08da2b76c476
X-MS-TrafficTypeDiagnostic: FRYP281MB0390:EE_
X-Microsoft-Antispam-PRVS: <FRYP281MB0390FA49ECE6ECAB4DB51931A8FE9@FRYP281MB0390.DEUP281.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 7jnbIBcnVmGlDbYHBIXPLACp+tzylEEKhtA2Cz4inV5OftgPVOZPGoWKO4gL6W4hCROgHMgQc75JCyyAGeNL9DmCy0yK+0BdaPQ0bTUK58ydP4hmDUCnn5kYQYXlgkUr0NH385OQPs9wPJx2OFTLGc6+8UwsxX/9/46BNyn6e2um/coUbmhqKzvTCKL9uzAZtL4QL9asb171tUsEdhNmcss4+EOxX++vyaMwYhQulrZNe7Xr2fYVxHzopDmViqQJ8HTp6spMSgf21f7zICShYSC33/rQhNX+2ZOIZphTZnl9lcUfSkhyGlZPkY3zRH6d6nHMp/uY5hjHm03ec2cdHLoxQAUXH2JAalRY2ZO/ElCVQUwF8HhuCVUr2lmAS94Ik/wBOhY7XstZ+bnOgLKMNYfP6d3xBh7O1wB8cVHnLaDkIq2Zil26TD0Sxsk1rUfVLdlXCaZKeCQl2Y/UPztrhEynGVzTV1525qVKntBaikH29czwmi9S0wvSbcGG3/1FL4o2+eIP2oHNyA/zf9qDUTbj6MWgZQcdO8qaqGWpu92eRTvIPAq8SdCrYubIyW+uGVHVE1Dk6cRgK16PY3k7wOAMuI73XEc9mlpgF2S9GlRSP9HXso14hIVOGY/dhaZY2TC0kk2CKP7yNGTzg23evaIbVDQQ/WfQ7i63k968VERUxrSsZkFLIUPEyqwoZnCbqsJjhtk0ElTiCzSGeSWj3A8mMJpVVTe54wVxKVYZ9c/1jHBAUWSnaganDSp895a2YBHQjx6z5NAqXkDgG3ICkFaXhyTzqs4OEt8eoRbR/tXWW2BbOpw5GMYqQYFYQukFroE48Ygb6q9HEU1xC2mx5twWfk7sJEHxr8CuZ7MVtW4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(6666004)(6506007)(53546011)(6512007)(6916009)(66556008)(82960400001)(66476007)(966005)(316002)(86362001)(52116002)(6486002)(31696002)(66946007)(508600001)(38100700002)(4326008)(83380400001)(186003)(2616005)(8936002)(44832011)(5660300002)(2906002)(31686004)(8676002)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: zTtpDFrwABhWBsG5+VC4V8kkPWue5Dfa3d/zGOpgOrrtYnI3WYMyN5OyCPqM3UQO3xl4auXpCyLaovuY2QHbYfAEX0qD3zDxrOD8uYkVSC+ROzuEvrRuE9RwlsBMCMzVW6LiPfZNbbxd5T3/0x9L6i9MKN/OGwFyv41ESuoMJCsYzAG3RFt2GfxbVv2avm8ijV/4qmQsAYkM0ngb7gF/AUwg1JWdYE2csxYvNMisBDJ946FTnhuDJpmRypiNjYcXM638pyuoWUhI3ZAxnMCKPy0IBnu7hgO51zFMkW+MJKQBks6peWiQPnxehVv9hZ3Syz+OqESGaIinuyShgdAckGIzyQ8+yW4UmsZ9+5hgnAPCYBTtAbGkCjbQHCfogO934hY93F+dsNr/OoWTQrbp6+crgeh7mhn02vGxDS9EIUFhfHEa8xezNJVSKcb3F9FtdpickPoa9JtDh67Xjt9xSnUSyqG5jOLAj6A/ZikbUoZlHGOyasSnHngdKcy5mHohEbkQGKURTXQluGMbx6P8WNR408NyGRcvw+pOJYcYpTr4h8dKOFosGwY+/MeRiucUYKwlXVKxA9tpHvemKtCdoBoMKZX3JYTdz/UxLRT0968t2H/N22ftsOf5asXoCZETP0RUpO6qywcLNRL+4pzmgL7aRdJ44rma+EFFrzsHhlX996Vc0wJJ29fzRaPvWEKP8wRLlDPnHfz3/TH9AgsHfCJJBke+GaC4UNyPC1ACCqRczDSGwanwI+vhVWsgNPW8bOraedQlFlsPuZWdizTHnvUwGRZBSU1rXPQ+gcXcGLgrpg0VU2/tuO1FswvPVq5X/QoOk05EQvE93VgN785OK0wsCycbH9V+KgLLBRAh18aRGlqqRrjRj41cf20ArTqZ2jCMAXJBiZ96RFdforxXfU/rYS5cYzrALnpHoCgzmgeMpb2jmTE/W2zgXtC+IX5WhzNkFRhquf1d9HVSo1E7HdJmTcc57bREv8CdmreopSf4Or4uhSe6IL3Wi9DSDjPZFfRzDgwgsThQYCZtWy7c8VpGxKtsbxf75awEk0Ca7a1xmh6r44oHf1alxgdeeflZH9xvn3EqC+5409g6lRRiuBjafw8J4/9ZqvrZjQiV90jOxazbGZXmVz1kT3XdOgjb9Y3c+xUf/6Am66pr/Bb+MgQo3T5V5DM3drp3Q2LwCfubvlA8X3Zsg3r2E2n4tLq+BWqnOdMkwhLFW5zD9jekWfeRnRWdZtlaoGEFIu7Rvue0K1tUKFTreMbaCwsMVnJ1SvNxy5La/L46+Yj3AhJuP1xU8vKB2tr9oO0XtljLLaKxA8Uo6PDLXBVhvJzcRE43SmdKoAfQhtkAqUm/BBASBPbZsnWqgvMD2J/Rm9rrzHpQpxyziXyl/tE7Meq8QySMADhcCbIB82ZPp27CfMmEenXbVThTEqFQKVebyRcqVPM9toO38Wq4R1wByijDyH1TzXLsqyGkW0HFs8fbEBUp9hx4XpHIfDhVSSL+FQ0PCw0pyf2cK+AyZT5h2ZCKsZo494cA93RfNpoy6E8AoO4yPqrnDiS4/IgwmFOAq0QrxSMmnexoTwwTkTkNkovwbUR6LiQdd8ZHrGywWcLxaVLR5rkDHroQTrp5K+iYEJpB2tEae5Y6KQKil6qukTFDj/gM7zQKPP1ZddLpxsXKI5SgcchS03qin2ymaassQ6OneF5xqPwlQ4DfX9QMyJfW+/pdfoGADXbzHVUHkqiZ2fWsHgg5IEraiH6nFH9cT0cSClWut/5StEusb9em4Ze67B9fkrwjZ+eY
X-MS-Exchange-AntiSpam-MessageData-1: qXlfDJ+UZkgKNok1aLmBrFoTce3M988u4ZmFRj9VOqYolB/K82B1oOYe
X-MS-Exchange-CrossTenant-Network-Message-Id: b0277357-3cf8-4d72-1bba-08da2b76c476
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 May 2022 13:30:33.0587 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: MwjPaiqeTrEWA4FCTgORbeju2DLRuzrE+fJc8w0cpqQGMu5KRjZxALQ4W1dN+MGQGe/9iWlqi5YTgE2GavEaRRNRbEfdMkULOHgGJXSyzBs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRYP281MB0390
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/B_yP5WqBERBMlVJJB7bEp9h7bZQ>
Subject: Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 May 2022 13:30:56 -0000

Hi Laurence,

I am a bit perplexed by your interpretation. This is the very first 
sentence in the entire document (the abstract):

> This specification defines a profile of the Entity Attestation Token (EAT) for use in special System-on-Chip (SoC) designs that are generated automatically utilizing a methodology currently developed in a DARPA funded project.

How much more up front could it be? ;-)

Please do not forget that this is a -00, that the text is therefore not 
intended to be complete or even consistent, and that the "how to profile 
an EAT" exactly is an open one up to today. The notion of how AISS 
tokens profile EAT could benefit from its own section, though.

Viele Grüße,

Henk

On 30.04.22 02:39, Laurence Lundblade wrote:
> My read of this doc is that it is a definition of token format like an EAT, that borrows some claims from EAT, but is not an EAT.
> 
> If it was an EAT, or a profile of an EAT, it would say so up front explicitly.
> 
> Since it’s not an EAT, you can’t rely on what’s generally defined in EAT. For example, you’ll have to write your own security considerations, say if/how additional claims are registered, say what the relationship to CWT is and such.
> 
> LL
> 
> 
> 
>> On Apr 29, 2022, at 1:37 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>>
>> Hi authors,
>>
>> considering this is a -00 it was a quick an comprehensive read. I am aware that in this state the document is basically a list of Claim definitions and corresponding CDDL.
>>
>> A few questions and comments:
>>
>> 1.) It seems that an AISS is Evidence as it is consumed by a Verifier and reference values and policies are used to appraise it:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-7
>>
>> As "Verification" is a bit of an ambiguous term nowadays, I'd recommend to rename Section 7 to "AISS Token Appraisal". Also, I would clearly state that an AISS token is Evidence early on.
>>
>> 2.) The colloquial term "verification service" is used in:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.3
>>
>> which currently only implies that that is a Verifier conducting AISS token Evidence appraisal, I think. Just defining what a verification service is (see 1.) would help as there are other colloquial terms that mean the same thing, such as attestation service (which also are ambiguous).
>>
>> 3.) Are the reports mentioned in:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.4
>>
>> self-assertions or Evidence or something else? Are they produced by a RoT or a higher Attesting Environment? Are these states Claims that can be collected from Target Environments that are "the silicon" or are they derived in a different manner?
>>
>> 4.) I am wondering which Attesting Environment is supposed to produce the AISS token Evidence. In your definition of a RoT (Which I'll come to in the next item) it is highlighted that a boot loader can be a RoT, which would imply in that example that the bootloader is the first Attesting Environment in layered attestation.
>>
>> Is the first Attesting Environment always the producer of an AISS token or can later Attesting Environment also do that? I am asking because, if you look at the scenario from a certain angle, it seems as if the Attestation Environment (bootloader) would collect claims from Target Environments that would be the parts of the Silicon. Is that correct?
>>
>> 5.) What's the intended output of an AISS token appraisal? Theft and Overouse seem to be two characteristics as stated in:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.6
>>
>> Are there others? I assume that determining certain Attestation Results is the whole point of producing AISS tokens in the first place. Defining those categories of outcomes seem to be in-scope?
>>
>> 6.) In March Kathleen advised the RATS WG to include an explicit definition of Root of Trust in the RATS architecture. AFAIK, that is that only remaining open issue with the document. Maybe we can collaborate on that definition as you started one here and I don't think it's an awful definition? :o) That would be cool and hopefully move the RATS architecture, which seems to be stuck for quite a while now and that issue might have been the reason.
>>
>> 7.) I like how most of your Claims used/defined are matching the layout of CoRIM :-) (obviously) and thanks for naming it AISS and not AISST and therefore avoid calling them AISST tokens later :-)
>>
>> Viele Grüße,
>>
>> Henk
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email