Re: [Rats] Time stamps in tokens
Thomas Fossati <Thomas.Fossati@arm.com> Tue, 10 March 2020 21:55 UTC
Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73FF13A0E6E for <rats@ietfa.amsl.com>; Tue, 10 Mar 2020 14:55:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=ikjM6dTL; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=ikjM6dTL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5gHP-QiQ8-X for <rats@ietfa.amsl.com>; Tue, 10 Mar 2020 14:55:46 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20627.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::627]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 269843A0EA2 for <rats@ietf.org>; Tue, 10 Mar 2020 14:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cN/WsyoBKIROOFNLqXbdcx4jvRmD3wgeU9G9W5x9dRw=; b=ikjM6dTLP5RxjDEAgjLlrQsTZiiYQRGQmvTq5rHseMIu65sOW3lSMLRL5UFA2I5EysuS+ZgDKPr0eMQJnQHU9PwKNmMhO/d2mwOGF5AnGk3s4x5ZJccUx0b08ut6Bpbfhl3ONs4UKJmys0q+ZCyniuy8HsvV8ySswSxrDUolsME=
Received: from DB8PR06CA0059.eurprd06.prod.outlook.com (2603:10a6:10:120::33) by DBBPR08MB4251.eurprd08.prod.outlook.com (2603:10a6:10:d1::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Tue, 10 Mar 2020 21:55:42 +0000
Received: from DB5EUR03FT050.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:120:cafe::be) by DB8PR06CA0059.outlook.office365.com (2603:10a6:10:120::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.16 via Frontend Transport; Tue, 10 Mar 2020 21:55:42 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT050.mail.protection.outlook.com (10.152.21.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Tue, 10 Mar 2020 21:55:42 +0000
Received: ("Tessian outbound 1f9bda537fdc:v42"); Tue, 10 Mar 2020 21:55:41 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: c21fd1fc90e688ae
X-CR-MTA-TID: 64aa7808
Received: from 2a3345d8d043.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 239977C0-59E9-40C6-81B7-3B5FBD189FCA.1; Tue, 10 Mar 2020 21:55:35 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 2a3345d8d043.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 10 Mar 2020 21:55:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D0Mi6j4J7x1W9W6OGFIkotCz7rrCEk6zLbal/lyg1H0dH3pe5HArCIJARJiUYAY+awOEcXUOzRVVRLPTDCSU1T0KwCFQAqho53gmxtyKQ+WMG0ixaT3lzyODSVPgD+ZOScVL6k0Z0/j9Aaiux+7f49csKdR44fookiT6cokwAYSXMzxTpcp4IIRfOIwKCvdVRDJeBmFbUi8udiDG4YQaCqgOT9PlcIW6iwjZAPOgjKCgY/TGHOMlgI1jxANBFKAwGRXWwTTM6ESsFoW7R3D3KG5vcLP2AtXbFoJMtqAPOpzDEQQW7Fky7HP9p6R/5zbB4QrNSAKJvA3gkS0W8AxPHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=cN/WsyoBKIROOFNLqXbdcx4jvRmD3wgeU9G9W5x9dRw=; b=lyoYqvEytXLsueOPp+V8fQAA2pUFNDLUFJUovm75kM7M/iaBENowoRUbidc8bmwxv5s+l0YUQ8SVi3u1g5y/PvBeWzoL7y0VWES/A7N6ww6tJH+9Jfwd9ENVVCg9F3uXl6T2RfCtv4sBoXmJ783aEOA0vZd20yoF8YPknA43TeIoLZUahIQQwr0ovSPvpuaLEDp0iyAxjURX1doRlzCh5BWlNZZwgXQ3IFNnNQKLPRLi5dBt06wAQYeJYTGFphvrYrDDJ9nInk3qN+u6dm4MBGUyxoONUmaAZCog4Pp8Yzkdd4qZEdBxwhzoX8knjd2cK/hUiVWkrJjIYftHV+liFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cN/WsyoBKIROOFNLqXbdcx4jvRmD3wgeU9G9W5x9dRw=; b=ikjM6dTLP5RxjDEAgjLlrQsTZiiYQRGQmvTq5rHseMIu65sOW3lSMLRL5UFA2I5EysuS+ZgDKPr0eMQJnQHU9PwKNmMhO/d2mwOGF5AnGk3s4x5ZJccUx0b08ut6Bpbfhl3ONs4UKJmys0q+ZCyniuy8HsvV8ySswSxrDUolsME=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB3205.eurprd08.prod.outlook.com (52.135.166.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Tue, 10 Mar 2020 21:55:34 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f%7]) with mapi id 15.20.2793.013; Tue, 10 Mar 2020 21:55:34 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
CC: Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Rats] Time stamps in tokens
Thread-Index: AQHV9xpDXsHPLooJUkOT+4lwaitqGqhCXwsA
Date: Tue, 10 Mar 2020 21:55:34 +0000
Message-ID: <1E8076A5-8C68-410B-9A7C-E153D351D9C7@arm.com>
References: <C54683D0-C66E-4479-897D-DD9BCF4EC69D@island-resort.com>
In-Reply-To: <C54683D0-C66E-4479-897D-DD9BCF4EC69D@island-resort.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 94f6253c-ae11-485f-0edc-08d7c53dc72f
X-MS-TrafficTypeDiagnostic: AM6PR08MB3205:|AM6PR08MB3205:|DBBPR08MB4251:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DBBPR08MB4251A531BF4A15585A2D2E769CFF0@DBBPR08MB4251.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000;
x-forefront-prvs: 033857D0BD
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(366004)(39860400002)(136003)(396003)(189003)(199004)(26005)(4326008)(110136005)(186003)(4744005)(6512007)(5660300002)(71200400001)(478600001)(33656002)(6486002)(36756003)(81166006)(8676002)(81156014)(64756008)(66446008)(66476007)(6506007)(76116006)(66946007)(8936002)(91956017)(53546011)(316002)(2906002)(86362001)(2616005)(66556008); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3205; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: QKg8t+hrTXjplZ8sjLxBepK+OWRB81lxLNS4yFWn+t9GeTZix+1poAQntGZig/ILJkPQRZREhhMztOBKVMW0JprkwC+7dvxAoln5j8uqQPELCy09dGA+VtTq5TE7EiW9Eg7c3khUQL0L2sBypHBvV6uMYpVgKtkdCvcVc+WENuzdV52q/W+9WLjBxsHD+y97qAy1gqLvj6Wp/KiG7Tp8DGyXIkYXc5qQymNfiTqObe5haXMbB3bpL6+ADrPXq7OiVRGuO2wAgi8fTsLhAFYL1nD0iSXMYVyYkixjfWO3TSrlEUPeo8/vDPeT0s0skmLpVSPbDMs0yu43EmZHM8ilkvNgHFjMVIKr2GodxmIIygvHjsOZK+vNV8em2dIWE20WBleqY7W4GoGnI5srPC4iP6g53ykUqkd8wNQsCnvt18MihvoGiKNivNhhicCAmwxX
x-ms-exchange-antispam-messagedata: zE4rwP8sVnH/UxTgNbvu452TlPllZxeiZ7KxcAnsf8QKxj+JjOEMVUyZsPif15aGwA3iGBvbtXe8zRbzgYNN7CERRGK12xJ+6SK93TZfx1dGlV93aIqeznIWIe9aKnyp7JDgw3pf2Zy3j3wxDhf1Sw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <47AAC5698119F94EA60DAB030953A6FC@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3205
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT050.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(396003)(136003)(346002)(199004)(189003)(86362001)(4744005)(2616005)(36756003)(6486002)(81166006)(8676002)(33656002)(2906002)(8936002)(81156014)(110136005)(6512007)(478600001)(6506007)(26005)(4326008)(70206006)(316002)(356004)(186003)(336012)(5660300002)(26826003)(70586007); DIR:OUT; SFP:1101; SCL:1; SRVR:DBBPR08MB4251; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: c7b989a1-3504-4078-2fbd-08d7c53dc2db
X-Forefront-PRVS: 033857D0BD
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: CB/y3O4/Enzpoy6vLrlGLB0qBG2xgijeGqMo58OG082OoqTPbvKb1QdItTT3KAQX3CUE96fVi31VDlJ0qmyzTgndsupc9kQ/NBjT71IYir+CL9vPfLhUCKc7ICXsHtkD1ncrBKtKmGztflFKHe5izJHrQOTTP/n3c/EvR3budzAVrqwAooLYbD61bIutjXYtsekh+bWT87BMsUk0ENoq7tOuLYgJ5P9iCFT3ZiodEOq0Yah58IzV7jy51coVkJq9dMHLEdaaHCc07Dl/BxhDPLZbb1RO+PaAl82FY5fdlHI43h6OZoEXnaUhyHZq5K71aPRcL1weKLaH7btOmmBzELuwikBarZdRxwi8R4cNHBIdZnDB7O+kyp7XeRa2uTG8RB2p7970bBbaHqN6ZqWZhYUkD/JlmIH5QUI0Fn7uk5hs8ecRxNCafhevyfh5Xdyq
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2020 21:55:42.1361 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 94f6253c-ae11-485f-0edc-08d7c53dc72f
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4251
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Bba3wGReJyHo7YaylbJsg-SsJiQ>
Subject: Re: [Rats] Time stamps in tokens
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 21:55:55 -0000
Hi Laurence, On 10/03/2020, 20:27, "RATS on behalf of Laurence Lundblade" <rats-bounces@ietf.org on behalf of lgl@island-resort.com> wrote: > [SNIP] Thanks. A couple of fly-by thoughts: - I don't understand the semantics of nbf in the context of attestation. How could someone produce attestation material that is not yet valid? - Another thing that confuse me is the fact that nbf and exp are supposed to be per submodule -- which potentially creates funny situations where a token is not entirely processable because the validity ranges of some of its submodules are non-overlapping. cheers, t -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] Time stamps in tokens Laurence Lundblade
- Re: [Rats] Time stamps in tokens Thomas Fossati