Re: [Rats] Call for adoption (after draft rename) for Yang module draft

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Mon, 11 November 2019 21:32 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 001ED12006D for <rats@ietfa.amsl.com>; Mon, 11 Nov 2019 13:32:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGO1gOvvh54G for <rats@ietfa.amsl.com>; Mon, 11 Nov 2019 13:32:53 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40080.outbound.protection.outlook.com [40.107.4.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6CA8120018 for <rats@ietf.org>; Mon, 11 Nov 2019 13:32:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C50odqYhZa3Cct5qFtclrUr7m6g6eat9lHChoPI9hgVnvL5x+zz1Yx6MN3kDa3sphCKFjMuXgBpResZj+fyxnfqirS9YlRBX5aGfSWJmQLS/CqlgiJEMy071ygearm9cNOcTwoYwOO8Mkxy8ZbDCbQskDb8ZwJaKpefF7C+297d0fVYtMSxGbiQRjJK9uy9KqQclOBKi2dCgfzC/jotNVb14FolzzTAPyV+xh+vYF1k6ftdOJJXQe5M82oQIvewaz7I7WAExccHLbL9gjVGqubQODKPtw04PqDS0UTee4ea/d46Smt6dYPKzqIcnNdnaRaP+yRd4CSvs3YgD8Pj9RA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K1bSsmgm8OBHKASHtNIvo4zKqePIJ/eyVh9RNlmk9WQ=; b=fUbRK5pqxKEU83ByTwMBAgPkpGJad/RY40c1qK3ojYR2ipOBPK82mRF3sBWALV5YH/fyFCaMPteP9BQY4yNtCe/O/Cte7vQ8fS/lCLxGxQfAl3Rd0/q98iMUOFhQLPxDPuhYEA0fHL2YO+Asfy+t7CRrscNNC/+JCC1Dwgg1J5aFAod5g7H3ZwEAnO8O81CL4TDpDQsHT/tBKyVOu7+vVgj7/0gYgxnxLeHO78f5mU/Y/D5QT5X99UAhrZZU4nKADzziZ1LBphnkiuuww6T9l6409Gtlu1lhB2rIvYhhTMaAxMBOnbkoPdlap0KUHtxJtqwXF2xt1WPtycWTSY2Fyg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K1bSsmgm8OBHKASHtNIvo4zKqePIJ/eyVh9RNlmk9WQ=; b=GJFi4iZJZ76/Nc00QhN9IA0jWoWEuFLeQ91O+NARKWNKvGO04nz89DKywHHlaULcg9kyGL8MVv3lVK6OWKgDABTBN+ZGKw2mbYrNbr7Hn+LNZyPs/l4NsR0FOARk8ioAY27Wsz0YSWyb4Xli9rFTJKn4xMNeZ9OT3OzUwL+ZBjI=
Received: from AM5P190MB0482.EURP190.PROD.OUTLOOK.COM (10.161.65.11) by AM5P190MB0404.EURP190.PROD.OUTLOOK.COM (10.161.89.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.22; Mon, 11 Nov 2019 21:32:50 +0000
Received: from AM5P190MB0482.EURP190.PROD.OUTLOOK.COM ([fe80::6c6c:2cd2:11dd:2aff]) by AM5P190MB0482.EURP190.PROD.OUTLOOK.COM ([fe80::6c6c:2cd2:11dd:2aff%5]) with mapi id 15.20.2430.027; Mon, 11 Nov 2019 21:32:50 +0000
From: =?utf-8?B?U2Now7Zud8OkbGRlciwgSsO8cmdlbg==?= <J.Schoenwaelder@jacobs-university.de>
To: "Smith, Ned" <ned.smith@intel.com>
CC: Laurence Lundblade <lgl@island-resort.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for adoption (after draft rename) for Yang module draft
Thread-Index: AQHVlCwI8/lytau3hU+AhCwtIdg/0ad/EtmAgAAHhgCAAAO0AIAGacyAgAAGuoCAAG6gAIAA8mEAgAABTID//5RNgIAAAZaA
Date: Mon, 11 Nov 2019 21:32:50 +0000
Message-ID: <20191111213249.4p7z2ovkvqy2u5go@anna.jacobs.jacobs-university.de>
References: <8B173958-FC2A-4D1D-A81C-F324AB632CD7@cisco.com> <147F9159-6055-4E55-ABDC-43DFE3498BF1@island-resort.com> <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <ba12a686-1b34-21a3-388c-bbe01c01a408@sandelman.ca> <4A83CDF5-D29F-4279-8B03-E9D23299EB53@island-resort.com> <0C6940B0-E93F-4274-9D00-DEC4119B8F69@island-resort.com> <3310947D-EA31-4107-8FF0-B917A027C955@intel.com>
In-Reply-To: <3310947D-EA31-4107-8FF0-B917A027C955@intel.com>
Reply-To: =?utf-8?B?U2Now7Zud8OkbGRlciwgSsO8cmdlbg==?= <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR01CA0057.eurprd01.prod.exchangelabs.com (2603:10a6:208:e6::34) To AM5P190MB0482.EURP190.PROD.OUTLOOK.COM (2603:10a6:206:1d::11)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 38f51a2c-4155-433c-2c2d-08d766eeb3d0
x-ms-traffictypediagnostic: AM5P190MB0404:
x-ms-exchange-purlcount: 2
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM5P190MB0404D03E17EC5E828CA45B22DE740@AM5P190MB0404.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 0218A015FA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39850400004)(136003)(376002)(346002)(396003)(189003)(199004)(85182001)(81156014)(478600001)(305945005)(7736002)(229853002)(81166006)(786003)(316002)(6486002)(85202003)(14454004)(8676002)(966005)(1076003)(3450700001)(2906002)(43066004)(6116002)(5660300002)(54906003)(99286004)(25786009)(86362001)(8936002)(476003)(66556008)(446003)(4326008)(6916009)(6436002)(53546011)(386003)(6506007)(6512007)(6306002)(71190400001)(71200400001)(186003)(76176011)(46003)(102836004)(66946007)(66476007)(52116002)(66446008)(6246003)(486006)(11346002)(256004)(64756008)(777600001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P190MB0404; H:AM5P190MB0482.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QY4ZmX83S1pk3S00R52DfniikVjsXc29ZKwHHPFQHmn7rRHT0gvUPGmafuyiiWj7oBgA8W9bnjED3oob4TePUV+7ecgCut1EDAjr3wuOlqHpKG9nkt/wYNzINluzFN5Um4Dm2uh7elUmOp7RPiuj5SAh0vIEztZFx+kpuaZh13grIrAoF4dPFawgQaq2YclCtVtg0PoSI343PB75gOGl/vrfA8Pw07hfdkavnL8kFeFJxFTQGiV1ZPz7C/PDFKIAOsf8aVUz6GFtLECDk1KRyxa7kmMLG5NayfBGjPSix7kNES2G0PRo+RMUT3JgoX4eO0lmJnt+MdrMmgQS+0z4ApdmTLkA8NmbN8mMpoAdkeOHb6kEGN/jAEHF4v/G3aUW6zWCqEbLcU7C/BHBw6jPsZzIyyG3vCNNgsFFUBTqwQf8NwO7Rngjk6xQmpB54OZBFKQqy7ccqms7E/SRpHSeY+Al4327xbaJ8FMhu8j71Xg=
Content-Type: text/plain; charset="utf-8"
Content-ID: <C2421F0A916DBB4D91D583934E942844@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 38f51a2c-4155-433c-2c2d-08d766eeb3d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Nov 2019 21:32:50.2920 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: S5S+f0Yy2NB4KeBm0zOor2tB8YxkNpHkXozhHcS/7jKXV2qyi3SFyVqsC4f5tl7K2fLrpXfc2red7zfivalyBrJx6FLL0co8VxRV8Ws13vE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0404
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/C3SyFS7jMYICELFhXKqgVzX1JDI>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2019 21:32:56 -0000

Hi,

we commonly call YANG a data modeling language and not an information
modeling language. Can someone explain why you want to use YANG?

/js

On Mon, Nov 11, 2019 at 09:27:09PM +0000, Smith, Ned wrote:
> You’re saying YANG fills a gap that is similar to what OpenAPI/RAML fills?
> 
> It could be doing more than this as well, such as defining claims (as was suggested in a previous email by I think Michael). If RATS determined that the way to specify a Claim in the information model was via CDDL (only) and there is a YANG expression of it, then that implies a CDDL to YANG mapping is required. (Is that reasonable?).
> 
> Or RATS says that it is reasonable to use either/both CDDL and YANG for Claims expressions. This suggests there are CDDL and YANG mappings to whatever are the target DMLs (JOSE, COSE, DER, something else?). Does YANG support DML mappings to JOSE, COSE and DER or just to YANG? Does CDDL support mappings to DER and YANG (something else)?
> 
> Ideally CDDL can be mapped to other information modelling languages (e.g. YANG) so that only one normative expression needs to be canonized. However, that implies extra work on behalf of the YANG drafts to come up with the CDDL equivalent. Maybe that is unnecessary extra work for consistency sake? That would force the conversations around whether ‘time’ and ‘ticks’ are the same information model expression (for example).
> 
> -Ned
> 
> On 11/11/19, 11:52 AM, "RATS on behalf of Laurence Lundblade" <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org> on behalf of lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:
> 
> One more note on this. It seems wrong-headed to try express claims in YANG. To do that we’d need to invent a YANG signing standard (YOSE?). Seems like YANG should be thought of as RPC / conveyance / transport here, not as a way to format a signed attestation token.
> 
> LL
> 
> 
> 
> On Nov 11, 2019, at 11:47 AM, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:
> 
> On Nov 10, 2019, at 9:20 PM, Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>> wrote:
> 
> 
> I think the value add to the larger RATS effort of adding EAT support
> to this YANG protocol is really high. It a core thing to do that helps
> bring together the two attestation worlds and make the TPM and EAT
> work here less like ships in the night.
> 
> Can you explain what it would mean to add EAT support for a YANG module?
> 
> The EAT is an opaque chunk of data in YANG. I’m not a YANG expert, but maybe like this:
> 
> Server                               Device
> GetAttestationTypes —>
>                                 <- TYPE_TPM, TYPE_CWT /* bit flags */
> 
> GetAttestation(TYPE_CWT , nonce) —>
>                                 <— CWT Token /* a full signed token */
> 
> I assume YANG can carry opaque binary data of moderate size.
> 
> The yang module information model would have an element for a nonce and for an opaque EAT. It would not describe any internals of the EAT. The information model for the EAT is separate in the EAT document.
> 
> LL
> 
> 
> 
> 

> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>