IETF Logo Mail Archive

Re: [Rats] What's to EAT? - terminology clarification

Laurence Lundblade <lgl@island-resort.com> Wed, 13 November 2019 17:49 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD70120841 for <rats@ietfa.amsl.com>; Wed, 13 Nov 2019 09:49:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qCSQJPGmnRDb for <rats@ietfa.amsl.com>; Wed, 13 Nov 2019 09:49:07 -0800 (PST)
Received: from p3plsmtpa08-06.prod.phx3.secureserver.net (p3plsmtpa08-06.prod.phx3.secureserver.net [173.201.193.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9739E120836 for <rats@ietf.org>; Wed, 13 Nov 2019 09:49:07 -0800 (PST)
Received: from [10.141.0.146] ([45.56.150.139]) by :SMTPAUTH: with ESMTPA id UwlOiAxeOksi3UwlOiC2lU; Wed, 13 Nov 2019 10:49:06 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <B555FC8E-FF3B-468A-B3DF-9F10DD6FBBF6@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F4CA8A0E-6746-4F02-9A51-B1AD859041DC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Wed, 13 Nov 2019 09:49:05 -0800
In-Reply-To: <20191113071244.onqdgo2roqt7efb6@anna.jacobs.jacobs-university.de>
Cc: "Salz, Rich" <rsalz@akamai.com>, "rats@ietf.org" <rats@ietf.org>
To: "\"Schönwälder, Jürgen\"" <J.Schoenwaelder@jacobs-university.de>
References: <229E0A72-4B44-4C9A-AD0A-142A13020C9A@intel.com> <MWHPR21MB0784058F591C52EEB31E0736A3770@MWHPR21MB0784.namprd21.prod.outlook.com> <4F586E15-9CF7-4824-87F2-8E2C20D1AF1D@intel.com> <MWHPR21MB078439E9EB07E3BB72E15137A3760@MWHPR21MB0784.namprd21.prod.outlook.com> <71173EC8-A167-47B9-B0F1-05759D59890B@akamai.com> <20191113071244.onqdgo2roqt7efb6@anna.jacobs.jacobs-university.de>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfLuuNaSpR0W5y6BrnlnznOW07NDiRC2OQE7v7ZosFQmrfSbkSUdJbmDh1rFz8tscnMsmPqcBw9FjTpEo1YLTZ6rj6aQDEdUQ5MyqdshVpQg9G+Rhx8KN nK1tgOmEIbtnFvYPMRYDtfHHBjXBMuwwoCoQnzECZU0D/ihS5sRo2HGnDmJrnIPJuH9LxNpoVWJeGFNDFkOLBmjPW3AUtJYb8J6ITIg2rflHvhgQ2Gnfc6hq fCFEm+uZYi/RmtkDWu6ICg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/E5Po0gHYChbNpCl1tqLDatTGPMs>
Subject: Re: [Rats] What's to EAT? - terminology clarification
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 17:49:11 -0000

> On Nov 12, 2019, at 11:12 PM, Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> wrote:
> 
> Concerning IMs and DMs, here is the (extended) RFC 3444 view that
> is commonly used by some parts of the IETF:
> 
>                 IM               --> conceptual/abstract model
>                 |                    for designers and operators
>      +----------+---------+
>      |          |         |
>      DM         DM        DM     --> concrete/detailed model
>      |          |         |          for implementors
>   +--+--+   +--+--+--+    |
>   |     |   |  |  |  |    |
>   EN    EN  EN EN EN EN   EN     --> encodings / representation formats
>                                      for instance data

In the EAT draft, the EAT claims information model is in the largely textual description of each claim.

In the EAT draft there is just one EAT claims data model. It is the CDDL in the EAT draft.

Currently there are two claims encodings, CBOR and JSON. Thanks to CDDL, we get from data model to encoding in a largely mechanical way and there is little text needed.


                IM: Text
                |
                +
                |
                DM: CDDL
                |
            +---+--+
            |      |
           CBOR   JSON


I think this is a good, simple and effective way to proceed.

(There are a few things wrong with the way this is written up in the current EAT draft that need to be fixed:
- The encodings are mis labeled as the data model
- I’m not sure the CDDL is correct)

Maybe one more encoding for X.509/ASN.1/DER is added to cover Dave’s use case. Hopefully it could be by saying how to encode the needed subset of CDDL into ASN.1/DER. Android Keystore also uses X.509 for attestations, so this might add motivation. To keep effort down, CDDL->ASN.1 should just be for EAT and a CDDL subset.

I do not think we should try to bring YANG in here. So there is no YANG expression of EAT claims. (I did see Eric’s GPS use case, but don’t think it is mainstream enough to motivate the complexity and large effort to bring YANG into play here).

This email is just about the “EAT claims information model”. There can be other separate information models for other parts of RATS. I don’t think there should be one global RATS information model that spans all the documents.

The gap of sorts here is IANA registered claims, the existing ones and new ones. There’s no requirement to provide an information model or CDDL when you register new claims with IANA or even coordinate between JWT and CWT.

LL

v2.23.0 | Report a Bug | By Email