Re: [Rats] [EXTERNAL] Re: EAT IANA registry
Benjamin Kaduk <kaduk@mit.edu> Wed, 27 November 2019 03:19 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B54361200F7 for <rats@ietfa.amsl.com>; Tue, 26 Nov 2019 19:19:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6jo0t8hPg_Aj for <rats@ietfa.amsl.com>; Tue, 26 Nov 2019 19:19:20 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA33C12091D for <rats@ietf.org>; Tue, 26 Nov 2019 19:19:19 -0800 (PST)
Received: from mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id xAR3JA73028901 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Nov 2019 22:19:13 -0500
Date: Tue, 26 Nov 2019 19:19:10 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>
Cc: Laurence Lundblade <lgl@island-resort.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Message-ID: <20191127031910.GF32847@mit.edu>
References: <D2CF9D31-057E-4B47-A3D0-08BBBF997F47@gmail.com> <VI1PR08MB53605A2A2E61E6EAE2609FECFA490@VI1PR08MB5360.eurprd08.prod.outlook.com> <09C4F36B-C9CE-44DF-9DF8-F3365A7E3053@gmail.com> <53C13986-A523-4349-BDC3-F8ACC2BCFD29@island-resort.com> <DM6PR00MB05697456BC04AC34B156850DF54B0@DM6PR00MB0569.namprd00.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <DM6PR00MB05697456BC04AC34B156850DF54B0@DM6PR00MB0569.namprd00.prod.outlook.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/E7KZ73brAaBbIx-erjGHm7CJk-U>
Subject: Re: [Rats] [EXTERNAL] Re: EAT IANA registry
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 03:19:21 -0000
On Sun, Nov 24, 2019 at 10:14:30PM +0000, Mike Jones wrote: > EAT should use the IANA JSON Web Token (JWT) Claims registry for JWT claims and the IANA CBOR Web Token (CWT) Claims registry for CWT claims. It’s intended that claims from different use cases inhabit the same registry, to facilitate claim reuse across use cases, where appropriate. If they aren’t reused, no harm is done. > > It would be far more confusing to developers to create duplicate, EAT-specific registries. I think the concern here is basically analogous to the difficulty we had with draft-ietf-oauth-jwsreq, where the protocol mechanics forced us to treat various field identifiers as both OAuth Parmeters and JWT Claims, with potentially conflicting registries involved. Here for EAT we do not have a separate registry already and so can avoid the worst of the conflicts, but I'm not sure that "avoiding duplicates" would apply to a proposal that makes a single JWT/CWT claim for "EAT data" and puts the attestation claims in a map as the value for that "EAT data" claim. What existing JWT/CWT claims would duplicate the potential contents of the EAT data fields? -Ben
- [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Hannes Tschofenig
- Re: [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Laurence Lundblade
- Re: [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Benjamin Kaduk
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Kathleen Moriarty
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Yaron Sheffer
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Yaron Sheffer
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Jeremy O'Donoghue