Re: [Rats] challenges of building dependant specifications against Internet-Drafts -- a way forward for EAT

Laurence Lundblade <> Mon, 30 November 2020 20:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9DF583A0EF3 for <>; Mon, 30 Nov 2020 12:37:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.916
X-Spam-Status: No, score=-1.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5kJCShQqwQt6 for <>; Mon, 30 Nov 2020 12:37:36 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DB0153A0ABA for <>; Mon, 30 Nov 2020 12:37:36 -0800 (PST)
Received: from [] ([]) by :SMTPAUTH: with ESMTPA id jpvTkB6HBCLVcjpvTkHuw3; Mon, 30 Nov 2020 13:37:35 -0700
X-CMAE-Analysis: v=2.4 cv=Uommi88B c=1 sm=1 tr=0 ts=5fc5580f a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=48vgC7mUAAAA:8 a=l70xHGcnAAAA:8 a=AUd_NHdVAAAA:8 a=JcFfwebTzBqiloLDS9EA:9 a=QEXdDO2ut3YA:10 a=-RoEEKskQ1sA:10 a=a2qO0JUW4XsB4Nhr:21 a=_W_S_7VecoQA:10 a=w1C3t2QeGrPiZgrLijVG:22 a=JtN_ecm89k2WOvw5-HMO:22
From: Laurence Lundblade <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3F61D083-4CFE-4261-9D32-9E0A8EB36326"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Mon, 30 Nov 2020 12:37:34 -0800
In-Reply-To: <3849.1606759884@localhost>
Cc: "Eric Voit (evoit)" <>, Hannes Tschofenig <>, Giri Mandyam <>, "" <>
To: Michael Richardson <>
References: <24519.1606681083@localhost> <> <> <> <3849.1606759884@localhost>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfJEIJfrQoa5I1XCeTvlKyTsNCtfcF6nklRcccXujwZFNAd32M5WS5xe4OYqp16gUAhIDbThMAawu4pQfmGvMEoxw/aR8xMfKSWEcjmfKDlrQLA5AuG6z DIDY292X9koa6s0UtzZ9MghBbYmNWOHF+fL2exkxQCSxGaWLlhmhdzz1F4xR/TNuKl55PKc/WdnAO61BzQT9dYN05PJdQGQdGH/xM6g0/lXucdhHvxPvlOK9 LqgsUGP/i1qhhaStxzRY4iKUEvFFeFtHILlFGsx4Eq+3Wb7c/kdF4R8NqLeIAlnKkAnizOt24qrsrIWOc1zMSQ==
Archived-At: <>
Subject: Re: [Rats] challenges of building dependant specifications against Internet-Drafts -- a way forward for EAT
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Nov 2020 20:37:39 -0000

The trouble is that I think many claims should be in the Standards Action range (-255 to 255).  For example, nonce, ueid, submods section, location, CoSWID and probably a few others should be in the standard space. If I were IANA I would hesitate to register these in the Standards Action range until the EAT document is further along. 

It also seems poor practice to unilaterally pre-assign Standards Action range claims in an EAT draft and then use them in a bunch of implementations. Those numbers could be assigned to some one else before EAT is an RFC.

Here’s one proposal:

We put claim numbers in the EAT document from the private space CWT space (less than -65536). These can be the same as in my in-progress EAT implementation here. Hopefully other implementations do the same. Also, the same as the claims in the ARM PSA token draft <> where they overlap.

When the EAT draft is standardized, new Standards Action range numbers will get assigned. Implementations can either continue using the old private space CWT numbers or they can move to the new numbers. It is pretty easy for a receiver of a token to accept both the old and new numbers. It is just one extra if statement or case in a case statement. The sender of a token can stick to the old private ones for a long time, until the receivers they care about support the new ones. There is some motivation to move to the new ones because of the size reduction.

Another proposal:

Register them in the Specification Required space (255 to 65535) once and for all. That will result in 3-byte map labels rather than 1-byte map labels, but there’s no transition.

Finally, a third proposal:

Maybe we can convince IANA to pre-register a small clear set in the standard space? Perhaps just nonce and UEID.


> On Nov 30, 2020, at 10:11 AM, Michael Richardson <> wrote:
> Eric Voit (evoit) <> wrote:
>> Yes, we agreed to use the CWT registry.
> I didn't feel that this decision was very strong, and I thought that we went
> back and forth at least twice on this, with various kinds of sub-registries
> proposed.
>> I also recall using YANG objects and a potential definition and range
>> source for any new claims that people wanted to add.  (I.e., if it
>> exists, let's use it.  And then we don't have to worry about
>> cross-domain mapping.)   My reading of Michael's email is that this was
>> the purpose of the table included in the bottom of this thread.
> As I understood Giri's issue, he didn't think he could register production
> values into the EAT registry until the document was finished.  That's what I
> got from watching the video.
> If we are using the CWT registry, then he can just go ahead, as the registry
> already exists, and at least some of it is FCFS.
> If we are not, then my text was an example of what a different WG did to deal
> with early adopters.
> --
> Michael Richardson <>   . o O ( IPv6 IøT consulting )
>           Sandelman Software Works Inc, Ottawa and Worldwide
> _______________________________________________
> RATS mailing list