IETF Logo Mail Archive

[Rats] EAT Claim Constraining (was Re: EAT Profiles)

Laurence Lundblade <lgl@island-resort.com> Fri, 16 September 2022 17:13 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C754CC1524C3 for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 10:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iAhd5wJPC3U for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 10:13:12 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2090.outbound.protection.outlook.com [40.107.94.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94722C14CF06 for <rats@ietf.org>; Fri, 16 Sep 2022 10:13:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n60r7HNWnihfhfA+eo9bJPD3OczJD0gXVtWR5SD946LyZaZ9pNvGZzRZG6OVkFDmP42vZPGAH2j+3Af2WQ26w58CHU8fspXSvQIsggFudOE33BOaiU/h0cnA2Z2/FhfmYGMkKRhKeldmrHWxnxkb0CUAHWm2u2HYaroym7Gwy6bh5pL4mdakZPJOpZ3lHNVDq5hAYOown6nLK3ItIpJ76nCVy4MqanqxhnBKDCTpjJ7/ldsziHqPB6FmHiDBDTb/MFl3UVudU4sbp/pFaUy9GK/JpStIxIWnDxRfFyQNYDORw8MHfx435CwS9gn8z8Rke5E5qKY+ZazKKyzWPMo41g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5hsklJ5X42AZ0tzvJGYYmWPdTpKuYZ9sCiAgAdmmt04=; b=fMBS5z7SckqeCemZwHWOD/8EO10s0EaWmmOaZL2CgvKbyt44syxzmMVziQp6tKd6PLAmmjdfV8B/5kJXY+AntU9jR5W0ojIdDSIG46mOzJsz4f/EsAwgKzd46Jo2ZjtxcwnxQi0EnoJZolkkeWcl8xVcOircyYuMZnzUjCzAkuySPrCqHZkFFyjFfMCD4HhEjS+AeWeIDCGc6I38ENhy9MVGA2yvcgPAa8tFZgdDx98RLwrqWoqynkFLOv8a3PpPISz6N2R+Uu0MNSdjvQpHvUm+Iwn+05Is/wY/x3qRxRFD5bBBJHGGKo44S1jzvq8zDnA/Y96MYf/KflfVWvjbTQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by MW4PR22MB3133.namprd22.prod.outlook.com (2603:10b6:303:18a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.22; Fri, 16 Sep 2022 17:13:08 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::fde6:13a5:680b:756a]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::fde6:13a5:680b:756a%5]) with mapi id 15.20.5612.022; Fri, 16 Sep 2022 17:13:08 +0000
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <651F68B0-89A5-4902-95FB-E200F709C4D8@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A84D0D6C-A33B-4C1A-B4A3-2314BEAFF77D"
Date: Fri, 16 Sep 2022 10:13:05 -0700
In-Reply-To: <DB9PR08MB6524E827E8A047CE030C53729C489@DB9PR08MB6524.eurprd08.prod.outlook.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
To: Thomas Fossati <Thomas.Fossati@arm.com>
References: <71934.1663019954@dooku> <DB9PR08MB6524C8E33A05AE90F63BAE689C469@DB9PR08MB6524.eurprd08.prod.outlook.com> <240513.1663328667@dooku> <DB9PR08MB6524E827E8A047CE030C53729C489@DB9PR08MB6524.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: BY5PR13CA0002.namprd13.prod.outlook.com (2603:10b6:a03:180::15) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|MW4PR22MB3133:EE_
X-MS-Office365-Filtering-Correlation-Id: 50ddb320-5e4b-4cfd-b8d4-08da9806b9e8
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 0z4jJ+YxqJL0IDcGAIn2zB4Tfwm8gRO1vS2ZO3LpxnI/mNDV0jTuysrIsDuBNnaGQOsVQUwBRk1WLJl5/PIPOpgrLWSmjtX6s2y+4lUPEN6MiiEFX8TQoZo6JHp30obAkR5zcl6BBHtt9mPCLLi1o9nlttT294zMdjH90qKavAQyRXMZflxDGy4JD7V71iHUb1NofDFYGOP1lP4G6aLtcJy4Zgp5BEwuGP/3KvFEg51LFiRuh8C/Y/bg/vtRz9FDAqdTy5thbqvXzs8oiNpZATrOHoFjraVKacOu42V+gtfPJYRGUqnmaXIpsaUlG7D60q1vqxjf3YBXm+gzGai7ku4eqFsyx9iCyiguIpkBZ8jYyWLqUi0CNJ3WtzFDbc/g/8dF7ffU0WwhC25/8lYRla8DWrKSJiWjSvOwrriG3/FYzkbZyj2qqS7FXRuf//OhoakZx/nNCLQFd3VNk5xkErA45dC5JW2Y8YkevjdE4Ixz1hzORXaAnfGDKsVDnnbl8pFm0bJ4ZZGpv/5wXl8KvbvVUVHPUQ8wK5UodwDa0GUbdy4777V3Z04lCgsDk4cdQj0mXpS5LGp/p6bHE2BIxJwQm47OSalO5w75lONwsq0ic1otlx6c1hhXMm+N/ZSSjNahyFSHRIFvFZvlti37wxjsjf4lxUFnsWnn3wNgDZVvCE32uXSfScwGuiFg0btnZhONnEgexxd2VvQaUq3ebhel7sSn6UH6SEDyyJltfkcR5dw18CHBMuQmMD36KdsBlzeLNMp8Nurv0goTjhzruGsggBVeickJ2zZMueYpely99/t9y8n8vAe3NmG8L3Yw
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(39830400003)(346002)(376002)(136003)(366004)(396003)(451199015)(41300700001)(478600001)(26005)(33656002)(5660300002)(66476007)(316002)(8676002)(2616005)(4326008)(36756003)(6486002)(2906002)(66556008)(83380400001)(86362001)(66946007)(6916009)(54906003)(8936002)(6666004)(38100700002)(6512007)(166002)(38350700002)(6506007)(53546011)(52116002)(33964004)(186003)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: prvFyVr3fPDXTAssj1t7PFcJbrFIAf2n4i//RQm7NnPhIodVLAAmsGucKe54pM/iR4c/KZdD9LhYDJ/cu1lg5E+1PpuYQSwEBo+QqYtD4yvxSCJE2AppUKJaQi+vjBRxJrP/5zTZnU7toJ3mLCPsEAassdZ9URyfLkyBKURxc1sMUkK0mIh/dZcqUPfNrtic5RX7aBVcWkXSh7o8tWFPVTH+G/P1ONjxRwB/bqlx5QgRZNpQRQkuuqI0o50HkDbxRO+rX/ShKYKUwiIP/+U85YUHoqG9qQJFsD31dKw3hNae+m+6LcCHLDAwMpjsuWFsG4TJe9wZmcCstmrOgmrVA9X2tX5c5XAQp3nXkPOPOJr7n5s2PlaVzThb233V+IVoc1JRzNO6DgtHok//uFm8icjvbWtmIVLyIoPl8EFj7fs1Ubn1Bv47zQPcoA4quNej4+zO0Ko+pHm0QzuthzL9Er242sOkjOZb1cmns1T3wGB7GOYJshD205hh+4g4tAVuenms0Fc2SIiVEC4YCNF/dkQdrfiW9Q/aC0oqKXKifLCgmXW6ChbSByj+7feqgPwZfelXFTqBGJixgV5f2w0KR0LF31l1CZpgrrtXoSOecHKl0daxzYyhWUji6QqN7bLUc+kozg9kmMGSkiZbGTYMM8paxNB3JjlASJ3qmTNa6GWE8GH7ZM7ZQYIQ9Gtn8X8XAAklJUCiAp7DfttTgzl1svppmVDyi/n5I2FhFBgXG9Zl+0Gy2NoGX2yh0TjyscZMhXtuoUSD9q4ae2dl65fmGnNmGkfq2RxOJw69gS5QXXwv/7M4tmqLtUYhBgM6gua6FgBt/O6NEESvNZ/r+MPlQO0pCyP4WGK2lI6qGKcJfqNapBFErrgJ7qzCwUvJqz2/HYNPKUnHagp9YTWYlyU+ElZ/jn4TObqc6peVY6nb7ygl1XbYaeaaefuxim1tP8iyV1QGyfqdeiX00PNW+F6bkNAkupzXB3Q6rjrDGQK6PCjUuCGm4oulNwQ7hAZXk441JMcsKz8IbuyOT8bzUgEYk06CT8cF2sr17S9/32Pskk5+fbfHyh7NL/6iS8o4mKFth7wCBtFqTiBO5gd2D/0uHBi0rhVqW6o89E468LkEd9AcdFvLEnAKYS9/pHOcdlb0F2knesqUVJO2HI3GoILPg8urMF/BAPm0OvdPwuhi9HH5g/T7ZCdgG8S4iiSKJSnUByGnaLBRByyP55l6Eg4y6vUZwMSTvQvcEL8KNhRv8mdb4V9QR/0lTGSU298WdyvcT6C1CMa4lB4iTsKZK5faf/zR4X9NChc+4cDinHhzR5PmiCa+RD/aWugpjNM3IT8uE6SKsChrdYOOHRUdzGYirLsCpdZuAWipistz+1PFuto+ahNK1MsIr/rUp3ZxjvaZGe1KaFF4o6QzZgcVI5GQ+lApOvkKY1Hv9waovY9lowKYbHFFi5ygi/R03zD81J29Jj0HLSLP4vJ17dQfBJy0yCUmALMYBtzbLjzLbQaAzMI5eqvViXeiVxNgH27YRQT1n0AtFiDDyxoOMDozN2ThcVqAqxyX8m0RNwCK8R2lpLZ57nzvokoAgJhUckK2YDy3
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 50ddb320-5e4b-4cfd-b8d4-08da9806b9e8
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2022 17:13:08.3858 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: DthZBdSRl2isol1+Wv0x9nH8ET3ZqEei8w2yKhJuHg1/psM03SGPdJATBTni+GYSO4bZwNwIPKBz2cU1aakNPg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR22MB3133
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/EzpEHxmK6efTpoZcc8SI3atzlcU>
Subject: [Rats] EAT Claim Constraining (was Re: EAT Profiles)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 17:13:14 -0000

> On Sep 16, 2022, at 8:47 AM, Thomas Fossati <Thomas.Fossati@arm.com> wrote:
> 
> >     >> > Refined Claim Definition: None.
> >     >>
> >     >> This is part of what worries me.  There should never be any
> >     >> semantics changes between profiles for claims.
> > 
> >     > I don't know what is meant by "Refined Claim Definition".  It
> >     > doesn't look like something required by EAT.
> > 
> > Maybe it's old.
>  
> Or maybe it’s a typo for "required claims definition”


Draft-13 did have a section for "Refined Claim Definition”. Draft-14 merged that section into the profile "Claims Requirements” section and reworded. This is the relevant text now. Note that the word is “constrain":

A profile may constrain the definition of claims that are defined in this document or elsewhere. For example, a profile may require the nonce be a certain length or the location claim always include the altitude.

 <https://www.ietf.org/archive/id/draft-ietf-rats-eat-14.html#section-6.2.12-4>
Agree that we want to minimize variability in the definition of individual claims.

I don’t think the general semantics of any claim is variable, but some representations vary:
- Nonce length can vary, but it is always a nonce to the receiver
- There are different ways to construct a UEID/SUEID, but it always means the same to a receiver
- The location claim has a number of optional items like altitude and and heading. The receiver can reject if items it needs are missing
- The HW and SW version claims have several different forms inherited from CoSWID. The receiver can reject claims in the wrong form.
   (The EAN 13 representation of HW Version will be removed in the next draft)
- There are three forms of OEM ID. The receiver is required to handle all three.
- There are two types of DLOA as per the DLOA specification

This above variability seems necessary/useful and/or comes with the re use of definitions from other standards, but maybe we could tighten up in some places. Suggestions?

Then EAT allows broad selection of manifest and measurement formats. If you look inside CoSWID, you will find huge variability. Probably CoMID too. As soon as we represent the structure of the system in lists of SW and measurements, there is inevitable variability.

LL

v2.23.0 | Report a Bug | By Email