IETF Logo Mail Archive

Re: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)

Ira McDonald <blueroofmusic@gmail.com> Fri, 17 December 2021 23:56 UTC

Return-Path: <blueroofmusic@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFEDE3A0D17 for <rats@ietfa.amsl.com>; Fri, 17 Dec 2021 15:56:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9P7csmJ_DvM for <rats@ietfa.amsl.com>; Fri, 17 Dec 2021 15:56:34 -0800 (PST)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83DAA3A0D1E for <rats@ietf.org>; Fri, 17 Dec 2021 15:56:34 -0800 (PST)
Received: by mail-ua1-x932.google.com with SMTP id n7so7188480uaq.12 for <rats@ietf.org>; Fri, 17 Dec 2021 15:56:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=O1qq71hwhxE4Q7pVAqRe8ha21GuAfqYSd8f7nyTigPQ=; b=haJ/Ws+62BIo9Bh/Ex4L1xNGdYF3gjA+RW3lPlj6OXYgyq5SgCD4ApcZ7VG26shg+Z ukNAv6hTUiZtSf6taLtcLrmODorNupU4lTeOpN0MIM1eUouoL1dlYXjQQ+thgaxwlJWA zvqbzUNyLi/o2A31Z6SBZdBfRQ3LuCDMUkLHXCmBG17CYrFU5F4nEsOKOjklIITWgBvg Zk8dpC2NJckmL+rqa8u/ueeM3tGIzVDCHqGLJj0Mg6WhFE4Njs8TqAuUwu4OCJzWRUFi zG+jkLJNBy5+FcLoXQ8M7KssQXe5G1puOSqi9IujaCTfVEJHQ9fw/pgA9faOCXCH8Wiw AWNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=O1qq71hwhxE4Q7pVAqRe8ha21GuAfqYSd8f7nyTigPQ=; b=NOqzwfbbr4xJtus1ZfWiiSHTUw9AQH35/E4tr0KIKKENhjKvcYxReD07kXobLESF1h jC/Qsf1HqoF3gMyMJIUwljCMG5X0AdHPjskE05N7q+J2D45bhB9Vl7ev2vKq0GouXorB DMXm1biG2wwFPT5uYqPOLFLug5naNOJ/HKO9YtGk6bBE3xp0/yffk8GBqz3yYeLfuKCd eKGMeb92yYFFSOopUxCz7RzqwlCCm1IrH+NLrebkOoRnInfwbOhqa3E6i+vdw4cxc1eL Wkk28oestjWeoeFPHH4rl/h+GcuThDi4gOzGIhd8V2l7YB99cgtNuuStm56ZpOFSVSEy wltQ==
X-Gm-Message-State: AOAM5324F04HcGFuO0V6ou6N7LVm8SYwivAPMFC5r344Fb/rZOCRMTqT eVXXjoR/i0E7Syqdz4XUmgZuPC0WXUz5PPwuFPw=
X-Google-Smtp-Source: ABdhPJwGzHTPOTRIBSDQRvVrs23z6c76cJAatSaS+3WumSDO+MTmpc58/1xS1WhbW6tGWb8unUtHr9ch0JR1pOWllMU=
X-Received: by 2002:a67:e18e:: with SMTP id e14mr2084394vsl.49.1639785392427; Fri, 17 Dec 2021 15:56:32 -0800 (PST)
MIME-Version: 1.0
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com> <E6E179AD-23AA-4B22-A0CE-26BED6BB2862@island-resort.com> <ABD665F5-777E-4A9C-8920-0135FA91FC7B@intel.com> <10720.1639667481@localhost> <6CBC3D74-7963-4127-A510-C6A0C54E5EFA@island-resort.com>
In-Reply-To: <6CBC3D74-7963-4127-A510-C6A0C54E5EFA@island-resort.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Fri, 17 Dec 2021 18:55:53 -0500
Message-ID: <CAN40gSsX_8BtnSnEbeHbENKqZaFcZrsJzue+6qLjfa=1ZMJLoA@mail.gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>, Ira McDonald <blueroofmusic@gmail.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Smith, Ned" <ned.smith@intel.com>
Content-Type: multipart/alternative; boundary="000000000000d2d7b505d3604938"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Fkrp8aavzwz9H5FPocEIrcghcHc>
Subject: Re: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Dec 2021 23:56:40 -0000

Hi Laurence,

+1 to keeping submods in EAT spec.

A proliferation of vendor-specific "solutions" to claims for composite
systems
would be a nightmare and defeat interoperability.

Cheers,
- Ira

*Ira McDonald (Musician / Software Architect)*

*Chair - SAE Trust Anchors and Authentication TF*
*Co-Chair - TCG Trusted Mobility Solutions WG*

*Co-Chair - TCG Metadata Access Protocol SG*








*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer
Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF
Designated Expert - IPP & Printer MIBBlue Roof Music / High North
Inchttp://sites.google.com/site/blueroofmusic
<http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc
<http://sites.google.com/site/highnorthinc>mailto: blueroofmusic@gmail.com
<blueroofmusic@gmail.com>(permanent) PO Box 221  Grand Marais, MI 49839
906-494-2434*


On Fri, Dec 17, 2021 at 2:26 PM Laurence Lundblade <lgl@island-resort.com>
wrote:

>
> > On Dec 16, 2021, at 7:11 AM, Michael Richardson <mcr+ietf@sandelman.ca>
> wrote:
> >
> > Smith, Ned <ned.smith@intel.com> wrote:
> >> There has been discussion that EAT as a standalone spec can’t
> >> reasonably be implemented without a profile.
>
> The same is true for CBOR, CWT, JWT, COSE and JOSE (more comments below).
>
> >> Possibly, the profile
> >> context addresses some of these concerns? The PSA draft goes further to
> >> define a profile, but I don’t see it directly addressing the
> >> consideration for multi-vendor device composition.
> >
> > That's unfortunate if that is really the case.  Profiles of profiles of
> profiles.
> > I think of EAT as the profile of COSE that let's us do attestation.
>
> Do you mean EAT as a profile of CWT, not COSE?
>
>
> > If there is a profile, then it would address the naming concern that you
> > raised.
> >
> > In general, I think that every single vendor/integrator who puts the
> right
> > manufacturer supports (Endorsements, Reference Values) and/or operates a
> > Verifier (likely in Background Check model) will need to solve the
> naming and
> > profile problem.    I'm not sure that we need standardization here: it's
> all
> > under control of the manufacturer.
>
> Agreed, submod naming is left to the manufacturer, specifically the maker
> of the Attester. I haven’t been able to come up with anything better so far.
>
> More below in response to Thomas.
>
>
> >
> >> The other EAT claims (not submod) seem to imply a simple composition
> >> where the thing (module) to which the CWT/JWT is issued / bound is the
> >> thing (module) that has the EAT claim.
> >
> > I would prefer that the EAT document was simplified/shortened, that
> anything
> > we do not presently have running code for be removed to another document.
> > I'd like to see EAT published by Summer 2022, even if that means four or
> five
> > extension documents come later.
>
> There is running code for submodules (CToken & Xclaim) and most other
> claims, but not for DEB.
>
>
>
> > On Dec 16, 2021, at 3:37 AM, Thomas Fossati <tho.ietf@gmail.com> wrote:
> >
> > hi Laurence,
> >
> > I agree with you that submods exist for a very good reason. They have
> > particular value if the composition pattern is static and known
> > a-priori (Ned's email has some interesting points in this regard). The
> > existence of submods has enabled some interesting expression during
> > prototyping efforts here.  Note also that I would be concerned
> > that if submods did not exist then that might result in multiple custom
> > solutions emerging to express nesting, which would be a poor result for
> > the wider RATS standardisation efforts.
>
> So, unless a strong consensus emerges, I will keep submods in EAT.
>
> >
> > The current definition is nice and simple, though I would like to
> > explore some extra functionality at some point. The small trouble I have
> > with it is that the string type limits the expressiveness of the submod
> > identifier.  Ideally, one could have a composite, more powerful type on
> > the LHS of the submod definition.  Note that this would be possible in
> > CBOR but not in JSON, so if we want interworking between the two formats
> > we'd need to find another solution. For example one where the RHS
> > clearly separates identification information from the measurements.  At
> > that point the string key would be redundant, or left as a hint.  At the
> > moment I don't have a very concrete proposal (i.e., code) though, so
> > this is just a thought.
>
> Maps with labels that are not strings or integers are generally a bit
> scary and off the beaten path. I suspect many CBOR libraries (like QCBOR)
> have built-in support for maps with string and integer labels, but not for
> arbitrarily complex labels. So some aggregate type in the label would up
> the implementation cost a lot, particular on the decode side.
>
> I don’t know what sort of submods you are trying to implement.
>
> Best I can think of is that you pack some structure into the string label.
> Maybe we also allow byte string labels to help. The Verifier and RP usually
> have ample CPU power and memory so multiple scans of the submods section
> are OK. The implementation can unpack the whole submods section into memory
> including unpacking the structure in the label and do whatever it needs to
> do to get to the submod it wants. Maybe in the extreme, the byte string
> labels are wrapped CBOR.
>
> LL
>
>
>
> A few more comments on interoperability and profiles:
>
> - One CBOR implementation sends indefinite lengths and a receiver only
> decodes definite lengths —> no interoperability
> - There are no required algorithms and no handshake for COSE and JOSE so
> the —> no interoperability is possible
> - There are no required claims in CWT or JWT —> —> no interoperability is
> possible
> - Even the PSA profile of EAT is not locked down enough to guarantee
> interoperability
>
> Though it is common, all this lack of guaranteed interoperability seems a
> bit odd for the IETF in a way. It was a main motivator for me to put
> profiles in EAT.
>
> FIDO has a conformance certification program. The FIDO spec is therefor
> tight on this. In theory vendors on different planets that can’t talk to
> each other can produce interoperable and conformance-passing FIDO
> implementations.
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.39.1 | Report a Bug | By Email | System Status