IETF Logo Mail Archive

Re: [Rats] Call for Adoption: EAT draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 30 May 2019 18:39 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96812120153 for <rats@ietfa.amsl.com>; Thu, 30 May 2019 11:39:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HoEntQrk1aRm for <rats@ietfa.amsl.com>; Thu, 30 May 2019 11:39:55 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03on0631.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0a::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 825551200FD for <rats@ietf.org>; Thu, 30 May 2019 11:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n/HdvWOUw7euOTaAt+KEjtjKTYDeFIsQw1ViEmAJPh0=; b=JgNwBN679AYqw/tPnxxgPmWgUA9R2dC3x0Bq/gTSGLJSyvpo6Mmdg+mu3TUFDeC7fsBQvkFl8mE8BWHegBnZYpADnKBqvVfFlvf7Clw5Dkg3Lr6VvkVGrjpn1Qxd5X7Qw+xE7yz4yQMYCqbYUmvWzgB+lD3Skj0ucFmC79E42Kw=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.244.88) by VI1PR08MB3903.eurprd08.prod.outlook.com (20.178.81.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.16; Thu, 30 May 2019 18:39:51 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::f426:1919:2252:5df5]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::f426:1919:2252:5df5%5]) with mapi id 15.20.1922.024; Thu, 30 May 2019 18:39:51 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for Adoption: EAT draft
Thread-Index: AQHVB0Ih4Xja5WRZnUanrv/uEd79H6Z3f+WAgAkvdwCAAAQPAIAAQeOAgAAaP4CAAAwUgIAADicAgAAZOwCAAAfHAIACt1gAgAAFvJCAAAmSgIAABLRw
Date: Thu, 30 May 2019 18:39:51 +0000
Message-ID: <VI1PR08MB53603822773A1FEEB8430B9FFA180@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <CAHbuEH6Mdwp+neWbcecA-pMYZoXKiNda2A0EnMh-8WX=W9_edA@mail.gmail.com> <DM6PR11MB408991CBF9B50672E12A8F61A1000@DM6PR11MB4089.namprd11.prod.outlook.com> <DM6PR11MB4089818BBEF529569DC1250DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <bdcaa9f2ca2344aa98287acd0b80d8f3@NASANEXM01C.na.qualcomm.com> <DM6PR11MB408939CC9EA79D479B76586DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <E09EB1B2-ED56-4F1B-8D80-BF0D227199A3@island-resort.com> <82b0a75e5b5645d1a43d240373bca6dc@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089DAD248EEAAF9F92F2C0AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <50ddca72a9074e229976ca88f78e340a@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089BF4C3F319894DAE8722AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <175ea22d1a1948d48f8180424cc89ec0@NASANEXM01C.na.qualcomm.com> <VI1PR08MB5360CE8EFA93515A140D30F2FA180@VI1PR08MB5360.eurprd08.prod.outlook.com> <4473a26aa1d94be59fe9a4268de2609d@NASANEXM01C.na.qualcomm.com>
In-Reply-To: <4473a26aa1d94be59fe9a4268de2609d@NASANEXM01C.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.123.119]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 48d815c6-da9c-4802-fc5c-08d6e52e3386
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VI1PR08MB3903;
x-ms-traffictypediagnostic: VI1PR08MB3903:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <VI1PR08MB3903327ED4F8377F7AB7E34FFA180@VI1PR08MB3903.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 00531FAC2C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(396003)(346002)(136003)(366004)(199004)(40434004)(189003)(6436002)(966005)(5660300002)(478600001)(14444005)(476003)(446003)(229853002)(5024004)(66066001)(52536014)(72206003)(256004)(76116006)(11346002)(2906002)(6116002)(790700001)(3846002)(316002)(14454004)(25786009)(606006)(71190400001)(71200400001)(8936002)(7696005)(7736002)(81166006)(76176011)(561944003)(33656002)(186003)(6246003)(86362001)(66446008)(64756008)(66476007)(66556008)(73956011)(66946007)(99286004)(81156014)(26005)(68736007)(9686003)(486006)(53936002)(74316002)(236005)(9326002)(8676002)(6506007)(55016002)(110136005)(2501003)(102836004)(54896002)(6306002)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3903; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: h6jfJbI3M8b9eq87wyWhYWLdYpJ1uCXuR7AWIpevGOSDyf4a2lYq+1dzcDPoQIY9qyg9NzDB0El3/WQAJKet5VK3UaKq5fQiZEKWrhaMl1t+EDORjTfz/PBZSQrVgvE7OFTp/YUqr9M9p3wEdR+W9/J3w4YYM1rDIiKD6Zn3UXZ+YswCn/RCN5gTzeJe2hTAFBHAW9KWkQD45L4Kq5/kzLilqE2wDh71BmieZb8Du5FzLoHJerUCbrFYaA/TLFVDxLarSMcUX9NG9IhE6pQ3j2FHqM0qfU2UXA4ufeyfGC0GKLJFqmYjYjilOqsBJFUYNdRrbucBxDceCCUydtxepJIh++czvaeur37+ucr76RDBpOKEwSBeWEo0LEzktNVArDTP9mk1F8HUi7l/tZBMadsSgxN6Y3WqUq92SMxN96w=
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB53603822773A1FEEB8430B9FFA180VI1PR08MB5360eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 48d815c6-da9c-4802-fc5c-08d6e52e3386
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2019 18:39:51.3723 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Hannes.Tschofenig@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3903
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/SXZpZNzU8igoacIkkYHoPkoreLQ>
Subject: Re: [Rats] Call for Adoption: EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 18:39:59 -0000

Hi Giri,

We are currently in the phase of working document adoption and the question whether you would be willing to add this or that guidance to your individual draft isn’t actually relevant.
If your document becomes a working group item then we should have these details discussions about what claims should be registered and what the policy for adding new claims should be. Then, it is a decision of the working group and you will have to add it irrespectively of whether you like it or not. (At least that’s the idea.)

In a nutshell, we should have these discussions but now is actually not the time for it.

I will nevertheless give you feedback regarding your question below whether claims intended for use in EAT should be designated somehow: Of course this can be done by adding an extra attribute to the existing registry. Is it necessary is something I am wondering. There are, however, examples where adding an extra attribute to an already existing registry made sense. For example, when DTLS was developed the registry of algorithms for TLS was already established and there was a stream cipher (RC4) that couldn’t be used with DTLS. (Later we found out that stream ciphers are not even safe for TLS and hence this extra attribute does not make much sense anymore.)

Ciao
Hannes


From: RATS <rats-bounces@ietf.org> On Behalf Of Giridhar Mandyam
Sent: Donnerstag, 30. Mai 2019 19:49
To: rats@ietf.org
Subject: Re: [Rats] Call for Adoption: EAT draft

Thanks for chiming in, Hannes.  I assume you can speak on behalf of the CWT claims registry expert reviewers.

>>(a) some principles/guidance to CWT claims registry people on avoiding the mass registration of lightly-used or unused claims

>Why is this a requirement? When a claim is registered then it is most likely done with the anticipation that it will be used. I have not seen other IETF registries that have raised the bar to a similar level, at least the JWT claims registry does not work that way. Furthermore, what is the harm in registering claims that later turn out to be less frequently used?

OK – maybe guidance on lightly-used/unused claims is not desirable.

From a broader perspective - I am wondering whether claims intended for use in EAT should be designated as such when registering them in the CWT claims registry.  If so, should the CWT claims expert reviewers take into account different criteria when considering whether a proposed claim should be added to the registry?  If arbitrary claims are added to EAT via the registry that do not serve the purpose of remote attestation, it seems that the value of EAT would lessen.

>>(b) a requirement to map claims to existing YANG objects, if these YANG objects exist

>I also don’t understand this requirement. Is there some design rational why this would be needed/useful?

I was envisioning guidance along the lines of  - “If a claim represents a YANG object, then the corresponding CWT claim should follow the guidelines provided in https://datatracker.ietf.org/doc/draft-ietf-core-yang-cbor/ and the JWT claim should follow the guidelines of https://tools.ietf.org/html/rfc6020.”  This would hopefully prevent the case where a claim proposal uses an arbitrary methodology to map an attestation-related YANG object to CWT or JWT.  I don’t see a need to provide more guidance than this.

-Giri


From: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Sent: Thursday, May 30, 2019 10:18 AM
To: Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; rats@ietf.org<mailto:rats@ietf.org>; Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>>
Subject: RE: [Rats] Call for Adoption: EAT draft


CAUTION: This email originated from outside of the organization.
Hi Giri, Hi Eric,

>(a) some principles/guidance to CWT claims registry people on avoiding the mass registration of lightly-used or unused claims

Why is this a requirement? When a claim is registered then it is most likely done with the anticipation that it will be used. I have not seen other IETF registries that have raised the bar to a similar level, at least the JWT claims registry does not work that way. Furthermore, what is the harm in registering claims that later turn out to be less frequently used?

>(b) a requirement to map claims to existing YANG objects, if these YANG objects exist

I also don’t understand this requirement. Is there some design rational why this would be needed/useful?

Cia
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email