IETF Logo Mail Archive

Re: [Rats] draft-ounsworth-rats-x509-evidence-00

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 09 November 2023 15:19 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F9FBC17DC03 for <rats@ietfa.amsl.com>; Thu, 9 Nov 2023 07:19:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.598
X-Spam-Level:
X-Spam-Status: No, score=-1.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_ABOUTYOU=0.5, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sit.fraunhofer.de header.b="zgw62dpB"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="UDl+BsSD"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rxki8QcTzfFv for <rats@ietfa.amsl.com>; Thu, 9 Nov 2023 07:19:22 -0800 (PST)
Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [IPv6:2a03:db80:3004:d210::25:24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B3D4C18FCA1 for <rats@ietf.org>; Thu, 9 Nov 2023 07:18:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sit.fraunhofer.de; i=@sit.fraunhofer.de; q=dns/txt; s=emailbd1; t=1699543138; x=1731079138; h=message-id:date:subject:to:references:from:in-reply-to: content-transfer-encoding:mime-version; bh=Xt46broNY40u7o20YupTsDvHv+xhe37hJFR3QjdbYgA=; b=zgw62dpBEjzQOm4bGAEY36K1fgq31cr0agLDS4PIloLBOdv43cHtr5B9 nYCqNymS+SAefz60XLRE4YE1VNRo4Ls1dWD0xJPycDnle6nvr4aiVNN9q fTSlkSkTL5usp5BcFBjRCQ0sA7OZ+lPU4CtE1ITW59JsYa1xwwkxpDV0/ P5f57QJZbjaCSOpXPtfJL41a0t6/CP38fcV7QmxqU9hk7/MfOHkbL6wJT wHQ+puX3rpwhTML0mmMtU4NhSq1HApb8bXZRpDI4brrp06ROrC5qvXzag isjcJmlnVcmBF7o8Vor1fmCR5w0Zj6Z5eMpAKv/msL1ONx0GADIhEAHEJ Q==;
X-CSE-ConnectionGUID: gpER3Dw+RfC4ZKnbdr/Mgg==
X-CSE-MsgGUID: PpbY/wkhRdGQrXM0AbVIYw==
Authentication-Results: mail-edgeF24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-IPAS-Result: A2E+AwCf90xl/xmkZsBaHgEBCxIMQIFEC4I5eoFdhFODT44QA5xSgSyBJQMuIgYPAQEBAQEBAQEBCAEuCwsEAQEDAQOEfwKHKCc0CQ4BAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNgxZqgR0BAQEBAQEBAQEBAQEBHQINKAwNGwEeAQEBAQMBASEPAQUIAQEsDAsECQIRBAEBAQICIwMCAicLFAkIBgEMBgIBARCCagGCKgMxFJBjmzh6gTKBAYIJAQEGgQdQQa4IGF+BXwkJAYEQLoNchDABhVWENRcfgVVEgRUnDoJ1PoIfQgEBAgGBOwEBg3uCaIZjggMVLgMEMoEKDAmBA1uCd4R/iERdIgVCcB0DBwN/ECsHBC0bBwYJFBgVIwZRBCgkCRMSPgSBY4FRCn8/Dw4Rgj8iAgc2NhlIglsVDDQERnYQKgQUF4ESBGobFR43ERIXDQMIdB0CESM8AwUDBDMKEg0LIQVWA0IGSQsDAhoFAwMEgTYFDR4CEBoGDScDAxNNAhAUAzsDAwYDCzEDMFVEDFEDbx82CTwPDB8CGx4NJygCNUMDEQUSAhYDJxkELAQOAxkrHUACAQttPTUGAwsbRAInnkCDFksDBjYmAQNDDgJYAwsrBzgKBAEGQkgIkwWxJzQHgjGBX4FZBgyKFpUNBhMvhAGMc4Y8kW9kmD8gjUWVLIUXAgQCBAUCDgiBY4IWTSRPgmcJSRkPjiAMFoNWhRSKZnUCOQIHAQoBAQMJi0sBAQ
IronPort-PHdr: A9a23:TWTGYR2MPkSXE8aHsmDO5gUyDhhOgF2JFhBAs8lvgudUaa3m5JTrZ hGBtr1m2UXEWYzL5v4DkefSurDtVT9lg96N5X4YeYFKVxgLhN9QmAolAcWfDlb8IuKsZCs/T 4xZAURo+3ywLU9PQoPwfVTPpH214zMIXxL5MAt+POPuHYDOys+w0rPXmdXTNitSgz/vTbpuI UeNsA/Tu8IK065vMb04xRaMg1caUONQ2W5uORevjg7xtOKR2bMmzSlKoPMm8ZxwFIDBOokoR rxRCjsrdls44sHmrzDvZguC7XhPNwdemBodMRTozT3WA6317hnj59tU9HfKHpTITbo3Hh6k/ oZaTU6xpTocBQBi0z7SiZkj6cATqkecixg86ZXvTL6TDddvfZ7HLfofFUh7et1PbnxgLZm2T KofFdQKIswHsJDc92EPs0S1XiqoCuTA+h5smFPchK8YieMlSTH33QYSBsJQ63aLp4vKMI0Lc fqq0bPy7yWfRqlU4Q3m6qL0W04f+uGzAuh8be33yBcoSw+fql6Pu4WmPROwyMgf7TCjyPI8E ruBiWJktBxIoj+r2cAjtrDz36dS+2/Iqjlfy6dtNcLtGwZrJN++F51IsDuGcpF7Wd4mXzRws T0hmdXu2La+dSkOjZkryBPxMaDBfZKB/xTjU+icO3F0iSEtdLG+gkOq+FO7gq3nV8ay2UpXt CcNjNTWt34M2hCSosiKQ/dw5AGgjB6BzQnO7OFDL00u063dLp8q2LkrkZQP90/EG0fL
X-Talos-CUID: 9a23:3kgVPmwMCHFVtFVV3P25BgUbAu0fKVHCj03eCBOKKmBjRKfSbFCfrfY=
X-Talos-MUID: 9a23:9oe9cATVJIw/NFbFRXTUnDtTc9hr456iJ3kXobBeksO6FB1vbmI=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.03,289,1694728800"; d="scan'208";a="63817849"
Received: from mail-mtaf25.fraunhofer.de ([192.102.164.25]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2023 16:18:55 +0100
IronPort-SDR: 654cf85d_PpmBXfWvUHu9joDztlPP6EK/uxOomYMk8dmLaWjecfEauOk DYW8x5z3ynpd90+E5l1bIs3MgcCWMfb915dAVpA==
X-IPAS-Result: A0BPEwAo+Exl/3+zYZlaHgEBCxIMQAkcgR8LgWdSBz41WIEFhFKDTQEBhS2GQQGBdC0DOAGcGYEsgSUDVg8BAwEBAQEBCAEuCwsEAQGFBgKHJQInNAkOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhkwBAQEBAwEBEBEPAQUIAQEUGAwLBAkCEQQBAQECAiMDAgInCwcNCQgGAQwGAgEBEA6CXAGCKgMxAgEBEJBrj00BgUACiih6gTKBAYIJAQEGBASBT0GuCBhfgV8JCQGBEC6DXIQwAYVVhDUXH4FVRIEVJw6CdT6CH0IBAQIBgTsBAYN7gmiGY4IDFS4DBDKBCgwJgQNbgneEf4hEXSIFQnAdAwcDfxArBwQtGwcGCRQYFSMGUQQoJAkTEj4EgWOBUQp/Pw8OEYI/IgIHNjYZSIJbFQw0BEZ2ECoEFBeBEgRqGxUeNxESFw0DCHQdAhEjPAMFAwQzChINCyEFVgNCBkkLAwIaBQMDBIE2BQ0eAhAaBg0nAwMTTQIQFAM7AwMGAwsxAzBVRAxRA28fFiAJPA8MHwIbHg0nKAI1QwMRBRICFgMnGQQsBA4DGSsdQAIBC209NQYDCxtEAieeQIMWSwMGNiYBA0MOAlgDCysHOAoEAQZCSAiTBbEnNAeCMYFfgVkGDIoWlQ0GEy+EAYxzhjyRb2SYPyCNRZUshRcCBAIEBQIOAQEGgWM8gVlNJE+CZwlGAxkPjiAMFoNWhRSKZkIzAjkCBwEKAQEDCYtKAQE
IronPort-PHdr: A9a23:z6e0EBXv2HLd5Naw5PpkMziZzRTV8KyyVDF92vMcY89mbPH6rNzra VbE7LB2jFaTANuIo/kRkefSurDtVSsa7JKIoH0OI/kuHxNQh98fggogB8CIEwv8KvvrZDY9B 8NMSBlu+HToeVMAA8v6albOpWfoqDAIEwj5NQ17K/6wHYjXjs+t0Pu19YGWaAJN11/fKbMnA g+xqFf9v9Ub07B/IKQ8wQebh3ZTYO1ZyCZJCQC4mBDg68GsuaJy6ykCntME2ot+XL/hfqM+H 4wdKQ9jHnA+5MTtuhSGdgaJ6nYGe0k9khdDAFugjlnwXsLDrgbbmsYg4i3GD9SnfJkYB2SBt plrQhyvoiEWFg88oTj6l9dCsvl4/xei8k8aocbeNby5MLlUZZjxQtUjaHtCY9wBfikRILmYd JU2X8suJ+x7jpnnmVARh0ShHCj8PuLxlTQTpXv42oIK8sA/PSuf3i56GNZWgEXVpufsJPlJU 7++kpbM5yzjdexLww3f+NThKBIZm+qOd45ZL/SK2XZwTQ/ZqXOR94u5M2mx3fsfuiuZz89+e fDx01YAs102+xatyoQzl7DJgYYKzV/4zB8g5cEEGtHnVGhwQIa0D84D/zHfNpFxRNslWX0to ish17ka7IayZzNZoHxG7xvWavjCdpSBzEi+EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw==
IronPort-Data: A9a23:IjE/M6PH/UzyJOjvrR2hksFynXyQoLVcMsEvi/4bfWQNrUoi32ECy TBMC2DVM/aJMTD9Kt90aYTi9BkFuZ/Un4IxG3M5pCpnJ55oRWUpJjg5wmPYZX76whjrFRo/h ykmQoCcappyFBcwnz/1WpD5t35wyKqUcbT1De/AK0hZSBRtIMsboUsLd9UR3Mgw2rBVPyvX4 Ymp+pSHaQf5s9JJGjt8B5yr+EsHUMva5WtwUmwWPZhjoFLYnn8JO5MTTYnZw6zQG9Q88kaSH o4v/Znhlo/r105F5uCNzt4XRnY3rov6ZmBivJb2t5+K2XCurgRqukoy2WF1hU1/011llPgpo DlBWADZpQoBZsXxdOohvxZwMgdiOIJ09r79AkeSrsq59n/FXiDJ3KA7ZK02FdVwFudfGmRS7 boVODsNKB6Zjv+wwLW1R/MqislLwMvDZd5E/CA/i2iGXLB/G8+rr6bivbe02B8wi8ZNW/zff ckZbj59RA/Bf1tBIF4KDpI5kuqywHXyG9FdgAjP/fJpuzSNnWSd1pC1EIDlU4W2ef8LwF+dn 3nj53/GWRQFYYn3JT2ttyjEavX0tSPyXoQfD/uk7fVqh1OewG0cIBITRR29rOXRokW3QdZ3M UEY+i0zq6Qp80K3UdDnUluzp3vslgQVR8F4EuAm5keK0KW83uqCLjFZFXsQN5l/655zHGZ1k EGM2divCyZmrbuVTnyQ7PGYoFteJBQoEIPLXgddJSMt7cPqvYcziRzCVJBkFqu0hcfyAjb+3 3aBqy1WulnZpZRjO3yTpAif2WCftdLSQxQr5w7aeGug40krLMSmfoGkoxyTp/pJMI/THBHLs WkmivquyrkELaiMsyiRH8QLPrWivMiePBPm3FVAIpgG9haWwUCFQ7x+2j9FCX1SAp42QgOxO E73kiFN1aBXJ0qvPPNWYZruKsEEzprANNXCV9LGZ+p3f6p3Vg+Lw3xpbxSi22vszUseqoAkG JKhac33J20rOadm6zuXRukmzr4gwB4l917TXZzWyxeG06KUQWy8EJMpEQKpQLgizaWmpA71z Y5uB/GSwU8CbNykMzjlz4EDCHsrc145PMnSgO5KfLehJgFGJjkQO8XJy+l8R70/zrVnrcaWz HSTQUQC9UHeg0fAIgC0anxOTrPjcJJ8jHAjNxwXIlea9Ck/ULmr8ZsgWcM7TZs/+Mxn6MxEf f0PVsGDI/ZIExDs2TAWa7vjp41DKjWvoy+zPBSeXTtuRK44GjT1+eLlcDD/qwgILC687vUlr 5Oaiwj0fJskRiZZNvjwVs6B9V2LgCUiqLpAZHeQeth3U2fwwbduMB3036MWIdlTCBDtxQm69 gexADUKrNn0vr0z0tnFuv2Dpd2bF+B/Q0loJEjAzLOMLSKB1HGS8YxBd+epfD7mS2L//pu5V 9hV1/3RNP4mnk5AlphVSpJH7PsZyYP0hrl4yg9EIi36X26zAOk9HkjcjNh9iKJd45R45y20Y xur0ftHM+yrPMjFLgYgFDA9ZL7e6cBOyyjg1tVrEkDU/yQtwaGmV39VNByyiCBwCrt5HYcm4 OU5sv4t9A2NpUs2A+mCkxxr2TyAHl4YX4Ujk6MqMovhpw4o61NFOLj3KCv95rORYNRtbGguB BKph5T5urcN/XqaLkIPFkXM09FN2rUImhRBl2EZK3qzx9Hqu/4Q3T9qywoRcDh79Bt8/txWB nlKLGxwfKWHwCdpjpNMXkeqAABwOyea8U3QlXoPsnHVb2C1ZFzNLmQWZOOG+W5A+WdcYApew qC8zVzhcDf1ffPe2jk5dl5lpsfCE/1w1Fzms+K2E/uVG6IVZWLevZavQm4Tuj3bAc8Vr2/Wl 9lApepfR/XyCn8NnvcdFYKf64U1dDmFA25zGdda46IDGDDnSgGYgDShBRi4RZJQGqbs70S9N s1JI/BPXTSY0AKljGgSJYwIEo9OsM8Z3vgwUZK1GjdeqJqalCRjj7zI/CunhGMLfcRnofxgF qzvLQC9Ak6irloKvVTSrft0GHuyOvgFQwze4Nqb0ss0E7A7jeU9Vn1qj5WVuSyZPjIyqljQ9 EnGarTNxuNv9ZV0ksG+Wu9fDgGzMpXoWP7O7Am3tM9UYMjSNdvV8TkYsUTjIx8cKI55tw6bT lhRmIWfMJv5gYsL
IronPort-HdrOrdr: A9a23:GX3/Faq13prbE2rDMPlk3XsaV5vKL9V00zEX/kB9WHVpm5Oj+P xGzc526farslsssREb+OxoS5PwJ080kqQFnbX5XI3SITUO3VHHEGgM1/qG/9SNIVyEygcZ79 YbT0EcMqyAMbEZt7eZ3ODQKb9Jq7PmgcOVbKXlvg9QpGlRGt9dBmxCe2Gm+yNNNXB77NYCZf 6hDp0tnUveRZ1bVLXyOpFDNNKz0uHjpdbDW1orFhQn4A6BgXeB76P7KQGR2lM7XylUybkv3G DZm0ihj5/T+c2T+1v57Sv+/p5WkNzuxp9qA9GNsNEcLnHJhhyzbIpsdrWetHQeof2p6nwtjN 7Qyi1QdPhb2jf0RCWYsBHt0w7v3HIH7GLj80aRhT/ZrcnwVFsBer18rLMcViGcx1srvdl63q 4O9XmerYBrARTJmzm4z8TUVjlx/3DE7kYKoKo2tThyQIEeYLheocg050VOCqoNGyr89cQODP RuNsfB//xbGGnqI0wxhlMfgeBEY05DXitvGiM5y4+oOnlt7T1EJnIjtYIidixqzuN+d3FGj9 60RpiA2os+C/P+VpgNdtvpcfHHelAlfii8Q156AW6XYp3vaEi94qIfpo9FoN2XRA==
X-Talos-CUID: 9a23:vQFGemMXdECgBu5DeQ978WEmFMEfUULw03H6Gn27JD1MV+jA
X-Talos-MUID: 9a23:N162oQwO50DKxFHJCdMeISiWclSaqPyOUnAkyKk6gZfaLClJIBKFlwvsR5Byfw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.03,289,1694728800"; d="scan'208";a="220060469"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaF25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2023 16:18:53 +0100
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Thu, 9 Nov 2023 16:18:53 +0100
Received: from DEU01-BE0-obe.outbound.protection.outlook.com (104.47.7.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Thu, 9 Nov 2023 16:18:53 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eTUMahCYthJkA1tl/qSwIGP0L7vAQXTp1Jgi8wN9CFwLMlYBlY2S2iFi1P5+IfVE1e/o/MT6Z+i2+GX2EHo9I+Bgtih2CeB3zX7CfcdcSezakPHyAhf/KZJNz0EpYi5qPVhZk6Z1FjZfMbS4K3Fj3SLXoR9/oZQIIaj3nvEZf1P5wLopko8jXUg+evX6wIxmsijmcYhI2ZjVs8f+uHv7BQy7GXdAL6yiKsbUZzcmgSTR0PpNnkDLSx5xruvMZqF4bzYo0Ezm7ErNMbUaGzvCk1iLIGDa+gQmrB26KdDsHyQ5Tae5prlx7ylEY8es3zbGvkzkDJRcGsCFaoqKLaH3ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZtEIDD5Rl4Zq9YAD68K1Vhbk/BnyIYm91EusZV3K7mk=; b=jskCJurRTXf8RMNiKQmsEBLzH+vpnNCH+yTFfzJ/6GQHOWuZf9ajMY2uyyylldIMTcO6gmmKHiSHdH9gE7YUjY78jCg+EqTw5vHSbgAOaWxuP631041I4CooMKL8xYjoDidREG3WR08e9ijJUurg8ogSzVVOfpBKq7Ev4wAyco6k9RJlGje31CgZpm2Oreazb/aio4LnMEmLGLyIfBt+cKwhWhaFFw1VFHhC3Kjg4FEVeHt0SEJuNa7nzBuZT95BzVRFns0nORLl++3qjyUn0LGSfYjtTPPFqBr0LR95laxRUprDpMFl9NT0g/a5I3s0/HdQj0ZeJVNnRoU98DCRfg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZtEIDD5Rl4Zq9YAD68K1Vhbk/BnyIYm91EusZV3K7mk=; b=UDl+BsSDWnQEykUr8Am8JRLsvQ8IGrbKIxrVcwB7wqI8Riv7c3KlfoGXILvDB1jJ2ol0XYibZqx63j7c6WlBqHrwurRJx4A2jPRsjBTA6V3xW72dtONi6o4d2Lcwza+jHMvDz60POp4/1Fjd+wuQholwogTQR1M/YWd7tNcI0xw=
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8) by BE1P281MB2899.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:63::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.18; Thu, 9 Nov 2023 15:18:51 +0000
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::30a4:de38:a6f2:252a]) by FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::30a4:de38:a6f2:252a%4]) with mapi id 15.20.6977.018; Thu, 9 Nov 2023 15:18:51 +0000
Message-ID: <2a8f619f-d349-b304-53f7-42a42d171bff@sit.fraunhofer.de>
Date: Thu, 09 Nov 2023 16:18:49 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: "Smith, Ned" <ned.smith@intel.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, 'Carl Wallace' <carl@redhoundsoftware.com>, "rats@ietf.org" <rats@ietf.org>
References: <6FCC00F5-1FAE-4CCD-9ED2-DA2BA923E7F7@island-resort.com> <011801da130d$74579390$5d06bab0$@gmx.net> <66c6191b-c393-69da-a849-f44da369917a@sit.fraunhofer.de> <7DC2D9E1-F052-48A1-B5A8-978D52275EE5@redhoundsoftware.com> <01e001da131a$a8c7ba30$fa572e90$@gmx.net> <9b8eb6e3-1b9b-7a0a-dffd-f8d0912a7bb6@sit.fraunhofer.de> <DEDCA7BD-D5E3-411E-8C33-EDCFAF016534@intel.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <DEDCA7BD-D5E3-411E-8C33-EDCFAF016534@intel.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: VI1PR0202CA0017.eurprd02.prod.outlook.com (2603:10a6:803:14::30) To FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: FR0P281MB2879:EE_|BE1P281MB2899:EE_
X-MS-Office365-Filtering-Correlation-Id: b128b35f-ab92-4ca4-bca9-08dbe1372db4
X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: W/+uDNJWlniVq5xCWs7obezA7vcFVTjcYHlfvmkg/Ljcaa756mQNB/cwYaaUtC/d9t9aWSKMVtcIEZ929glLk55vfCQgr9yXnSnGdTIQwE32KnlsoQICb3J4MvYQCEOrej3qYURTQ+jh/Z1WI76yr8tf74sab42yjNpO/9idUIll6acPwmNE84VjKEq7NG2CEYFRP1hKJB+397uk0RZ0yNnkZEk0LjM7mU4g8aABcnVBh8CBk2Lw0gLmqeLDQq17KgU6tFMGW3jsgcM3tdInJWy8vHtqikAPmwc9f53if0e+t7/J4SlCwhD67Jx/tMPl9gHbzx7T9ggB5t625zDjjj2i2I06dM+OHu3gmgq9Tt5iSBTQA+zdbxshyldwSyQAFbWcqElIjgA6fkebnv1C0gDvk5AxpEueFQPuSEo6mM0yDfoBhqkRPHJh+te47i1WQXvpVYDIL3BvX63ulecZFMbqMJYE0gjEhlvkSzqy0K1IIbaBivKWdKKaTCK7xLbbzICkkuI/ni6qgLFsrvaihjgVbkpLp5On1FQXBRds7jMT+SXaY24OeUL53YbZ1P8/mTSBaq/PKwVSw2qekSR483Dgrf4fIm7qQn0l2p5cwRT9LY4ZVM8XOVeGqNLI2E01MBY8x7GBLhnfXuuguHSofVkGpkeTQZfmfYwFPYXxy/O6SzezlmqTZDQaTB3IuLgdZKJ1I/xBRZoqR0bI5aszDW3DouTTTDExK2TF9PtiDL4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(136003)(376002)(39860400002)(396003)(346002)(366004)(230922051799003)(1800799009)(186009)(451199024)(64100799003)(2906002)(83380400001)(41300700001)(5660300002)(31686004)(2616005)(6512007)(6486002)(966005)(6506007)(44832011)(53546011)(38100700002)(8936002)(31696002)(86362001)(8676002)(66556008)(66946007)(110136005)(478600001)(66476007)(316002)(82960400001)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 90xXZ6Mg4bIHs2NAbWAMd5a/D6pMJtcEKXZqsgG2lcgAkCwkBAqimbNsvnkHsVw1YSq4cNuwQwlEf0beqCmyaj2lG5/+xP4S0HIIpFO5i7Bo12phK6kjZnE2C+SAih6wedAf9KN3AbWuCePMGX/SKdBRRtYd/pmT80wTqyQo8br9R3xXq4WBxXPW/55acAC+6FOQNi29QGoK4nZ6nZSiC0WWgBRiqQcwl0hL4eok36wNkZicDSepGddnfl6WEUet8riTGfNm+y7nJHmD2d8TMeFX7FhKboUdWFwaloAT/YP7g2nVESNKgfsGBJW9KBnslc7OQlbdOMkqaXm1AzkNd5mVGqhK3sWQBZ0f+A97qQerVOeAo4O2JNXtc9Runy4iQ6RWNoiOX2jmL9uSNGDxvzDHNTyvP5RCXfl7gcNO3WZyRyQXNgSeZ8g+5RxJYlT8QmlEwfPeLojeYSlErOsKcVBtpFxMwG6fPgTb/efxiThOmU8byLSIn1N954U4GFIc+xZkBmD+YMfRyZRZTKZAnhhjCF1o+atuK/1UtSAIkbbN1EQi67OHJ1VfvDnFshpzKBVMzkRnZZ2uTLQjs7fbHHHPy4nH9S2Hz9LdL60My7nSM54/nNhwh5hBcSOzH3TU2zCAkhO/hWQzrxtE5D8U8XcfmATfuqAb9/leQ6abmKQDROhELVs97we/1/5R2sWeK00EUrvh78Bd5lSmQcImOQbtp+N7x5gCKz3p0IgOBtfKDGubpQZF8/jKUEmpqG76BK4GSagldQwjeLkDB9AqbaEI2H0q2ealIkSAF9NH4xX8LQptKa/PSG8eyuRcLWwHt1mlKjC4+7+bacE7JMw5jn7R1Su47wNpmdE22YS10LHR6SoWH+CFoTg69R+42jZMKRD8g7FgcNwT4m1EHlqMNM7EzzNxyPLqC8TjDppKYLSsO9BlykY50hGimfgr89RJ5QiqVbcX6sQmACC0Ylo5CJslxWHYfbcVh9xpGM6pOJHWmhbZxrFr3rcM++jQRGmAyUErFbquiubjqzNMhh2A4AQ5dZHT7BU16kxBniZwymLaydwAoFmuOEXI2g3YHLlCjKdIAvt8CpiHNlOKQv4EMNgqLZKjX0Zu9X+obfC9bX9RRn/EhNanmk93/k8f4fSSy8li/ZBrkAwymNr66zleaFPEdKfAQW1k8L/lIMH9KKxufBEJtgoft3Ssqd1yK8WIyls6GsqoHmwMDauilNPSmPMOTnTMHlA0imS7dGRKWiBVPherYfo+Yl7PFLKzKF5seFBGDxbPx0ClcO3PyYFvJz/Bt6hx46BMBJM/cw2qx4gFsu8HPdilmdVrOUjXtRyn0wwqSKgZ30B75MATER6sCEkklhfBTOMmr2yO20LwbXZiGRdYP3dW2xXkOycc1piK6TKAYU3f50Ky66hkkz8aQ/vtXZwzumrH1ibad3zEhI49vWl0rq6kRdsEH+EFler1nhZintM078pw6LHurkd3yWvIAxc1wVlsIkKDBGpj9h45J2yOcH4seXU6PKgCX1yDcOBG8ipiV48Gt2t9CR4hkCBz17oWJ4yYo7zTMtc0UbbB5gTx5BBPdwqFk90IQX4yj1B4lD3VcqOUccAz0hfMMkOpz+JucTVqP62Fod471c0sYJBNPCFJ1YF7utY3Oco8OsWxPsS8sOc/kLjUNzhYii6g0avYz+Ppge+4lXnQCsc=
X-MS-Exchange-CrossTenant-Network-Message-Id: b128b35f-ab92-4ca4-bca9-08dbe1372db4
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Nov 2023 15:18:51.1752 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 93sq5BnwouOm/wap0tOeA+4c71uCrhllMtiqJf3Jw3+/5domqVQ+Joh4SkzNBxm4uZpltAGNPBZ08Xfu38V3CGZPGXRnP2kXbOh1r025Z7M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE1P281MB2899
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/G7y741_WDUcv2VQzUt-D3mJJgGQ>
Subject: Re: [Rats] draft-ounsworth-rats-x509-evidence-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2023 15:19:27 -0000

Hi Ned,

in summary. yes.

And actually, I'd be happy to make a run through Claims to check if they 
can be used in Evidence actually and then maybe we should only cover 
those here. Full disclosure: I found the concept of "Claims can be 
potentially used in any type of Conceptual Message" always quite 
disconcerting.

But we are exploding the scope of a well-targeted I-D here. I am not in 
favor of dumping all these discussions and decisions on Mike's I-D, tbh.

The CfA ask was: is a well-scoped set of x.509 Evidence attributes okay 
to work on in RATS. We can also do the filtering/mapping of existing 
semantics in other documents.

Viele Grüße,

Henk

On 09.11.23 15:58, Smith, Ned wrote:
> The draft set the expectation that it would define evidence and that it would also convey endorsements. There is a difference in what claims make sense as evidence vs. what claims make sense as endorsements / reference values. An AE can't tell the version of firmware but can tell what it's digest is. Similarly, and AE can tell whether a FIPS self-test ran, but can't tell what FIPS rating was assigned by a FIPS lab.
> 
> EAT claims are defined in such a way that they could be incorporated into a profile that defines evidence / endorsements / reference values / attestation results. That doesn't mean it makes sense for all EAT claims to be asserted in every type of conceptual message.
> 
> The X.509 Attestation Evidence draft could be viewed as a profile for the HSM community. There will be claims that don't make sense as evidence (e.g., I don't know of any HSMs that have a GPS receiver or can triangulate a location using wireless signals). There likely are other EAT claims that don't make sense as endorsements for HSMs also.
> 
> The question of ASN.1 vs. CBOR vs. JSON isn't that interesting from a bow tie perspective (we'd like the industry to easily map between them), but it might not make sense from a HSM community profile, which necessarily constrains the set of claims to those that make the most sense for that community.
> 
> -Ned
> 
> On 11/9/23, 3:43 PM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de>> wrote:
> 
> 
> On 09.11.23 15:40, hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net> wrote:
>> Hi Carl,
>>
>> A few responses below:
>>
>> * The use of CBOR/COSE in SUIT: At the start of the SUIT working group the participants expressed a strong preference to use CBOR/COSE and didn't want to use ASN.1/CMS. Brendan and I had written a draft that used ASN.1, which was inspired by work Russ did. It happens that work being proposed does not align with the expectations of the group. I remember Henk and Carsten being vocal proponents of CBOR & COSE at that time. Was it a good idea to use CBOR/COSE instead of ASN.1/CMS? Now that the standardization and implementation work is almost finished it is a bit too late to ask this question again.
>>
>> * Do we want to provide claim definitions in ASN.1 format (as we do in the draft)? That was our understanding from the design team discussions.
>>
>> * Should we keep the definition of the CBOR/COSE claim definitions in sync with the ASN.1 format? I believe there is value in doing so. There does not seem to be anything wrong with the semantics of the claims in EAT. We have received feedback already for better alignment since we have introduced a few bugs in the -00 submission.
>>
>> * A question you did not ask was: Should all claims in EAT also be described in an ASN.1 format? Currently the draft only contains a subset of the claims. I have been asking myself the same question. It is somewhat likely that sooner or later all claims defined in EAT will need to be available in ASN.1 format.
> 
> 
> Had the same thought, did not dare to voice it. I can imagine Mike
> groaning (as he wants to move fast). Not sure, if this I-D is the one to
> do that. Mike?
> 
> 
>>
>> Ciao
>> Hannes
>>
>> -----Original Message-----
>> From: RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>> On Behalf Of Carl Wallace
>> Sent: Donnerstag, 9. November 2023 14:45
>> To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de>>; rats@ietf.org <mailto:rats@ietf.org>
>> Subject: Re: [Rats] draft-ounsworth-rats-x509-evidence-00
>>
>>
>> On 11/9/23, 8:09 AM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> <mailto:rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>> on behalf of henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de> <mailto:henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de>>> wrote:
>>
>>
>> I think this discussion is mood as was pointed out in the meeting already. Please see:
>>
>>
>> https://www.rfc-editor.org/rfc/rfc9334.html#figure-9 <https://www.rfc-editor.org/rfc/rfc9334.html#figure-9> <https://www.rfc-editor.org/rfc/rfc9334.html#figure-9> <https://www.rfc-editor.org/rfc/rfc9334.html#figure-9&gt;>
>>
>> [CW] I don't think that diagram renders this discussion moot. X.509 certificate-based attestations have existed since before RATS (and before we called attestation evidence). There's not even much question about potential for including claims in an X.509 certificate within current RATS documents (see section C.3 of EAT). I think the questions are: 1) do we want to provide ASN.1 definitions for claims and 2) do we want to keep claim definitions (roughly) in sync across ASN.1/CBOR/JSON. Re: 1), there's seems to be general acceptance of defining claims in ASN.1 for the most part (though no one really answered Brendan's question regarding why ASN.1 was disallowed for SUIT but is allowed here). Question 2) needs some more discussion. There was an exchange between Mike and Laurence during the presentation yesterday that highlights a potential difference of opinion between I-D author(s) and participants in the working group that could impact the adoption question.
>>
>> On 09.11.23 14:05, hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net> <mailto:hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
>>> Hi Laurence,
>>>
>>> The charter says:
>>>
>>> “
>>>
>>> Standardize data models that implement and secure the defined
>>> information model (e.g., CBOR Web Token structures [RFC8392
>>> <https://datatracker.ietf.org/doc/rfc8392/> <https://datatracker.ietf.org/doc/rfc8392/&gt;> <https://datatracker.ietf.org/doc/rfc8392/&gt;> <https://datatracker.ietf.org/doc/rfc8392/&amp;gt;&gt;>], JSON Web Token structures
>>> [RFC7519 <https://datatracker.ietf.org/doc/rfc7519/> <https://datatracker.ietf.org/doc/rfc7519/&gt;> <https://datatracker.ietf.org/doc/rfc7519/&gt;> <https://datatracker.ietf.org/doc/rfc7519/&amp;gt;&gt;>]).
>>>
>>> “
>>>
>>> CWT and JWT are mentioned as examples. The group already works on
>>> another evidence format, namely the TPM-based stuff.
>>>
>>> I would say that the document fits nicely within the scope of the charter.
>>>
>>> Regarding the document split. I am open to discussions about your
>>> suggestion, which assumes adoption in the group.
>>>
>>> Ciao
>>>
>>> Hannes
>>>
>>> *From:*RATS <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> <mailto:rats-bounces@ietf.org <mailto:rats-bounces@ietf.org>>> *On Behalf Of *lgl island-resort.com
>>> *Sent:* Donnerstag, 9. November 2023 13:59
>>> *To:* rats <rats@ietf.org <mailto:rats@ietf.org> <mailto:rats@ietf.org <mailto:rats@ietf.org>>>
>>> *Subject:* [Rats] draft-ounsworth-rats-x509-evidence-00
>>>
>>> I think it might be better to split this into two drafts.
>>>
>>> First, define how to put CWT/JWT claims into ASN.1 and make an X.509
>>> attestation token.
>>>
>>> Second, define the FIPS and CC status claims for CBOR, JSON and ASN.1.
>>>
>>> I wish we didn’t have to do the first, but understand that we might.
>>> Note that the RATS charter says we work on CBOR and JSON. There was a
>>> little discussion about ASN.1 back in the early days and we certainly
>>> put it off back then. There was also YANG discussion. Search the RATS
>>> mail archive for ASN.1.
>>>
>>> I’m much more interested in the FIPS and CC status claims. I would like
>>> to define them for CBOR, JSON and ASN.1. If they are booleans this is
>>> trivial. The would get registered in the CWT and JWT IANA registries.
>>>
>>> One of the reasons I’d like to define them for CBOR and JSON is so
>>> there’s a known and accepted way to translate their ASN.1 claims into JSON.
>>>
>>> Also, the X.509 definition should be for Attestation Results as well as
>>> Evidence. There’s no reason to restrict it and there’s no work to allow
>>> use as Attestation Results.
>>>
>>> LL
>>>
>>> (sent incorrectly the first time only to the rats-chairs; meant it for
>>> the list)
>>>
>>>
>>> _______________________________________________
>>> RATS mailing list
>>> RATS@ietf.org <mailto:RATS@ietf.org> <mailto:RATS@ietf.org <mailto:RATS@ietf.org>>
>>> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats> <https://www.ietf.org/mailman/listinfo/rats> <https://www.ietf.org/mailman/listinfo/rats&gt;>
>>
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org <mailto:RATS@ietf.org> <mailto:RATS@ietf.org <mailto:RATS@ietf.org>>
>> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats> <https://www.ietf.org/mailman/listinfo/rats> <https://www.ietf.org/mailman/listinfo/rats&gt;>
>>
>>
>>
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org <mailto:RATS@ietf.org>
>> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>
>>
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org <mailto:RATS@ietf.org>
> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>
> 
> 
>

v2.23.0 | Report a Bug | By Email