IETF Logo Mail Archive

Re: [Rats] UJCS standardization (relates to UCCS WG last call)

"Smith, Ned" <ned.smith@intel.com> Fri, 15 September 2023 19:35 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B6F3C14CE29 for <rats@ietfa.amsl.com>; Fri, 15 Sep 2023 12:35:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZo9nABkwKbj for <rats@ietfa.amsl.com>; Fri, 15 Sep 2023 12:35:03 -0700 (PDT)
Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AFE6C14CE33 for <rats@ietf.org>; Fri, 15 Sep 2023 12:35:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694806503; x=1726342503; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/rDNnnmgTiAgurgfep9laJ6n9eCKhKi5aj1ORMklq0c=; b=jngQSk/RHH7rgqmeRw4oqO++KuCFG/TKCaW6aU1DRynkJIqRPQZC0pBH 2WJbqvTDTB6KIMz4doS7j1qIxa/ePlp61lzNQR+2+Gd+mi8zkAvDEA3Wv pN5XZ4SsB3zklurZBcdEEwOgP23POT0yIZkQxciR1tNUJcMsBjX453JuI GngHNl7GuD44Iruv9dKds6xgWHFbPrZSLq0inoYVB9ZJpVmrKsFDMfy3C 5PDPAiT11KDd6wWbzEwAW5KQZvuwTP0ZAwWgaXuqjBfXoJr5EqBn6wSXH RCgEVUBkmAVi3eAT5voWkNW93CMZpD3/Rn1Vmi43l03LkPZ9AGMuhmy9D A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10834"; a="465686796"
X-IronPort-AV: E=Sophos;i="6.02,150,1688454000"; d="scan'208,217";a="465686796"
Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Sep 2023 12:35:01 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10834"; a="721800464"
X-IronPort-AV: E=Sophos;i="6.02,150,1688454000"; d="scan'208,217";a="721800464"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga006.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 15 Sep 2023 12:35:01 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Fri, 15 Sep 2023 12:35:01 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Fri, 15 Sep 2023 12:35:01 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32 via Frontend Transport; Fri, 15 Sep 2023 12:35:01 -0700
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.48) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.32; Fri, 15 Sep 2023 12:35:00 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CPId5BG1v8wo/5U5nnUDiOddtVYkLrjjKROVsvDezszAHJuFkMGwo7VEry+/T7q1JvihPhETfxPVKmuMjkLqIMVsPMwyo2uPEmRexFCm3kUVF92coKS7BDGzFcXw1TwDCH59cdPetesV6j0nzcmEv32Crwf433muxEh/Q2Ibiy6z0xG90Q8nwUkzWFjYTfncAOjU4/i9ge5LmLRJvePMuza8tY4fErRRWiuQv8ijq+lp7tiMXymCHUP5otmA12vqBMm6y+jcQSYZOUKthK4pITI47BooUacV8WzXonxRHdI+ANb827QxMY4N1sATTL9elNQc9qwvGT+b0/FHIA369A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/rDNnnmgTiAgurgfep9laJ6n9eCKhKi5aj1ORMklq0c=; b=DZbOaufZpbk34sBaNXJMrT99SrA6XKkkhe1Hd9JtoQFBErdxFoQ1wbjnmcoxVk5q3pPGsuxsM2gPuUTuxYLV4o4dm6zn/rWXug8sFmRP4fFyLK2vApwTdXUZZR2E64LLNWvPrEWw1rdeVaBW0Ksx3z25r+LylQ5HU/mUTM4YiI7YMJQ6Ux2bvTkjYvsXuREE+ijKNuQRe3GfB4kOisko/0ZnxVS0PB7l6+gc8Gu7/4q/rLUx7CO9rVuwTTnVuE2yt3XMHI5/KGo9vf83N68XgIOsz6V1GRCQjaSDxj1SdDe+uz4NNWPhKWug43/n7I2LAqlHgqgwqJcZP5hikHKtYQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DS0PR11MB7622.namprd11.prod.outlook.com (2603:10b6:8:144::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.22; Fri, 15 Sep 2023 19:34:54 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9%7]) with mapi id 15.20.6792.021; Fri, 15 Sep 2023 19:34:54 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: "lgl island-resort.com" <lgl@island-resort.com>, Thomas Fossati <thomas.fossati@linaro.org>
CC: rats <rats@ietf.org>, Roman Danyliw <rdd@cert.org>
Thread-Topic: [Rats] UJCS standardization (relates to UCCS WG last call)
Thread-Index: AQHZ5mx23jN1gREeLkmcZGG0cG9RtrAb30kAgABcwgD//5kpgA==
Date: Fri, 15 Sep 2023 19:34:53 +0000
Message-ID: <84BCA5A2-A1DB-47D9-864F-C49AB723065B@intel.com>
References: <CE435754-AA38-41CD-9AA2-65EB2347EBA0@island-resort.com> <CA+1=6yd0QM6E2BnCKgWOJHqJxhcmajFb_j9qd81fAbKw2=yeZg@mail.gmail.com> <4D0A70FB-2F99-423B-9E3B-77ACD58C5470@island-resort.com>
In-Reply-To: <4D0A70FB-2F99-423B-9E3B-77ACD58C5470@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.77.23091003
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB5169:EE_|DS0PR11MB7622:EE_
x-ms-office365-filtering-correlation-id: 976f21bf-0d12-4375-d423-08dbb622d615
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Evi5WWS4xUcIHgrNrQ2OHG0Z9r3vnDeACh2SAd12RSzhqHdf/0A25qtuKVwcaybQjMX0csZXzoYktBr8IEQVtI8pRgZdjLLoh+2dZJptL3tpZZKDdXwweF3EaCFVd+Q/7LEZEYbcd3HMuuBqEi2zuwZdc5n2AMCM+9Z0zNU91x0KRPMkoChnqkHdHl10MhIuq7p5BXU0Q98BrtwiFwFwyWOwZ9uqq+Lf/4DCIP6Gt/r0byNH2pKT4n2SD49y7uZp1kljXZXaUw1dlnsGNJH57qaerDYAJpjlFV0RAWk+1SLi+I9cswSnbOZJcFTXwvpAOuj0+pejThNme4vBvwoQBoYh6hZUMVEirUMO+66brbkgvr8P8+SZDYy+d9dXoH2h4uD6aQxmzLtsnLgioOuK4Qspq0KXhfZCkVSTmHVAuG5bRxXNl9n3H6/pPjkhVrzoosDsFwX7V99iEUdznD47OnUTIfU8+GnHydBOSb2kCa9PYRQ6sjl2+l/xekD2Mrj3tRYX/Dfb7ZfyFN16ZOtPYogNL0FsAzs8TRQ10RWelCEK6jK+uhrzCXS+4YrogYjIlJKThA4rw0JtDjOsnXdX0GDwtdWZYAioZ4osR/ectgO6iI9VRtsygh+Xx0vR4rTy/sMEc73HdIKbmFgComCOPA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(366004)(346002)(136003)(396003)(1800799009)(451199024)(186009)(71200400001)(6506007)(53546011)(6486002)(6512007)(478600001)(83380400001)(2616005)(26005)(2906002)(66476007)(66446008)(54906003)(64756008)(66556008)(66946007)(76116006)(316002)(110136005)(4326008)(41300700001)(5660300002)(8676002)(8936002)(86362001)(36756003)(33656002)(38070700005)(82960400001)(166002)(38100700002)(122000001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Q3nKJBwKW80VbiaE35qB22/ysQu43B9ZhbrVHNJhOVBMvmI2tBWuJT/V8lbDTlep+XYPP9BkzZv8NzqVKZn5NOI6cuUIMeiai3nFL9zOZTQ+OCiu5e9WivKXIeCl5yrzcGckadioMA6oaRFlOFguiLHHUIX6jiXgzjgYlzGR3P5gLxpYeQ/PLfA/biJX0HGvk70956mcDWubV0sDDyItZLVrjDFZGkG9QdhFvdEbQYkZXXMo9WJQTAe/pxXUY1anMpIe+0CHk/5qE8v4+1drTrfhaZ478RDldDQ0ueHyx9zxRtynrmqCT6KjdEBWlQVmqOv7XYdkTxnB3xgE67RncsR7P7SsGMplgaDdqbU4wQMvdDG2mbppZLs/BPMPK2H29FE89rh1vDL07uDcS6IjzPOslQc6882FeqSgUT/AVxEWkoMFTSC8Pp9XlnbHz25squvd0/n1CX/X+laoE5vr84fvm7CyVEojionjJ3SrqLbeG5RRZ044aM8N5X2TZU2rSoWfTT6YVndeSLmdh/1G4RelkaxsTX/2DSjrtomB1zXRJ3Sz+R86k0tdsGyaLKbizSaCW4s2PkJv9924cpMYZ5haKFQLILs8EiGJh0PRkyZ1RiKtyPqKzEzgC767i18ME0d6th1v1cUPZ86isyLtQQsr4pFsM+RnIpodpktYZE62/Lksd4Kd7w6W08SPm1w6qfL2Rpscdcg3Kl56BZTqv7NYL+nHLsOjvwSLk1evbedf/KDgwuBL4G1PkyW13ouYhaPvuDrgqRfYZ8sEKv67PUBQonoZndp6ooAb6xlO3ix2nVO1DilElmxavwDXK6WDiKlZpjYoVJr/xOBwqx5IhN7G/vNLSwdNaqJhByM3UczO51VfkOsZ3NiqtIL4/5huV6b5wiJtPdI5EC/GEniTS6vjtgRGqtylthIXgRWNV0F+8oqBmOlkIyZ1enwuIQUk7CJULJ7Wfm2TYrhRvdPaZFk7ED15tXt9FBIRXqL79lugDQIkYj9iUUr4a216CUpUrbmaulrsvM+cbxTQY6+lqlDRLHl02xb+BGqOR6GHHUyhM4inc4PMF9NFRdPOrenanfKDtglVoDIHKTVdOM6IIQnAjsEc8Sc9LyqEikbfBwEnafH2BnGuphZgG4uq0yeA/sXZ1s4znpJWAAVpnaWzPbtvyGAm/STdW20q7h4yxGJ7nqa67+DcHHZQBIG7KZU327/DPLPse68srAPzb892jZEdBLPNM80cMovjVG9q2EIMqJ5SQlRrrIcQU44/NUYhh2jOJnMdXiFtDzSI54FrDgXbi7C1m6XNB14AOpSoY7ErkNL3HZi6d06MNAmXgS82wxcPOH18OI5/+W+IMI0HjelADnfDpHoIeu8NJ1PSCo5jT5hKHoLkuHpAmFl0iU7E38buJThWu3Rj5hGovPkZNkwAVc9K0IY9WEZxHSwiglrvpsRoef8mhu9+9uvRQfqTE3zz8ihCm8rTtOARqzpiVaGqCY44Kdm0PkNYjthAUOc4o2aiQ9URu87q9JVYlYR+dnrk4HgpD/vACELe8JY1gNYuSu5Ujc0MPA9gS5KA3aN9/6zh+kH7cwtCyTOvW+nOVz2C2lJAt9RFM99QqYpX6g==
Content-Type: multipart/alternative; boundary="_000_84BCA5A2A1DB47D9864FC49AB723065Bintelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 976f21bf-0d12-4375-d423-08dbb622d615
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2023 19:34:53.9706 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gZNZdWzSE3J4EXAswHdhjjFCLIXjl55SPjmz9yV1y8hJ1cMtne0GngtV5ndCsfGv8i/R/AozLI9LjH6J6sVb5w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB7622
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/GDS0uJZ0LrZXKoiDBWIGK25l2sU>
Subject: Re: [Rats] UJCS standardization (relates to UCCS WG last call)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2023 19:35:07 -0000

As a note to the EAT media types draft, there is a normative dependency on UJCS. The EAT media types draft should normatively reference whatever draft ends up defining “UJCS”.
-Ned

From: RATS <rats-bounces@ietf.org> on behalf of "lgl island-resort.com" <lgl@island-resort.com>
Date: Friday, September 15, 2023 at 11:43 AM
To: Thomas Fossati <thomas.fossati@linaro.org>
Cc: rats <rats@ietf.org>, Roman Danyliw <rdd@cert.org>
Subject: Re: [Rats] UJCS standardization (relates to UCCS WG last call)

I’ve created the PR here<https://github.com/ietf-rats-wg/draft-ietf-rats-uccs/pull/18> to add UJCS support.

- Renamed to “UCS” for Unsigned Claim Set, but don’t mind “UTCS" for Unsigned Token Claim Set

- Mostly I just changed “UCCS” to “UCS” and “CWT” to “CWT/JWT” through out the document.

- I added CDDL that has nothing to do with EAT:
   - Corrected UCCS CDDL — previous CDDL was missing definition of tagged and untagged
   - New CDDL for UJCS, which is very simple
   - (I haven’t tested this CDDL against nested EAT examples yet; will do that if there is desire to go forward).

- I added the glue CDDL to hook up UJCS and UCCS to EAT


While I know many of you have local use cases that only need CBOR and have waited many years for this, I still think we should do this for the sake of the larger community, so save ourselves work and make it easier for the reader and future work based on CWT/JWT. I’m trying to help out here to make it go.

Of course, in the end it is the consensus of this WG that determines what we do.  Now we have a rough idea of the work it takes to get this done to help decided whether to do this or not.

LL



On Sep 15, 2023, at 6:10 AM, Thomas Fossati <thomas.fossati@linaro.org> wrote:

hi Laurence,

On Wed, 13 Sept 2023 at 20:02, lgl island-resort.com
<lgl@island-resort.com> wrote:

I did look at what it would take to add it to the UCCS raft and it doesn’t seem too difficult. The biggest disruption is seems like the name change. The CDDL is already there. I will try to help with the authorship in UCCS.

Am I reading this correctly that you'd be the one preparing a PR with
the necessary changes?

That'd give us a precise measure of the effort required for widening
scope to UJCS, and it's probably the best way to convince all doubting
Thomas :-)

cheers, t

v2.23.0 | Report a Bug | By Email