IETF Logo Mail Archive

Re: [Rats] EAT Profiles

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 16 September 2022 15:39 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 759E3C1522DB for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 08:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=2D+QhKO4; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=2D+QhKO4
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ppxYfSFPLFQ for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 08:39:03 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00054.outbound.protection.outlook.com [40.107.0.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75A56C1522D1 for <rats@ietf.org>; Fri, 16 Sep 2022 08:39:03 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=QcdFlHvwGQ3ncE8VSDD+8rh2yStrRtxWTX8obXv5no9M2waG7NwHL1HYq1jvlwJidKrGadIWpBHw90atz/i5a5SE9hBaGCAsMqGzfUl/ugxKMG9pKkIG8mTKeFqmTIhyOYbGfBL+ObkfBH7VAdvLnGTSUKnxOuw4osmQihRZNaJBVMfwBPlHoXyinWG3HwQLgSmlDGRqXfas1Ll8coELRKcFNk+e1pA4W7FNZHh24WqhMI1aIBtKGGjj2EriahQ5wq34qRstD8hwl2yWuPmbYjndF3EJhmqogEtMZvgZwAOXKst6Bp30nlTSIcIj7FLPwZSFJ6Mzf/LcQk8SKm0mEg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PoeCeLSnL68GhfEJT1Hvesm/vqOba/591ufebHI5Dnw=; b=M6RtNJ/I9nSPoGNKpJoH42KTcsecqNo2tClLHKIA6evpVtqGqSDHhlNyC79RaNwytg51sNSjkEl/W+x79dPhQVEIHldtW44iJ0GV7nRrFK09uTXlJoM9LuJ79Z+zpkD39oqBVFBP40kdUWsLfIOfxcFECNQjVEFjBW5Z/qyeYUDYanl4FgOaXwxVEkVvn9EFqvjaZkbKTVYRcpz2/taCXxvkN8AOgHHfgYL3yHpt2lw10qJzfyKGqpr7ZeaQ7ygyCdQL1/XAqTXrASv5GaPyUp2gnOQEuJxKxEDxpxwhriQPI6z4SJaHMt4RLzgDh77vZM82VHVLY+06IMYUgjkJpQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PoeCeLSnL68GhfEJT1Hvesm/vqOba/591ufebHI5Dnw=; b=2D+QhKO4OKxJDMEy/joNdTLXX1DZ7uRiQsMLULLInyZENy01Q+09GySnU9Cxs5dquvkURWBqkz0+DJGkpl/iDnGxFnOXd7HKkTTjp87OgAZNhHFOInlEGDS6odgruSJrrsbtpUZkYTODF/xt9n8dF7zacQOm9OP9v0FRGl36oVA=
Received: from AM6PR10CA0012.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:89::25) by DB9PR08MB7628.eurprd08.prod.outlook.com (2603:10a6:10:30c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.22; Fri, 16 Sep 2022 15:38:58 +0000
Received: from AM7EUR03FT017.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:89:cafe::d2) by AM6PR10CA0012.outlook.office365.com (2603:10a6:209:89::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.16 via Frontend Transport; Fri, 16 Sep 2022 15:38:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT017.mail.protection.outlook.com (100.127.140.184) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.12 via Frontend Transport; Fri, 16 Sep 2022 15:38:58 +0000
Received: ("Tessian outbound 9236804a5e9b:v124"); Fri, 16 Sep 2022 15:38:58 +0000
X-CR-MTA-TID: 64aa7808
Received: from 141ae12b5819.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id A63E2351-3F1B-42E0-93AA-C3545C8F38FC.1; Fri, 16 Sep 2022 15:38:52 +0000
Received: from EUR03-AM7-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 141ae12b5819.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 16 Sep 2022 15:38:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GHOpthkfDS6pKdJgkyGojUHteZmU7qd1o0R9uyplFPd1GIOv1oNZRA/JSWgpGp1wctG2q/Knap4Z2sYeZgUlz9nnMM3EgAGo2n4UJ5ACILGHzSVZnpbJB5EoDDzL945nE/baUti19mrOvLfY0FD27UGKd8GMV28K9ZzbU38CSznADgw2ZaKXCxz/p6N+7TREKO4fobdrAuKCkJpOSIaZQmJQygc9h6DNATDdJlMcROGADjRKVDpxtGsDncPO9zQsIEgzoR7pg22H2m8LNcn2hbvG/erEVt5oZgluxhh3UixvfYo28g5Rfbh2xKJyHhjPxr32Fne2Q7InOjPE6FyLww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PoeCeLSnL68GhfEJT1Hvesm/vqOba/591ufebHI5Dnw=; b=RVwtWvsB89uqq3/iOYegt4iSIBOypvgxGkRAFBl5yRI9eWl+iQoygp3owVPBIUKcyR6JzCbqjv6xwaxgVPVItEjopFW2ukyyuOy2nwHaoWKGzC6P6BBO8mmktbWsai0jZw00+bloFn/6X3NfBK09pHZKTmf0Il4C3oXg/YfvDmnasndu1QPCcDfGG241zUxwOqwPBo2z0OFOY8kfyi8H4fHWerza47NPvFBAqqSv5K6xf6ZHI01o9RTuz1iYXAndjiwcyoBKLkebuLmTkNt6LcpjUsKLO+ZkRU4xUnhKZl94rRJTjBgMaLCDLhe1+dEDvxTcIYEnbE5+ZRsa6YN6dQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PoeCeLSnL68GhfEJT1Hvesm/vqOba/591ufebHI5Dnw=; b=2D+QhKO4OKxJDMEy/joNdTLXX1DZ7uRiQsMLULLInyZENy01Q+09GySnU9Cxs5dquvkURWBqkz0+DJGkpl/iDnGxFnOXd7HKkTTjp87OgAZNhHFOInlEGDS6odgruSJrrsbtpUZkYTODF/xt9n8dF7zacQOm9OP9v0FRGl36oVA=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by VI1PR08MB5487.eurprd08.prod.outlook.com (2603:10a6:803:13c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.16; Fri, 16 Sep 2022 15:38:42 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::175:5593:658:8352]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::175:5593:658:8352%5]) with mapi id 15.20.5632.015; Fri, 16 Sep 2022 15:38:42 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] EAT Profiles
Thread-Index: AQHYyEuC1ToiOxtxD0CrmJtWlazaGq3fQG+AgAK0jYCAADuu8A==
Date: Fri, 16 Sep 2022 15:38:42 +0000
Message-ID: <DBBPR08MB5915D186BBDF010933513701FA489@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <71934.1663019954@dooku> <6D74BAE0-3B37-4A1F-9966-96EB60B9D675@island-resort.com> <240776.1663329145@dooku>
In-Reply-To: <240776.1663329145@dooku>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 4D2E7F9D38EA0C4380F78128C46D4A92.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DBBPR08MB5915:EE_|VI1PR08MB5487:EE_|AM7EUR03FT017:EE_|DB9PR08MB7628:EE_
X-MS-Office365-Filtering-Correlation-Id: 96fe8eb8-ae86-422b-175a-08da97f99269
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: CVoI3v2sG8ZvcFcQ6xRrYwNSkUsEcP4g+v3tYbEu4KKJQ9N9XXY4pcBvQtOVIBd+3LBe9RxLU2Dmv3A3uG4kzRzy/ldqrrxXKigLCxT5JelIwWUamBoqc5ADuIui9vZ8fMJhHIRxvrnOloWNgPl+2FQxYXO/k6MuiMsovlmSH7antLPjtpe7VdBaxsFLs83VFrcvhqfWST92LekgsTPla01EZWzRXLmV2NI+uyxl/FaBJEcpMhFenhSHjmdUqxem7QUQKnhaIQ1V+a/GupkRIT4aU5hes0rtXEnHm3e+xQryaZOu7+aQNJy4Znk6bE4b3mph2wM+6FR0EM0jBKXwQNDu28DFGu/g+qJ19ptit/2x0mRNYpMrOlrXQXG0LVJLtqThBSwWLEsFXm1RkBl/eCsBPDM69VsvG4EZ/fbhHovvsi0X29g0ud4Na7iKNnssqD3+taDcQcGbzL7jYkgmJZy2/02WULpe7r4DUfGcQ5dFa+rbAtlhTWysv4OhfHgYA7MV63VSmCBN8xQuab9bH/Ec9RX0eZuV3Kmabk/nPXjo47gYDG0/eZ9arFfaMyGa64iBZqv90GlX/tf2oQErBHz8nX/5/K5DiYQDJvScPzQG6E1Q+Ynon4NvyQ9hGXJR+1DHshy1Ty4vCKOQLfvW6NuJti2RjRty5hyvxs0fZeSdZlaXmH0pt44fa4HigwMBALVQnpO4HhCyakmBXHYKJNVTLCsgz+CQHd+AqNOzsSHU2cdEarg1anV+Okc7tduGhWi0QjNrFSrgYLJCy9RVLw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(366004)(376002)(346002)(136003)(396003)(451199015)(2906002)(38070700005)(5660300002)(8936002)(33656002)(53546011)(9686003)(26005)(41300700001)(478600001)(71200400001)(7696005)(86362001)(38100700002)(52536014)(122000001)(316002)(186003)(6506007)(66946007)(83380400001)(55016003)(64756008)(66556008)(8676002)(66476007)(76116006)(66446008)(110136005); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB5487
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT017.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 755cbadd-7be2-4fb5-39a8-08da97f988a6
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: IdPWCUOZaDKB6rDOmhjhNWxcuzuaiJzLqbm7hKxb9u3DjHmJsq3AAMWsc8ST/Rvn7Et4VbC9IFibGri0VDfka9rSzdHmX467St/pqy7ufBoc83G6Uagdz16kFMDR6NRLLbIKFf+H1YvXLviixK8d+XcsMvYlza3PLTkvF2TAH8HcOa8/IEWg+cpbHP84ZH6t1kqJU6StkUxjMMQsISK2w1Bztr2PpHJPzvGMN1UfNFdK2Rnbsv9Y8SJFZYgT6hbq/3YizRT/2Y5AmUk41mx5O4tvGgioSazkbZOBcw8WsltZPH9N0OmioOP+FdpRUYmJMyY+u78Vz7k7tlSAciQihAbRDXFaZ5Q+At4NwzP9AqHF4tgrWoNyTwVXhHeaCVixs6kbFZRububcjoO68fVMkyyB0hK/cZfgFMmS+73BrXISUQmcTjAgb+K62JGpWN+wHZaqef9nGcTmovrs8ib18zs56PXIG7a1DsKDSPLc9xB8lrnVPrikytZuID8tGU1gn+j/RDP5GXqMCR1DD+fHHmzGUXSSjLr+Uu5L4kTxlnZFqD3lh5Y7r4spgZYsQz4mYlC3hqTwOcUGQAYRI+QKjj9V1XBIls4Op8sBBFe5FmwvRa8v6KC6ImnAWJLCLefW3IjjmK30NCs7r/dR6QW9kOBvDAUt95R7t615AVjPRR3NX0Sj0c1rn4k9UWdqsxDc2oBP15mT5RhLPkrumPStWIk9csbSPgi5I3QId7bVwckj3R2KlWAJqDhBGryQPhn9dVCoMUCm/WC5BDXDpVvFUw==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(376002)(396003)(39860400002)(136003)(346002)(451199015)(40470700004)(36840700001)(46966006)(36860700001)(356005)(70586007)(81166007)(110136005)(316002)(82740400003)(70206006)(86362001)(47076005)(336012)(53546011)(9686003)(26005)(7696005)(6506007)(41300700001)(83380400001)(478600001)(33656002)(8676002)(186003)(82310400005)(2906002)(8936002)(40480700001)(52536014)(55016003)(5660300002)(40460700003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2022 15:38:58.4733 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 96fe8eb8-ae86-422b-175a-08da97f99269
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT017.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB7628
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/HLXW2tlZs0a38C1U1ArAewG8Cw4>
Subject: Re: [Rats] EAT Profiles
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 15:39:05 -0000

Hi Michael, Hi Laurence,

I am curious why it matters whether an EAT is a CWT (or not).

Ciao
Hannes

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Friday, September 16, 2022 1:52 PM
To: Laurence Lundblade <lgl@island-resort.com>; rats@ietf.org
Subject: Re: [Rats] EAT Profiles


Laurence Lundblade <lgl@island-resort.com> wrote:
    >> <mcr+ietf@sandelman.ca> wrote:
    >>
    >> Second, the next bunch of items:
    >>
    >>> Use of JSON, CBOR, or both: CBOR only.  CBOR Map and Array Encoding:
    >>> Only definite length arrays and maps.  CBOR String Encoding: Only
    >>> definite-length strings are allowed.  CBOR Preferred Serialization:
    >>> Encoders must use preferred serialization, and decoders need not
    >>> accept non-preferred serialization.  COSE/JOSE Protection: See
    >>> Section 8.  Detached EAT Bundle Support: DEB use is permitted.
    >>> Verification Key Identification: COSE Key ID (kid) is used, where the
    >>> key ID is the hash of a public key (where the public key may be used
    >>> as a raw public key, or in a certificate).  CBOR Tags: CBOR Tags are
    >>> not used.
    >>
    >> I really don't like the EAT has not made a clear judgement on these
    >> things already.  I'd really really like EAT to be far more
    >> opinionated.

    > CWT has most of this variability and it is a standards track
    > RFC. Should the CWT authors have been more opinionated? Should someone
    > write a follow-on RFC to it that says what CBOR serialization it should
    > use, what key ID scheme to use, ...?

No, but EAT is not CWT.
The lack of strong opinion makes EAT just a rehash of CWT, and that's just not helpful.  Thomas has pointed me at the new section 6.3, and I'd like to suggest that you just blow away most of 6.2 and replace it with 6.3.
What really are the arguments for doing anything other what 6.3 suggests?

    > and no one is trying to implement CWT in pure hardware. Possibly there
    > are some issues with algorithm selection. Probably there just isn’t
    > very much deployment, so we haven’t run into much.

I don't think that EAT needs to specify the signing algorithms.
I'm not sure an EAT Profile should either, but some SHOULD+/MUST is probably a good idea.

    > I’m not trying to be argumentative here. I just want to get to the
    > bottom / heart of the issue.

We are here to make (well-informed) choices, not defer them.

    >> The above list looks like it will be 95% of CBOR-based EAT "profiles"
    >> Could EAT just write this down, and give it a name?

    > What I wonder about here is layered or partial profiles.

    > We could write down the CBOR serialization selections and call it a
    > profile, but that doesn’t give 100% end-end interoperability because it
    > doesn’t pick the COSE algorithm, key identification scheme and such.

That's just fine.
We should say how kid is used, but we don't know need to force the algorithm choice.

    > I’m a bit scared of the notion of partial/layered profiles because that
    > adds complexity to EAT, but it doesn’t seem out of the question.

Remove things from the profile, write them down as MUSTs, and then entertain arguments for why someone might want it to say SHOULD.

    >> EAT is all a la carte, and we are asking for a coordinated, three
    >> course set-menu.  (Please pair the wine with the fish.)

    > Good analogy! :-)

    > The desire for small code size is a really big factor here. Weight
    > watchers are definitely implementing EAT in scenarios where code and
    > memory size are big issue.

    > Not sure we can provide one set menu when some are vegan, some are
    > teetotalers and some have nut allergies, and some really really like
    > cheese steak with a beer.

    > Maybe EAT is the restaurant supply company and the profile authors are
    > the restaurants with the set menu?

I disagree.
CWT is the restaurant supply company.
EAT is a restaurant, and it is offering multiple, set-menus with some choices in paired wine.  It doesn't have to be a single set-menu, but a la carte does not help.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email