IETF Logo Mail Archive

Re: [Rats] Call for Adoption: EAT draft

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 30 May 2019 19:19 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 042C5120092 for <rats@ietfa.amsl.com>; Thu, 30 May 2019 12:19:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=hmbF30/M; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=XCzc5Whg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vrj9P7dU24Ni for <rats@ietfa.amsl.com>; Thu, 30 May 2019 12:19:44 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B586120072 for <rats@ietf.org>; Thu, 30 May 2019 12:19:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4402; q=dns/txt; s=iport; t=1559243984; x=1560453584; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=C0IyktK/PsLa0cpAsZVllaor+rzV9GNYAMuXPNKP4AI=; b=hmbF30/MYmA9cCipDoVou9/4wriwVdthL8HViYe4BhFoGOTEk0/2JoSH 7T8aPKNzDapozGwQT2GemBE0RUzzzkQLltzR0fkjGhWALNp7wlN9p2wWI Pw2I8U+qNMoaRXagt1ix4t2bECRl+rppAaNQwTei3inFVwfeH7rdtJLRY E=;
IronPort-PHdr: 9a23:Ijg9NRSsW9cw443EqrDr2u+YYdpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESUDdfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOiEkG8VefFRk5Hq8d0NSHZW2ag==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BHAAAkLPBc/4wNJK1lHAEBAQQBAQcEAQGBUQcBAQsBgT1QA4E+IAQLKAqECoNHA4RSihyCV5cugS6BJANUCQEBAQwBAS0CAQGEQAIXgmYjNAkOAQMBAQQBAQIBBG0cDIVKAQEBAQIBEgsGEQwBASkOAQQLAgEIFQUCJgICAjAVEAIEDg0SCIRrAw4PAQKfSgKBOIhfcYEvgnkBAQWFCxiCDwmBDCgBi1UXgUA/gVeCTD6ENw+DCDKCJospEoJZmlwJAoINkz6WWKMAAgQCBAUCDgEBBYFPOIFYcBWDJ4IPg3CKU3KBKYsfgS8BgSABAQ
X-IronPort-AV: E=Sophos;i="5.60,532,1549929600"; d="scan'208";a="565792278"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 May 2019 19:19:42 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x4UJJgVu032098 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 30 May 2019 19:19:42 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 30 May 2019 14:19:42 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 30 May 2019 14:19:41 -0500
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 30 May 2019 15:19:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C0IyktK/PsLa0cpAsZVllaor+rzV9GNYAMuXPNKP4AI=; b=XCzc5WhgoQ8IJoHpLFZeDZvV7VW/ALMEedphm6ufKEojnfIRvB1YsRbvuBDqjBHbmv2/60W6eaKVw2Aq6vNfUCNY5m2xHL/g1ItxyczfiS+7H60PCw3SNjW6I472yCaf/RjF4yzN+IFDMCDkJby+8ebBiKYljlUynlnsYt14tzo=
Received: from DM6PR11MB4089.namprd11.prod.outlook.com (20.176.126.30) by DM6PR11MB2906.namprd11.prod.outlook.com (20.177.216.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.18; Thu, 30 May 2019 19:19:40 +0000
Received: from DM6PR11MB4089.namprd11.prod.outlook.com ([fe80::d014:d7a3:270:e5a9]) by DM6PR11MB4089.namprd11.prod.outlook.com ([fe80::d014:d7a3:270:e5a9%3]) with mapi id 15.20.1922.021; Thu, 30 May 2019 19:19:40 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for Adoption: EAT draft
Thread-Index: AQHVB0JFcFAs6WTeOkGyPcUokje8h6Z3f+WAgAkvdwCAAAQPAIAAQeOAgAAaP4CAAAwUgIAADicAgAAZOwCAAAfHAIACt1gAgAAFvJCAAA1BIA==
Date: Thu, 30 May 2019 19:19:39 +0000
Message-ID: <DM6PR11MB408967D6E5EF0A355CF0D60BA1180@DM6PR11MB4089.namprd11.prod.outlook.com>
References: <CAHbuEH6Mdwp+neWbcecA-pMYZoXKiNda2A0EnMh-8WX=W9_edA@mail.gmail.com> <DM6PR11MB408991CBF9B50672E12A8F61A1000@DM6PR11MB4089.namprd11.prod.outlook.com> <DM6PR11MB4089818BBEF529569DC1250DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <bdcaa9f2ca2344aa98287acd0b80d8f3@NASANEXM01C.na.qualcomm.com> <DM6PR11MB408939CC9EA79D479B76586DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <E09EB1B2-ED56-4F1B-8D80-BF0D227199A3@island-resort.com> <82b0a75e5b5645d1a43d240373bca6dc@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089DAD248EEAAF9F92F2C0AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <50ddca72a9074e229976ca88f78e340a@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089BF4C3F319894DAE8722AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <175ea22d1a1948d48f8180424cc89ec0@NASANEXM01C.na.qualcomm.com> <VI1PR08MB5360CE8EFA93515A140D30F2FA180@VI1PR08MB5360.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR08MB5360CE8EFA93515A140D30F2FA180@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.67]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dcba4ef9-7196-4f53-c0b0-08d6e533c349
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR11MB2906;
x-ms-traffictypediagnostic: DM6PR11MB2906:
x-microsoft-antispam-prvs: <DM6PR11MB29064D1648DDC53E850182F1A1180@DM6PR11MB2906.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-forefront-prvs: 00531FAC2C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(396003)(136003)(39860400002)(189003)(199004)(9686003)(76176011)(14454004)(25786009)(6116002)(3846002)(5660300002)(55016002)(478600001)(6436002)(52536014)(99286004)(66066001)(53936002)(6246003)(7696005)(4326008)(6506007)(6916009)(11346002)(102836004)(86362001)(68736007)(486006)(8936002)(74316002)(2906002)(33656002)(81156014)(71190400001)(229853002)(476003)(26005)(316002)(305945005)(81166006)(256004)(7736002)(73956011)(66946007)(446003)(8676002)(76116006)(66446008)(64756008)(66556008)(66476007)(71200400001)(186003)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB2906; H:DM6PR11MB4089.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 7QE3naXCFckcvK/whNB527cDGdzoKmy7MtL4nUYs39Kt+Bu+TgmHO8CgcRXzNA8XuE7rg0Z3rB6aTtnnrxrpcwwgfOBMbhwff+tR4NZYwq76jN4/F4qbPAcojB3DwugFhYGZucOdXRLx/OUxBCt720ymXh0DGiUfhr0E0aetBLCnHY5y6RL23I+J0ndpN82cOlTOX/x9nCbVWjGf5Jt0VCtvvX+AnfceIgJI4BlEIDQZ3K46JxFl9YDwx/3lsasGsXLEe0ScGTnBAsjHNe/a1I+XQIpQ2auoncoJYH2+tPhSIsa8xISRN2HCnnxFDcZrCaq60J6Ih4yJnQ5nOAzz1NBKhbYCOAWcuHya8AskCUWjjAtHJqDHU4ZCtJFJ24umFNb9GleaLl742oEJ99gbddGA6iqdZ0L/4mp398LdalE=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: dcba4ef9-7196-4f53-c0b0-08d6e533c349
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2019 19:19:39.9958 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: evoit@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2906
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Ii14gai_42Kb4BYf4mbTj3mO9DQ>
Subject: Re: [Rats] Call for Adoption: EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 19:19:46 -0000

Hi Hannes,

I do like EAT.  I am hoping that it gets adopted.  

At the same time, I am trying to avoid unnecessary mapping of claims from a chipmakers domain into system integrator /network operator domains.  I believe much pain can be avoided with a little planning up front.  That is what I am trying to facilitate with this discussion.  

Specific details/examples in-line...

> From: Hannes Tschofenig, May 30, 2019 1:18 PM
>
> Hi Giri, Hi Eric,   
> 
> (a) some principles/guidance to CWT claims registry people on avoiding the mass registration of lightly-used or unused claims
> 
> Why is this a requirement? When a claim is registered then it is most likely done with the anticipation that it will be used. I have not seen other IETF registries that have raised the bar to a similar level, at least the JWT claims registry does not work that way. Furthermore, what is the harm in registering claims that later turn out to be less frequently used? 

Let me provide a *best* case example.  In the NETMOD WG, there is a draft-ietf-netmod-geo-location.  Both that draft and this have definitions of latitude, longitude, altitude, accuracy, etc.   The *good* news is that both drafts are based on WGS84.  So at least our experts have lucked in to using a consistent resource.  But are these the same objects?  How does a reader know?   In one of the documents the latitude/longitude attributes are "FloatOrNumber", in the other they are "decimal64 {fraction-digits 16}".

It of course gets harder for other objects.   The velocity objects in draft-mandyam-rats-eat are "heading" and "speed".  And draft-ietf-netmod-geo-location has this information "v-north", " v-east", and " v-up".  Here we have different formats, the first of which cannot be easily upgraded to serve three dimensions.

And then we get into other harder objects where we will have timestamping, explicit domains of allowed entries, etc.  And is there is no boundaries on what might be claimed as an EAT, in theory we could create a parallel domain of objects without description on how to map between the two, placing the heavy lifting onto the implementer.

Now I am not trying to solve world hunger in this thread.  I am just trying to have the draft consider minimizing inter-ecosystem friction where we can see it coming.  I believe with a little foresight we can ensure a consistent population and data typing for a subset of claims.   Without foresight, I see that people will create new CWT to avoid some later mapping.  And more/redundant CWT tags will harm interoperability.
 
> (b) a requirement to map claims to existing YANG objects, if these YANG objects exist 
>
> I also don’t understand this requirement. Is there some design rational why this would be needed/useful?

Per above, EAT claim instances need to be integrated with other work/ecosystems in the IETF after the information comes off of a hardware chip.  A claim registry shouldn't create redundant info/formats to other work/ecosystems when it can be avoided, at least without broad discussion and consensus.   (I.e., lets avoid unconscious object definition and object domain overlaps wherever possible.)

Eric
 
> Cia
> Hannes

v2.23.0 | Report a Bug | By Email