IETF Logo Mail Archive

Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

Giridhar Mandyam <mandyam@qti.qualcomm.com> Wed, 01 June 2022 14:41 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54DAAC14F6E5 for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 07:41:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BNVCPcg9PRL for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 07:41:17 -0700 (PDT)
Received: from esa.hc3962-90.iphmx.com (esa.hc3962-90.iphmx.com [216.71.142.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABD6EC14F692 for <rats@ietf.org>; Wed, 1 Jun 2022 07:41:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qccesdkim1; t=1654094477; x=1654699277; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=PIZVr+zLzi25Z3PgBdFwe1b6c2Gpd5GNnFGVBUKFiJ8=; b=KIejjderCvVdEJjC/mSOYEmz+rWAxfeEuVk2zyDgs54RILUnHemONgxn B+qkwzZvHST7IM06UZUPYDsxABorPyZrtNl40AwtgeM1PhlUlLU0jT0Xv 2YVPwvzUNNpjohPDQMUggluJhEVO2xAJqLnw3ROxSlkb7KG/UMoyM7NoI 8=;
Received: from mail-bn7nam10lp2107.outbound.protection.outlook.com (HELO NAM10-BN7-obe.outbound.protection.outlook.com) ([104.47.70.107]) by ob1.hc3962-90.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jun 2022 14:41:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T0yWuX2qIjcOpCV6rnt7TY5WWdI9WpO0eBd6ZXCFAQIeSvTSuJ4yaF6ekSuYV9Wl9F7nIsdr+EcN1ETIsmYykplFdKUAt09dS8pA/8biELu+7IdN1JuCuvSncOehqZGs1OWldUHGG9o6BiM1fuoIsWaypTB3Eq+nhltH6YOg7L7D8175r4ZDJsRIaYUGjwCYNwuiWRqmjsbYVfIVaVkMxQ5Xed4Op3dbGhIuozK2LPdddOFiAZngrAhAsc6TcRQQeoJfCbptKXR0HnJfNsYVicIS5lBAD9A0artXKQPRr51HC6jZtUxlgdO4Fthzxs/TJH4ujoS34AYSFOK6xvLeVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PIZVr+zLzi25Z3PgBdFwe1b6c2Gpd5GNnFGVBUKFiJ8=; b=Q40H3m6Sz+G6ePkUlQu4bO/+fNbT7aYWabNw0iWhCI4Dk37LHfXDyCsN5ETVm5y+AKawBBaMchs3cKjuWz4zaisPWtzf6ZzESE08jf/KsVc/vAKScdo+4trkDLC/q70beWkC8bD3X4O9bg/iAt9eFwxe4AUJZJiQ7ER4NqLuFsux1LQqXlKadx175DU9bDFVyp0Tv5u72nqMwSysNumYOSwSUDS1MU8xcQ1KVAlhH+1fVUMDDrHePRDeFkuIsg/LIHEQvtMKhjo+Eion4pgai2xlY6X9uHnskb/1VjDi07JrdGJQUJd+MumjDjp4q7YTntsvb0W2Aj49o0K55IJmWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com (2603:10b6:a03:3e4::7) by BL0PR02MB4452.namprd02.prod.outlook.com (2603:10b6:208:45::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.18; Wed, 1 Jun 2022 14:41:13 +0000
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::416:c75d:6a2a:9e19]) by SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::416:c75d:6a2a:9e19%4]) with mapi id 15.20.5314.013; Wed, 1 Jun 2022 14:41:12 +0000
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
Thread-Index: AQHYdNVRnQv5QhI8fk6S4mzhbTb46a05NHiAgAAvSJCAABRlAIAAJvKAgACW7ACAAGELgA==
Date: Wed, 01 Jun 2022 14:41:12 +0000
Message-ID: <SJ0PR02MB8353B3CAE4C2216DE827919D81DF9@SJ0PR02MB8353.namprd02.prod.outlook.com>
References: <45618431-7329-4F31-941F-A39BBC9D575F@cisco.com> <DB9PR08MB65241E9E259EBBD532480E469CDC9@DB9PR08MB6524.eurprd08.prod.outlook.com> <30BB98D4-8CC0-4EA3-BB89-9F95DC6F2CA8@island-resort.com> <SJ0PR02MB83533D9FAAA5C935EFFE2BED81DC9@SJ0PR02MB8353.namprd02.prod.outlook.com> <D6FBA9E8-EAF5-4D43-831E-4F11EEF56AC1@intel.com> <D4DFCC84-43A9-45F1-86CC-577665206643@island-resort.com> <DB9PR08MB6524A23DF4EF603E60641C449CDF9@DB9PR08MB6524.eurprd08.prod.outlook.com>
In-Reply-To: <DB9PR08MB6524A23DF4EF603E60641C449CDF9@DB9PR08MB6524.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=qti.qualcomm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0a3e835f-9097-4cb1-d26b-08da43dcc67d
x-ms-traffictypediagnostic: BL0PR02MB4452:EE_
x-microsoft-antispam-prvs: <BL0PR02MB445208FF0694B96D3A520F3F81DF9@BL0PR02MB4452.namprd02.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5IaOwYAJ7iggdqbl+sNT/kfRl0HAtxRRRgQH/gz8WRhggQdz5nMw9KSetsoL1OemB8tJL0mYURC5L4Rl7qI58FGeJdHey0zMYaEf6CXMn256Y5AkH8t7yHYUKEUQ9wEv3NUD65A3qrF0LOPVA7qqTeHOTLPfJroj3zfMh594y9ExeicJuDKmqKE520ojZHOYYfkHE+spt9AmI5v777b6wCThkjVpIRaYws2prW8AHlHHVisXpf0QR3L4SyZSvtJJwfu0S5rOrian6ws9HwfdgX8mDLBLfXo1RzxGtYUdve9DBe0OTM1igFvjaKJt3fwPUCmszaHxZ+pbrRKMAsjgpz7rNaAdqJ7UMDTm6ENvwIoB4H3tJvtjK/pj1WrU8I7DSsjWZK2VfhHoYkysZ3/wT9LcSKssT37A4vwiap9Tw6YQXUkm6vQtqQgqxH/tOSDy0gaHFbzFNqUjALKiycc/SWg32o4+UjPDmL9ytrhSDZNDL+ySSIGU7azC+YKNpYo8+Y359nYbakpCLkeo1yjZgM3zaP7JkIJBwJi120VMV93GOf/blPEdpYB/l8EUzzmMZo6BvgF/ouNpS9fDqXXAciSLm7WQb13qtQ96PkUzwCKyFP5jy1ky6JZhDSvh3lUTyYzfECNhljZzXeIE2wa2aN21HxtarGGQk1A9QSxyqEI2c/78tLO0xEIFDQ3AFm1RX/uzTqqF3UJrVLmVl6MwpbXmITX0SU/OhYK+IiMxseUVcnUVWeZm6gOFhhC/3Q3fCXHjGTrPFGrvobegR/dwvrzydUOIqyGSpCOAO80AdxseIStDv+0oXZFVOxVgSu3y2wLdTmXckJzyqDV0m3wnJA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB8353.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(55016003)(71200400001)(33656002)(8936002)(122000001)(5660300002)(508600001)(52536014)(9686003)(83380400001)(186003)(966005)(38070700005)(2906002)(53546011)(166002)(6506007)(66574015)(7696005)(86362001)(64756008)(8676002)(66446008)(66946007)(76116006)(66476007)(66556008)(38100700002)(316002)(6916009)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: fiJsT3JPS2PZ6nzBC1liTu7Gqjse+grVDHL5hZB23o6bKQjVvIbIkm6RVQw6/gAbTdVaf0SxWnG4/rM8Qe8ZXOw5nZcya1SOj+GJGKNn385v/b5DvbI1gcZ/4fEdIpwxdSaPWd7U0KjV20oFfHzF9s0nLWqOicpgV+C2SG2DSKQRmDBRL238ihmItySG3D65uh16/DnyHwpIbu1O8sIRiDZapjHzgQWe+iQVWHWGkaleNCH8MNLElduAHq5MxAfU6SDlRFWNhviv8RIFnDPGb8fQhIB/4pbao1OpvmqMIDo8DENF7CIfUBEDtI32o0X9uHqYF2+Sye3WLoZRWDpiXc3R9NnkxO9h1YOwOSwX+kad+O4dBx3+LvEbjmatntvlLNtYNuRMPerIjdG82lgLErOW8x0f/A0BQn39DceQF4xfd+sGpUbRn1vi87hixaBLqS2WmdYw6TemthsbCDwpSVYlge6sEsYhONI+G0pxSJJOtGkSsym/WjG40YT3Zd6+bwywpsysQ8Y5DVFhy6Bh0oQnMghPsnXzp1euOfUiZd4wyVtqH9pBfAUX8QTWshkOxeoDUXkKgAnsAPKpI+UvTTKAgKxsLvwE11VtOcRg0c1FfFtxFk/15tiuvYCrJ6LC0N44d70z+dtkiXp0c9juFeLDIw9j8C5beMYl/+Ho4LkiviHTrr7OuqIVbw47k584Ojf/hL5bFPlMBuE7EKuGg9jGDCCB+hBSf/jkHGtQKZtlLfO84OJ95zACC0NuZtI1u87on2sz53rSctvq168SUE9TElvbiUkdHVEzJaa6H+6MnloE7l71qCuH/KQlBVh1uTpiOYx8D1g4CA8rhUz219slI85azo2VHlunl7Ic0xr/VoO8fcz+aCrqfT8KTS68hS7ZNlseJCFJUOt6jxb1lfvRSnIu+IkF7Uj2YbdzX4addmZ7b2h8CYM6PMOKjZQvdQ/ST9Oig/vIk3oChc9nuqZ+wF5Xe1mRpbrtsqfesQA6IleaLgvpnVb7GgDxfMMzMAMZiHZftIwumCeEuFSXAn5tw6EuZKXvwrsZMmFL7BWEXxgAHo7TmCixBMmg5zC4tjawQLDjeGRkLh3/+oXnpF5+hQHnLJseAvkU/kfdlJiwHu7Z+Lk1lMZQbJ8wXrhI3850cBlP0a7VV8NksYkVC+r1D1ruJT2aanb5tSoVlTbbKklQBvFbbF6IlWi+2LkXpEPdXcM54ORZRsunD0kj4AG8SIN1QjfcFwdrGwyG2EX8flKhkvAKq8UcTnTtKJ4FGzq0TUFYuCGeVxFt+1O62tlCyLLTwfud16FLSI6HT9aFMe/a0Wvuvx72xICFX88t1KnGzJs4xOKykdoIc6az7JtIxYIIaJzpL61xmLxzxlzVju6x3PKBJq0PmS2NtrZ0ueLvx0nJkJ3Bswl8pbOgvLKqg2sYXtPyeqMHMe57q3W3TR5aBUTFS66YG1OJ8D2YjPBTxQcHejAD5YnFpcIHEcQx1FIDcNqfRPC9l1DMQWlfidj+5TwXmoxsoW4kjIYX/Gi7tQXrkan4zDDhtOzhzhRDHBSjLmTk4hJgI0XVtJREoRvufp2A5cakyhRQBkPqDpUOsMSkTzQcgWeZ5oenVi+c0iWzxhblNqjDkqrAsJ4/fDMqZk2krkgdVRmum3mF6Z6PLTyyhvYwGxXvvwWJWbhRVYf8XMJy0jrjf7DJXN5tNEFfiUblPaD+O+seAMhxx5gsE1uxMZ5/+QRGmdKEgjUrw0o7RVWlo2iZ092ErdE=
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB8353B3CAE4C2216DE827919D81DF9SJ0PR02MB8353namp_"
MIME-Version: 1.0
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB8353.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a3e835f-9097-4cb1-d26b-08da43dcc67d
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jun 2022 14:41:12.8191 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ObFMpzDpv6Gw4HVLMxWKRw3h7rT4fGxAd1N4/DR6RiJk8HuCMlI397YhKDXmihL6nppB+NebFWAfI6GehUg4fPNJt3Pb+BK/5rDwzHYX2gE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB4452
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ERnYlLMcWNYeKNKnRkjkqc66WxY>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2022 14:41:21 -0000

Thanks for the explanation, but I am still not sure we have a solid description of the issue being raised.  Below I mentioned an example of how existing CBOR data structures can be exploited to make an EAT infinitely extensible.

I think it is even more fluid with JSON, as JS Objects themselves are dynamically-typed and extensible.  Since CDDL covers both JSON and CBOR, I don't think there is much to be done in the standard (beyond the advisory one-liner that Laurence mentions below) to prevent implementations in the wild from arbitrarily extending EAT data structures and claiming to be standards-compliant.

> I made the top-level EAT message a socket to deal with UCCS and UJCS being in a separate lagging document.

I would recommend keeping this discussion as to whether EAT is a container that can be extended beyond the CWT/JWT/DEB options defined in the spec,  rather than focusing on unsigned claims sets.  There was already a group consensus decision at IETF 113 to eliminate all normative dependencies on UCCS, so this may not be a valid justification for making the top-level EAT a socket.

I think the underlying data structures make it extensible, independent of the CDDL notation.  However if an implementor chooses to extend EAT without an accompanying standard as a result, then interoperability may not be assured.  Therefore it is in an implementor's interest to define a standard if they are seeking interop.

If the JWT/JWS specs had been written with CDDL descriptions then maybe we would have some precedence to follow for EAT regarding extensibility.  Rather there is a textual description of what must be in the token:  see https://datatracker.ietf.org/doc/html/rfc7519#section-3.

> Do we need a registry as well?

I don't think the WG can comment on this and come to consensus without a solid proposal in writing.  If you have a proposal, please document what would be registered and what would be the contents of the registry.

-Giri

From: Thomas Fossati <Thomas.Fossati@arm.com>
Sent: Wednesday, June 1, 2022 1:16 AM
To: Laurence Lundblade <lgl@island-resort.com>; Smith, Ned <ned.smith@intel.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>; rats@ietf.org; Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

> Thomas is asking whether we really do want this open ended the way use of a socket implies. I think it is a good question. I think the answer is yes, but in severely limited way - that socket may only be fulfilled by things that are an IETF standard. I think it is a one line addition to EAT.

Thanks Laurence.  Do we need a registry as well?


From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Date: Wednesday, 1 June 2022 at 00:17
To: Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>, rats@ietf.org<mailto:rats@ietf.org> <rats@ietf.org<mailto:rats@ietf.org>>, Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org<mailto:ncamwing=40cisco.com@dmarc.ietf.org>>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
A *socket* is a specific way of calling out an extension point in CDDL. When you say something is a CDDL socket you are saying that other documents and drafts can extend it. You know something in CDDL is a socket when it starts with $$ or $.

For example $$Claims-Set-Claims is a socket because we really do want people to define lots of claims outside the EAT document.

The top-level message in EAT is a CDDL socket:

    EAT-CBOR-Token = $$EAT-CBOR-Tagged-Token / $$EAT-CBOR-Untagged-Token
    EAT-JSON-Token = $$EAT-JSON-Token-Formats

This is signaling that there can be other documents and drafts  that define further top level EAT messages beyond CWT, JWT and DEB.

I made the top-level EAT message a socket to deal with UCCS and UJCS being in a separate lagging document.

Thomas is asking whether we really do want this open ended the way use of a socket implies. I think it is a good question. I think the answer is yes, but in severely limited way - that socket may only be fulfilled by things that are an IETF standard. I think it is a one line addition to EAT.

LL


On May 31, 2022, at 1:56 PM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:

+1 "I am not sure I understand what is being suggested in this email chain"

Data definition languages and encoding schemes are flexible / extensible by design. I don't think anyone is saying we should change this (correct me if I'm wrong).

When modeling a device / system object, the object being modeled has inherent structure that limits the need for arbitrary expressiveness and extension. Hence, the object (or a schema for the object) should be the oracle that resolves questions about "where EAT ends".

If the concern is that due to a lack of oracles, arbitrary flexibility should be incorporated in the EAT draft, then some guard rails should be in place. For example, observing where structures can be extended later (vs. defining flexible but nebulous structures or making something optional that in practice is unused).

Are there structures in the draft that should be characterized as nebulous?

Thanks,
-Ned

From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
Date: Tuesday, May 31, 2022 at 12:55 PM
To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org<mailto:ncamwing=40cisco.com@dmarc.ietf.org>>, "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

I am not sure I understand what is being suggested in this email chain.  As far as I can tell (focusing on the CBOR option for EAT alone):


a.       EAT inherits from CWT, and CWT's are ultimately CBOR objects.

b.       There is no prohibition against defining a CBOR array with CWT's/EAT's as entries, and those can be of indeterminate length - see https://datatracker.ietf.org/doc/html/rfc7049#section-2.2.1.

c.       In addition, as per https://datatracker.ietf.org/doc/html/rfc7049#section-2.1 an array can contain entries from multiple data types.  An array could contain UCCS's, EAT's, and standard (RFC 7049-defined) CBOR data types for example.

Is the suggestion for the EAT document prohibit (or at least limit) the above?  If so, what would be the justification for such a limitation?

-Giri

From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Laurence Lundblade
Sent: Tuesday, May 31, 2022 9:54 AM
To: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Cc: Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org<mailto:ncamwing=40cisco.com@dmarc.ietf.org>>; rats@ietf.org<mailto:rats@ietf.org>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

I am definitely not a fan of unconstrained fan out here. Probably the right thing to do is require any additional token type be an IETF standard.

One reason I made these sockets is so that UCCS/UJCS will plug in and be part of a submod Nested-Token and part of a DEB. It is important that UCCS and UJCS be brought into EAT this way.

Personally, I think it would probably be good if this never went beyond UJCS/UCCS.

I'm still digesting Simon's collection proposal...

Thanks for point that out, Thomas.

LL



On May 31, 2022, at 3:00 AM, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> wrote:

{Lemaître hat on}

"where does a EAT end?"

The CDDL has:

$$EAT-{CBOR,JSON}-{Unt,T}agged-Token /= ...

which says it is theoretically possible to extend a EAT to cover
anything, as long as it looks like a CBOR or JSON stream.

The EAT I-D defines the CWT, JWT and DEB types.

But UCCS will have to plug into the same CDDL socket soon.

And Simon's proposal to add the "EAT collection" type [1] uses the same
mechanism to extend the semantics of a EAT in the same direction as DEB
- i.e., by providing an aggregation primitive.

My observation is that unless the EAT I-D contains clear criteria for
scoping its type system its governance can become quite tricky down the
line.

cheers, thanks

[1] https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email