Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
Giridhar Mandyam <mandyam@qti.qualcomm.com> Wed, 01 June 2022 14:41 UTC
Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54DAAC14F6E5 for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 07:41:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BNVCPcg9PRL for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 07:41:17 -0700 (PDT)
Received: from esa.hc3962-90.iphmx.com (esa.hc3962-90.iphmx.com [216.71.142.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABD6EC14F692 for <rats@ietf.org>; Wed, 1 Jun 2022 07:41:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qccesdkim1; t=1654094477; x=1654699277; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=PIZVr+zLzi25Z3PgBdFwe1b6c2Gpd5GNnFGVBUKFiJ8=; b=KIejjderCvVdEJjC/mSOYEmz+rWAxfeEuVk2zyDgs54RILUnHemONgxn B+qkwzZvHST7IM06UZUPYDsxABorPyZrtNl40AwtgeM1PhlUlLU0jT0Xv 2YVPwvzUNNpjohPDQMUggluJhEVO2xAJqLnw3ROxSlkb7KG/UMoyM7NoI 8=;
Received: from mail-bn7nam10lp2107.outbound.protection.outlook.com (HELO NAM10-BN7-obe.outbound.protection.outlook.com) ([104.47.70.107]) by ob1.hc3962-90.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jun 2022 14:41:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T0yWuX2qIjcOpCV6rnt7TY5WWdI9WpO0eBd6ZXCFAQIeSvTSuJ4yaF6ekSuYV9Wl9F7nIsdr+EcN1ETIsmYykplFdKUAt09dS8pA/8biELu+7IdN1JuCuvSncOehqZGs1OWldUHGG9o6BiM1fuoIsWaypTB3Eq+nhltH6YOg7L7D8175r4ZDJsRIaYUGjwCYNwuiWRqmjsbYVfIVaVkMxQ5Xed4Op3dbGhIuozK2LPdddOFiAZngrAhAsc6TcRQQeoJfCbptKXR0HnJfNsYVicIS5lBAD9A0artXKQPRr51HC6jZtUxlgdO4Fthzxs/TJH4ujoS34AYSFOK6xvLeVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PIZVr+zLzi25Z3PgBdFwe1b6c2Gpd5GNnFGVBUKFiJ8=; b=Q40H3m6Sz+G6ePkUlQu4bO/+fNbT7aYWabNw0iWhCI4Dk37LHfXDyCsN5ETVm5y+AKawBBaMchs3cKjuWz4zaisPWtzf6ZzESE08jf/KsVc/vAKScdo+4trkDLC/q70beWkC8bD3X4O9bg/iAt9eFwxe4AUJZJiQ7ER4NqLuFsux1LQqXlKadx175DU9bDFVyp0Tv5u72nqMwSysNumYOSwSUDS1MU8xcQ1KVAlhH+1fVUMDDrHePRDeFkuIsg/LIHEQvtMKhjo+Eion4pgai2xlY6X9uHnskb/1VjDi07JrdGJQUJd+MumjDjp4q7YTntsvb0W2Aj49o0K55IJmWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com (2603:10b6:a03:3e4::7) by BL0PR02MB4452.namprd02.prod.outlook.com (2603:10b6:208:45::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.18; Wed, 1 Jun 2022 14:41:13 +0000
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::416:c75d:6a2a:9e19]) by SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::416:c75d:6a2a:9e19%4]) with mapi id 15.20.5314.013; Wed, 1 Jun 2022 14:41:12 +0000
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
Thread-Index: AQHYdNVRnQv5QhI8fk6S4mzhbTb46a05NHiAgAAvSJCAABRlAIAAJvKAgACW7ACAAGELgA==
Date: Wed, 01 Jun 2022 14:41:12 +0000
Message-ID: <SJ0PR02MB8353B3CAE4C2216DE827919D81DF9@SJ0PR02MB8353.namprd02.prod.outlook.com>
References: <45618431-7329-4F31-941F-A39BBC9D575F@cisco.com> <DB9PR08MB65241E9E259EBBD532480E469CDC9@DB9PR08MB6524.eurprd08.prod.outlook.com> <30BB98D4-8CC0-4EA3-BB89-9F95DC6F2CA8@island-resort.com> <SJ0PR02MB83533D9FAAA5C935EFFE2BED81DC9@SJ0PR02MB8353.namprd02.prod.outlook.com> <D6FBA9E8-EAF5-4D43-831E-4F11EEF56AC1@intel.com> <D4DFCC84-43A9-45F1-86CC-577665206643@island-resort.com> <DB9PR08MB6524A23DF4EF603E60641C449CDF9@DB9PR08MB6524.eurprd08.prod.outlook.com>
In-Reply-To: <DB9PR08MB6524A23DF4EF603E60641C449CDF9@DB9PR08MB6524.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=qti.qualcomm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0a3e835f-9097-4cb1-d26b-08da43dcc67d
x-ms-traffictypediagnostic: BL0PR02MB4452:EE_
x-microsoft-antispam-prvs: <BL0PR02MB445208FF0694B96D3A520F3F81DF9@BL0PR02MB4452.namprd02.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5IaOwYAJ7iggdqbl+sNT/kfRl0HAtxRRRgQH/gz8WRhggQdz5nMw9KSetsoL1OemB8tJL0mYURC5L4Rl7qI58FGeJdHey0zMYaEf6CXMn256Y5AkH8t7yHYUKEUQ9wEv3NUD65A3qrF0LOPVA7qqTeHOTLPfJroj3zfMh594y9ExeicJuDKmqKE520ojZHOYYfkHE+spt9AmI5v777b6wCThkjVpIRaYws2prW8AHlHHVisXpf0QR3L4SyZSvtJJwfu0S5rOrian6ws9HwfdgX8mDLBLfXo1RzxGtYUdve9DBe0OTM1igFvjaKJt3fwPUCmszaHxZ+pbrRKMAsjgpz7rNaAdqJ7UMDTm6ENvwIoB4H3tJvtjK/pj1WrU8I7DSsjWZK2VfhHoYkysZ3/wT9LcSKssT37A4vwiap9Tw6YQXUkm6vQtqQgqxH/tOSDy0gaHFbzFNqUjALKiycc/SWg32o4+UjPDmL9ytrhSDZNDL+ySSIGU7azC+YKNpYo8+Y359nYbakpCLkeo1yjZgM3zaP7JkIJBwJi120VMV93GOf/blPEdpYB/l8EUzzmMZo6BvgF/ouNpS9fDqXXAciSLm7WQb13qtQ96PkUzwCKyFP5jy1ky6JZhDSvh3lUTyYzfECNhljZzXeIE2wa2aN21HxtarGGQk1A9QSxyqEI2c/78tLO0xEIFDQ3AFm1RX/uzTqqF3UJrVLmVl6MwpbXmITX0SU/OhYK+IiMxseUVcnUVWeZm6gOFhhC/3Q3fCXHjGTrPFGrvobegR/dwvrzydUOIqyGSpCOAO80AdxseIStDv+0oXZFVOxVgSu3y2wLdTmXckJzyqDV0m3wnJA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB8353.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(55016003)(71200400001)(33656002)(8936002)(122000001)(5660300002)(508600001)(52536014)(9686003)(83380400001)(186003)(966005)(38070700005)(2906002)(53546011)(166002)(6506007)(66574015)(7696005)(86362001)(64756008)(8676002)(66446008)(66946007)(76116006)(66476007)(66556008)(38100700002)(316002)(6916009)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: fiJsT3JPS2PZ6nzBC1liTu7Gqjse+grVDHL5hZB23o6bKQjVvIbIkm6RVQw6/gAbTdVaf0SxWnG4/rM8Qe8ZXOw5nZcya1SOj+GJGKNn385v/b5DvbI1gcZ/4fEdIpwxdSaPWd7U0KjV20oFfHzF9s0nLWqOicpgV+C2SG2DSKQRmDBRL238ihmItySG3D65uh16/DnyHwpIbu1O8sIRiDZapjHzgQWe+iQVWHWGkaleNCH8MNLElduAHq5MxAfU6SDlRFWNhviv8RIFnDPGb8fQhIB/4pbao1OpvmqMIDo8DENF7CIfUBEDtI32o0X9uHqYF2+Sye3WLoZRWDpiXc3R9NnkxO9h1YOwOSwX+kad+O4dBx3+LvEbjmatntvlLNtYNuRMPerIjdG82lgLErOW8x0f/A0BQn39DceQF4xfd+sGpUbRn1vi87hixaBLqS2WmdYw6TemthsbCDwpSVYlge6sEsYhONI+G0pxSJJOtGkSsym/WjG40YT3Zd6+bwywpsysQ8Y5DVFhy6Bh0oQnMghPsnXzp1euOfUiZd4wyVtqH9pBfAUX8QTWshkOxeoDUXkKgAnsAPKpI+UvTTKAgKxsLvwE11VtOcRg0c1FfFtxFk/15tiuvYCrJ6LC0N44d70z+dtkiXp0c9juFeLDIw9j8C5beMYl/+Ho4LkiviHTrr7OuqIVbw47k584Ojf/hL5bFPlMBuE7EKuGg9jGDCCB+hBSf/jkHGtQKZtlLfO84OJ95zACC0NuZtI1u87on2sz53rSctvq168SUE9TElvbiUkdHVEzJaa6H+6MnloE7l71qCuH/KQlBVh1uTpiOYx8D1g4CA8rhUz219slI85azo2VHlunl7Ic0xr/VoO8fcz+aCrqfT8KTS68hS7ZNlseJCFJUOt6jxb1lfvRSnIu+IkF7Uj2YbdzX4addmZ7b2h8CYM6PMOKjZQvdQ/ST9Oig/vIk3oChc9nuqZ+wF5Xe1mRpbrtsqfesQA6IleaLgvpnVb7GgDxfMMzMAMZiHZftIwumCeEuFSXAn5tw6EuZKXvwrsZMmFL7BWEXxgAHo7TmCixBMmg5zC4tjawQLDjeGRkLh3/+oXnpF5+hQHnLJseAvkU/kfdlJiwHu7Z+Lk1lMZQbJ8wXrhI3850cBlP0a7VV8NksYkVC+r1D1ruJT2aanb5tSoVlTbbKklQBvFbbF6IlWi+2LkXpEPdXcM54ORZRsunD0kj4AG8SIN1QjfcFwdrGwyG2EX8flKhkvAKq8UcTnTtKJ4FGzq0TUFYuCGeVxFt+1O62tlCyLLTwfud16FLSI6HT9aFMe/a0Wvuvx72xICFX88t1KnGzJs4xOKykdoIc6az7JtIxYIIaJzpL61xmLxzxlzVju6x3PKBJq0PmS2NtrZ0ueLvx0nJkJ3Bswl8pbOgvLKqg2sYXtPyeqMHMe57q3W3TR5aBUTFS66YG1OJ8D2YjPBTxQcHejAD5YnFpcIHEcQx1FIDcNqfRPC9l1DMQWlfidj+5TwXmoxsoW4kjIYX/Gi7tQXrkan4zDDhtOzhzhRDHBSjLmTk4hJgI0XVtJREoRvufp2A5cakyhRQBkPqDpUOsMSkTzQcgWeZ5oenVi+c0iWzxhblNqjDkqrAsJ4/fDMqZk2krkgdVRmum3mF6Z6PLTyyhvYwGxXvvwWJWbhRVYf8XMJy0jrjf7DJXN5tNEFfiUblPaD+O+seAMhxx5gsE1uxMZ5/+QRGmdKEgjUrw0o7RVWlo2iZ092ErdE=
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB8353B3CAE4C2216DE827919D81DF9SJ0PR02MB8353namp_"
MIME-Version: 1.0
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB8353.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a3e835f-9097-4cb1-d26b-08da43dcc67d
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jun 2022 14:41:12.8191 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ObFMpzDpv6Gw4HVLMxWKRw3h7rT4fGxAd1N4/DR6RiJk8HuCMlI397YhKDXmihL6nppB+NebFWAfI6GehUg4fPNJt3Pb+BK/5rDwzHYX2gE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB4452
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ERnYlLMcWNYeKNKnRkjkqc66WxY>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2022 14:41:21 -0000
Thanks for the explanation, but I am still not sure we have a solid description of the issue being raised. Below I mentioned an example of how existing CBOR data structures can be exploited to make an EAT infinitely extensible. I think it is even more fluid with JSON, as JS Objects themselves are dynamically-typed and extensible. Since CDDL covers both JSON and CBOR, I don't think there is much to be done in the standard (beyond the advisory one-liner that Laurence mentions below) to prevent implementations in the wild from arbitrarily extending EAT data structures and claiming to be standards-compliant. > I made the top-level EAT message a socket to deal with UCCS and UJCS being in a separate lagging document. I would recommend keeping this discussion as to whether EAT is a container that can be extended beyond the CWT/JWT/DEB options defined in the spec, rather than focusing on unsigned claims sets. There was already a group consensus decision at IETF 113 to eliminate all normative dependencies on UCCS, so this may not be a valid justification for making the top-level EAT a socket. I think the underlying data structures make it extensible, independent of the CDDL notation. However if an implementor chooses to extend EAT without an accompanying standard as a result, then interoperability may not be assured. Therefore it is in an implementor's interest to define a standard if they are seeking interop. If the JWT/JWS specs had been written with CDDL descriptions then maybe we would have some precedence to follow for EAT regarding extensibility. Rather there is a textual description of what must be in the token: see https://datatracker.ietf.org/doc/html/rfc7519#section-3. > Do we need a registry as well? I don't think the WG can comment on this and come to consensus without a solid proposal in writing. If you have a proposal, please document what would be registered and what would be the contents of the registry. -Giri From: Thomas Fossati <Thomas.Fossati@arm.com> Sent: Wednesday, June 1, 2022 1:16 AM To: Laurence Lundblade <lgl@island-resort.com>; Smith, Ned <ned.smith@intel.com> Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>; rats@ietf.org; Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org> Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat) > Thomas is asking whether we really do want this open ended the way use of a socket implies. I think it is a good question. I think the answer is yes, but in severely limited way - that socket may only be fulfilled by things that are an IETF standard. I think it is a one line addition to EAT. Thanks Laurence. Do we need a registry as well? From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> Date: Wednesday, 1 June 2022 at 00:17 To: Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>, rats@ietf.org<mailto:rats@ietf.org> <rats@ietf.org<mailto:rats@ietf.org>>, Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org<mailto:ncamwing=40cisco.com@dmarc.ietf.org>> Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat) A *socket* is a specific way of calling out an extension point in CDDL. When you say something is a CDDL socket you are saying that other documents and drafts can extend it. You know something in CDDL is a socket when it starts with $$ or $. For example $$Claims-Set-Claims is a socket because we really do want people to define lots of claims outside the EAT document. The top-level message in EAT is a CDDL socket: EAT-CBOR-Token = $$EAT-CBOR-Tagged-Token / $$EAT-CBOR-Untagged-Token EAT-JSON-Token = $$EAT-JSON-Token-Formats This is signaling that there can be other documents and drafts that define further top level EAT messages beyond CWT, JWT and DEB. I made the top-level EAT message a socket to deal with UCCS and UJCS being in a separate lagging document. Thomas is asking whether we really do want this open ended the way use of a socket implies. I think it is a good question. I think the answer is yes, but in severely limited way - that socket may only be fulfilled by things that are an IETF standard. I think it is a one line addition to EAT. LL On May 31, 2022, at 1:56 PM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote: +1 "I am not sure I understand what is being suggested in this email chain" Data definition languages and encoding schemes are flexible / extensible by design. I don't think anyone is saying we should change this (correct me if I'm wrong). When modeling a device / system object, the object being modeled has inherent structure that limits the need for arbitrary expressiveness and extension. Hence, the object (or a schema for the object) should be the oracle that resolves questions about "where EAT ends". If the concern is that due to a lack of oracles, arbitrary flexibility should be incorporated in the EAT draft, then some guard rails should be in place. For example, observing where structures can be extended later (vs. defining flexible but nebulous structures or making something optional that in practice is unused). Are there structures in the draft that should be characterized as nebulous? Thanks, -Ned From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>> Date: Tuesday, May 31, 2022 at 12:55 PM To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org<mailto:ncamwing=40cisco.com@dmarc.ietf.org>>, "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>> Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat) I am not sure I understand what is being suggested in this email chain. As far as I can tell (focusing on the CBOR option for EAT alone): a. EAT inherits from CWT, and CWT's are ultimately CBOR objects. b. There is no prohibition against defining a CBOR array with CWT's/EAT's as entries, and those can be of indeterminate length - see https://datatracker.ietf.org/doc/html/rfc7049#section-2.2.1. c. In addition, as per https://datatracker.ietf.org/doc/html/rfc7049#section-2.1 an array can contain entries from multiple data types. An array could contain UCCS's, EAT's, and standard (RFC 7049-defined) CBOR data types for example. Is the suggestion for the EAT document prohibit (or at least limit) the above? If so, what would be the justification for such a limitation? -Giri From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Laurence Lundblade Sent: Tuesday, May 31, 2022 9:54 AM To: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> Cc: Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org<mailto:ncamwing=40cisco.com@dmarc.ietf.org>>; rats@ietf.org<mailto:rats@ietf.org> Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat) I am definitely not a fan of unconstrained fan out here. Probably the right thing to do is require any additional token type be an IETF standard. One reason I made these sockets is so that UCCS/UJCS will plug in and be part of a submod Nested-Token and part of a DEB. It is important that UCCS and UJCS be brought into EAT this way. Personally, I think it would probably be good if this never went beyond UJCS/UCCS. I'm still digesting Simon's collection proposal... Thanks for point that out, Thomas. LL On May 31, 2022, at 3:00 AM, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> wrote: {Lemaître hat on} "where does a EAT end?" The CDDL has: $$EAT-{CBOR,JSON}-{Unt,T}agged-Token /= ... which says it is theoretically possible to extend a EAT to cover anything, as long as it looks like a CBOR or JSON stream. The EAT I-D defines the CWT, JWT and DEB types. But UCCS will have to plug into the same CDDL socket soon. And Simon's proposal to add the "EAT collection" type [1] uses the same mechanism to extend the semantics of a EAT in the same direction as DEB - i.e., by providing an aggregation primitive. My observation is that unless the EAT I-D contains clear criteria for scoping its type system its governance can become quite tricky down the line. cheers, thanks [1] https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/ IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] WGLC for https://datatracker.ietf.org/doc/… Nancy Cam-Winget (ncamwing)
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Thomas Fossati
- [Rats] Where does a EAT end? (was: Re: WGLC for h… Thomas Fossati
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Kathleen Moriarty
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Henk Birkholz
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Henk Birkholz
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Roman Danyliw
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Henk Birkholz
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Michael Richardson
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Laurence Lundblade
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Michael Richardson
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Giridhar Mandyam
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Giridhar Mandyam
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Smith, Ned
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Laurence Lundblade
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Thomas Fossati
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Giridhar Mandyam
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Eric Voit (evoit)
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Giridhar Mandyam
- [Rats] security-level claim (was Re: WGLC for htt… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Henk Birkholz
- Re: [Rats] security-level claim (was Re: WGLC for… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Ira McDonald
- Re: [Rats] security-level claim (was Re: WGLC for… Eric Voit (evoit)
- Re: [Rats] security-level claim (was Re: WGLC for… Henk Birkholz
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Thomas Fossati
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Giridhar Mandyam
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Smith, Ned
- Re: [Rats] security-level claim (was Re: WGLC for… Smith, Ned
- Re: [Rats] security-level claim (was Re: WGLC for… Smith, Ned
- Re: [Rats] security-level claim (was Re: WGLC for… Eric Voit (evoit)
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Laurence Lundblade
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Henk Birkholz
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Giridhar Mandyam
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Laurence Lundblade
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Jeremy O'Donoghue
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Kathleen Moriarty
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Thomas Fossati
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Thomas Fossati
- Re: [Rats] Where does a EAT end? (was: Re: WGLC f… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Smith, Ned
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Smith, Ned
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Eric Voit (evoit)
- Re: [Rats] security-level claim (was Re: WGLC for… Michael Richardson
- Re: [Rats] security-level claim (was Re: WGLC for… Smith, Ned
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Eric Voit (evoit)
- Re: [Rats] security-level claim (was Re: WGLC for… Henk Birkholz
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] security-level claim (was Re: WGLC for… Eric Voit (evoit)
- Re: [Rats] security-level claim (was Re: WGLC for… Laurence Lundblade
- Re: [Rats] security-level claim (was Re: WGLC for… Giridhar Mandyam
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Carl Wallace
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Michael Richardson
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Laurence Lundblade
- Re: [Rats] WGLC for https://datatracker.ietf.org/… Michael Richardson