Re: [Rats] EAT claims needed by TEEP

Dave Thaler <dthaler@microsoft.com> Wed, 10 November 2021 21:04 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 975503A13C3; Wed, 10 Nov 2021 13:04:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgRWJ3hOtlF7; Wed, 10 Nov 2021 13:03:57 -0800 (PST)
Received: from na01-obe.outbound.protection.outlook.com (mail-cusazon11020023.outbound.protection.outlook.com [52.101.61.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 823AC3A13C2; Wed, 10 Nov 2021 13:03:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z07OGmZDYzSCLK/DBDYdvkDAnw7VWrPaytkMGVgSwpYDSOUVQB/XswnXQXbCFq0EpQ/O9e8fM21u46cwwBp/SbMsoX+YT4LAHC2+Gj2bah/eJ0eUGsg17/yCTJJKcoBFkq2iC4SQIaofc+EApL0vJN3sE38oj3L3gS84ahMNMY9nzxMwrdSRlqZj+MbjrEq8v9gSJpdksrttBj/A+AYnFfYCxyElwEXHlHyJRjQb1R3i4WcKg9uiLMUv95yC0AjvRZsU0pUTlVYjSKbsEII13pLW1iSAxNUDDTlE2sZvhPEuw3SuqY+9puOQdtnWQRbgR/NRnJm56cGxDEOaIfmtcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gvIDrWm8mwJv5u6G65wo8Ec7ZOocaGm1jlzUV2pogfs=; b=fPARbAFQPkUD5DSdomX7DyQ82JYOjuiwkjFtw6wyczChgGs/37BO7ZvYLqwTgsj8ZhtrKc4+XlpST19vRHEAfb2KUPea0/1yw9FpHKyaPfsLYfGTR5hcyQkGdYKqMCxGP6hlg4QcynJEOSDEholNxwbxHV4cfvlkgsHq6Vv3WWFabscwlbnTpCjXsy8tb1wo/6hza0U7vqbAAfYLYmW1HyfgyamhgZx06pmmtYw9vhcmIIL/POEKBY2ZFRDnPPmqq4EFJKd8BR69JFz30ZvF/nsaLIueHREFLxQR/5X4FRR3Ci7t4hy9bdFMXN6j+/nNgOS5Ou88JC7gXEbhbIqx8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gvIDrWm8mwJv5u6G65wo8Ec7ZOocaGm1jlzUV2pogfs=; b=QM1+u3tqW0WpYIagA/u0PPamObMmAdvedmfVLtT+tA9VI9fg+/dKHIELzHeSFHIKjW1QCzkLjSsA+CoIeRXwI43dzZ52PHlzHprlhFIMZlpH747yVaj41dZOnC7pXVvhLqe4pBxOTME9VX+ITpHn7whVG/bO7tEBJAjVg7rg7S0=
Received: from CH2PR21MB1464.namprd21.prod.outlook.com (2603:10b6:610:89::16) by CH2PR21MB1431.namprd21.prod.outlook.com (2603:10b6:610:5d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.3; Wed, 10 Nov 2021 21:03:49 +0000
Received: from CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::9007:83c9:e722:5236]) by CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::9007:83c9:e722:5236%7]) with mapi id 15.20.4713.008; Wed, 10 Nov 2021 21:03:49 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>, teep <teep@ietf.org>
Thread-Topic: [Rats] EAT claims needed by TEEP
Thread-Index: Adar5IMluvH5Xfk/TjCNoR5RTUTf2AAroFeAAAKv15AAARKhAAAtBI8AADYVQwAAAL1cOAABgHyAAABiwm5JodwIcAAJgbEAAAI5taAAH/wngAAHEqQAADlNTQAAAVP+oA==
Date: Wed, 10 Nov 2021 21:03:49 +0000
Message-ID: <CH2PR21MB14646282D207490FD0C6D69BA3939@CH2PR21MB1464.namprd21.prod.outlook.com>
References: <BL0PR2101MB102770B8E03B95A44497004CA3190@BL0PR2101MB1027.namprd21.prod.outlook.com> <7607E6BF-459C-4A32-AAE2-08117A97E06B@island-resort.com> <BL0PR2101MB1027EA205417DAF375BA7085A3160@BL0PR2101MB1027.namprd21.prod.outlook.com> <B1FDD70B-2530-454C-90AF-F44EEDC4F1F3@island-resort.com> <AM6PR08MB342916CCDD01E8698BB3C883EF170@AM6PR08MB3429.eurprd08.prod.outlook.com> <2D53BD60-4FA8-4153-B28B-585E902845AE@island-resort.com> <AM6PR08MB423141370A5CE9DEF6C732C69C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <3370D92E-23C2-41C3-B86F-A65C168E9082@island-resort.com> <AM6PR08MB42311D76B24E866812171BDC9C140@AM6PR08MB4231.eurprd08.prod.outlook.com> <CH2PR21MB14640330E3DA58D2144659F7A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <C9FCDB94-1734-4F6C-B6D9-DDB384827E06@island-resort.com> <CH2PR21MB146427B07435A5F36DAE5782A3919@CH2PR21MB1464.namprd21.prod.outlook.com> <27150.1636465193@localhost> <A40BE985-E12E-4B5E-8995-F4408134AEE4@island-resort.com> <398725.1636575788@dooku>
In-Reply-To: <398725.1636575788@dooku>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=e3e20fec-d157-4402-9908-2b45ebed25c0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-11-10T21:01:09Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f9edafab-e376-42f7-7be5-08d9a48d97fa
x-ms-traffictypediagnostic: CH2PR21MB1431:
x-microsoft-antispam-prvs: <CH2PR21MB1431CF02557FEB8084D22786A3939@CH2PR21MB1431.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FGcjX+1s2CQh8WMaatjdaS4LI0cytVFFf+XMbsqSFzMXvJaU9CK+wXU7MbEtbqP4PK4barlQbXyuZgjWFnnPPILryqIdy3iujzvrN+deZT8pbmHw2Add7RwlcGsQaSrM53/YuJKomlaK7xD/azlbInSECS0lIhow3GWp7QmGb7d+baSeVF9e35O8eEw34p4tMeITizkD6nrR8n0C5B/4hqxdCgrH9qVYgXCV8hQbLgCyWlIq0VY32r87+ug7ev5yVjxjuxwimP0/2p61C8iX4Mdl3VsKAWJUIDhAJTBbD+u6BgLLSItwQSY8ep7I7nF1NwRuJGBPnXqCjRno8NlK1n8SW3DvfS0qNFsss+IibNcXQG0ugKHb7g0LiDuI7m+zBQBh/VLLpJr9nkzyTsrk4EjUpDOftAXLAQC8nEF1uqkLtNUp9uXN0nHOticRKsJx9S3fHGGmogyd3RVo0jK/oTdZiDO+FHYm4qWr0n+S9odpuaUmiMbOynFR0eJB5xaFBjotE9uxnKkBWVkdxuqQuYv6jLbaaPCc4STAxpYh/vJ0hRUbLPawUtPaAkGPalFlbClJv61canxZu9HdxyK56prglQrIPG/YA5UZw9OnuV9Ww00cS5hYzPXKTQlhegpCu2hU35bXxyCTftF6zweLBiCHddZ5lRKbBbL0AG1gUpzl63hk2ObWZl2H/vbfcW4AU2nDjZHLO0CxTtoMoJjAhWV+tKbpF0y7CGoV5hDQw7whO6L3Ca4CVDlVTGmE+pjctBh74TsLNTp6u2LXvEDFDqgjPzmZyX/oKIsAxCKeGew=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR21MB1464.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(5660300002)(33656002)(86362001)(8990500004)(110136005)(8676002)(2906002)(9686003)(966005)(8936002)(82950400001)(82960400001)(71200400001)(52536014)(38100700002)(83380400001)(66476007)(66556008)(64756008)(66446008)(76116006)(66946007)(55016002)(508600001)(186003)(6506007)(122000001)(7696005)(53546011)(10290500003)(38070700005)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?YFWTrcC2DK6EsQVbmQh7jhSv6twQ518lF7+3ouzNGrgnLGmEk+gXayViirJn?= =?us-ascii?Q?B6+44Xi48FDKG2WSbVxY0y8Ja0WwzMinQDga2ICYdEWQTR90lwMFKz6HNhfl?= =?us-ascii?Q?mhL3wwm66DkOz3K76C8y0hTyTlZWIBAtOgYS+gKjoIuSoN/QV8k93kMQmUv9?= =?us-ascii?Q?4T5FE3AF8Hf2u1u8HQzoSzW9S1Q6EDzdXKo+9EjWmCs3xERGVXMgqBz5UuYX?= =?us-ascii?Q?bN/7pixvO04R48wKMHvdz9I3v3YGlPQhlpZQJn3WzPs73dOfMfebVSU/3Mnl?= =?us-ascii?Q?EeElfaI2j4Zclw9KYFKvKYSVGJEEvOjN3zBE9LvdDFfdskoP2K0m+96mGaM8?= =?us-ascii?Q?HCLGLZOnJU4DJmPf4HxGjddItcGLQiIFhnbuiJtx3SOuHHMSNGqSqjmD2i6B?= =?us-ascii?Q?7iSrKbWA0NI+MxeGKDjdrAKzxKLfCOqYIvSF7GylQdPzusnrsXEM/te4WxV6?= =?us-ascii?Q?D6r5MlFsi9pwBsD0n5ndmwa2F1U6YSzJhDFCOGM+SVORW+mXUKX54iIIKutw?= =?us-ascii?Q?lId+iDxX+05914JTlKEj9ExesKMNcwKD6q1MqwUc4KEfhv8tNcoXdeZMq++7?= =?us-ascii?Q?h5KyoofDSX9pT+4viLquMZL3hDjYAiat8btwIvGOS5ePMPkZp8Y3e/gJ07Qy?= =?us-ascii?Q?JhxUX7TCw5qRbG34H94bGVPL7RJ4aScov7aqXtWxOc4eFEvLOcpBgR5Eu12H?= =?us-ascii?Q?Pm2irRPv5N328JljYk+hUgXoNTDO6DwuxmnmBEEDMKKTw3oGVqd3U4YOnmBh?= =?us-ascii?Q?Lg2HvEFvUrt/0VaOP6Czf1RS0NS2YG49i/V30fq7+1rFofzq7vdhi5bM8woq?= =?us-ascii?Q?zOhvoQm+9cPrkwJccEWhdNJGcW6o5GfGws7qi8Zfp/PWNjND8AMnNDzuhdy9?= =?us-ascii?Q?z+sqAjsq9cyFRCFcgvN0rLQD7uxn2cIqu7RmGt1pwoyE08yOkDLqOuBU/X3/?= =?us-ascii?Q?sKVP9lBcAwL9h/zgR4KKK+Jdin08l1hhp/hAVY4TtkRUgJuKNa2dKuVEMOlQ?= =?us-ascii?Q?9DPn1LtA1JgdDhNq5H3hvdIm7HgJ2u2OPuJLdvXQLVmH1hw6GwL3OfFkerZB?= =?us-ascii?Q?KnHTZSwz1IVo16aUSnOu/xkzerQAUTiNv8io0nXxmNsLc/IXy8R9VHIcmeuZ?= =?us-ascii?Q?jpMC4EVklDBDlYtzPnodLBkdCb3LZ6IBmp+EwmCTLABxSN14uZCidwJqPSMf?= =?us-ascii?Q?BzhVKOf2d3z1PwssbhHT39hzGtv8ajLHmYYnsl88x3iin5ZF/PLOh6jsxCld?= =?us-ascii?Q?lO1/p8o6A5uR5R1TbysPTNmb3/6QImZtC7OOSfefEBZ4OBCF5yVVrZ3jrksh?= =?us-ascii?Q?rR/E9UW4wq2R9EoMQFhit5r6nQOBWljRQMeVTNetwZT6YwTNWWwxdgHDNxz7?= =?us-ascii?Q?jVW1gLlo9dpexhE2b1OFtKdx3Khtd1P779hc7nbr91kwtB3t+ZlKEmhjyQVt?= =?us-ascii?Q?ocG9jbQ/d91HW1CYJi94YwxVR057/ULLRCp8Zltoa782bTIivsPINaKNxqAX?= =?us-ascii?Q?LpcUZnZ3Gf2N5PKH2e3c095chyizXR8EH+kBBKKmCzRdLqQA9Iq23dpdxuQM?= =?us-ascii?Q?VZeOLne/Rv859VYfqIqB6FVb7wlxq7u2dosy4Ff9vUSMf/cYY+qY4NA/wd8E?= =?us-ascii?Q?qPOvHNzajqS7mqJbn9wtJH0XT136q9uw5zk7mKLAPmfyhWtgriadP1NYyw8T?= =?us-ascii?Q?0wY7ToR4kf7Xew0FZnSrvm6TDUlLPrAbWU47Lo0JZGvvmzRb3BVaOatPeTLc?= =?us-ascii?Q?ZHUljXP/qw=3D=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR21MB1464.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f9edafab-e376-42f7-7be5-08d9a48d97fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2021 21:03:49.5162 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Z3GI4Q1gWOiJOxXhYns030L+YGuyuE4sZG6z29sqOKcvsmr/oTGHT5f2HsDWpBGTYoA3puf1xA018u9e5q9wC/2bI/gIrAsO16+65G8Ijyk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR21MB1431
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/KKjz3GHWZ_V0V0X-8NUVFD2HDW0>
Subject: Re: [Rats] EAT claims needed by TEEP
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 21:04:02 -0000

If it's a string, I think it should be up to the vendor specified by the oemid,
rather than by a vendor-agnostic profile.
If it's a UUID then that's not needed.

Personally I would argue for treating it as opaque in either case
and a verifier should only compare it for equality, rather than permitting
semantic structure in it.   That's because I think some hardware implementation
may fillvin values that can be used for multiple profiles.

Dave

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Wednesday, November 10, 2021 12:23 PM
To: Laurence Lundblade <lgl@island-resort.com>om>; rats@ietf.org; teep <teep@ietf.org>
Subject: Re: [Rats] EAT claims needed by TEEP


Laurence Lundblade <lgl@island-resort.com> wrote:
    > Appreciate the comments.  Think it is important to keep this generic
    > since it is going in EAT. TEEP can have specific ways it uses HW class,
    > but don't think we should be referencing TEEP in EAT.

Then I suggest that:

     "There is no global scheme or format for this claim."
->
     "The format for this scheme will need to be specified within profiles that
      use it."

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sandelman.ca%2F&amp;data=04%7C01%7Cdthaler%40microsoft.com%7C47461df1d4ae4c6cc7f208d9a487f27c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637721726675767230%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=%2BOIH8fZw6zju18DcoR9hQ4HkrtDsMkhTXwQTitkKsSQ%3D&amp;reserved=0        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works  -= IPv6 IoT consulting =-