Re: [Rats] [sacm] CoSWID and EAT and CWT

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 21 November 2019 11:38 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1BDE12084E; Thu, 21 Nov 2019 03:38:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.896
X-Spam-Level:
X-Spam-Status: No, score=-0.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w70cwkg2Mxuj; Thu, 21 Nov 2019 03:38:01 -0800 (PST)
Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com [IPv6:2607:f8b0:4864:20::f2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A03B120846; Thu, 21 Nov 2019 03:38:01 -0800 (PST)
Received: by mail-qv1-xf2a.google.com with SMTP id i3so1235952qvv.7; Thu, 21 Nov 2019 03:38:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=jhBbdmTs8zrtY/+cPctysguB1MJDX2/0GFVgp9wUy3o=; b=YonoKFQa/Wzr1WMwHz5Q89w34jemHPlvoucRFh0+zwsfglKR/KMwBMRRBxZ5QG/F0d xrmdzrRaap+Nep9NI1YCcOhl2mq84fXwmBaLaOcgucSHfoyBvsCjIQp+v2kVc4yffEC7 GqFOh74MG4ToXDouR6yIOnR14VGtW54hZkLn0vhn7HBl23ifPM3ksaHAOsVCCXtCOpNP BGKrKyHNYd7m7aqhhGakTqOdcwFz0SFXVGXrfbmiVU6AujqkFw6zn04XXIZ0Xe2je9Yh x/63pu/7roNRDQ5o3vLx9TfdClHSeuEfbb+cn7DVNgCXnrNYFl6r9Guf52gLJrn37t5K ZHOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=jhBbdmTs8zrtY/+cPctysguB1MJDX2/0GFVgp9wUy3o=; b=aVIrohf7WvKvK4gDTNfIVccEbQXbbIZuy0OFKouIOqXoKE1JMfa0ADzGFf4WYn+4ej TO2ZAafMGbqa/cvPb2j7XvglmrC32BsE/1MLo2duYeu1WOy7tnrKEksM56zzpN9Btg4W Kry1r0XRk5Wwy4woP8bVACJ0te6nu9UBSgDXSvAicnj9A0bXdC/M0yZRG1FZLQvSePwn xsAl+dE8gNOprIWXOY0R7hnCTnacrNTpTKa3Lvq1BnMF2LaeMgLtkvVFz6JYLOgTZks3 nnjGWLZFtvQZ3nRv0KNuh5wqaaaNgO6OOkyDx6nzxGYhon7mItoSHkFXFyzMZwmr1c6o C16Q==
X-Gm-Message-State: APjAAAWtTUp44grWuLzZbtRvQJYP3RQirOG+pyZlopk8eRNIxod5aExR /F+nzRhS435vqwkLncV5WRgsMpkq4CY=
X-Google-Smtp-Source: APXvYqxw6MbV40jJgf2ShWnbOA/j1fiFnH8C49Qu2v/PkSnrJGjXuBlquCJT0wI3qQsFURzkzbcHDw==
X-Received: by 2002:a0c:b0fa:: with SMTP id p55mr7899580qvc.239.1574336280406; Thu, 21 Nov 2019 03:38:00 -0800 (PST)
Received: from [192.168.1.4] (146-115-73-78.s5196.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.73.78]) by smtp.gmail.com with ESMTPSA id k3sm1202776qkj.119.2019.11.21.03.37.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Nov 2019 03:37:59 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-5014386E-6366-47A7-9C97-565DA4933420"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 21 Nov 2019 06:37:58 -0500
Message-Id: <922EA164-FB96-4245-A46C-6520809E6311@gmail.com>
References: <BN7PR09MB2819D797B89183218BEFA823F04E0@BN7PR09MB2819.namprd09.prod.outlook.com>
Cc: Ira McDonald <blueroofmusic@gmail.com>, "rats@ietf.org" <rats@ietf.org>, sacm <sacm@ietf.org>, Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <BN7PR09MB2819D797B89183218BEFA823F04E0@BN7PR09MB2819.namprd09.prod.outlook.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
X-Mailer: iPhone Mail (17A878)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/LNnpTNjvHdoN6ck_U2TaWiIpRF0>
Subject: Re: [Rats] [sacm] CoSWID and EAT and CWT
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 11:38:04 -0000


Sent from my mobile device

> On Nov 20, 2019, at 11:29 PM, Waltermire, David A. (Fed) <david.waltermire@nist.gov> wrote:
> 
> 
> It sounds like having a CWT claim that contains an entire CoSWID is a path forward. It may also make sense to do something similar for ISO SWID tags.
> 
> Am I right in thinking that this CWT work can be done in RATS, referencing CoSWID once it is published as a normative reference? This would allow CoSWID to go forward to the IESG, while the CoSWID CWT claim is worked in parallel in RATS.
> 
> Kathleen, if this is true, does this way forward address your CWT-related comments?

Hi Dave,

I think the signature may have to be on the CWT as opposed to on the claim that is the CoSWID or SWID.  We can define it fully in another draft, but should state it here so that option is understood.  It’s a simple write up, I think.

Thank you,
Kathleen 
> 
> Regards,
> Dave
> 
> 
> 
> 
> 
> From: sacm <sacm-bounces@ietf.org> on behalf of Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
> Sent: Wednesday, November 20, 2019 9:10 PM
> To: Ira McDonald <blueroofmusic@gmail.com>
> Cc: rats@ietf.org <rats@ietf.org>; sacm <sacm@ietf.org>; Laurence Lundblade <lgl@island-resort.com>
> Subject: Re: [sacm] [Rats] CoSWID and EAT and CWT
>  
> Great, thanks Laurence.  If that's easier I think having the CoSWID in one claim should be ok and would have the same result as the suggestion I made.  Changing the CoSWID format is a big enough process that it shouldn't happen very often.
> 
> Best regards,
> Kathleen
> 
> On Wed, Nov 20, 2019 at 8:00 PM Ira McDonald <blueroofmusic@gmail.com> wrote:
> Hi Laurence,
> 
> That seems like a good suggestion for a simple way to integrate CoSWID content
> into EAT.
> 
> Cheers,
> - Ira
> 
> Ira McDonald (Musician / Software Architect)
> Co-Chair - TCG Trusted Mobility Solutions WG
> Co-Chair - TCG Metadata Access Protocol SG
> Chair - Linux Foundation Open Printing WG
> Secretary - IEEE-ISTO Printer Working Group
> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> IETF Designated Expert - IPP & Printer MIB
> Blue Roof Music / High North Inc
> http://sites.google.com/site/blueroofmusic
> http://sites.google.com/site/highnorthinc
> mailto: blueroofmusic@gmail.com
> PO Box 221  Grand Marais, MI 49839  906-494-2434
> 
> 
> 
> On Wed, Nov 20, 2019 at 7:35 PM Laurence Lundblade <lgl@island-resort.com> wrote:
> Hi,
> 
> I’m not on the SACM list, but did look at the archive. Hopefully I’m not out of sync.
> 
> My thought is to register one claim for CWT that is an entire CoSWID (in CDDL the concise-swid-tag).
> 
> That way CoSWID can grow and develop on its own without lots of adds and subtracts to the CWT registry. It has its own IANA registry with its own experts and such. Seems like the coupling / factoring is about right.
> 
> This would also be the way I’d like to have it in EAT attestation. We’ve done a mini version of this with the location claim.
> 
> Then if you just want to sign a CoSWID CWT style, this works pretty well too. It has a slight overhead compared to having all the CoSWID data items as direct CWT claims in that it will have an additional map layer, but that is only about three bytes.
> 
> LL
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
> 
> 
> -- 
> 
> Best regards,
> Kathleen