Re: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)
"Smith, Ned" <ned.smith@intel.com> Wed, 15 December 2021 22:36 UTC
Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AB093A0063 for <rats@ietfa.amsl.com>; Wed, 15 Dec 2021 14:36:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TxlfcVZpeRN4 for <rats@ietfa.amsl.com>; Wed, 15 Dec 2021 14:36:27 -0800 (PST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F12BC3A005B for <rats@ietf.org>; Wed, 15 Dec 2021 14:36:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639607786; x=1671143786; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=NXokwyFujyzYJG2qC3vGqpdRRPrdo5/GFR9BGEaXWHQ=; b=iLto3XUQEW0rJRap+WzTXN/y7ISmub6e+JQbUO2uwcLbuXj+uNH9/Ysr 2eYx9RPsx++rQshYTwnaAc7KfK3gdUbNr9srmeDSkivwa+OHsTwARbbF8 R+mbexMrxylY2Ji1THNtutiOgwOHvRH5yO3qEkHGfC1AcW3eNcBfzPYmM tkfK87gTknW66tRyqw9wGtU8PV7ePsz8/EX5Oq50izACdHJs9LS8sUUAj XgZ7SQLR8gBHcj4wlbRiJaymbNTSaQZq+mS8xks6IGh3RUeYTOSBaIAg5 JiOkzz9Fxsp1hmy7fmxBO72Lnhg6PKe0DvIBtLhhVAPElLdpJzzH7YFNo w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10199"; a="220033605"
X-IronPort-AV: E=Sophos;i="5.88,209,1635231600"; d="scan'208,217";a="220033605"
Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Dec 2021 14:36:25 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.88,209,1635231600"; d="scan'208,217";a="464446939"
Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by orsmga003.jf.intel.com with ESMTP; 15 Dec 2021 14:36:19 -0800
Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Wed, 15 Dec 2021 14:36:19 -0800
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Wed, 15 Dec 2021 14:36:19 -0800
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.42) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Wed, 15 Dec 2021 14:36:18 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HKbYrzN4/cjzAeyQYlPIiGWkMeASdbtdeP974RhGmJQ8HD/Fwk4fU67dFcu3kicrrlEaf91UD4GwsK4A/Q2YKbk5r5hTLxIkQoqoAZj+JVvaQdoM5JIRVMEJeDwyem+ziEmwWPMAWa/HELW1S7XoJjaWq/24W6Dz/zZCqXPthEWP0RUVJkb1mlN9ijDYefaBxYZRsBAcPq/8Jg8nC+jae98dt6kaJ1mr8CoZ7lphQrvVsjlcXtxfFPf0A51+1BggctQ6dtIezZ3+ABpdIOARmNhthRfYFVGgNI2hhz2A3MfKcX9OHGy07uRComnL+oHi/kMO5g1FofEVY0tEeWW7YA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NXokwyFujyzYJG2qC3vGqpdRRPrdo5/GFR9BGEaXWHQ=; b=ODB0Dv3bq+orB4N3CeRAyywqYTD1OLo9zq2aQH0/zh+J5v/qL2G0IznT1cMzGZhuy8BQFVNKba/V/GNgzngZXPv0GY2NsMC4bFUnC0CN3ZfaIw9+n3Eb4HMCWi1LoBp3cuIqI/UmMaTVdFrXDjuXUPk29i/bneVKcQAKCD2r71YjEK8UKXA04C4KjHYZSpAX+xVW0Cl+tREJL30pzETpOJ7kNB5m3qOApsnC5zLwXIKt6rr1rDbSHnydjjsPOp7aaaSxh5YquQ993pzeaNo6KKhIwFVLZoUsuRlG7ExFVTDwoB5qxpG4l8lwK/yY7lME7ZojlE0ZV3sFmylnSapmQQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by MW5PR11MB5931.namprd11.prod.outlook.com (2603:10b6:303:198::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.18; Wed, 15 Dec 2021 22:36:17 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::e8b9:8f6d:8519:72ca]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::e8b9:8f6d:8519:72ca%8]) with mapi id 15.20.4801.014; Wed, 15 Dec 2021 22:36:17 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)
Thread-Index: AQHX8eY1q3i7vVhlu0yw2fWJcgZhSawznm4A
Date: Wed, 15 Dec 2021 22:36:17 +0000
Message-ID: <ABD665F5-777E-4A9C-8920-0135FA91FC7B@intel.com>
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com> <E6E179AD-23AA-4B22-A0CE-26BED6BB2862@island-resort.com>
In-Reply-To: <E6E179AD-23AA-4B22-A0CE-26BED6BB2862@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.56.21121100
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: af2b0b92-3b62-45f1-66ae-08d9c01b4f15
x-ms-traffictypediagnostic: MW5PR11MB5931:EE_
x-microsoft-antispam-prvs: <MW5PR11MB5931820B7D81DB31A163B668E5769@MW5PR11MB5931.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YCegg8vSILjuszQUg2xHrz6IN+dyN7rEVIMizoS/Vx+fBTAAYUUkjVqc1URNfx2cCAjCBBc0KswB/xkc6iJapNIqay10/JwKuyGBisJEItuBokP16TJu+e/WFaDF2YFy/Qc69yMSMNPJO5HPNyA3v3lElLnfWWF8S1+W0AAGGbGwBmU7TyjITanUgHDktJNbWZe1uqLTeA9Crt12HvWavhJwYmMafJCVfmbvnrsynshucGJX2jCDsp3eqVgpDZsc+Wxjyyn8AVKSQ6XMKu4l1F/diE0c2yFWch4ESrlYzgRIFEtr8985c9eAVcoa216K/+dqY+5Mj9//DfTIgL9lccETbT9g2GhMOMn6B4KYkUGGKpfIL0Zmp4ohXDWGHuSbtPKvfWKlM6eMOTD51WM2IE+0cnQUtaA9FewBTjd5YnWdhvn7a6ZNskG86lfPx/RkmRsLYbtMWCtCD/APn2kgRMdGR1FdpLwEugIDlKnFSTImsjTrxk4MW/m8E8U9cE7XLOlW3ygu2inXXjYMlbRqFLFkXgMB60zRFu7cvwREOo3W6RlGpwgqiEOm+LrKEdiHtMuoi8QQRgMrG2IoCvp70MpKP3LGXZoM/g2lW7lelskws0icCRheXKctSsXosmWwjty13p/wF8d7EwFUZhCXL8Tcj1Yz6MbGbNdfvvzu9atQmR1KUJqhTOansoo1Eq/JUjyHTTu7b/4xDX+tjPZ/8hStIpwpqMZDu9iYjPgpDIoaef/nL7J3RzT301XwR6ao
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(76116006)(33656002)(6506007)(4326008)(5660300002)(6486002)(66574015)(2616005)(66556008)(508600001)(26005)(110136005)(8936002)(66446008)(71200400001)(82960400001)(186003)(64756008)(2906002)(8676002)(316002)(38070700005)(86362001)(66946007)(122000001)(66476007)(38100700002)(6512007)(36756003)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kNr6MUzWkYeHtS2tWvfo39sfjyIn0ZPx/17N0qc3zp77I41uUe76qySlFeYmgtYjNGPauQGUviRTSgLF+std/ALL2hZAkY41Lp9ZPknP6jpxurdoDAUGnZ+ZMKpS96h6P17MisDd5pzoNg6wDsaVqlU1Tre9CLiksSnygIIX+Dz923d6gJorexDH2qcDxxtDHN87fVOC+3OsVm+6m+caT+9hL7pYUdn5LPWAvkzxOuZyIAzHst+GJ+mb7tV0hp614ora8brjtrMn4EbTW0/f1jT6ajJSGFUmHi4+GW62gxe84WIsZlct/qRTwG4eMMLttERxO06QMi+YTsSa54LANSW1hWX1QXYpR4OwOpTWEBI8tr01yMjC4mnpIKzpVTF9kJCS2pxYI+ix/cl3G06OJSNSriHXvhvVw65Kw4bC9Hw14972H3PXY6/M2dgwW5o50mIiGAwfdsJ7GsIsYHpBq3FS9KoNJUAiT8CLfrR7YA2AwUtPtvXfUaGuS93+8V9E2W1vzP/nF99tPV+rpICOJYA1640SDl72gB/T6834QW0yQVnBpWEBKTRFdukN18BW97GCbI2+1UOUGgiwOXgESWx2OZCLwmmWFQ/Dld91Oul/EHbsxS7/+dhuvlpKtGfIt2otYN3jWgqp6zG7NoLvbS4EJnBaRrPS6n/PTESSTQtOc9RYaI5U/dB7a6F+p7N7QeV7+5GYWy3R6voP6+FDBYkDNclOhZkbqPQilVSa0oJfoCBmiJgaRCiFlQ5xOIz1h/lJX2MNJB9xTXd7tHnpCex3e4czjsgAluCT+rXLR+RXDn8rhPUfvsZpUJKqyUCYO6QiUp6RxIIpxL2OHzltur7FYLzdHZglcYNSYxgwlWrExuw9milCga4llCYpmzUKGnol7vWPqxoTx0MTznDbInaG4vICJjY0lmd3P6ED1CsgMBq+ECONsp/4cyq/6qL6OMcdd9a48Ho2aG0rJCRp5cxFEptkHQyn/XmtnyrS0pYFuy7hfp+Z9XQ7ypo+122HY9QsXTI/M32PgYlh1Mj/MvMimvvWvs3//OhMKT3tT1Dh1zoOYl2lWlk7ZB4odXquYQtg6eZCtJUQXpNMvoJIvKpZeWCZBDC6hV7potUzY9Vjc/ZQc6yVolSOxFfly4QfND9dMhHvZWAINHSZlE0mV2vIq9eLcB4x2qvMgQU/9S6U++iBUXfTTmVDzHwhh13EZbsTCGRmW/zFuJe/d22yk+LpXd/61ja3j1pBRDek+Xl44sEdt3zSTf8pQtSlx7bcIuINshjQXjnp97XeronPD4Pvg1b9nfO5NtAPKfvcMrgDbBopADFi8FIyVoVdSIJXMPfbOx/KuBZ0Cy3iWT23Jck9o19D+LS0B004EeTpkcsxpfa8Gz4EkOLfclb9xXq7Ze6FVRJGhLCw/opTXjBtb6auH34kcOYK7jstWmvP4M9qU+M3lzYUFgRG2S+EaFyRHsc9xUToMQL8FWS+3F2YLYFAaimJ0APMjdX+DDnAHhAsW8g4QSscQiIRW2ES3WueeLG4sg5ySMDOkRtC9LtK/tldAtGs62gzQOQpVh9mSZvpRu/cmjqi3TZqDXD+Z+AwBK6h7Ixcj+Eve4DKbazxhxrWqpik5A5jkmlrkzsJ//w=
Content-Type: multipart/alternative; boundary="_000_ABD665F5777E4A9C89200135FA91FC7Bintelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af2b0b92-3b62-45f1-66ae-08d9c01b4f15
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2021 22:36:17.2122 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: A28o/lDz27s58KFkGVWW4YG2u2YddDzP9yWXyJzdIN7crLvd0c34OUNt7yn4R09ThNkHUxicQ4GZx1qbwztxfw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW5PR11MB5931
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/NKOSs2rl-clkLVwrc439_0q3cRw>
Subject: Re: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2021 22:36:30 -0000
[NMS](speaking not as chair) --snip-- Here’s a few more reasons for submods: - Complex devices like phones, routers and cars have a large number of subsystems. For the router case, you may have individual attestation from cards in the router and one for the chassis. A mobile phone has like 10 major compute environments (TEE, camera, modem, low power audio, CPU/GPU…) We need a way to express and organize claims for all sorts of complex devices. [NMS] More correctly, the vendor community who creates the TEE, camera, modem, lp audio, CPU/GPU etc… need a way to express and originate claims for all sorts of complex devices. The presumed way to achieve this using CWT/JWT (that contains EAT claims) is that the ‘sub’ claim describes the ‘module’ and the ‘iss’ claim describes the vendor (although this isn’t specifically defined in the EAT draft. It is possible, using submod, to use the submod name ‘submods-label’ to refer to the component, which is a component of the device. Additionally, it isn’t clear how, in a multi-vendor supply chain, the submod name is supposed to be unique (not have the same name). This is especially concerning given a module could have multiple instances of the same type of module. There has been discussion that EAT as a standalone spec can’t reasonably be implemented without a profile. Possibly, the profile context addresses some of these concerns? The PSA draft goes further to define a profile, but I don’t see it directly addressing the consideration for multi-vendor device composition. The other EAT claims (not submod) seem to imply a simple composition where the thing (module) to which the CWT/JWT is issued / bound is the thing (module) that has the EAT claim. --snip--
- [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Michael Richardson
- Re: [Rats] EAT Review Comments Laurence Lundblade
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Henk Birkholz
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Laurence Lundblade
- Re: [Rats] EAT Review Comments Henk Birkholz
- Re: [Rats] EAT Review Comments Jeremy O'Donoghue
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Jeremy O'Donoghue
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Laurence Lundblade
- Re: [Rats] EAT Review Comments Henk Birkholz
- [Rats] Should we remove submods from EAT? (was Re… Laurence Lundblade
- [Rats] DLOAs claim (was Re: EAT Review Comments) Laurence Lundblade
- Re: [Rats] DLOAs claim (was Re: EAT Review Commen… Smith, Ned
- Re: [Rats] Should we remove submods from EAT? (wa… Smith, Ned
- Re: [Rats] Should we remove submods from EAT? (wa… Thomas Fossati
- Re: [Rats] Should we remove submods from EAT? (wa… Michael Richardson
- Re: [Rats] Should we remove submods from EAT? (wa… Laurence Lundblade
- Re: [Rats] Should we remove submods from EAT? (wa… Smith, Ned
- Re: [Rats] Should we remove submods from EAT? (wa… Ira McDonald
- Re: [Rats] Should we remove submods from EAT? (wa… Laurence Lundblade
- Re: [Rats] Should we remove submods from EAT? (wa… Smith, Ned