Re: [Rats] EAT IANA registry
Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 24 November 2019 10:55 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7615B120127 for <rats@ietfa.amsl.com>; Sun, 24 Nov 2019 02:55:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.641
X-Spam-Level:
X-Spam-Status: No, score=-0.641 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MALFORMED_FREEMAIL=1.355, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kbr9Qe7AAC65 for <rats@ietfa.amsl.com>; Sun, 24 Nov 2019 02:55:05 -0800 (PST)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 219BC120125 for <rats@ietf.org>; Sun, 24 Nov 2019 02:55:05 -0800 (PST)
Received: by mail-wr1-x42a.google.com with SMTP id t1so13948195wrv.4 for <rats@ietf.org>; Sun, 24 Nov 2019 02:55:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=Occ4yab/Hs8wob1LGlkJk9BmL0g8nTFJh8eDWnwq42Q=; b=I2lPepYq5X9crnNppG2IVWG9iAXCXTMSiCiCl32aDzBp0deY36uTFzT2ZrkF/Npldr qjBdlYlbo0lnmhwA2ab4NHzFV4TnljbSZ5qxlgPfpN6PWks9Ta+R0+/gYI4qwLQOQKfA MPyl2oxQ69pxfCZ2kPY4PH5nXUQ4jH14QVyV98ShrRLDxaOn57FAsnHITUOCdjoGeDEh AzYq/c/K6Fgi7eyRciNNXBIc6juygs/STP/H2givS2Py+tSzchbVvF2WtfBWuUackHbK xPaWkFRQ0LNmEirnLniZ4+v3dpT01kOl/q+Cx+2bnlVNzEihbk7yD54sdHoY18+umPrA Cihw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=Occ4yab/Hs8wob1LGlkJk9BmL0g8nTFJh8eDWnwq42Q=; b=lQx7JqunRDwTlEUCbgc1TE4q4elIFZUh0e6iJjLCroKJjTtk7B3Di14TKhlenqVh5v kT6SYwCNPm54tDChkg7kN/4HWdb/eWP5HambEkZEpGoapE1rJ6P7z+hd8W4jm3HGBAbw nNbLHMiGUKjbqvjQZrGJg5sbaVELW5GKTJByw53ibdSJ/zQZMa4D3wMPpHBL2GEYxMe6 sxxr/AxwcbjGTC/uUzxEqAfCuPcDE52qk2L2xEXMfQbuyclRsyCdCcNaEnPoqeNRdhfM DnkHtKhKaFb/An4HQwqC7rqhMMXWkbgV2d4hfXs04Odh5Kv4MCRbI6y/a5bsHQSzh8N0 WrEQ==
X-Gm-Message-State: APjAAAX3ACtgh9qzFvQDrz3xbLqQKQgKk5i9CZjE/23LUa9bZABVyrlX +fSj7NQCLy+KYIO+rmrKQYZS+LEWGWk=
X-Google-Smtp-Source: APXvYqytfr2ChdrHmJ5G2NKL0aW/nyZxpleEbfshIcORzhFMpPFRt2JG80fCB1KxoQad9GZuz5CvUQ==
X-Received: by 2002:adf:f28c:: with SMTP id k12mr4487562wro.360.1574592903461; Sun, 24 Nov 2019 02:55:03 -0800 (PST)
Received: from [10.0.0.146] (bzq-109-67-99-114.red.bezeqint.net. [109.67.99.114]) by smtp.gmail.com with ESMTPSA id t81sm4638915wmg.6.2019.11.24.02.55.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 24 Nov 2019 02:55:02 -0800 (PST)
User-Agent: Microsoft-MacOutlook/10.1f.0.191110
Date: Sun, 24 Nov 2019 12:54:57 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "rats@ietf.org" <rats@ietf.org>
Message-ID: <31B9F6C7-74E2-4B9E-933C-77D7B51E21E7@gmail.com>
Thread-Topic: [Rats] EAT IANA registry
References: <D2CF9D31-057E-4B47-A3D0-08BBBF997F47@gmail.com> <VI1PR08MB53605A2A2E61E6EAE2609FECFA490@VI1PR08MB5360.eurprd08.prod.outlook.com> <09C4F36B-C9CE-44DF-9DF8-F3365A7E3053@gmail.com> <53C13986-A523-4349-BDC3-F8ACC2BCFD29@island-resort.com>
In-Reply-To: <53C13986-A523-4349-BDC3-F8ACC2BCFD29@island-resort.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3657444901_1842661877"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/NieOLemiya1Y1vEQwa8FXValH3g>
Subject: Re: [Rats] EAT IANA registry
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Nov 2019 10:55:07 -0000
Hi Laurence, Yes, such profiles would certainly be helpful for attestation. Unfortunately they would not solve the fundamental problem that a developer who wishes to use JWT for anything, not necessarily attestation, is faced with a registry that he or she has no chance of figuring out. Thanks, Yaron From: Laurence Lundblade <lgl@island-resort.com> Date: Saturday, November 23, 2019 at 18:29 To: Yaron Sheffer <yaronf.ietf@gmail.com> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "rats@ietf.org" <rats@ietf.org> Subject: Re: [Rats] EAT IANA registry One of our thoughts is that EAT profiles will help with this. For example, a special profile for toasters might list 5 claims that must be included in every attestation and 10 claims that are optional and maybe even prohibit all others. LL On Nov 22, 2019, at 6:57 AM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote: Hi Hannes, Looking at the JWT claim IANA registry [1], it is already a terrible mess of several different standards, obviously with many more coming. I guess what’s done is done, and I’ll take back my objection. Thanks, Yaron [1] https://www.iana.org/assignments/jwt/jwt.xhtml#claims From: Hannes Tschofenig <Hannes.Tschofenig@arm.com> Date: Friday, November 22, 2019 at 14:17 To: Yaron Sheffer <yaronf.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org> Subject: RE: EAT IANA registry Yaron, Could you explain why you think that this is a good idea? Ciao Hannes From: RATS <rats-bounces@ietf.org> On Behalf Of Yaron Sheffer Sent: Friday, November 22, 2019 2:05 PM To: rats@ietf.org Subject: [Rats] EAT IANA registry Unrelated to my earlier mail, I would recommend to create a separate registry for EAT claims (I suppose that implies a nested object in the JWT/CWT) rather than to overload the CWT registry. Architecturally it just doesn’t jive to have all these claims as baseline CWT claims, and process-wise, it’s much more convenient for this group to control its own namespace. Sorry if this has been raised before. Thanks, Yaron IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ RATS mailing list RATS@ietf.org https://www.ietf.org/mailman/listinfo/rats
- [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Hannes Tschofenig
- Re: [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Laurence Lundblade
- Re: [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Benjamin Kaduk
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Kathleen Moriarty
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Yaron Sheffer
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Yaron Sheffer
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Jeremy O'Donoghue