IETF Logo Mail Archive

[Rats] Re: draft-fv-rats-ear-05.html

"Smith, Ned" <ned.smith@intel.com> Tue, 11 February 2025 19:57 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E93EC18DB8E for <rats@ietfa.amsl.com>; Tue, 11 Feb 2025 11:57:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4twubRklCAa0 for <rats@ietfa.amsl.com>; Tue, 11 Feb 2025 11:57:46 -0800 (PST)
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E9FFC18DB9B for <rats@ietf.org>; Tue, 11 Feb 2025 11:57:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1739303866; x=1770839866; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Ez3kvjAko89g2ea1NMShyInGVhIA8ZHnPsG/zILXBtY=; b=XVcgkE2pyBGut6d89I1h3TmGbT+un1PRXLxwHYJuqbkbpGYq0DJZUX8W BsZZOdM0vFt/RXk1OUZPhdLPGpe0YnLiSrviuKtd7KacADhIG8x0DmnE/ pan7gE1qMy8lXedUEquaH4299XWtgZ5PSLB64kOPc9H7zL9FCq3wF3pJQ YWCdhknoJE1etUpRmEhoFapwzlDPpJrifpWSAH7RLVWmaGMPLAnxWjNFs 9bqP69NO+VU6tXL1Gbm5zRkUr5g/fh3cxtnOe/h29SUg0jTg+rYn/BZCS FUIIn1PAMY5YC6y/tZJW9SocZVuKuv1c5e5pfQmdTAF5BkrVvA9uxgbo+ Q==;
X-CSE-ConnectionGUID: xL9WOjOER5OsT6ZrQjB4Xw==
X-CSE-MsgGUID: tlu3wIEPRO2k1KRqHAnKEw==
X-IronPort-AV: E=McAfee;i="6700,10204,11342"; a="39823703"
X-IronPort-AV: E=Sophos;i="6.13,278,1732608000"; d="scan'208,217";a="39823703"
Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Feb 2025 11:57:45 -0800
X-CSE-ConnectionGUID: uFB/IqB3QJuRN/vPah2gbQ==
X-CSE-MsgGUID: whtppZu+QrucvtJKG36wkw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.13,278,1732608000"; d="scan'208,217";a="117685470"
Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmviesa004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 11 Feb 2025 11:57:45 -0800
Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.44; Tue, 11 Feb 2025 11:57:44 -0800
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.44 via Frontend Transport; Tue, 11 Feb 2025 11:57:44 -0800
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.44) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.44; Tue, 11 Feb 2025 11:57:43 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WfJcVP/eyLbILRbXkO0wpDrgvAwTKus71FQyBabcYrU4J+pxjFLgftIk0f4l6YTPw2u9S2iZA17BYXIhtsaJOW3b28stxgqD84xZvI1kUXPlLCuZekksyzrPxPCq1w1FOp2RB9KPkWgaIJ0GTF7DIcZpLleQ5tOQfJBsrCYvEpo/sRQcI25w/FoCO/VjYALHZ73TYBDiO2g196K9X0RB0zS1ZIrGJZHCBp2xPnBUhxRrxyOV4AfcdiVJTU5VB34yXt4EhAUrZeod4uybnUTTO8NSJUKU9JM7IfJgnHEz1Y+/Uk6zoGejJUijbujOV1FJUjYPPy2zYJXmbz7gLfufHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Mvy1dTX/FYT9KNB1fisHYED6LsoPg8G8Vy7JoArGtpw=; b=zV1LbbcDGCgYLnV4iv93eI7T5Z/4VVXCkiHvAm1q2adpo1TEBjSd54I0KDw61V885kbnl3+rb5whTZPVqx8CTm8A8Y5OY8g+fhBN7YpOlOyYm1hnA3TUi+yRFYKtVIrhpM8mu7dS5CEK/5ru2lOVe2CVqOfhsmpYNf1pP0ox8sVgdfnazONb1juXPZ1tNm4KtWaxFS1kpM/zitN7Jb6SWncejwQZyO1SQxmw4T1REs0VbFxFwaEoBLfBIq2TSf3MqU2r/tYoAQzJ+aVYDrOhivhyq7r7NRCk8/WR6iYtkF5GzSw3SPciTicXyJZI3u+ECWRvX/l8pAnDTcBAUMgCNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM6PR11MB4674.namprd11.prod.outlook.com (2603:10b6:5:2a0::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8422.18; Tue, 11 Feb 2025 19:57:41 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::9bf0:5425:d055:42b7]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::9bf0:5425:d055:42b7%4]) with mapi id 15.20.8422.015; Tue, 11 Feb 2025 19:57:41 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Thomas Fossati <thomas.fossati@linaro.org>
Thread-Topic: [Rats] Re: draft-fv-rats-ear-05.html
Thread-Index: AQHbev4G51LKwi6Vz0O4QoaiQt1gg7M/H4sAgANmDRw=
Date: Tue, 11 Feb 2025 19:57:40 +0000
Message-ID: <CO1PR11MB5169AABF45A863D48B01847FE5FD2@CO1PR11MB5169.namprd11.prod.outlook.com>
References: <173885526190.594367.10991415485815689408@dt-datatracker-6f7f8bdd64-25rl2> <CA+1=6yfhZ59m5XxEujFtuH61=-TtEKMwZzP2TBjQBd4JAAuEmQ@mail.gmail.com> <867501.1739010799@dyas> <CA+1=6yfey6=ri0LK8Lz1+J6C6Juq2Vptep1nJEvK3vR_WwerUw@mail.gmail.com> <1038467.1739116410@dyas>
In-Reply-To: <1038467.1739116410@dyas>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB5169:EE_|DM6PR11MB4674:EE_
x-ms-office365-filtering-correlation-id: cddeafb5-8c84-44ea-77e3-08dd4ad6579f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|8096899003|7053199007|13003099007|38070700018;
x-microsoft-antispam-message-info: 7ENQADHbZaBt95oDm393eQDVadkUxXh/aij0+qO0kgsuyTKb94PfAcSgju4dnIqKaHKkWueCTayKMpi1mSGrrSkveNVusEo9reir+MICFcIjieTzIhq+6tRcvgIsoIQxQAf1F5jdS+o/KHgazlKru5K2tUh/7s5nDUkademj/4MU0/t+VF2NHXHGb5f+wYwCm0LLbvhwZWS1hLEvLFyIeR4M7D0IPfYu/WSf3kG69c0Y6vpcP9NZWIyhDxAFpg50XZmAXL2nFpHC+OLSAIEsyeOzqldpj6vgK1ZcqWWPMjo+B1przui8/IC2vSKjAVCeixPQ3wrHjpzod4mzChK0uUHy3qs5THRbGk6N2Hu0xGbbda+3Ko4sND9dmI3fEurBDhZCKJcDBj5964cSujMA/ME43bNHvcRBUuNgaQ/cAYsPH8TE6bk4LOhnTArizBAwfhBqvRS27qKw4x69furjsQep5lFEhjloSrra9N/ny+HBWkSJcAXIjdHqGBwZ2RzMvkW3yV/YMvU0WrfY6U/FgkqMHeXbE1ReG8gRQvpbiALTTepQWP1R+GtCcyPpSCS3n/xrWrYBcW+5RlQ1MtOpdLwXCF8tHzaIK5yJA6d1T42Q7573xIBoEXcgn6AD+FIoGc7xbuVhhMOyjY0TIc8DQXZ9WkCngShZq69aTDSgT0auUwwPC6Qjqr/5REdurN5ZwjuWRAOVRRkOmFdGxeSer9db+GcRbNPqnlgIYhPZFCU1SmHzXfOSe039ZCXaQnAZWxTr9TJOtb4Wz62HHP7e9pNhQQqDXkXt7cXhi0t+IYTz/6azh74ymbJyi4Hl3LJOy0vG1lQ96WvW5WhH4ieRRLALDGxzi0dwOBlykkfQxSV6Q4b6Rzy0JtvhDeO87AAq9y1wTw2k6WnLfmZoMRPb8rPwk0l+lakgGOqrpX2Eyozy3hhfTsT1nIfYe1PuatCzA+5uucjTBaK4cy9NhWw6EtcNuQDMn+gTDY17yON8GJOoizagSGUWmZz8ttIpwJ4tEBg524QwZoB8O1OBTg90Tz2GiQMac4KliBHwzM/Lf9s6swcIZp4l8BvQtQo4sy9tEXgieujhAa5EomI4zVqIUGni2p4ByGkZk+vs/2mp6TUkxD13qrEUOwJXzX3NpQ9s0vWwU4l4Sq6cM/hq5TtUJHMOMLmZYr+w/2cXi4zDb4PdC/6TTLpoH08ELGb1y4HoiJFo+rKRJgkTXBsVAN/QNfUeKwLQ6mKddnTtuNrylXu5tPhtD7KQUSVt6+QdbeLI9Vofn5OaWutHED3J21ktf9NO9e8NLom9dYZVSa7K6DHzYp7gA59LY7MrDs4pKmkN1V0ERPH2WcBs7Dmvji8mwmXsTHGw7zhEzIXB7EQxnHASOLhVudmrmZc50jNnQ9+7
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB5169.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(8096899003)(7053199007)(13003099007)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TizFc62ygdijlERrIoE+FdLD4ug/eWKdZsLsz6HzLDO2ok0wFFtyg3HmHEDgnKPvXnUtfmnZ6E8Wa40HYqE8AO3BPKdNWz2L0iqiErAGYa/TSn4mlx/qXjZNfuwCAWzag6SyFiQNAYN3SDGX3kY47a2Mb3ylUCYL82AlhbBXSiN+P3m+U/P0dPFZCu2nbMxqrTKPyt3rzAhZionTp5MksDHCu035Jpd3y1K0x89zFrGRDDWQPBRp3Z4TZF4/Ei/0/inqOujieQghY7YDr+yU/DqLYZw6iESIiFF1dvyc+hrAUNUaidjQbQqj5J/wCOXxupQIRC5ReyYTJcSj/BoKo6fyMAtohlQpgP+5GAkGvkh0XLMboYK+1ndF5AboHxFtQUo//9jJZneDRbAZ/txo8v7zxebTiFd1F2kRooyNrNg5wZmi+KL8SySO6mqwbI3ARz4++WJls0AjwnuuWA0juhfeSFsX1EG7Wm1log5Y787QV5kbfVmMKh1kl2Pa+w4rg942fUxdi/haFfc2FfcdKI1JxmhI3OQ1zp2KSoN2TUTcehiVZqS9S94+HIBdqchIpLe9aOFMp2MO1zvVYCBi2Zux4DiOCPkWWgxYIJdpHxWsPT73amvjbkog6TGPFIZ9rOSFF5vlevlqQe48LNpNBDs4ND34HeCUqNwGQxJeexvYt3PvZkOxwzXmYU56m8EevsiNmkCF+P0lgKZDw0oPwM/f6SkrHOunm7BEbUrvJd8xBIZvrgCaLhOpWPHu8Zxu5H503Uhex7PAghHk+zNNuJ3nVS73iTuZUmzp6T5pMQGzUk5ScZx7E92Kir3fBxR7Axe0dGUyrwY/h+fd1WScNjnn3IG8YWlvx/U7VJ/zI0N/QCR0RkXLTLhf230feTEuf+jauEb8rFGDfalsz8zEjy+8NCimzvkwJU0cm55crKHHInJc1EK3mfYxXgB2WsTRbl0LBerNO+ty+GCsvwFW/VoJTlHJJ2IKBBzlzo+ML4z0MSuxjWhBuCsnCirdZLXk4+aEy2u4hnNNWwhBcJ7JOVwY+AvlhfKI0CxZon16R1Jd4s7AOjhE3vqibt1KwpplqUdb45995fv9T2hNaJU32b4y5cPIwur0t/80r0Tuwv6JomiiOkzHr12KZTDBS+ePgY1/FuoTwbl7z4UTT83qmZpS6u0oeTMrgNJN8Ym2yRM3dOVNpVYyQLyPwFiDQ5rMcrIUpXrqlMdBVtAZTi3WvQgybI7WJVNBkW2kFLXBnUJ8t7JcuiBk6gVJVKGVrcmNcslpnrDTM8Fx396sgEXKQ0p/njMxB9kYF/wqbrHuY6daTPzznIOMltXspDuWcQDpsnMKRSFTPUhnhTS+9CTtg6Ddtk7oj/ow8gpsmnUwcmyfFBqJUPvJUhs1UKyU33IXRhOv/lMypXgFgzmu/nsp84C65Egn05oKLj+m+RzcyqDx+EQwc2Es4w4BcRRZ7+iexVm/CDxyVik2Dcz6ylN5kZ39AzdtmOwLGfoswhxBrhr96WmLAkqSN3BrTWGMekP/+e8VT/9a2HpOEXz+XC8R87Pa9jtzcJYkK0DGxEdQPyzebahgpxiBhYhfB2M0pJY8F71ke+/R4Lm/UIBHgWzqIQ==
Content-Type: multipart/alternative; boundary="_000_CO1PR11MB5169AABF45A863D48B01847FE5FD2CO1PR11MB5169namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cddeafb5-8c84-44ea-77e3-08dd4ad6579f
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2025 19:57:40.9769 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bPPY436G9PAswBq/esMqkTBHaMW21uaEEpCuxy4h04XWd/JPaDOJdusUvt5kzwBOcBl/94kfP1RujkwtBs5yyA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4674
X-OriginatorOrg: intel.com
Message-ID-Hash: 5HPJV32K5DUJF6LTZ34D3PMMS2JUGVAU
X-Message-ID-Hash: 5HPJV32K5DUJF6LTZ34D3PMMS2JUGVAU
X-MailFrom: ned.smith@intel.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "rats@ietf.org" <rats@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: draft-fv-rats-ear-05.html
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Pj3ng6u3FaGWm6WhSAYIHvo3vA0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

[nms] not as chair.

On 2/9/25, 07:53, "Michael Richardson" <mcr+ietf@sandelman.ca> wrote:


Thomas Fossati <thomas.fossati@linaro.org> wrote:
    >>
    >> is this URI going to live into WG adoption and publication?

    > No, this is bound to change if the draft is adopted.

    >> (I understand that for running code, like veraison, that you need
    >> something now) While EAT does not require (and goes out of its way to
    >> avoid) a registry for EAT profiles, for core infrastructure things
    >> like EAR, I wonder if we shouldn't have something.

    > The rationale for employing URI/OID as profile types was to bypass the
    > need for maintaining a registry and instead leverage established
    > governed namespaces.  I see your point though: it'd be handy to have
    > the EAT profiles map in one place.

Good. So, what do others in the WG think?
[nms] The spec defines a base profile essentially already. Populating the profile field seems redundant. The content-format / media-type / other(?) content labeling scheme describes the payload contents. Since ear is a special kind of EAT (the ar in ear means Attestation Result), it should have its own media-type / C-F such as “application/ear-cwt”. The profile parameter might still be used for vendor/implementation specific considerations.

    >> IANA Considerations section should probably back-reference section 4
    >> (EAR Extensions).
    >>
    >> I see that this document is somewhat TEEP oriented/inspired.  That's
    >> fine, even very desireable.  It seems to me to be TEEP critical path!

    > We used TEEP as a playground to test the extensibility story.  On
    > paper, it works.  However, we'd need to double-check with the TEEP
    > people to see what they think.

Yes, I think it's really good that you used it.
I'm concerned that TEEP needs this to complete.  Am I wrong here?

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.37.1 | Report a Bug | By Email | System Status