IETF Logo Mail Archive

Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Sun, 01 May 2022 13:43 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 296A0C14F74C; Sun, 1 May 2022 06:43:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.753
X-Spam-Level:
X-Spam-Status: No, score=-3.753 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cxqnIb8XEyOu; Sun, 1 May 2022 06:43:49 -0700 (PDT)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49A79C14F742; Sun, 1 May 2022 06:43:46 -0700 (PDT)
IronPort-SDR: FWI1OJfdZr5PwQ07OsrSXSFHceqJAQlV9vi3X5EQqx+GJCO3l9+wZL1RI58FrELxoBT0O5rXa9 Xi9syhBYyF4sC/9FKLM4USCFDUjNgKsaOjsCPRzSkzwZNLiEUSFivVAa3aCDcPjINxMuYuhTTY N0EFFOyZfoHGbj5UjrFZ7Qp6gsgvZjQ2nGO5qrWDnhaZVCa6BxYM2EoxA1jMsOr1uEzKnbsPwg 8I7Xgsy+B61q+eepTGQNARl3e4f34e+MGYqHBNn9PHdinsPIYNxJRB1EFNGk3ENLWQJXFoRgWx 29A=
X-IPAS-Result: A2EQBQADjm5i/x0BYJlagQmDSyh+gVSET44JgwIDgROaI4JRAxgzCQsBAQEBAQEBAQEHAQEsDQkEAQEDBIR7AoUzJjgTAQIEAQEBAQMCAwEBAQEFAQEGAQEBAQEBBgQCAoEYhS85DYNTTTsBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEFAkFHDDIBAQEDAQEhDwEFCAEBLAQHAQ8JAg4EBgICJgICJwsXDgYNAQUCAQGCeQGCYwNAkXWbF3qBMYEBgggBAQYEBIUNGFyBXAMGCQGBBiyDE4tKFyCBVUSBFAEnDAOCPTc+gmMBAQKFNIJllHkKHFRcBFECIA8sNj8PC0IzG5FrMS2sYXw0B4ISgTyBOwYMniAGFC6DdJJjNpFHlmGjJINOAgQCBAUCDgiBeIF/TSRPgmlRGQ+PRgEIgkOFFIVMcwIBOAIGAQoBAQMJjGcBAQ
IronPort-PHdr: A9a23:gLEo2B//MDagqf9uWC3oyV9kXcBvk7n3PwtA7J0hhvoOd6m45J3tM QTZ4ukll17GW4jXqpcmw+rbuqztQyoMtJCGtn1RfJlFTRRQj8IQkkQpC9KEDkuuKvnsYmQ6E c1OWUUj8Wu8NB1OGdq4aUfbv3uy6jAfAFPzOFkdGw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,190,1647298800"; d="scan'208";a="41533991"
Received: from mail-mtaka29.fraunhofer.de ([153.96.1.29]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 May 2022 15:43:43 +0200
IronPort-SDR: 7NWHfAEyy62PQONuquZ/L1H7sW7Vx13i6n0+40m+/N2ylXDELJ7K8XS1vdLg3QRGH97hvV2gZo He4bXcDw6BnNiXsI+fKiYIutF9JWKhFhOcwR/eUhSRIqAfqcrE9VjZ8JjgPjnXq6ImgiLRBark EfdrPoLfXn/ZJqTqYVyYfCKd0v6F29XJQD+1yUMiirh4xB/QpVvQ6QIsbJqxeXglGx/y2AZcOA gCyp6JwsQpcsfB87E59M5/1Wyrq5TsIclRmcfHy1yd3R9YpzPOTjK7/iQh17PcPOiO/vNPtQ3m KLFa6pXO41I36UBBtf6qMbXj
X-IPAS-Result: A0CyDQADjm5i/z6wYZlagQkJgxgqKAd3WCdVhE6DTQEBhTGFCV0BgiQDOAFamiOCUQNUCwEDAQEBAQEHAQEsDQkEAQGFAgKFMAImOBMBAgQBAQEBAwIDAQEBAQUBAQUBAQECAQEGBIEJJwZeBmiBT4FhEws0DYZDAQEBAwEBEBEPAQUIAQEUGAQHAQ8JAg4EBgICJgICJwsHEA4GDQEFAgEBHoJbAYJjAzABAQ6RdY83AYE+AoofeoExgQGCCAEBBgQEhQ0YXIFcAwYJAYEGLIMTi0oXIIFVRIEUAScMA4I9Nz6CYwEBAoU0gmWUeQocVFwEUQIgDyw2Pw8LQjMbkWsxLaxhfDQHghKBPIE7BgyeIAYULoN0kmM2kUeWYaMkg04CBAIEBQIOAQEGgXglgVlNJE+CaU4BAgECDQECAgMBAgECCQEBAo9DAQiCQ4UUhUxzAgE4AgYBCgEBAwmMZwEB
IronPort-PHdr: A9a23:qBy7vBGIoImFTALvOO2DYZ1Gfi4Y04WdBeZdwpYkircbdKOl8tyiO UHE/vxigRfPWpmT8PNLjefa8sWCEWwN6JqMqjYOJZpLURJWhcAfhQd1BsmDBAXyJ+LraCpvG sNEWRdl8ni3PFITFtz5YgjJo2H04yQbBxP/MgR4PKL5F926sg==
IronPort-Data: A9a23:foH7r6C9fdzgyhVW/63jw5YqxClBgxIJ4kV8jS/XYbTApG921DYGz GsZXG2Ga/qOZ2PyfownaNi2/BgD75bdxoNlOVdlrnsFo1CmBibm6XR1Cm+qYkt+++WaFBoPA /02M4KGcYZoJpPljk/F3oLJ9BGQ7onVAOulYAL4EnopH1U8FX940UsLd9MR2+aEv/DpW2thh vuv+6UzCHf9s9KjGjtJg04rgEoHUMXa4Fv0jHRnDRx4lAO2e00uMX4qDfrZw00U4mVjNrXSq +7rlNlV945ClvsnIovNfr3TKiXmTlNOVOSDoiI+ZkSsvvRNjiFjiZsiL9AlUkRsiifTspNNl Nd/6KXlHG/FPoWU8AgcewJdDzk4ML1N+PnJO3Git8yUwUDcNXfhqxlsJBhrZstJpaAuXj8Iq 6ZwxDMlNnhvg8q2zbS4DONtnMcjK835FJgepjdu1zjEC/YhT53ZBanHjTNd9G5g3p0WTamDD yYfQSUydknvWBZQA3gGMbE4jvuPp3f0WgQN/Tp5ooJyuQA/1jdZ1LfpGNvOftWMSYBPk12fv H6A9GP8ajkWLtWR1X+Z6XmsgeHCmyL0HZgbCKb9//9xmxiPwW8eDjUXWEe15/6jhSaWQdtDM GQV9zYg668o+ySWosLVBkDj5S/b+0dDBZ8OSask7UeGjKTO6hufBm8KQyQHZNFOWNIKeAHGH 2Shx7vBbQGDepXMIZ5E3rvL/z60JwYPKmoOOX0NQQcfuoaxu4AvyBzVR8tlEKm7g8ezFTypm 2KGqy03hrMyi88X1vznrA6d3G/2/sDEHlwv+wHafmO59QcnNoSrUIyf7wSJ5/h3KovEHEKKu 2IJmpTF4e1XVcONmSWBTf8jBras4/rZYjTQjUQ2QMs69ijr9WSqYIZQ5z9zPgFlP59cKzPuZ UbSvyJX5YNSZSf7M/UoPtjpU8lzlPruD9XoUPzQf+FiWJkpeV/V5jxqaG6Rw3vpzhomn5Y/D pHHI8yiOnAXVPZ8xz2sSuZBirImy3xsxW7XQpynnR2r3aDEPyyOTKsddlaeZeB/4rmNvQPV9 NhSLY2GxkwHAuH5ZyDW968VLEwLdCRqW8qp9pYPLuPTcBB7HGwBCuPKxe9zcYJSmakIxPzD+ WuwWxMFxVej12fLLx6GNiJqZL/1Bswt9C9geH1zeA/3hT19O8Cx6eEUMZUtdKQh9OttwOQyQ /RcI5eMBfFGSzLm/TUBbMCh/dI4K0nx3VqDb3i/fTwyX598XAiVqNXqSQ3iqXsVBS2tuMpi/ rCt22s3m3bYq9iO0SoOVM+S8g==
IronPort-HdrOrdr: A9a23:AnD2T6OpakZIr8BcT3P155DYdb4zR+YMi2TDiHofdfUFSKClfp 6V8cjztSWUtN4QMEtQ4exoS5PwJ080kqQFnrX5XI3SIDUO3VHHEGgM1/qG/9SNIVyFygcZ79 YcT0EcMqyBMbEZt7eZ3ODQKb9Jq7PmgcOVbKXlvgxQpGlRGtBdBmxCe2Gm+yNNNXB77NYCZf 6hDp0tnUvfRZ1bVLXxOlA1G8z44/HbnpPvZhALQzYh9Qm1lDutrJr3CQKR0BsyWy5Ghe5Kyx mJryXJooGY992rwB7V0GHeq7xQhdva09NGQOiBkNIcJDnAghuhINwJYczPgBkF5MWUrHo6mt jFpBkte+x19nPqZ2mw5T/gwRPp3joC42LrjXWYnXzgi8rkQy9SMbsKuatpNj/ir2YwttB116 xGm0qfqppsFBvF2B/w4tDZPisa4HackD4Hq6o+nnZfWYwRZPt6tooE5n5YF58GAWbT9J0nOP MGNrCc2N9mNXehK1zJtGhmx9KhGl4pGA2df0QEssuJlxBLgXFCyVcCzsB3pAZPyHsEcegG2w 34CNUrqFkXJfVmKJ6VRd1xDvdfM1a9AS4lawmpUBDa/KJuAQO7l3e42sRz2AiQQu178HIDou WzbLpmjx9GR6vPM7zG4HQZyGGEfI2CNQ6dvv22oaIJ/IHBeA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,190,1647298800"; d="scan'208";a="18050875"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaKA29.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 May 2022 15:43:39 +0200
Received: from XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Sun, 1 May 2022 15:43:39 +0200
Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.174) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22 via Frontend Transport; Sun, 1 May 2022 15:43:39 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kVQROww14dNSqBWfLhhZpiN9+/GjtScOnEjpBGqKWGWcCV2eXwvQpyzjTj8xwpHYB8DFjPjgObdtYjWD/KsyHECQ4gJUoXWpdvfjBeeb67CRNmXa+CM9B0FuuWKlI2wTqWKSLXzV+0uwz7njJnIrQJWa03NygzgCKKwjPlAKCcTVHq3WBrdHY+xSvnKAyw/8/0aPIdvptMdqjpYoLr2DAPaBRU+iXNHiCwgAH+/aUWkWyEXlODJZWbKh06BH0Qy/7IL2NBYux84DVvxNp6FS4rUedXwPVOZQqSmCn/4lgsl3lT+qS9J7nmbd2wm4O83JNYKkH4z6e82ekDR5D1LNdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mZ6TCfiF/tUgZSUIDIhnOpQGPlUO05qEFibbmhAxYU4=; b=BB96SQ+w5e7sJdqcte529LQUNzjmQKX4uW71uV6K1mrTvscnfOJAV+8WefxS3QeaUqmnoTmZosy/lgPMAJYCKDtfc5x2XJ7T9Upeq/DC7nMglDjP8n1Enh2tTBYK4dbIObbQA/SQIL3vx7bGKLoDxxVtv0jNge5yu2X2zSi1CwKQW0P4zudU1BKRgpWnds/pN+mcR9AL36qdbgO7/ehsoPUU6NamjFjiLFkPQDhOa/0X42knjtIo+1cktW1rfaDb8D8xH4cxuDGCd9fAIfm8fKtPdFw7qIOGBcv1HyjL2TBxFFAfAGs9APnA8mOC7B5a4wTtN44clzWKmSONRYK1Kw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mZ6TCfiF/tUgZSUIDIhnOpQGPlUO05qEFibbmhAxYU4=; b=bsAOgIqEiSWYLKzbNc/AdxrCfkC/NTaE5AOKdHnmPRPO8vRbe7m01B82s/9NMS2eNHXiusIUwV+ERe2+6NLxlfBxg7BxYzUx7PrMVnmA1P2xGlt4iXKu05Cm51e9t3wIADFmRbYOAezC80A8XPjDhFxQucqz0XOtV8LRd9cPV5g=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13) by BE1P281MB1970.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:31::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.6; Sun, 1 May 2022 13:43:38 +0000
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::da:ad1c:9684:48f7]) by FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::da:ad1c:9684:48f7%8]) with mapi id 15.20.5206.014; Sun, 1 May 2022 13:43:38 +0000
Message-ID: <5f37ddb4-3380-a440-48f7-a2363bb6f005@sit.fraunhofer.de>
Date: Sun, 01 May 2022 15:43:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: Laurence Lundblade <lgl@island-resort.com>
CC: draft-tschofenig-rats-aiss-token@ietf.org, "rats@ietf.org" <rats@ietf.org>
References: <82f684aa-4f01-a473-c648-f3c7ff534cf8@sit.fraunhofer.de> <CE8AEDD2-3CC6-467E-90CD-A0B52D95D6F4@island-resort.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <CE8AEDD2-3CC6-467E-90CD-A0B52D95D6F4@island-resort.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AS8PR07CA0002.eurprd07.prod.outlook.com (2603:10a6:20b:451::31) To FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 52b205b0-3493-4f88-1e30-08da2b78985c
X-MS-TrafficTypeDiagnostic: BE1P281MB1970:EE_
X-Microsoft-Antispam-PRVS: <BE1P281MB197045A96948B2C9C66CCE95A8FE9@BE1P281MB1970.DEUP281.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: lCgxn25npp25G5BnQtGTlXmSgZTKkX9RCRVfaFb6oioTZhceSudTg93IIw6te8StjzB3cI9D5gjWXOp7SOmyLHI6WtASzAeA9HEcTpmG/4myI23UejAGJyPwFV2WJIZpSB0/tGzZrE4c2mxgqK+dr1PhTBWrA6jRrCCOfLhT1BNLoDYcJ5jhpCx5TqullSbAmW93jSoF14aLKrXK8jT7bOIxq/3XlMeYNybWcG+t0FI4csTb25SBT3fewONll5pck2NvCGx4lx8R4DuXH60rSh7B0uRclAqN+pjCcFb0OOKVSGay8P+JvzgXbjZwMFhSFOXJkhYPsd3T+w0DwggEZKPfabkBQfOVFL4maX2PXBlbfwAvuVdIUim330VQWMrymWVrPraMBmIuk2gFgycM8t8psG7M0oiE27pDbubfR0vCmyA28SVYANjy4jFUWa0i/JBF0kzTVCjELxURVx+B08qbVFx0SvHLQYcRrYgyJ0Wl7SSnveyT2w+4E/px4Pfxzn4c6OOBoAItQ1wFEMGu7XRvTYHkOCLhqgX4S2aq1x+AX4YiPBcpSGVFSFj4tO+bf6n5Vawm9uhCZ4Ujcjh+WzEuPz0Bq1iBSqkVfhz8uan+BK6ZjVDOFP6QLUqR6lYaZuQBUZHXkKladyrCIDiJBI5Oaj7pUY4KKaoS3iQM0AZZyrORT8pE1vzjH0DN7fTARglFHIsK1gUgYKuBvaxDkfhqNF+qWBxLzB6VF3ehb0tpR9Sk7SncuRcwOAXP4zSd/5BIeuWvKPcm50ahvkJjQrQVEpkQM/dkjmBJO3nztg/3CAcfrA3TbHMKNlBCeNUizUhKaYYkn8+fV5UnqUBzLwoPrUPDbusgntgcHU7Zlfs=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(66476007)(66556008)(66946007)(8676002)(2906002)(4326008)(52116002)(8936002)(38100700002)(5660300002)(508600001)(44832011)(6486002)(966005)(6666004)(82960400001)(186003)(86362001)(31686004)(2616005)(6916009)(83380400001)(316002)(31696002)(6512007)(6506007)(53546011)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: NDSajAWZmym9y57yU2sPfBESdHDEtj2KaKl3JzP63U/TS3G/Lmf+fm0+WNuy6Xefm2oom439mJ61e0h5jByGheloJuzX8hKxXsFj8+XLKVVASLFzzbicP9TjivaEL+K3m41yd4MfYqZgKpXxsicwqOSQYzIdygIj9pv3fimx7CnTwpRPtuMd4MheGOQ08oOkzek/4jxsncWJB+MDxzHRBh5sE+xMagsHJwvtqYTuPJYrZ7uyMGwylV+wiCdNXV9ayxHVeXo+Xpo2+xf+7/sdT02gCsYLU1hnz6RVpFCccRYNC2mN+BCeQ+s7YgxxCK7Rr3esQgkDov0l8ZbwiIzdp/X6loIBszVL6E27jvVA+zqW+V7oNJBlHwhB6N44sfGkj0nLUda4cax4KIxhVjDi6J3zZCLQ/A2UI2AkJnEubR9qUG1P1gZH8ODzWz1DVVEpKpB7WfhJ2dOBvnDrl5G5hKGRp/32GMORd8PdwWuvRSkfE+XbAtxzQ2ub5k41c2NOZHCJ5KxrELp++o7GUvdFNY2aZZ2+2VqV6hPmZ1yyggjMjddyrkF9rXE3miDO4RPyXwpT0/520Mz6FK1v3rBDc+xD9mxNTuByrDfL4QJgnNv1oyrY1Fye4SyJcqANh6NDgeyQ0F0J5dbbRV6jlP0k9L6qMHdmgGs2PDv9UDuR7woe3E3p7sXQOFiANAvC3fn4ijQukpVLmxqD3q8FO/Us1ijUKlflg9EVHGDKq+FmRY8imu+0nubhrN0g5bWaZ80zwLsze2Ba/i1dfZGqQB8z8+ZaYQI1CUqYOdjgpKbXeYEp7PLLZeepNhy7uMROyW2Q9xtE5Z+YecDsVDZ29cdBXas52SH5+qchv5o2qUXoirXPMqm17Bi/X2PSdyv+1qhif5J3ILRXf0H4gFjBSYwHkIzR4x7L8CSDLqeWBlRO9ZTLRx9u57jzo4Ph54Tb2QF90w1pKgB4SaEyOV1YONNiblkVRfR2uMBgrYl4DnCqc1B2EAzO/pQEcfi9iR8vg3CJI3cbItTnwuvllS+UKzDWaQ6fGThy3uwonan4yVGiFUPn9vI3PXDKRecnVp1utk4s9DP9r1lyy4LJ+qURvlZ90N/nJCBIaGFXwWRStAS2GYPMl0RA3TGrKFJr1HdTL5QFqMFzTGLTdyysGNhPWMJAbp7d9W8mxlm7LJlsbxNz7ddccATIOiJnmHZ0Zq1qCp/loS55/TkDVDadJSx9MhrguRE11wYLGNO+/dVSkWCCOYJYvWMkA34qnZWkf0C10IIIqSF8QwICL6/P9bLJM0nRuo6WRT1EI/4v018LCvyHTTDt4oFqXiEdYsDq804TIf6BbRqLjfOMu092Oh8Go7yy54EzBODF/Z90W2uJ0fqw74AY1OQIoqdzhs27Wxitlt2iC0ohWG5nkEnMUYsju6k0zrlhneJXveWLG6XDXlKawcXbJRdtuvqxvCbwPn9Zwx+Kd3XLxeafCHyoVLvC/FQdwK250coI7qllN8m/vrk9W+1q2LtILU3eEpXBFw6FI6Vgca1Fjo1DmYU2yPYYfgNWVO8BIlY/nFCOGN9wBeR1JUEMPJa9yhFjDnT+u2rV3wYZxIaX0gous9O03LTq1xiKCXP+1XYdAn7ewlhF0KAExOYcXqzGyXUehR5rDVzt4gp9gRKMNBn21QQMyomFviB1bvMhdnGYmmt28Q/L5FhMiaml4ZysQhP1Y1LlPVVMTQ7pk/l8sKCsPLBwcql239V8ZZSLUtUB8aRqvc702/43d29uw+Z+vWrXJ1LXYqt+0ZQRjUGkLCEF
X-MS-Exchange-AntiSpam-MessageData-1: XjoXgLvBSAHsVgiPKjoNUjPRtkyNKvtHbnqhO4j0ApUF/ucnh92Wk94H
X-MS-Exchange-CrossTenant-Network-Message-Id: 52b205b0-3493-4f88-1e30-08da2b78985c
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 May 2022 13:43:38.0308 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: iWbON++H4HD3XabkLd+sI9F1ETNiXPVQ5gq3ZNi1j63J4dugbmozIzHDMuktAbChX3Lw0/Aaa5IplIhYihd+o+T8zTMMNMRrJkC7N0Xi86U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE1P281MB1970
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Q0zBNvpI33ygEKQoj2aQHpZjXeI>
Subject: Re: [Rats] Early feedback for draft-tschofenig-rats-aiss-token
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 May 2022 13:43:54 -0000

Hi Laurence,

on a more generic but related topic. I think any CWT can use any EAT 
Claims, in general, as somehow we arrived at the decision to use the CWT 
Claims registry for EAT.

Even, if we would miraculously progress at some point to the next step 
at which we discuss adding columns to the CWT registry that indicate 
which Claims can be used in RATS Evidence and which can be used in RATS 
Attestation Results, it is not prohibited to use any kind of EAT Claims 
in CWTs - already, today. EAT Claims would just serve well-defined 
purposes in CWT and come with EAT-specified requirements how to use them 
in CWT, because that is how the EAT I-D is worded today.

Hence, even if AISS token where not EAT (which they clearly are), they 
don't have to be EAT in order to use EAT Claims as they are in the CWT 
Claims and AISS tokens are at the very minimum always CWTs.

And yes... this is where we arrived at.

Viele Grüße,

Henk

On 30.04.22 02:39, Laurence Lundblade wrote:
> My read of this doc is that it is a definition of token format like an EAT, that borrows some claims from EAT, but is not an EAT.
> 
> If it was an EAT, or a profile of an EAT, it would say so up front explicitly.
> 
> Since it’s not an EAT, you can’t rely on what’s generally defined in EAT. For example, you’ll have to write your own security considerations, say if/how additional claims are registered, say what the relationship to CWT is and such.
> 
> LL
> 
> 
> 
>> On Apr 29, 2022, at 1:37 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>>
>> Hi authors,
>>
>> considering this is a -00 it was a quick an comprehensive read. I am aware that in this state the document is basically a list of Claim definitions and corresponding CDDL.
>>
>> A few questions and comments:
>>
>> 1.) It seems that an AISS is Evidence as it is consumed by a Verifier and reference values and policies are used to appraise it:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-7
>>
>> As "Verification" is a bit of an ambiguous term nowadays, I'd recommend to rename Section 7 to "AISS Token Appraisal". Also, I would clearly state that an AISS token is Evidence early on.
>>
>> 2.) The colloquial term "verification service" is used in:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.3
>>
>> which currently only implies that that is a Verifier conducting AISS token Evidence appraisal, I think. Just defining what a verification service is (see 1.) would help as there are other colloquial terms that mean the same thing, such as attestation service (which also are ambiguous).
>>
>> 3.) Are the reports mentioned in:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.4
>>
>> self-assertions or Evidence or something else? Are they produced by a RoT or a higher Attesting Environment? Are these states Claims that can be collected from Target Environments that are "the silicon" or are they derived in a different manner?
>>
>> 4.) I am wondering which Attesting Environment is supposed to produce the AISS token Evidence. In your definition of a RoT (Which I'll come to in the next item) it is highlighted that a boot loader can be a RoT, which would imply in that example that the bootloader is the first Attesting Environment in layered attestation.
>>
>> Is the first Attesting Environment always the producer of an AISS token or can later Attesting Environment also do that? I am asking because, if you look at the scenario from a certain angle, it seems as if the Attestation Environment (bootloader) would collect claims from Target Environments that would be the parts of the Silicon. Is that correct?
>>
>> 5.) What's the intended output of an AISS token appraisal? Theft and Overouse seem to be two characteristics as stated in:
>>
>>> https://www.ietf.org/archive/id/draft-tschofenig-rats-aiss-token-00.html#section-3.6
>>
>> Are there others? I assume that determining certain Attestation Results is the whole point of producing AISS tokens in the first place. Defining those categories of outcomes seem to be in-scope?
>>
>> 6.) In March Kathleen advised the RATS WG to include an explicit definition of Root of Trust in the RATS architecture. AFAIK, that is that only remaining open issue with the document. Maybe we can collaborate on that definition as you started one here and I don't think it's an awful definition? :o) That would be cool and hopefully move the RATS architecture, which seems to be stuck for quite a while now and that issue might have been the reason.
>>
>> 7.) I like how most of your Claims used/defined are matching the layout of CoRIM :-) (obviously) and thanks for naming it AISS and not AISST and therefore avoid calling them AISST tokens later :-)
>>
>> Viele Grüße,
>>
>> Henk
>>
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email