IETF Logo Mail Archive

Re: [Rats] Call for 111 RATS presentations

Laurence Lundblade <lgl@island-resort.com> Fri, 03 September 2021 23:47 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2499D3A0ADC for <rats@ietfa.amsl.com>; Fri, 3 Sep 2021 16:47:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cRqs7lwINpck for <rats@ietfa.amsl.com>; Fri, 3 Sep 2021 16:46:57 -0700 (PDT)
Received: from p3plsmtpa06-04.prod.phx3.secureserver.net (p3plsmtpa06-04.prod.phx3.secureserver.net [173.201.192.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A9473A0AD9 for <rats@ietf.org>; Fri, 3 Sep 2021 16:46:57 -0700 (PDT)
Received: from [172.20.10.7] ([174.243.180.203]) by :SMTPAUTH: with ESMTPSA id MItZmBkFtSvlSMItamZsSq; Fri, 03 Sep 2021 16:46:57 -0700
X-CMAE-Analysis: v=2.4 cv=fcZod2cF c=1 sm=1 tr=0 ts=6132b3f1 a=onxs93DgXcdq1E7bQUS9Uw==:117 a=onxs93DgXcdq1E7bQUS9Uw==:17 a=QyXUC8HyAAAA:8 a=7ypL8OzK1dEQb4dDE4kA:9 a=QEXdDO2ut3YA:10 a=F5QqWTPFPRFMoMOBCBwA:9 a=DfzoQTsiy8YwPm4V:21 a=_W_S_7VecoQA:10
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <51E0A120-F5F6-453D-A078-09778A75D9F1@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9684C279-8ED9-48F1-8A67-BF3144F2ABC2"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Fri, 03 Sep 2021 16:46:53 -0700
In-Reply-To: <4931D75C-EAA7-4111-9241-AC8B660B7D4B@intel.com>
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Brendan Moran <Brendan.Moran@arm.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, "rats-chairs@ietf.org" <rats-chairs@ietf.org>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
To: "Smith, Ned" <ned.smith@intel.com>
References: <F76B4F71-616B-4111-8570-3B0433EF7272@intel.com> <MW2PR2101MB093822047D53C6A8AD15AED7A3E49@MW2PR2101MB0938.namprd21.prod.outlook.com> <22743.1630510372@localhost> <3A89EB54-4335-4D64-ACD8-7AA75C641AAE@intel.com> <33dd2eb5-8d7f-777a-6118-419d55e25709@sit.fraunhofer.de> <6B26C74E-C2F7-4187-A974-C78B4B877F31@island-resort.com> <4931D75C-EAA7-4111-9241-AC8B660B7D4B@intel.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-CMAE-Envelope: MS4xfKkmoGJxb9V7NW2OSLVhcGF5DzHGZdIdZ5fIlrQzHgvu0rs/+Dr1QvniXcLO+lfMsLgWzlvmZPeb/gId17LqPtI+Thun26ZCm+53Ypm4iUFtBlXFVI3h SaHI0nioqDIKyinvbj4M1dWppaIuV9xt1hBM7a310dIbc5ihi89s/O7YKYYtSlgZQ+1hT97UT5sysc+adTunUXBk1w3JduOY9M/8MrS7tpcUttx7UzKSSPv2 8HbjKH5tlOw9lDunIpUti83Im6EawIpb2ePqUJ+jTHfMapCjHLqZ/7CLtHGasE8a1vXrOYdT1XO0uHDngOd398CfOHm+HvQmtZ3T5JcK9Y/Q+0l/bqom9hco DVT3cLkdzxGqi97OcNSfU8MaRQ/6G/M/K0KVVU1uzexG7JiJp2Jnrh/q+33hmSocCqxkF8Pv
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/QkG1MKANMfQbJpk4U8n7Jjj6HsA>
Subject: Re: [Rats] Call for 111 RATS presentations
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 23:47:03 -0000

> On Sep 3, 2021, at 3:29 PM, Smith, Ned <ned.smith@intel.com> wrote:
> 
> > version
> > I think we need more details on this to know what to do with it.
> > 
> > —> At minimum rename it so it is not just “version”, so the claim name says what it is the version of.
>  
> I think this point raises a bigger question. “To what do any of the claims pertain?” Today EAT claims are tag-value tuples where the tag “version” is followed by its value. An EAT claim set is a list of tuples that describes something, but that something isn’t named. 
>  
> Possibly, some of the other CWT claims could be used to do that? For example, ‘sub’ could identify the Target Environment but ‘sub’ is pretty open ended in terms of what it could contain. By contrast, a SUIT manifest relies on vendor name, class identifier etc… In the corim schema environments can be identified by a class identifier or an instance identifier (such as a UEID). The association of a set of claims to an environment should be a central aspect of what we’re trying to accomplish IMHO.

Hi Ned,

I’m not too worried about this. I think of the CWT/JWT registries as a smorgasbord/mall food court/dim sum of claims for anyone to use for any purpose they wish. The receiver distinguishes the use by context. In one context it might be an authentication token, in another an attestation token. It’s perfectly OK for authentication tokens to use attestation claims. This seems to be the way CWT and JWT work now.

I’m asking that the claims defined for SUIT have SUIT-specific names so no one looks into the CWT/JWT registries and thinks that the vendor-identifier claim and such are intended for identify a vendor in every/any context that a token is every used, that this is THE universal vendor identifier for ALL hardware, firmware and software.

Trying for just a little bit of order in the CWT/JWT registries. :-)

We also have EAT profiles to help manage chaos here. Maybe there should be an EAT profile that says how attestation claims apply to SUIT?

LL

v2.23.0 | Report a Bug | By Email