Re: [Rats] Some Feedback on CHARRA

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 17 September 2020 13:35 UTC

IronPort-PHdr: 9a23:Ec50Shz/kH9GnBnXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5ZRWPt/dwil7RUJ+d7f9Y2KLasKHlDGoH55vJ8HUPa4dFWBJNj8IK1xchD8iIBQyeTrbqYiU2Ed4EWApj+He2YkpIHsfmakeUpHCuvnYeHxzlPl9zIeL4UofZk8Ww0bW0/JveKwVFjTawe/V8NhKz+A7QrcIRx4BlL/U8
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: William Bellingrath <wbellingrath@juniper.net>, "Panwei (William)" <william.panwei@huawei.com>, "draft-ietf-rats-yang-tpm-charra@ietf.org" <draft-ietf-rats-yang-tpm-charra@ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>, Guy Fedorkow <gfedorkow@juniper.net>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: Some Feedback on CHARRA
Thread-Index: AQHWjIriKmzfPwcJPUWXromKK8WsGqlstl6w
Date: Thu, 17 Sep 2020 13:35:20 +0000
Message-ID: <BYAPR11MB312545BC744011896210E77AA13E0@BYAPR11MB3125.namprd11.prod.outlook.com>
References: <310DFF58-AF27-421D-8A2E-B168419FD155@juniper.net>
In-Reply-To: <310DFF58-AF27-421D-8A2E-B168419FD155@juniper.net>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=b18da99a-7536-4773-9c7f-130cb86a020e; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-09-16T23:57:48Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only;MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true;
authentication-results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1af8bcf0-7aa9-4475-0643-08d85b0e85a3
x-ms-traffictypediagnostic: BYAPR11MB2936:
x-microsoft-antispam-prvs: <BYAPR11MB2936E86E58DF8E206D80C91AA13E0@BYAPR11MB2936.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /aFbOA9D6EpAhLLOgCBG4r5alyZ0wmNM5GtnQDcwwvf3SEo7OfEaNqjkMjFZS8slveBYejvs/c8qDpCSbHsw4RWqM7G7klosU6EpZDUpPH2D038Ca22ZVCNzCSeM2h5KWJ67oIDAJPTWUADZ9xF2L5EhnzeWqnaUhZtGJXDGACstOETnuUA0TsZgXn8HfGFbHESUMC9y0RCgY7LqJN8elO4lHlsZdiUb46LAdqB+6QgNwuYnDHWbxn0vOSdrj+ctsa0xB7B+EDmSvMLT1UtnymWAy5WSJG7qkcyJpyD3vjmyT56qnqODzpuHKnUlqfM4JlsepR+0bsvZjTEhi9rnTI+u6MX7X/NKFMhpOCCrW25EzXdG8/SMJljOV6IvgWwCn8YFiyxgchUZ3cuzf0wk2g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3125.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(366004)(376002)(136003)(346002)(39860400002)(26005)(71200400001)(7696005)(5660300002)(478600001)(966005)(8936002)(110136005)(54906003)(86362001)(3480700007)(99936003)(66946007)(76116006)(66556008)(64756008)(66616009)(66446008)(33656002)(83380400001)(186003)(2906002)(66476007)(4326008)(55016002)(9686003)(52536014)(8676002)(316002)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 8EE8vclK4OmqvYXdlq0rpBMoSVezooiwpZUTG+9GOylPZB5Z9VNCqmP0VRbTAjR+gAXlkLnu2ICLoUsCGSgQn8DlzjxLZQspNJt0kSVOfuxgHA8lRXigYQl3UgQxu0b7G6JSGGEmCCoNvjRPTF4xcsX+g5IrDl3KksrVe85tWjQL3JjLG/F0qtGoc1tCtUagw17GSyMPiA/13I2EdDghjY++aox3sVCKM6X/6i+CAeD+yx5mqdpJgbeq8Yz/2C/qT0D5JtAyGpK6zq/XKIsgSRcufrznZjb8aCGnt0Tzj6SWb7iCVjPlr+jlEeuv85pEmY4Mh0GKAu9c2FHg8juFhv7k20UzDV0O8BmMgEGKIDPxlmDkrFWiJ6X5S6GB3IGkcibH/95iADdaVNuN7TJqWg2gnDQOnpbsgMLLHad3P3V9Tpi4Qh8291qtRTuyfzkhUFU7sddCn4HlsrgRPjEkV5ZCeWQdmqJZFieORwbKypNEv6Ncm/FTY9Wgup/1CmheNmFVC3y1lz+OhCiKdGadzfQw8QUUkNoO8fwSh4+YsnAOSOQaqYB1hrXkfMrRFz5P2jjD90pfhAJu+WNQqbGtRp15IzyyWlaALRcRQbUaQG+U7uvAn6YhZCbA/FQfYYXgPQ4RL53H7I6uMX8QV5x+WA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0029_01D68CD5.C3831A00"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3125.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1af8bcf0-7aa9-4475-0643-08d85b0e85a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2020 13:35:20.1499 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YKgC7p0+nxL02cZiU8nGbtg+HV6BFYOlls/1RUv29edwz9vEWAe2MvO+j1pwEPDa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2936
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/SAGGPIjDm16OJQ1Y3OVeKf2JrA4>
Subject: Re: [Rats] Some Feedback on CHARRA
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 13:35:26 -0000

Hi William,

Thanks very much for the suggestions.  Thoughts in-line...

> From: William Bellingrath, September 16, 2020 8:39 PM
> 
>  Hi all,
> 
> We have been discussing the CHARRA yang module, and I would like to float
> back some feedback and recommendations from my colleagues.
> Comments are predominantly aimed at naming conventions, or ease of reading,
> and are just suggestions.
> 
> 
> 1.
> module ietf-tpm-remote-attestation {
>   namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation";
>   prefix "tpm";
> 
>   import ietf-yang-types {
>     prefix yang;
>   }
>   import ietf-hardware {
>     prefix ietfhw;
>   }
>   import ietf-keystore {
>     prefix ks;
>   }
>   import ietf-tcg-algs {
>     prefix taa;
>   }
> Recommend these prefix names changed to something easier to read.

IETF YANG conventions are to have short prefixes.  As noted in RFC 8407, Section 4.2:
"Prefix values SHOULD be short but are also likely to be unique."

This was recently revalidated in an IESG review:

https://mailarchive.ietf.org/arch/msg/sfc/miYTals3g56kSV34Igrm83Pw_Xg/
"Prefix ietf-pot-profile is cumbersome - 3-5 characters is more than
enough for a prefix"

> 2.
> ...
> must "/tpm:rats-support-structures/tpm:attester-supported-algos"
>          + "/tpm:tpm20-asymmetric-signing";  ...
> 
> Recommend adding an error message or description with the “must”
> statements.

This makes sense.   I have added.   

> 3. For all identity naming, recommend using '-' instead of '_'.
> E.x. grouping TPM2_Algo, grouping TPM12_Algo, etc

Change made for all identities in CHARRA using '-'.    

> 4.
>       leaf revMajor {
> …
>       leaf revMinor {
> …
> Recommend renaming these to ‘rev-major’ and ‘rev-minor’

Change made.

Current state of YANG model based on your suggestions above is in a pull request at:
https://github.com/ietf-rats-wg/basic-yang-module/pull/16/commits

Eric

> Thanks,
> William Bellingrath
> 
> 
> Juniper Business Use Only

Attachment: smime.p7s

[Rats] Some Feedback on CHARRA William Bellingrath
Re: [Rats] Some Feedback on CHARRA Eric Voit (evoit)

Re: [Rats] Some Feedback on CHARRA

Attachment: smime.p7s