Re: [Rats] Some Feedback on CHARRA

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 17 September 2020 13:35 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A7D13A07CE; Thu, 17 Sep 2020 06:35:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.621
X-Spam-Level:
X-Spam-Status: No, score=-9.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=H1BUYiuK; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=YyWUkuHb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CR1FnMCNtbSv; Thu, 17 Sep 2020 06:35:24 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DA783A0365; Thu, 17 Sep 2020 06:35:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7968; q=dns/txt; s=iport; t=1600349723; x=1601559323; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/3rY7HEONEflagjbYpl/uSwdqbmhS2rb7NGSPEnro9g=; b=H1BUYiuK1U3lyU6JHRMRQruCxZiVqE7oCLAPc7o35ghjPfT2aYIeV+4u RKG6JToKfABg7xJFuoN3V1AZLGT3Z0MGXF8vdNmRWsHYFo0R0B4EzUjoB XkaoUKzAwWWPUopAwUZOAujb3/hW7Sv/OGAjTeIWaT2HPOXPulfFEJQgu I=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3AEc50Shz/kH9GnBnXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5ZRWPt/dwil7RUJ+d7f9Y2KLasKHlDGoH55vJ8HUPa4dFWB?= =?us-ascii?q?JNj8IK1xchD8iIBQyeTrbqYiU2Ed4EWApj+He2YkpIHsfmakeUpHCuvnYeHx?= =?us-ascii?q?zlPl9zIeL4UofZk8Ww0bW0/JveKwVFjTawe/V8NhKz+A7QrcIRx4BlL/U8?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B6CAD1ZGNf/5NdJa1WCR0BAQEBCQE?= =?us-ascii?q?SAQUFAYIPgVJRB3AsLS8sCoQvg0YDjXOYc4JTA1UEBwEBAQoDAQEjCgIEAQG?= =?us-ascii?q?ESwKCJgIkOBMCAwEBCwEBBQEBAQIBBgRthVwMhXIBAQEBAgESER0BATcBBAs?= =?us-ascii?q?CAQgOBy0CAgIwJQIEAQ0NBhSDBYF+TQMOEQ8BDqonAoE5iGF2gTKDAQEBBYE?= =?us-ascii?q?zAYNqGIIJBwMGgTiBU4Eeg2mGUhuBQT+BEUOCTT6BeWMCgTMugxUzgi2TL5J?= =?us-ascii?q?ykQoKgmeERIJfgVKRdYMJjzKOQpJ1imGVFwIEAgQFAg4BAQWBayOBV3AVgnA?= =?us-ascii?q?BATJQFwINjh+DcYUUhUJ0NwIGAQkBAQMJfIsfJ4EMAYEQAQE?=
X-IronPort-AV: E=Sophos;i="5.76,437,1592870400"; d="p7s'?scan'208";a="735605681"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Sep 2020 13:35:22 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 08HDZMWR021773 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Sep 2020 13:35:22 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Sep 2020 08:35:22 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Sep 2020 09:35:21 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 17 Sep 2020 09:35:21 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nHdTj5j/z6V2L605CXK3sOnQtA6jGv5Rm5yYHjKSYwvxbPcqJroOyTTCSx8Bsc8nDxE1tciei4nszWjmf1QYky03Gl9a1rGVriVDWAtVSyrsXYcUc/7TF2mjMOaeO0wKzBL81mTp8Qwk7nl/EzWR+fNP1fMlsWk67QnVjwtVHv3scJChklkb4akyq7CkH7hP2UP+qDIvOjxGW1IU+jvKqkrVM+JIKus4YtesofxPihYCT78jjQwCQJaSyhoQDZoqu6rd1r1XgMHyq62dBITYTJODOi/+bXzL0cenbt/jvQWhRITEiUaV0CzxMvRfnsi/Ljyu1ZPxcBMff/4VB59kgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TxheyXrbMeqRYgJwVAC2fbu3ZL/boEB/+ZbBYpOPdJI=; b=atKsMjjBTBUAnd8by3m7+y2GkrD2i4AS60wjg7ai6sYoDRNpvzZ5g+qnl80OKbumsuP0c2YEX5T0M1MW7IBXVqj+DXjWoFyUr9tWxbmtPa+3a8yjflDeeqXQGGIlXGk/k03364H4kGhOkp7qBa/LGKbwRzbyB9G9ojTmd/G/oDPWRnenMpIjp0ElsYi4d7TK3KOausAVfgHuvczsR4aooKjrqO3x7XzDtPWsnjX/sagKpmmVTuJ+HtSQCgm96bZOR9nu9T23zKwto/DqgfiHj3hS3z1CIC9ekYTs3OJYOQUWwNZIqb25H4QSADzg9a/p65HAT020YWpUHseJ/rby8A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TxheyXrbMeqRYgJwVAC2fbu3ZL/boEB/+ZbBYpOPdJI=; b=YyWUkuHbzwsXhkKCG0pTGzwdi5XV/0IUaTdRGIaYWdCmdZH6FGOa97ESbXdl5WWIUHlr1CYeWxsZLf68mKPqPgO4j/w7DkM4RfMCO1XzXCBz37juLSFnm/0Z3o+OG9sibFE0b0I9jOyTZW5ws4PsK7wK5NSiKw19oGecVAagA04=
Received: from BYAPR11MB3125.namprd11.prod.outlook.com (2603:10b6:a03:8e::32) by BYAPR11MB2936.namprd11.prod.outlook.com (2603:10b6:a03:8c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.25; Thu, 17 Sep 2020 13:35:20 +0000
Received: from BYAPR11MB3125.namprd11.prod.outlook.com ([fe80::840c:3c2f:3b4:e2b8]) by BYAPR11MB3125.namprd11.prod.outlook.com ([fe80::840c:3c2f:3b4:e2b8%7]) with mapi id 15.20.3326.025; Thu, 17 Sep 2020 13:35:20 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: William Bellingrath <wbellingrath@juniper.net>, "Panwei (William)" <william.panwei@huawei.com>, "draft-ietf-rats-yang-tpm-charra@ietf.org" <draft-ietf-rats-yang-tpm-charra@ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>, Guy Fedorkow <gfedorkow@juniper.net>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: Some Feedback on CHARRA
Thread-Index: AQHWjIriKmzfPwcJPUWXromKK8WsGqlstl6w
Date: Thu, 17 Sep 2020 13:35:20 +0000
Message-ID: <BYAPR11MB312545BC744011896210E77AA13E0@BYAPR11MB3125.namprd11.prod.outlook.com>
References: <310DFF58-AF27-421D-8A2E-B168419FD155@juniper.net>
In-Reply-To: <310DFF58-AF27-421D-8A2E-B168419FD155@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=b18da99a-7536-4773-9c7f-130cb86a020e; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-09-16T23:57:48Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only;MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true;
authentication-results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1af8bcf0-7aa9-4475-0643-08d85b0e85a3
x-ms-traffictypediagnostic: BYAPR11MB2936:
x-microsoft-antispam-prvs: <BYAPR11MB2936E86E58DF8E206D80C91AA13E0@BYAPR11MB2936.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /aFbOA9D6EpAhLLOgCBG4r5alyZ0wmNM5GtnQDcwwvf3SEo7OfEaNqjkMjFZS8slveBYejvs/c8qDpCSbHsw4RWqM7G7klosU6EpZDUpPH2D038Ca22ZVCNzCSeM2h5KWJ67oIDAJPTWUADZ9xF2L5EhnzeWqnaUhZtGJXDGACstOETnuUA0TsZgXn8HfGFbHESUMC9y0RCgY7LqJN8elO4lHlsZdiUb46LAdqB+6QgNwuYnDHWbxn0vOSdrj+ctsa0xB7B+EDmSvMLT1UtnymWAy5WSJG7qkcyJpyD3vjmyT56qnqODzpuHKnUlqfM4JlsepR+0bsvZjTEhi9rnTI+u6MX7X/NKFMhpOCCrW25EzXdG8/SMJljOV6IvgWwCn8YFiyxgchUZ3cuzf0wk2g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3125.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(366004)(376002)(136003)(346002)(39860400002)(26005)(71200400001)(7696005)(5660300002)(478600001)(966005)(8936002)(110136005)(54906003)(86362001)(3480700007)(99936003)(66946007)(76116006)(66556008)(64756008)(66616009)(66446008)(33656002)(83380400001)(186003)(2906002)(66476007)(4326008)(55016002)(9686003)(52536014)(8676002)(316002)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 8EE8vclK4OmqvYXdlq0rpBMoSVezooiwpZUTG+9GOylPZB5Z9VNCqmP0VRbTAjR+gAXlkLnu2ICLoUsCGSgQn8DlzjxLZQspNJt0kSVOfuxgHA8lRXigYQl3UgQxu0b7G6JSGGEmCCoNvjRPTF4xcsX+g5IrDl3KksrVe85tWjQL3JjLG/F0qtGoc1tCtUagw17GSyMPiA/13I2EdDghjY++aox3sVCKM6X/6i+CAeD+yx5mqdpJgbeq8Yz/2C/qT0D5JtAyGpK6zq/XKIsgSRcufrznZjb8aCGnt0Tzj6SWb7iCVjPlr+jlEeuv85pEmY4Mh0GKAu9c2FHg8juFhv7k20UzDV0O8BmMgEGKIDPxlmDkrFWiJ6X5S6GB3IGkcibH/95iADdaVNuN7TJqWg2gnDQOnpbsgMLLHad3P3V9Tpi4Qh8291qtRTuyfzkhUFU7sddCn4HlsrgRPjEkV5ZCeWQdmqJZFieORwbKypNEv6Ncm/FTY9Wgup/1CmheNmFVC3y1lz+OhCiKdGadzfQw8QUUkNoO8fwSh4+YsnAOSOQaqYB1hrXkfMrRFz5P2jjD90pfhAJu+WNQqbGtRp15IzyyWlaALRcRQbUaQG+U7uvAn6YhZCbA/FQfYYXgPQ4RL53H7I6uMX8QV5x+WA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0029_01D68CD5.C3831A00"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3125.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1af8bcf0-7aa9-4475-0643-08d85b0e85a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2020 13:35:20.1499 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YKgC7p0+nxL02cZiU8nGbtg+HV6BFYOlls/1RUv29edwz9vEWAe2MvO+j1pwEPDa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2936
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/SAGGPIjDm16OJQ1Y3OVeKf2JrA4>
Subject: Re: [Rats] Some Feedback on CHARRA
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 13:35:26 -0000

Hi William,

Thanks very much for the suggestions.  Thoughts in-line...

> From: William Bellingrath, September 16, 2020 8:39 PM
> 
>  Hi all,
> 
> We have been discussing the CHARRA yang module, and I would like to float
> back some feedback and recommendations from my colleagues.
> Comments are predominantly aimed at naming conventions, or ease of reading,
> and are just suggestions.
> 
> 
> 1.
> module ietf-tpm-remote-attestation {
>   namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation";
>   prefix "tpm";
> 
>   import ietf-yang-types {
>     prefix yang;
>   }
>   import ietf-hardware {
>     prefix ietfhw;
>   }
>   import ietf-keystore {
>     prefix ks;
>   }
>   import ietf-tcg-algs {
>     prefix taa;
>   }
> Recommend these prefix names changed to something easier to read.

IETF YANG conventions are to have short prefixes.  As noted in RFC 8407, Section 4.2:
"Prefix values SHOULD be short but are also likely to be unique."

This was recently revalidated in an IESG review:

https://mailarchive.ietf.org/arch/msg/sfc/miYTals3g56kSV34Igrm83Pw_Xg/
"Prefix ietf-pot-profile is cumbersome - 3-5 characters is more than
enough for a prefix"

> 2.
> ...
> must "/tpm:rats-support-structures/tpm:attester-supported-algos"
>          + "/tpm:tpm20-asymmetric-signing";  ...
> 
> Recommend adding an error message or description with the “must”
> statements.

This makes sense.   I have added.   

> 3. For all identity naming, recommend using '-' instead of '_'.
> E.x. grouping TPM2_Algo, grouping TPM12_Algo, etc

Change made for all identities in CHARRA using '-'.    

> 4.
>       leaf revMajor {
> …
>       leaf revMinor {
> …
> Recommend renaming these to ‘rev-major’ and ‘rev-minor’

Change made.

Current state of YANG model based on your suggestions above is in a pull request at:
https://github.com/ietf-rats-wg/basic-yang-module/pull/16/commits

Eric

> Thanks,
> William Bellingrath
> 
> 
> Juniper Business Use Only