Re: [Rats] CWT and JWT are good enough?
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 16 September 2019 19:00 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D644120142 for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 12:00:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=aAPX4DB4; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=rEYROnV2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94o5EHPO6X4A for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 12:00:05 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0624.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::624]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D402A12011E for <rats@ietf.org>; Mon, 16 Sep 2019 12:00:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TYQvnQux+RKPLNTuOnT4u5lHYy9ev1w2Vx+WKuGdh+Q=; b=aAPX4DB4ijx8AzGxyEswTm0SqlPcdyG1OGV7KL/e+J0GHUIx3EbhrDvYu2L3bqztwv3sEtg5VbXluRxBj+hscuPVM3bizEDlXdfGgvVK3J8HOp+FgwPB+vQDtrnN5uhRSJh9gsIOkVQzpKV5o/93ZR9vSAtwaFAWrpvDqgA1Uqk=
Received: from DB7PR08CA0033.eurprd08.prod.outlook.com (2603:10a6:5:16::46) by AM0PR08MB3075.eurprd08.prod.outlook.com (2603:10a6:208:5a::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15; Mon, 16 Sep 2019 18:59:40 +0000
Received: from AM5EUR03FT049.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::204) by DB7PR08CA0033.outlook.office365.com (2603:10a6:5:16::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.17 via Frontend Transport; Mon, 16 Sep 2019 18:59:40 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT049.mail.protection.outlook.com (10.152.17.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.14 via Frontend Transport; Mon, 16 Sep 2019 18:59:38 +0000
Received: ("Tessian outbound 96594883d423:v31"); Mon, 16 Sep 2019 18:59:34 +0000
X-CR-MTA-TID: 64aa7808
Received: from c5d0cef5a1ba.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.1.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 33D6CE17-C686-4CDA-B4C1-4FE15CDDD8CA.1; Mon, 16 Sep 2019 18:59:29 +0000
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01lp2050.outbound.protection.outlook.com [104.47.1.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c5d0cef5a1ba.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Mon, 16 Sep 2019 18:59:29 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LmvGa5KQTceq2tgNHCckgqLQgdxkjAa0uIrDUK6bS5PVEDOiaTjk7MffYZWLG5tLz+QlBxALVLyoyTrCBNxR0fsMKA68HZ4F9ui33JvpVNdLaXUr5Mq6765Zvpmlx7M4MnfdMMRayIjjHMGvPpGrzaH2lRRpU4JbUa7VKg3+BrWyULvyoyWiJ37oWW2iTSDp1NoacrV2a5tcju+rLXK+ctGaoCsFe4X+EM8f9pgLA6eQRJNL7icX6i9QKw3UDMndk5lkWLheyWrc6F40gs4cq5x1Nrr/B74Rd4EtE7Y3bxJgs1FDD9/QkuajARNgXIdBuJVN/KNsi5xXhrQks2y20Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tUhVPw8HCuC7jLyWqjLZt75FS4o63zOdKVwTRUq05bM=; b=dVI1Z1M3OAYV6t1kA5jGT8fekYCltqSJih2kuIQ3iyYwJLqcLmwuInMVMRUbEuT2cXzUV2cj3cxAowFENOaoRNBiuQJ49MTxbhFjA+yoJsoMiinIwcQ530IMhJ1IlT2CU2mgoYjy4d9YwS20N97Ftc1yLaXX986ifj7sPVtA6Tx4kK67g+caM1ck0CyyhfPmgQCJOlRY04AXFS7UIk8+3qi3CSsXsxKT+fHB0l9BshMNqwNji2muvfFda6hHnf8skNH090d33dZIuR2L2Qsm6e8491rhxb9X3tCfcqVmB9XlZwXuYyyQIP5khLJFoW0AvfKU2EifLWhJIjbAesbHkg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tUhVPw8HCuC7jLyWqjLZt75FS4o63zOdKVwTRUq05bM=; b=rEYROnV2PQRy5VrzS5yiz9OfvrQli4csN6q1fPqUYzJz2IsUmhKMn7djQqsOCmuxmG9pLcMM1vj1WiQRk3yhIXpcrSVg5hsrCtSfCrkV7rTvObgg0shPXLC1WhzH6W71stFV3SIMAoCiYzUSa2B2vsm3iDqrHPz5L/mNxP8QaTA=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.245.74) by VI1PR08MB3197.eurprd08.prod.outlook.com (52.133.15.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.13; Mon, 16 Sep 2019 18:59:28 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::dc42:eaa6:936f:4724]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::dc42:eaa6:936f:4724%2]) with mapi id 15.20.2263.023; Mon, 16 Sep 2019 18:59:28 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: [Rats] CWT and JWT are good enough?
Thread-Index: AQHVbKO+20AYCjwJr0SUZxdnUKOApKcucguAgAALeQCAABUfAIAAFS3Q
Date: Mon, 16 Sep 2019 18:59:28 +0000
Message-ID: <VI1PR08MB5360F2D6930190A12F754B6AFA8C0@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <CDC992AE-B6DB-4BAE-975F-6E2BF9ED2C97@island-resort.com> <CAHbuEH4fisaDTKOzEY2ZEfxiVyfZ4wYibdRzQUYxq4i8a8G_WQ@mail.gmail.com> <7EA14733-B470-4365-B4FA-FF2B63695464@island-resort.com> <30242.1568655684@localhost>
In-Reply-To: <30242.1568655684@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 282c4db3-2b3a-4008-94fc-c5504ea8665d.1
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.123.158]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 3bba3f40-bc58-403e-5aef-08d73ad805db
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:VI1PR08MB3197;
X-MS-TrafficTypeDiagnostic: VI1PR08MB3197:|AM0PR08MB3075:
X-Microsoft-Antispam-PRVS: <AM0PR08MB30755A8E91944AD0CE889AE2FA8C0@AM0PR08MB3075.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:4714;OLM:4714;
x-forefront-prvs: 0162ACCC24
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(346002)(136003)(366004)(189003)(199004)(25786009)(316002)(2906002)(74316002)(7736002)(8676002)(305945005)(6246003)(86362001)(486006)(229853002)(476003)(11346002)(446003)(76116006)(102836004)(66066001)(7696005)(71190400001)(71200400001)(81156014)(8936002)(6436002)(99286004)(81166006)(54906003)(76176011)(26005)(186003)(110136005)(5660300002)(6506007)(66946007)(256004)(52536014)(4744005)(66476007)(66556008)(66446008)(64756008)(53936002)(6116002)(55016002)(3846002)(14454004)(478600001)(4326008)(33656002)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3197; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: qOnj20LYIpjlnpuibb54H/wv8rYuy34lwPuFSy73TCBLwuy7lAUwxPLug7uFiqSSXfnhmwH0IA4gJ9NNlizPYWGxbYOFupsk9Ve1OOLK+6x0jVdh/2X/NjRjNfXw6OPavoDELDKT2ucT+iMR5SCL/G6b83xzkaoJibla2gBs5Wy2ombpjrJ2GMuTF/JsWRXzmvqN+R9GYL/4AL4epX6A9Lr7aQL4GVOtpyrj62Dvm/ydUhp2XD0mUv6IYpkDnv98NBK0+QJn9lSlu2HKLhyZUVqbVhJ2Uo3fETpOsEHd40+P3doKX2WeNvZSKfF1d2qi2P8haWyqUVSLEcKkCjv8UrA1l7XE2FJPfG2vitIJhzClukmBvKix2lioPHCHuHI+2z2IIU3sHPYO/ZMNHwCUytj44q0s3FqoW4LAkrO6AL4=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3197
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT049.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(189003)(199004)(40434004)(76130400001)(7696005)(86362001)(55016002)(76176011)(70586007)(7736002)(305945005)(70206006)(8676002)(14454004)(5660300002)(97756001)(6506007)(74316002)(52536014)(26005)(46406003)(5024004)(14444005)(110136005)(54906003)(66066001)(9686003)(47776003)(186003)(4326008)(63350400001)(25786009)(22756006)(11346002)(486006)(126002)(476003)(229853002)(2906002)(498600001)(26826003)(336012)(446003)(33656002)(8936002)(8746002)(81166006)(81156014)(102836004)(99286004)(36906005)(6116002)(4744005)(3846002)(356004)(6246003)(107886003)(23726003)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB3075; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: c08e8381-9ccd-4c1c-d419-08d73ad7ffff
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(710020)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR08MB3075;
X-Forefront-PRVS: 0162ACCC24
X-Microsoft-Antispam-Message-Info: k1eKA97H5q61M0+rQ/kdHgaEZ09S8gaa3WwzETPL/BZFTQ7TSMjb5irv0I3Lbmc8s+umYmCourlgETOZmbij8h7aiiqX7RrJ/mMZ6uPoVB29AozP7fSIUKuXUklvZBrhPMjhOQ2OyDnA3pFOevNeh5iVbby5H/7nn8B8bEAdH8Sb2NhxW76s+5Nj5HX7cKrFw5Q2QSAquGbphcAaHQ5odF6E9gR0Vx01AbeUa+38h5ehgHGyXw4A18b09fyGqTWZr9jP4Pi8I7XS/aidLNGd9Yl6aE1cTqYf/8GdCCp2JUB0mHG7NHBwM4Rib7RF2Vot4TmPGH+s4ip18RIUiJ8Oj2SedOC2xTBeHkDmfjThH0lYoONmmYownGeNcyBAs2emSq0KV5ra42xQVSIQTtU/f4oBxCnFz2RmPE2WwqwPmM0=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2019 18:59:38.1242 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3bba3f40-bc58-403e-5aef-08d73ad805db
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3075
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/T0UCaufA4whqxvOn70yb81MNq_I>
Subject: Re: [Rats] CWT and JWT are good enough?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2019 19:00:21 -0000
>> - All EAT claims are Specification Required. No EAT claims and be just >> Expert Review. > I can live with that. I am not OK with that. For JWTs we have been using an expert review approach and that served the committee well. We would like to register vendor-specific claims for use within EAT tokens and I can hardly see why anyone should have problems with it. Furthermore, attestation is such a special field that there is no reason to be worried about companies flooding IANA with requests. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Kathleen Moriarty
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Michael Richardson
- Re: [Rats] CWT and JWT are good enough? Giridhar Mandyam
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Giridhar Mandyam
- Re: [Rats] CWT and JWT are good enough? Hannes Tschofenig
- Re: [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Mike Jones
- Re: [Rats] CWT and JWT are good enough? Hannes Tschofenig
- Re: [Rats] CWT and JWT are good enough? Salz, Rich
- Re: [Rats] CWT and JWT are good enough? Michael Richardson
- Re: [Rats] CWT and JWT are good enough? Hannes Tschofenig
- Re: [Rats] CWT and JWT are good enough? Eric Voit (evoit)