Re: [Rats] Call for adoption (after draft rename) for Yang module draft

Michael Richardson <> Mon, 11 November 2019 11:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 54475120100 for <>; Mon, 11 Nov 2019 03:37:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.865
X-Spam-Status: No, score=-0.865 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7lYveJZnWOGt for <>; Mon, 11 Nov 2019 03:37:07 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AFC651200DB for <>; Mon, 11 Nov 2019 03:37:07 -0800 (PST)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id CFD463897B for <>; Mon, 11 Nov 2019 06:34:02 -0500 (EST)
To: "" <>
References: <> <> <> <> <> <> <> <> <>
From: Michael Richardson <>
Message-ID: <>
Date: Mon, 11 Nov 2019 19:37:01 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Nov 2019 11:37:09 -0000

On 2019-11-11 5:57 p.m., Henk Birkholz wrote:
> Hi all,
> on one hand, we have to address the overlap between YANG and EAT
> information elements (statements & Claims) and how to deal with them
> (one obvious issue, for example, would be potential redundant
> information model content in two different drafts).

Can you give me an example, but I'm not getting the issue.
I think that we will be the first to attempt to use JOSE to sign a JSON
serialized YANG object, resulting in a JWT.  Well, technically, it's
probably not a JWT, because we aren't going to base64url it and put
periods between the pieces, I think.  It's just JOSE, but I don't mind
if we call it a JWT.

draft-ietf-anima-constrained-voucher does CBOR serialized YANG which is
signed with COSE.

> On the other hand, Laurence's original point was the payload of
> conveyance protocols used by RATS. Specializations of this topic are
> apparently:
> * Web Tokens via YANG Interfaces, and
> * YANG modeled data via other conveyance protocols (other than *CONF)
> that can transport Web Tokens.
> There are examples of how YANG modeled data is used outside of *CONF
> protocols, for example MUD. We have to understand and agree about:
> * this is possible on a technical level, and
> * this is useful wrt to protocol scope, intent & semantics, I think.

MUD (RFC8520) does it, but so does ANIMA vouchers (RFC8366).
Again, data-at-REST described by YANG.

But the document in question does not seem to be data-at-rest, but RPC
access via *CONF protocols to TPM 2.0 objects, so I feel that you are
further muddying this thread by asking the above question.