IETF Logo Mail Archive

Re: [Rats] Call for Adoption: EAT draft

Laurence Lundblade <lgl@island-resort.com> Thu, 30 May 2019 23:09 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EBCE12016F for <rats@ietfa.amsl.com>; Thu, 30 May 2019 16:09:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drdPcZjU4x3Y for <rats@ietfa.amsl.com>; Thu, 30 May 2019 16:09:18 -0700 (PDT)
Received: from p3plsmtpa11-09.prod.phx3.secureserver.net (p3plsmtpa11-09.prod.phx3.secureserver.net [68.178.252.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE8C312011A for <rats@ietf.org>; Thu, 30 May 2019 16:09:18 -0700 (PDT)
Received: from [172.20.10.4] ([174.201.27.200]) by :SMTPAUTH: with ESMTPSA id WUAahRpkxmycsWUAchaKKY; Thu, 30 May 2019 16:09:16 -0700
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <DM6PR11MB408967D6E5EF0A355CF0D60BA1180@DM6PR11MB4089.namprd11.prod.outlook.com>
Date: Thu, 30 May 2019 16:09:11 -0700
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "rats@ietf.org" <rats@ietf.org>, Giridhar Mandyam <mandyam@qti.qualcomm.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D53ECF26-E2F5-4BD5-A81F-BBE1AEEB4541@island-resort.com>
References: <CAHbuEH6Mdwp+neWbcecA-pMYZoXKiNda2A0EnMh-8WX=W9_edA@mail.gmail.com> <DM6PR11MB408991CBF9B50672E12A8F61A1000@DM6PR11MB4089.namprd11.prod.outlook.com> <DM6PR11MB4089818BBEF529569DC1250DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <bdcaa9f2ca2344aa98287acd0b80d8f3@NASANEXM01C.na.qualcomm.com> <DM6PR11MB408939CC9EA79D479B76586DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <E09EB1B2-ED56-4F1B-8D80-BF0D227199A3@island-resort.com> <82b0a75e5b5645d1a43d240373bca6dc@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089DAD248EEAAF9F92F2C0AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <50ddca72a9074e229976ca88f78e340a@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089BF4C3F319894DAE8722AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <175ea22d1a1948d48f8180424cc89ec0@NASANEXM01C.na.qualcomm.com> <VI1PR08MB5360CE8EFA93515A140D30F2FA180@VI1PR08MB5360.eurprd08.prod.outlook.com> <DM6PR11MB408967D6E5EF0A355CF0D60BA1180@DM6PR11MB4089.namprd11.prod.outlook.com>
To: "Eric Voit (evoit)" <evoit@cisco.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfLJ8qocLwcevFDI2r4w8gqmu1mUDXMDYnh2n65t6iEPzY3sIOh39gEsWUqjmlyPA8QAq8+OJPDQTzJmG2c8GlPbCQlU1gmdjbnIVOTLMC9zLxkwqlK/C HEOH0vJJmuvZqi4m+EwhwTQGyzQqYtTxmpP0H8cN+WaBhMK6X7AAAqIa3sfQYLOVUPwQYelHl1W5e/E0jt/bY11b4WivL+fJSR4yD1YvYFrSCCqcPgBVydFY NWDCmUCdUIsrStVAOEJTin7C6CSajtOHJgakNEGcGI8=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/WfhmFXWUKXPEBKE3naMncn4zkl0>
Subject: Re: [Rats] Call for Adoption: EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 23:09:21 -0000

So if an EAT is a CWT, then the proposal is to change the IANA registry rules for CWT in the EAT draft. Is that allowed? This is really a change to CWT and even JWT. Seems like it is saying that if a YANG-defined claim exists for a possible CWT or JWT claim, the YANG-based claim MUST be used. 

I think Eric’s thought about harmonizing is a good one. Learn from past efforts. Improve interop.

However, IANA registry rules revising aside, making it a MUST seems too much. I think the YANG-defined claims should be very much seriously considered, just like any other previous data structure definition, but that there be no blanket requirement.

To go a little further and to be clear. When a YANG-defined claim is used the CBOR encoding of it will be used with CWT and the JSON encoding of it will be used with JWT. This hinges on draft-ietf-core-yang-cbor-10 producing satisfying, compact and sensible CBOR encodings (binary data is really CBOR binary, claim keys are small integers…).

LL


> On May 30, 2019, at 12:19 PM, Eric Voit (evoit) <evoit@cisco.com> wrote:
> 
> Hi Hannes,
> 
> I do like EAT.  I am hoping that it gets adopted.  
> 
> At the same time, I am trying to avoid unnecessary mapping of claims from a chipmakers domain into system integrator /network operator domains.  I believe much pain can be avoided with a little planning up front.  That is what I am trying to facilitate with this discussion.  
> 
> Specific details/examples in-line...
> 
>> From: Hannes Tschofenig, May 30, 2019 1:18 PM
>> 
>> Hi Giri, Hi Eric,   
>> 
>> (a) some principles/guidance to CWT claims registry people on avoiding the mass registration of lightly-used or unused claims
>> 
>> Why is this a requirement? When a claim is registered then it is most likely done with the anticipation that it will be used. I have not seen other IETF registries that have raised the bar to a similar level, at least the JWT claims registry does not work that way. Furthermore, what is the harm in registering claims that later turn out to be less frequently used? 
> 
> Let me provide a *best* case example.  In the NETMOD WG, there is a draft-ietf-netmod-geo-location.  Both that draft and this have definitions of latitude, longitude, altitude, accuracy, etc.   The *good* news is that both drafts are based on WGS84.  So at least our experts have lucked in to using a consistent resource.  But are these the same objects?  How does a reader know?   In one of the documents the latitude/longitude attributes are "FloatOrNumber", in the other they are "decimal64 {fraction-digits 16}".
> 
> It of course gets harder for other objects.   The velocity objects in draft-mandyam-rats-eat are "heading" and "speed".  And draft-ietf-netmod-geo-location has this information "v-north", " v-east", and " v-up".  Here we have different formats, the first of which cannot be easily upgraded to serve three dimensions.
> 
> And then we get into other harder objects where we will have timestamping, explicit domains of allowed entries, etc.  And is there is no boundaries on what might be claimed as an EAT, in theory we could create a parallel domain of objects without description on how to map between the two, placing the heavy lifting onto the implementer.
> 
> Now I am not trying to solve world hunger in this thread.  I am just trying to have the draft consider minimizing inter-ecosystem friction where we can see it coming.  I believe with a little foresight we can ensure a consistent population and data typing for a subset of claims.   Without foresight, I see that people will create new CWT to avoid some later mapping.  And more/redundant CWT tags will harm interoperability.
> 
>> (b) a requirement to map claims to existing YANG objects, if these YANG objects exist 
>> 
>> I also don’t understand this requirement. Is there some design rational why this would be needed/useful?
> 
> Per above, EAT claim instances need to be integrated with other work/ecosystems in the IETF after the information comes off of a hardware chip.  A claim registry shouldn't create redundant info/formats to other work/ecosystems when it can be avoided, at least without broad discussion and consensus.   (I.e., lets avoid unconscious object definition and object domain overlaps wherever possible.)
> 
> Eric
> 
>> Cia
>> Hannes
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email