IETF Logo Mail Archive

Re: [Rats] Collection binding (was Re: New RATS)

Simon Frost <Simon.Frost@arm.com> Sat, 04 June 2022 07:19 UTC

Return-Path: <Simon.Frost@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08DA1C15790C for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 00:19:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=AmeJlVbY; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=AmeJlVbY
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qos9rsGAHfs1 for <rats@ietfa.amsl.com>; Sat, 4 Jun 2022 00:19:24 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0610.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::610]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69B0BC14F738 for <rats@ietf.org>; Sat, 4 Jun 2022 00:19:23 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=eV+W+SECGz2xqiqw1Rg7V8GS4Gn3cqaMsTWWOwOvXfwgv+0B5hM2dv12T1WuctxV+GDvCbjEvPXqdLW6KPZKSG0j53U9lCHv0kpMET5JTYYx/M+3USJIDRFDaSczPm6vlhe9tPOYNvIo9vBtW/Vx7k+eULOldw6wO1WiGaFv5dPs+iCbFK8gRQevEBjpZBHnxWr7PYy/fKugHcgQ+XJY4oX117v4ZMvi2w2llSBUdUQVGxIJD/RjSh33AWo7+mwzt985LjGbnbUc2Kg9wFjANL/zjtsyzjqaW3r34GfV9wOYsBwFDGtRIL9PjefPngE35i4S/XsGBQIHcqF5iiNcqQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+JGjRhTyif3+ou68WPTthAoiNKmUafXwJL5QFw8CngQ=; b=fYz/5fkZW6ubHTDn0i4uwWdfmFn7tOiMDdfK7jwOWFJvusKCZXGx5ASrm3aXx39uuD+f5bjWi//9XFiZptwJ6T3cm7LfFSpir5z6xWzsaIbs2xtCbfW260lxSdeFVleJuf474JLW5u6Zoy1ZHSSDFk1dJz304sd6kncl089Kzqq57krFMR66bFqIcTvXjtznSan4pWfhnxcJ4ZAo66U3xXtdBLb07XieGXRjONFE8Vu6S+yb24eJ77hcsINdQ+LH1bLuYHdkDz5U3igppPKatNkx/l10/7fgoHGx1O/76sJUMeQXPrbdBL7tVA1rYJAvfvFi6zUotAtnVLWXyVYefw==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+JGjRhTyif3+ou68WPTthAoiNKmUafXwJL5QFw8CngQ=; b=AmeJlVbY+rTWQyqPH04gAF3J1W6Qo/UfA1zDxnZ7uF6pxeFxRT4vFPhUF13r9bCCvmdUzyknd/Lik6k561r382v3mA8yx0PavNNtz4SF/caqLQB9FrEqOR0qTaBQN/bwaOJ6IqvkkRxDTWv4VTvHI8A8cgR5ldF4j5I4bzicTNg=
Received: from DB8PR03CA0023.eurprd03.prod.outlook.com (2603:10a6:10:be::36) by AM9PR08MB6833.eurprd08.prod.outlook.com (2603:10a6:20b:30b::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12; Sat, 4 Jun 2022 07:19:18 +0000
Received: from DBAEUR03FT037.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:be:cafe::4d) by DB8PR03CA0023.outlook.office365.com (2603:10a6:10:be::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.17 via Frontend Transport; Sat, 4 Jun 2022 07:19:18 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT037.mail.protection.outlook.com (100.127.142.208) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12 via Frontend Transport; Sat, 4 Jun 2022 07:19:17 +0000
Received: ("Tessian outbound 01afcf8ccfad:v120"); Sat, 04 Jun 2022 07:19:16 +0000
X-CR-MTA-TID: 64aa7808
Received: from 4f7f9397c0d1.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id D26AF935-6F44-40EC-9F86-FB0CDCD6F410.1; Sat, 04 Jun 2022 07:19:06 +0000
Received: from EUR01-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 4f7f9397c0d1.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sat, 04 Jun 2022 07:19:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lLFSoWVG2yEwzg9KOrDQL+nzfiRUGKmRR+S6XPIzbwOuoaKOdlJUAMu3SnXCjn7stybUMRTOfnxIZCRKXkajU469no4RhHvtcXawgNzRViIXtvIXOJstgjXYH+eAsbN6LGkPIjwMCmV9WxbrIE6sjjg7l7Gp7tICf5LCJu4UuMbYE6sAWMP8HF2LUI9tLkQOLwo59dbo1n7wun+7HBlxbEgFD4LUAS8x1PhbTbcDV9kc4YnvHymFDHV9kB4U6anp++F6Qlg8BRsT1jpFkLjvjN6FnfuIQPOOW+AtTEP9+h6kmlAT2+jmmRKHhpu9HtRNqK/qBFGU1GT7uJ9UDC02XQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+JGjRhTyif3+ou68WPTthAoiNKmUafXwJL5QFw8CngQ=; b=ORVjMxJ37onVgbDh9Tt1Sx1JOWlVULZLPfToTrBmccor7S/ZUeEvgNTE+yMUKMhi6OWrCjggWLdrcVpu0FFmhchGOKDPblTv2X/6Bnb3wnD9E4ozSqrhJPtEfCXbY64BkWMz9mDGvHylCpzLh5QW/HXDonwPSWvoOQf8AUeLG2HXPkkX+mGj7TJpfifdX15w+opu516uIolfE9nMldz0L5LNUK//apQfut2p4dKpws25RC+KSparcbFN6h3BrZS28u8WC/JkBJiih+f5HpoGw9UF2Z04vyQT8d+yScMap3zDBk4B93bYbrUiGV9IR9X4sulP9xsx0K3fym4W41Uk6A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+JGjRhTyif3+ou68WPTthAoiNKmUafXwJL5QFw8CngQ=; b=AmeJlVbY+rTWQyqPH04gAF3J1W6Qo/UfA1zDxnZ7uF6pxeFxRT4vFPhUF13r9bCCvmdUzyknd/Lik6k561r382v3mA8yx0PavNNtz4SF/caqLQB9FrEqOR0qTaBQN/bwaOJ6IqvkkRxDTWv4VTvHI8A8cgR5ldF4j5I4bzicTNg=
Received: from AS8PR08MB6392.eurprd08.prod.outlook.com (2603:10a6:20b:31a::14) by VI1PR08MB2847.eurprd08.prod.outlook.com (2603:10a6:802:19::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12; Sat, 4 Jun 2022 07:19:02 +0000
Received: from AS8PR08MB6392.eurprd08.prod.outlook.com ([fe80::fd45:ac7:7028:8262]) by AS8PR08MB6392.eurprd08.prod.outlook.com ([fe80::fd45:ac7:7028:8262%7]) with mapi id 15.20.5314.013; Sat, 4 Jun 2022 07:19:02 +0000
From: Simon Frost <Simon.Frost@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: Collection binding (was Re: [Rats] New RATS)
Thread-Index: AQHYd3YhXtpETh4AzEy0iLroDkOsRa0+08sA
Date: Sat, 04 Jun 2022 07:19:02 +0000
Message-ID: <AS8PR08MB6392DEC03BDEFBB0CC506C71EFA09@AS8PR08MB6392.eurprd08.prod.outlook.com>
References: <AS8PR08MB6392C7D0CC195B30CBC789CBEFDD9@AS8PR08MB6392.eurprd08.prod.outlook.com> <0606C657-7BA5-4439-A65E-4FBE6E01DEA6@island-resort.com>
In-Reply-To: <0606C657-7BA5-4439-A65E-4FBE6E01DEA6@island-resort.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 62A79294660B914484A8B19646937520.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: 54f351a8-0b78-422c-0cab-08da45fa8941
x-ms-traffictypediagnostic: VI1PR08MB2847:EE_|DBAEUR03FT037:EE_|AM9PR08MB6833:EE_
X-Microsoft-Antispam-PRVS: <AM9PR08MB683366A805435AA4DB763DBFEFA09@AM9PR08MB6833.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: B/iXBNc+8SUojfL1kecxmkRItXN7aTWJucFnqzZX4q+0InaTwYB6Zw34NyQ9jT4Qbtw5hSsHPKftoh46SQCt7QbUTxiLl9QjH47AjeiFJzjpZKkae65dtvCMTdPs3rPNXhFzia03XfRRMDWPgLdg7/sQ5eDqVRYfVFolInYGJVnmlj/J1Si8L7W+LZlxRgM8+GEIMm+UQngJnNurnPgUalE/wrgFt5hRseaRO8iwawu42I/iVddR/g6s2ThYwOFWwmHzkJPVPDOfHJDp7kHQmtPVTx4YFfhohTO84OmQNZYNG5BbsubjKU9B1DRLunpX1s6XjWgxOcErIi5qfID80vN8Rh2NP/YtNoKMnB+YvPbkSZrXifnrQfkdClUMYTv8BlGdaSi75KGTuxGjSLxvV+TvEu+VOv9nlIZSfftqZGV9mURohxsuc9g0C2r3ejwOIUY88hfioM5K0i2lnMt4JdXJMc9W7ofHt2JyZaEXhkrTKcPSYW7WJvGjMpcKHoxhTYgCiH4FSLwiCD2cr0F+d+Xr55LbeYISp5KmOGw9/hC1VJReFqx2udVJXeZT7YRh7y0uHifUzhA5ije3LpCEs72Ipf5Exij76LJiqKGQ5kNlAW0L5JkC6JhIvCLweG1/zt1TIQ8by2kdU51eWuDFntmWtEQpS0ck8ejyvp4TmhRRJKtk3vJfUQpPYzLbgYLZeSBe5gGYcNFEI44+mE52IA6voBaE03UKhdJvOOZapcSnR/0M+x0yAwRCu/7cxjU8+Igwo3xJKSTumEyJLgqGUjaY9SfKsu9+ZB4k6b7OLStG+R9+dppG4KO4hWskKfM/XsiZ5MD5vJSuY9FZKr1XhQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR08MB6392.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66946007)(66476007)(966005)(8936002)(26005)(122000001)(166002)(7696005)(86362001)(6506007)(52536014)(508600001)(5660300002)(38100700002)(2906002)(53546011)(38070700005)(71200400001)(76116006)(66446008)(8676002)(64756008)(33656002)(9686003)(4326008)(55016003)(54906003)(6916009)(316002)(83380400001)(186003)(66556008); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_AS8PR08MB6392DEC03BDEFBB0CC506C71EFA09AS8PR08MB6392eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2847
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT037.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: dfc4d0bd-4b04-4971-efdc-08da45fa8067
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oMLkzSJUT/mJybFJc7mxC1QkiZOkf6cNzmxevrA+EUQXpKBCyJAyCkl+b4CNpYexPWlQIEX0lLucitE4vzuOdJ3Skw/w8JPlNIKMTdy4Y9bauPp9HIhK+e3a/7AUTvgrpEMDSRBwGjMxrp0BPjV7rIZfX+3N2Jt7hpkd+Jw1/Zfxy6OD77TaG0THpEAnhNqdhy0QcJkWvsuCPNIG78IE2Ljvz3AwAh4wULu7v7gLn/p/54RJr1ZjZzIaA5FLAA14UTYd8uwAuJBUXLkAH/vI+5R6Ngm9bY2v97eJEzuA1Z2nZumNb5D0R3Aiw0RrPc6nOF5xSZNskixxledS5srMeK7W7FmhAXwiF/6AmxcUkkUlQFcnlf5r6aYqoF0/SmiN/Un28Tk7tVZpgMwWsTQOB6Xr5J/TbUfogssMFy2nSmxlWLj1MCl8WQoRpxza0ZWypbV3yddQhkWiLumBqE6L50CMARJXxYxj70QHenhPj1y4u5ZUJ0cFVscpmiKUInyi3isAe1pIKBwA4TDrPqDdeI7d/FnVPguyQEmb9BzTgV2Mnc5l7RKslV2ukbgSQ/3tUVkPq/+yIzzj1q4LbJkKrz4lD1YhqzdQFlG3n5jlrFZR8P0mHWr0K8W7gB+u7Ddp0m5jWV3IrOvJxl3vuQLyru/d/5gWU1FAlnT/dKfMxaMiA2YayAKhiUdQyRPeRoPdSDodCNqb/jvQdwQwdN9LNpG4vCrGDxzXwZNXGHSwb9hWY4krYH0fbWUCIjMr93bkR93zNwRvZniNgIx4Wlg33o9zCwrP//LY2pOlfFScWnQ=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(36840700001)(46966006)(81166007)(33964004)(166002)(55016003)(53546011)(7696005)(52536014)(82310400005)(316002)(36860700001)(54906003)(6506007)(356005)(83380400001)(47076005)(70586007)(6862004)(8676002)(70206006)(336012)(86362001)(966005)(2906002)(26005)(186003)(508600001)(8936002)(33656002)(5660300002)(9686003)(40460700003)(4326008); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jun 2022 07:19:17.3072 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 54f351a8-0b78-422c-0cab-08da45fa8941
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT037.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR08MB6833
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/LaDPEkfhHl8ZyEC7N9LsF_-Nj_g>
Subject: Re: [Rats] Collection binding (was Re: New RATS)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2022 07:19:30 -0000

The clear intent of collections is part 3 below. The definition of the collection says that they have “some internally defined relationship through which the integrity of the whole collection can be determined”. I can introduce normative language that makes that clearer if necessary. Typically the mechanism is that within one signed element claim set, there is a claim which can be used to demonstrate a cryptographic binding to another element, for example a hash of their signer public key or a hash of the whole token. Binding between elements will be established as part of verification.

Reworking a typical collection to be a recursive encapsulation inside the terminal element is possible, but adds processing overhead and is inelegant and inflexible which isn’t the approach I see elsewhere in EAT.

Thanks
Simon
From: Laurence Lundblade <lgl@island-resort.com>
Sent: 03 June 2022 19:16
To: Simon Frost <Simon.Frost@arm.com>
Cc: rats@ietf.org; Thomas Fossati <Thomas.Fossati@arm.com>
Subject: Collection binding (was Re: [Rats] New RATS)

This is one of two comments I have on collections.

Without any cryptographic binding between tokens in the collection, an attacker can easily substitute a good attestation from another device for one that is not good. This is very large vulnerability in my view. So what to do?

1) One option is to write some very large security considerations. They would probably recommend strongly the use of TLS to provide the binding. They would look a lot like all the text in UCCS.

2) Another option is to abandon the draft for submods that does provide that. The top-level signer could be a weaker attester whose job is just to provide the binding. It would be kind of similar in security characteristics as using TLS (where TLS is not implemented in a root of trust).

3) There could be some other cryptographic binding. Perhaps a hash of one is COSE aad for another. There is allusion to cryptographic binding in the draft, but nothing specific. That other binding could be left up to the implementer and not standardized in which a big recommendation in security considerations is needed. It could also be standardized by describing what it is in this draft.  Can you describe what you were thinking about?

I don’t have a strong opinion of which option should be used, but I think one (or more) is needed.

LL




On May 30, 2022, at 4:33 AM, Simon Frost <Simon.Frost@arm.com<mailto:Simon.Frost@arm.com>> wrote:

FYI. I’ve just submitted a new draft for a proposed extension to the top level object in EAT.

There’s a full justification in the doc, but as a quick summary, there are difficulties in creating a top level ‘envelope’ object for a multi-token system while remaining compatible with EAT. Given the recent move to fix the list of top level objects but embrace extensions, this approach seems to be an appropriate proposal.

See: https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/ & https://github.com/SimonFrost-Arm/draft-frost-rats-eat-collection

Thanks
Simon

Simon Frost
Senior Principal Systems Solution Architect, ATG, Arm
Mob: +44 7855 265691

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email