[Rats] Easier changes summary (was Re: I-D Action: draft-ietf-rats-eat-13.txt)
Laurence Lundblade <lgl@island-resort.com> Sat, 21 May 2022 00:12 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E644C237CF1 for <rats@ietfa.amsl.com>; Fri, 20 May 2022 17:12:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Lb3gZcX_Udg for <rats@ietfa.amsl.com>; Fri, 20 May 2022 17:12:09 -0700 (PDT)
Received: from p3plsmtpa06-09.prod.phx3.secureserver.net (p3plsmtpa06-09.prod.phx3.secureserver.net [173.201.192.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E59BC237CEE for <rats@ietf.org>; Fri, 20 May 2022 17:12:08 -0700 (PDT)
Received: from [192.168.1.7] ([75.80.148.139]) by :SMTPAUTH: with ESMTPSA id sCizn7eNQpP2zsCj1nR7hv; Fri, 20 May 2022 17:12:07 -0700
X-CMAE-Analysis: v=2.4 cv=CZrNWJnl c=1 sm=1 tr=0 ts=62882e57 a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=48vgC7mUAAAA:8 a=k2fWRaNnkG29mvkW0SMA:9 a=QEXdDO2ut3YA:10 a=_BmqJtoqCnVNb-_KK_YA:9 a=MpbmmQaIn2EtIQ3P:21 a=_W_S_7VecoQA:10 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <BFBAB37D-247E-4FAB-921C-8D5BDE289C12@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0AC52B01-AA44-4B6C-9905-B59C950EF028"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Fri, 20 May 2022 17:12:05 -0700
In-Reply-To: <SJ0PR02MB8353596A52F232778F18B81A81D39@SJ0PR02MB8353.namprd02.prod.outlook.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "rats@ietf.org" <rats@ietf.org>
References: <165308041592.8844.8300757068911716538@ietfa.amsl.com> <SJ0PR02MB8353596A52F232778F18B81A81D39@SJ0PR02MB8353.namprd02.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-CMAE-Envelope: MS4xfGK73/386Km4Y9rNnQsI73JGiTYDmEmBd4Ad6cl0iEUfnVfdVm8DPkamKW6+DaHzKWFEIupSngnKcqGlDfr5ocHK6qA7mvJ30aIn2y48DpuM5Sh+raq0 PX1DrMj4g9i7jDc3qKKgrDRLN2dcCYS8cFDViO6LOMLhw8/Z+WWEKZwXscsJvMcsKPTN0+xsTxNT7Wn2xzoOio6ypgJ5V1Ju97Do5/GawUNB4sXY3K9gxaug
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/aYOXujr3vB0onLYYyulW4wAfLNo>
Subject: [Rats] Easier changes summary (was Re: I-D Action: draft-ietf-rats-eat-13.txt)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 May 2022 00:12:11 -0000
Here’s an easier-to-read summary of important changes in the EAT -13 draft. Appreciate all the discussions that led to these useful changes. How Claims in Evidence relates to Claim in Results I believe the question about claims in Evidence and Results is resolved with this text <https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-13#section-1.4.1> It basically says, the RP needs to understand the Verifier’s policy for forwarding claims. CDDL for JSON The CDDL here works for both CBOR and JSON, including the nesting of CBOR tokens in JSON tokens and vice versa. It is only at the token boundary that encoding can switch. Lots of CBOR and JSON examples are included and validated against the CDDL using the “cddl" tool. Most of the CDDL is common, but it wasn’t possible to make it all common with the way the current “cddl” tool works. Removed UCCS and UJCS There is a CDDL socket for where UCCS and UJCS plug in. I have validated that it works for what I think the UCCS CDDL will be. The UCCS standard document should specify that it plugs into this socket so it works correctly for nested tokens. CoSWID and SUIT identified by CoAP Content Types I switched to CoAP content types to identify CoSWID and SUIT for the manifest and swevidence claims because what was there before, CBOR tags, don’t work for JSON. Improved SecLevel Claim Just three levels now. Try to be clear it is only a simple and rough classification that requires no certification to claim. Sort Claims into three sub sections The claims section is now divided into four for easier reading: 1) nonce, 2) claims about the entity, 3) claims about the token and 4) how to include keys. This was an outcome of the Evidence vs Results discussion. SWResults -> Measurement-Results + revamp Since more than SW can be measured (e.g., file system and config), this claim is renamed and revamped. Nonce claim in JSON is same as CBOR nonce EAT was using the already-defined JWT nonce claim, but in the process of validating all the JSON CDDL I noticed that it can not support multiple nonces like the CBOR nonce. LL
- [Rats] I-D Action: draft-ietf-rats-eat-13.txt internet-drafts
- Re: [Rats] I-D Action: draft-ietf-rats-eat-13.txt Giridhar Mandyam
- [Rats] Easier changes summary (was Re: I-D Action… Laurence Lundblade
- Re: [Rats] Easier changes summary (was Re: I-D Ac… Smith, Ned