IETF Logo Mail Archive

Re: [Rats] Where does a EAT end? - consensus?

"Smith, Ned" <ned.smith@intel.com> Fri, 03 June 2022 19:53 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 888E1C14F720 for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 12:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.851
X-Spam-Level:
X-Spam-Status: No, score=-2.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EthhrBqwNY6J for <rats@ietfa.amsl.com>; Fri, 3 Jun 2022 12:53:14 -0700 (PDT)
Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B7F8C14F692 for <rats@ietf.org>; Fri, 3 Jun 2022 12:53:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654285994; x=1685821994; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=L99ScPSFQWHN3R+0midlwejGD9pd/f+O/+qourPv9Gg=; b=lxUuzETwEuI25uFkx8gyA0f3RrvVmhczSLAlpV3Eg9KSt2DC6pIJVFD/ jwnwu4TapC0uMt6gs3VreGHjb7U/k1WqV7gm+2zVssGt/w7sMDV0myYA1 g87J4h53XIEB0t/APlBnnlFrGBL2sGU4VWHdcHnBq0B+p1q+MOS7bt3AM aZpOtY7PJzbVlilHq7Plt3MCpDgV0tnU0r//nqF3KLfE29aSwh2R//fza blFjIhVkrFgEvy4U2r+3e4oWoEnoRkRY6FsR5EtbACmvq4jtUEr+8nv1B ulaOLkHr7jIW38APNZRz2n5TKL57JKQI/fA6bVVlpTrmu8ADQRUDRQAUj Q==;
X-IronPort-AV: E=McAfee;i="6400,9594,10367"; a="336997052"
X-IronPort-AV: E=Sophos;i="5.91,275,1647327600"; d="scan'208,217";a="336997052"
Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2022 12:53:11 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,275,1647327600"; d="scan'208,217";a="613431385"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga001.jf.intel.com with ESMTP; 03 Jun 2022 12:53:10 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Fri, 3 Jun 2022 12:53:10 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Fri, 3 Jun 2022 12:53:10 -0700
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.101) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Fri, 3 Jun 2022 12:53:10 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jqDt8S7R4+SsMpX1hpQ2zrhgl00Yv9tyqS7wmgKhc8d4k/n2VsqL2/oNDfFjEw5wiiuZBq9I2doTW7yQGoRI0Rri8Z5Do2Yre3Ab7gUADL7mUQ2jncetLezO8xpcNR+EHtOPnMUl14XG4X+q4b03oImjPstJXReI6Y3Wu0FMEpME1ixRoPXd9g3IwtO9CsKdKQsKFBV+tT+fh4eQhxxxOHnYZ+oxftDEdkj0/kMGfFRb6JJayGgQrUIlrjjwoE5e4r17RNonwVmW6QyR/Sc68tnhkNBr+xXkppjQJ9ZgV+i0h6rKoBDizYANEj2zCH84Yn4O3DacqSxWRDbRqecBJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L99ScPSFQWHN3R+0midlwejGD9pd/f+O/+qourPv9Gg=; b=NKfYZ68jdli2uNEHpCb/JwMt94mO5vUfvVLgE8DcJH8cXFf131llRIdlUhoXz3XRinpGhza+Rjown9th4D9pez9I8m6NpaIJjWFocLVTPYnKpZyEU5NDQ71ZyJW4Qdjb0CFuWBr1QLqHsdDO0Fj/ifuzQtbvdmUdGapOrGXMmBFpYNtqnQhN08SkGPPAptlUr4XC53T8Ffe0x5gwcNPvbTlf+u52SjiSLSbzS7DPsE5C4RMNoSjCvOnF28IEOdmwa2ikXx9a3a6kvi3HXl8qD+h0YZOrJRkygK5v2J/+tCpDpc0mPaiZRLjmEJgT/hLMjNQkRTfaIskv4K7oiIgulg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM6PR11MB3129.namprd11.prod.outlook.com (2603:10b6:5:65::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.15; Fri, 3 Jun 2022 19:53:08 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5dfe:31c7:a62a:d8b8]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5dfe:31c7:a62a:d8b8%3]) with mapi id 15.20.5314.013; Fri, 3 Jun 2022 19:53:08 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: Giridhar Mandyam <mandyam@qti.qualcomm.com>, Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Where does a EAT end? - consensus?
Thread-Index: AQHYd3knnYHsQr2qSkK10xVBLJ/Leq0+E2oA//+PYYA=
Date: Fri, 03 Jun 2022 19:53:08 +0000
Message-ID: <D13E3D0F-CDEB-47F5-856B-A355CE464E55@intel.com>
References: <5CCD6415-B43B-4BB5-BD05-E7A2B7839B3A@intel.com> <C857641A-8673-4F81-8D9B-D99D6529A836@island-resort.com>
In-Reply-To: <C857641A-8673-4F81-8D9B-D99D6529A836@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.61.22050700
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 74468f0b-19d0-40f9-5e5d-08da459aae7c
x-ms-traffictypediagnostic: DM6PR11MB3129:EE_
x-microsoft-antispam-prvs: <DM6PR11MB3129B320E4CA53703D92FF72E5A19@DM6PR11MB3129.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: E8/Vcli4kMc7boMh7FvtSTw+XcrBJZjR8jp/jGM6vjgLhk9K0RABSG44PuF5p8SarfPSQqRnKjZ1L6bocyRjCu2yqH7CFrSdqodd3/yo32uxl0dznvrUPHR9cGDpEpgn/tKVBlxm78Kg2/06CPw9fv7fbQbnzh3EZibLdSpnq8aGwNP5OIMLFUUVhqn2eiVQy5+GMhN7skoFVeOXE3qN+S1612nTfeI4oak9vpSpBTgk1Bul3wh0gNWAMwAyS9nw+536RMwPY5z21aHp2+mYk8Bdykg5l9i7vu9J5TVceSmhDXfo8DoEPzFwc81xx8UZj6BVcAhUrz/BU/WTzS5NHlQQZZz3fzQP1PUvLiRE7VlL6Nq3HUNe2jTP02n3YSdBwD1Bdk26tXM5eJsumG+ntwBWkiyc7336rpL4A2BbkEYCJWShLxjnOWlAFzsKRY0O4IX0HBUMkILoBxUN9vK3LoaDKSKGYxZglIOoHgREmS5p0Gv/73k/cCdRXLsSjFIme3qkWtQwzcAEHLkNztib1aF2RtkF62zA9ffyGL/PSZl+RjNcb7Y9IuGMw6SdIas8CGWZglOv658w38+4PfOYpg8+HbHmpl+8g6LzqqMaZG07/2L5dYIHVNHE40618wKF3X1kqGRjqSuhCbd6uqTs3eYdIa9qZMPSxNgsrGKQn3ITlJrqymZBb8J7DTPYptjEJrrmfhDL1F5iK55x7u5UP3XxVZJv0urs7QZKJkDcKChuxVrk6hM+iVi+mL3TYmt10Qz1UBxP1Gz8Hvz6M5dyU4DShEPWG/6lflDRBQwjGbLfpssqloflvcPq+inlnziYWy9Up8+tLilvXaPo+rgk0MmYS8N+NagDD8jX/NyyWmM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(2616005)(64756008)(186003)(53546011)(66446008)(2906002)(66476007)(66556008)(66946007)(38100700002)(4326008)(6916009)(8936002)(6486002)(122000001)(76116006)(5660300002)(33656002)(316002)(86362001)(8676002)(966005)(54906003)(71200400001)(508600001)(6506007)(83380400001)(36756003)(26005)(6512007)(82960400001)(38070700005)(166002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: N2Iiv7dQPSsIJkboyCN1r8hYoES+NiM9vgKwU+wLOQNPjg2J4NE+IoPuiLzoA0BW6Q9qY7K/6jabhPTpOAHGic1M3LlwcpSfVy0XjoA5ljy3HQ+2LUv0amp63DoNsSgb2RQtO0gPimueIEJzcN4H05LF4L6nTWKfXFiwY68ayq9QLCQCGGCKcaQw7ci3NrLSgU9W9OJFB50TeFP3zamc+iW6uxeWA4RV30UZn0sbo9AtRF2LfRKYUDN21cvk0alah+kF5bwc5PyQHXjIXaKsYyQtnJCAf5IxErqiPMrbMqvxb9fzmLZcvgiQEh6DNblUuGDvqdzZPX90MojSDl7AD/6NHjYVHUEIlEhWz8rd0dnlpJqnyKxtuqMCGSn34sOCerZwVYrwxpMrGxvp4eaZF4Cwn1lD3RSC9fijLQDxY+3xSNy2ciNOJ64KWu96AuT4080uJh+H/f1c9yAGeAsDbQodtEE9kBbigwo5ywXV8g58WevXhLb712QTzwLYOR25ZAnuKpaxiZKckISjbLeEPin1+BWgXqAcK5XwStHQKz/3ga7nefdL8sgmMbZvRddNAuOl1ffsj0YoXawwnzSDMMh55FNkUCQQJkaoA4cNLLpnJUKk1jJuvKbbcWi+++2hIuS+zyXBMjuQTtSiRA290cb1rfLciw8b4zErYwLD5sXqvOkHEejd/T2YzK3I0hhXWbZt/puvkB5MhbdCQ2YwpOYEL88qri0JDu3LOvaBq1E80dITUX37gvacjiY/HXecUxhlmGmRVFQwsUKTOKNKZbQJ9vRGg9s8TqSTsoVO5LlPRDRYh8g2mgzJ7mTTb77nY20XeEUfgxMnb6RsawWq47cxtlGCofq7xD+sEtlaQiuV3mFlQ28/LhBwxdKmToOH9pZ0WMPVxSt65Fsj9USwxC333oW7+YKUr4pMopSjTIny7OgAlL/ovbrDQEaBOrN2q6utNPmdTAZsMxWpGxxY458xQW/cCfKW6z+45VKeb4EGiYe9+qap6LOWZOX0WKeRUzwa2STDE4RqhLB2g0a+Goa58ise62n8ExuyzJqpYgiOSk0qQOfXOtUykIzZNNTcDa44rNVPyZFBn74uoubjz7phZ+vL+jVggEI3RFoMEY0FaSDbAZx6CXCW/NGlPGNzGfSd0twftAupku9ztFkk8AYMCTaXBsvL/UswrnTdykY8HORbtx+22U2j6cOcxgSOaiTPYz2OUeVsPgGYZ92HLBeX0CUsqUDzeedLI4+7Si25TpQaZzDeUkUZdc7d1Xe5htzSlf2t1SATJHqaHcA9AMKHFqFGCHaWpfH4Jcit+uOFZj6mHJmyJGOEUot9rPB6K1rlEv7Lt0T4VLK4DicN1LpoDAYn90QaV/bW/3/1l8174idEFPSo6FUImG1dIT+y1+9bmSrwdxdCvHqSqRjOzCMy42fGtNz7fZrt2k9rKzwVtmp91YmUzBjulJ0gvM7fqHR1Of2Zor12MmpN2r256SxTz1rAto37TIfMMwIOMN82pjR+jzsPOyGKeMz270X7dlCfPvrlkKAFZx8AuxqZ4TS5HWs/2MBVG3dTD87DjKx7jJY/Tz5Wfd5Y9EU+lNEqZzcl2fFOFJErL9TP7iq3bHmQvY2H/gnq/f23Gpd66dHf2h0XNoRk28AiOc9kuKwIWpbUYSKLrUlaA3nscxdeUoaTK69iro5b8eDP4tXkpQ7ZL2Q56jA02eU+YmYdMCCBar2Y4Qc3nLlPQh7SgZ5QeDBPUXeHnMOSDsVQ+HNArpw=
Content-Type: multipart/alternative; boundary="_000_D13E3D0FCDEB47F5856BA355CE464E55intelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 74468f0b-19d0-40f9-5e5d-08da459aae7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2022 19:53:08.0856 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WH71CBwZ51rwisdOhrwfS26RaFHPfNotDdoRQEAL4+PFGmgwYxfXU+ucuNce9w7IyCJ7c4zOmrXBpQlw6haSUg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3129
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/bCkrTudPlkVTTv1ADE1elgTQzQA>
Subject: Re: [Rats] Where does a EAT end? - consensus?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2022 19:53:18 -0000

Is the motivation for limiting extensions to an IETF standards track document that extension by a vendor or other standards setting organization might result in non-interoperable tokens? Something else?

From: Laurence Lundblade <lgl@island-resort.com>
Date: Friday, June 3, 2022 at 12:36 PM
To: "Smith, Ned" <ned.smith@intel.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>, Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>
Subject: Re: [Rats] Where does a EAT end? - consensus?

Didn’t think this was an interoperability issue. It is an extensibility issue. How much extension to other formats are allowed.

My question is whether there is consensus or objections around this PR<https://github.com/ietf-rats-wg/eat/pull/194>.

It simply adds the sentence "Any new format that plugs into this socket MUST be defined in a IETF standards track document."

LL



On Jun 3, 2022, at 11:38 AM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:

To summarize, it appears the way to address the issue of a potential for non-interoperability of “top-level” statements in the EAT draft is to acknowledge that this potential exists, and that it can be accommodated in a variety of ways that don’t need to be discussed within the EAT draft.

Does anyone disagree that this addresses the issue?

-Ned

From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>
Date: Thursday, June 2, 2022 at 1:40 PM
To: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>, "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

> Not sure I follow: profiles are type constraints that apply to *existing* top-level EAT types.  They can't be used to extend the number and shape of base EAT types.

I was commenting on interop, not on extension of top-level EAT types.  I don’t think we need to provide a mechanism to extend the base EAT types within the EAT specification itself.  I’ve already mentioned with the example of JWT’s that the underlying specifications such as JS allow for that today.

If someone has identified a new field that must be added at the top-level of an EAT, they are welcome to come up with their own specification, as described in https://github.com/ietf-rats-wg/eat/pull/194.  I personally don’t think we should call it an EAT at that point, but that is a minor point.

-Giri

From: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Sent: Thursday, June 2, 2022 1:30 PM
To: Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>>; rats@ietf.org<mailto:rats@ietf.org>
Subject: Re: [Rats] Where does a EAT end? (was: Re: WGLC for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat)

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
> Giridhar Mandyam <mandyam@qti.qualcomm.com<mailto:mandyam@qti.qualcomm.com>> wrote:
> > > I think the underlying data structures make it extensible,
> > > independent of the CDDL notation.  However if an implementor
> > > chooses to extend EAT without an accompanying standard as a
> > > result, then interoperability may not be assured.  Therefore it is
> > > in an implementor’s interest to define a standard if they are
> > > seeking interop.
>
> > The core difference is the extensibility story for the claims-set is
> > governed by the CWT Claims registry, whilst the EAT type system has
> > no such mechanism (yet).
>
> I don’t agree:  the profile definition addresses interop – see
> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat#section-7.
> Up to this point, no-one has objected to the way profiles are defined
> in the specification, nor the lack of a registry.

Not sure I follow: profiles are type constraints that apply to
*existing* top-level EAT types.  They can't be used to extend the number
and shape of base EAT types.

FWIW, I'm a big fan of profiles.





IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email